Gary Hibberd

17/08/2020

Author: Gary Hibberd

Date: 17 August 2020

 

When I was leaving schools, some 35+ years ago, I was already in love with two things; Computers and History. In my final paper for history, I asked the teacher if I could write about the history of computing. His response was; “Sorry. No. There’s not enough for you to talk about.” 

I learnt a couple of things that day; Teachers aren’t always right, and a belief that knowing the history in computing is incredibly important.

 

Fast-forward to 2020

There have been many organisations hacked, or suffering from Cybercrime in 2020, for a variety of reasons. And this week we discovered that Bletchley Park now ranks in this number, having fallen victim to the Blackbaud Ransomware attack. To many reading this, you’ll be aware of the irony of this. But I was surprised when I spoke to a few people this week, how little they were aware of the history of Bletchley Park.

 

Bletchley Park

For anyone not aware, Bletchly Park is an English country house in Buckinghamshire code-named Station X that became the principal centre of Allied code-breaking during the Second World War. Winston Churchill once described the code-breaking facility as “the geese that laid the golden eggs”, and stated that by breaking the Enigma code, they shortened the war by two to four years—thereby saving millions of lives.

There is a pantheon of information, books and films about Bletchly Park, and there are so many heroes and heroines it feels wrong to single any one person out; But of course, I will. Because a personal hero of mine, growing up, was Alan Turing. Again, multiple books and films have been made about this man who was instrumental in breaking the Enigma code (again, please research ‘Enigma Code’).

In 2019 he was voted the Greatest Person of the 20 Century, in a TV vote run by the BBC; Fending off Martin Luther King, David Bowie, Nelson Mandela and Muhammad Ali.

 

Alan Turing

Why is he a hero? Alan Turing pretty much invented the modern-day computer. In 1936 he wrote an essay which outlined the function and theoretical possibilities of computing machines, even before the technology was in existence. This mathematical genius provided the foundation for modern computers, and his impact is still felt to this day. The next time you go to a web site, and you’re presented with the CAPTCHA test (you know, the “Click-on-the-roadsigns’ test), then know that you’re taking the ‘Turing Test’, which determines whether a machine is intelligent – or not.

The device you’re most likely holding in your hand includes encrypted code or encryption capabilities which can be linked back to Alan Turing and the work he, and many others did at Station X.

Station X was an ultra-secret location, and the work they did was equally well guarded and protected, even after the war. But now it is a major tourist attraction and visitor centre, for anyone interested in history and/or computing and cyphers (Yes. I’ve been several times!)

 

Blackbaud Ransomware

It is therefore ironic that a company which provides software to organisations and institutions like Bletchley Park, was hit by Cybercriminals. Criminals who will have used technology and devices based on the principals that Turing and others developed.

Again, if you’ve not been keeping up with the news then you need to know that it was revealed around two weeks ago, that earlier this year Blackbaud was hit with Ransomware. This company states on its website that they provide “Software solutions powering the entire social good community such as Faith Communities, Foundations, Schools, Charities, and more.”

Blackbaud claims they stopped the ransomware attack from encrypting data earlier this year but still had to pay the ransom demand after hackers threatened to publish the stolen data online. This data included names, addresses,

Please note carefully a couple of points from the above;

– Blackbaud power ‘the entire social good community.’

– Blackbaud stopped a ransomware attack from encrypting the data they hold

– Blackbaud knew about this ‘earlier this year.’

– Blackbaud paid the Cybercriminals;

Following the incident Blackbaud made the following statement;

 “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed, Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,”

 

There is no such thing as 100% secure

Any consultant or Cyber service/product provider who tells you they can eradicate all risks, threats and vulnerabilities is lying to you. The best you can do is build “Defence in Depth” (DiD), a term related to the principle of putting in place multiple layers of security, in order to slow down or disrupt the attacks carried out by Cybercriminals. This is why we think it’s so important to think beyond technology to secure Data.

Good security includes;

– People – Training and awareness. Accountability and leadership

– Process – Knowing what to do, when to do it, how to do it, and who you need

– Technology – The systems and software which protect the data

 

Conclusion

I was just 15 when I left school, with nothing more than a passion for learning, computing, and history. All three serve me extremely well to this day because I know the foundations of modern-day computing. I understand the history and principles behind cryptography and security.

Why is this important?  Because there is nothing new in this world.

We are human, and our wants and needs have not changed in millennia. 

Criminals exploit technology and our lack of understanding of it today. This is nothing new.

We need to do is study the past and learn from it. This is nothing new.

We need to improve our security by looking deeper at what security means to us. This is nothing new.

Alan Turing sadly, took his own life in 1954, by ingesting cyanide poison.  A half-eaten apple was found by his bedside. Why? Well, I’ll leave you to research that yourself. But when I look at the Apple logo, it reminds me that we owe a debt to Alan Turing, and all those who have gone before us. We must learn the lessons they have to offer.

 

Oh, and if you’re wondering; The final paper I submitted in history, was on the history of Serial Killers. Apparently, there was enough history on that!

Other resources

Cyber Success Stories

Cyberfort’s cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox