Important steps in the development of penetration testing
Cyber crime has been one of the biggest aspects of technology in 2015 with a number of high profile cases of hacking making the news throughout the year. It started at the back end of 2014 with the now famous hack of Sony Pictures in the run up to the release of their film ‘The Interview’. A large number of information files were stolen from servers and tens of millions of dollars worth of damage was caused by the hackers, with estimate of repairs costing Sony over $30 million. Later in 2015 there were high profile cases involving Ashley Madison – a private dating website, Carphone Warehouse – one of the largest technology retailers in the United Kingdom – and TalkTalk – a major telephone and internet service provider in the UK. The latter case was intriguing due to the age of the perpetrators, a group of fifteen and sixteen year olds, clearly demonstrating how much more accessible hacking tools are to the wider world. Whilst not all of these have been as severe as the Sony Pictures cyber attack, they demonstrate how businesses of all sizes need to adapt to these rapidly and ever evolving threats.
Cyber Security is big business, predominantly due to the risk posed to businesses of all sizes in the modern technology landscape – especially with the huge growth in online trading and e-commerce. The trend for consumers is very much shifting online and with this shift comes more personal data being transferred on websites and through payment portals online. This data is hugely valuable to criminals and the aim of the majority of these attacks is to access this data in order to either exploit it or sell it on. This online boom is seeing both the hackers and cyber security firms develop at high speed in a bid to stay one step ahead of each other, this mean new tactics being used, new software being developed and every cyber attack being carried out in various different ways. It is the job of cyber security firms to test systems and ensure that a company’s security process is capable of withstanding attacks that are using the latest methods. This is generally completed through a range of tests called ‘penetration testing’, often referred to as ethical hacking.
With this industry ever evolving at ever quicker paces, we have a look at some of the key events of the last century in the development of what we now know as penetration testing, or ethical hacking.
The Bombe – In 1939, The Bombe was developed by the British. This is one of the first machines to ever be built with the sole intention of breaking another system – namely the German military’s Enigma coding machine. The Bombe was built by a team led by Alan Turing at Bletchley Park during the Second World War.
Computer Penetration – In the 1960s there were the first discussions about ‘computer penetration’ amongst experts, centring around the need for deliberate attacks being made by professional IT workers.
The ‘first’ ethical hack – In 1974 the United States Air Force hacked the operating system Multics, this is widely considered to be one of the first examples of an ‘ethical’ hack.
Anti hacking laws – It was not until 1986 that ‘black’ and ‘grey’ hat hacking became illegal in the United States with the US Computer Fraud and Abuse Act coming into effect. The British has to wait until 1990 for the Computer Misuse Act to be passed.
‘Ethical Hacking’ – John Patrick of IBM was the first person to use the phrase ‘ethical hacking’ in reference to cyber security in 1995.
OWASP – In 2003 the Open Web Application Security Project, or OWASP, was launched to put together some guidelines for penetration testers to follow.
Article provided by Mike James, an independent content writer for the technology sector – working alongside a selection of companies including Cyberthreat prevention specialists Redscan, who were consulted over the information contained in this piece.