INVITATION TO CYBERSECURITY 220 People have different levels of understanding of technology. If an attacker understands technology at a deep level, he can use that to his advantage in attacking his target. For example, think of a stereotypical, computer-illiterate granny (see Figure 9.2). Since granny has no real understanding of how technology, computers, and software work, her computer is a black box to her—a complete mystery. When she sees security-related prompts, she is not sure what they mean and does not know what to do. She can be fooled into clicking things she should not click on and installing things she should not install. Further, she will not recognize even obvious indications of compromise because she is not sure what is normal and what is not—hackers can hide in plain sight. In short, granny is an easy target because her knowledge is so limited. Figure 9.2 The depth wins principle. The depth wins principle generalizes to all people, not just to hacking grannies! Many students reading this textbook are tech-savvy digital natives who are highly competent computer users—not at all like granny. They are power users on their computers, and may even be comfortable modifying configurations to make their systems more secure. They are several layers deeper in knowledge than granny. But, what they may not realize is that elite hackers are to them what they are to granny! In other words, elite hackers are several layers deeper than they are. This makes even tech-savvy digital natives an easy target for elite hackers. Elite hackers can trick them into clicking things they should not click on and installing things they should not install. Elite hackers can even hide “in plain sight” on their computers without them even noticing anything amiss. The depth wins principle works because computers are complex. There are layers and layers of depth. As Bruce Schneier reminds us, “Complexity is the worst enemy of security.” Hackers can find vulnerabilities in this complexity, and can hide in black boxes—or places in the operation of computers that are mysterious and not understood by users. For example, Figure 9.3 shows just a few of the many processes running in the background of a typical Windows computer. Are these all normal processes that are supposed to be
RkJQdWJsaXNoZXIy MTM4ODY=