29 May 2023

Fancy Bear Goes Phishing.

 

arstechnica.com

Is cybersecurity an unsolvable problem?

by Jennifer Ouellette - May 27, 2023 6:12am MST
6 - 8 minutes

Ars chats with law philosopher Scott Shapiro about his new book, Fancy Bear Goes Phishing.

Farrar, Straus and Giroux

In November 1988, a graduate student at Cornell University named Robert Morris, Jr. inadvertently sparked a national crisis by unleashing a self-replicating computer worm on a VAX 11/750 computer in the Massachusetts Institute of Technology's Artificial Intelligence Lab. Morris had no malicious intent; it was merely a scientific experiment to see how many computers he could infect. But he made a grievous error, setting his reinfection rate much too high. The worm spread so rapidly that it brought down the entire computer network at Cornell University, crippled those at several other universities, and even infiltrated the computers at Los Alamos and Livermore National Laboratories.

Making matters worse, his father was a computer scientist and cryptographer who was the chief scientist at the National Security Agency's National Computer Security Center. Even though it was unintentional and witnesses testified that Morris didn't have "a fraudulent or dishonest bone in his body," he was convicted of felonious computer fraud. The judge was merciful during sentencing. Rather than 15–20 years in prison, Morris got three years of probation with community service and had to pay a $10,000 fine. He went on to found Y Combinator with his longtime friend Paul Graham, among other accomplishments.

The "Morris Worm" is just one of five hacking cases that Scott Shapiro highlights in his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age in Five Extraordinary Hacks. Shapiro is a legal philosopher at Yale University, but as a child, his mathematician father—who worked at Bell Labs—sparked an interest in computing by bringing home various components, like microchips, resistors, diodes, LEDs, and breadboards. Their father/son outings included annual attendance at the Institute of Electrical and Electronics Engineers convention in New York City. Then, a classmate in Shapiro's high school biology class introduced him to programming on the school's TRS-80, and Shapiro was hooked. He moved on to working on an Apple II and majored in computer science in college but lost interest afterward and went to law school instead.

With his Yale colleague Oona Hathaway, Shapiro co-authored a book called The Internationalists: How a Radical Plan to Outlaw War Remade the World, a sweeping historical analysis of the laws of war that spans from Hugo Grotius, the early 17th century father of international law, all the way to 2014. That experience raised numerous questions about the future of warfare—namely, cyberwar and whether the same "rules" would apply. The topic seemed like a natural choice for his next book, particularly given Shapiro's background in computer science and coding.

Despite that background, "I honestly had no idea what to say about it," Shapiro told Ars. "I just found it all extremely confusing." He was then asked to co-teach a special course, "The Law and Technology of Cyber Conflict," with Hathaway and Yale's computer science department. But the equal mix of law students and computer science students trying to learn about two very different highly technical fields proved to be a challenging combination. "It was the worst class I've ever taught in my career," said Shapiro. "At any given time, half the class was bored and the other half was confused. I learned nothing from it, and nor did any of the students."

That experience goaded Shapiro to spend the next few years trying to crack that particular nut..."

READ MORE Ars Technica

No comments: