From Star Wars to Stranger Things to Russia, 80s nostalgia is back in a big way. But in the field of information security, the 1980s never ended. The 1980s are when hackers and computer viruses began to gain prominence, when nation-state attackers began to become a serious threat and when many of the security tools that security professionals know and use today first began in embryo. In other words, if 80s nostalgia isn’t the point of your information security marketing, you’re making a mistake.
Nostalgia is a very useful tool in the marketing tool chest. Nostalgia increases optimism and promotes feelings of social connectedness. Users will feel more connected to brands that use these tactics, in other words, and they’ll be more inclined to believe that their products will solve their problems.
Lastly, the best way to leverage nostalgia is by telling stories. If you’re asking how best to apply nostalgia in an information security context, here’s a good example:
Are the Russians Attacking?
How do you figure out how many computers connect to the internet? In 2018, there’s no way of getting an exact number, so you estimate. In 1989, that question is simpler, sort of. There were, after all, only so many computers 29 years ago – and there is considerably less in the way of internet connections. Still, that number had just begun to increase as the 90s approached, so manually counting the number of internet-connected computers might be a bit unwieldy.
Enter a man named Robert Morris.
Morris had a smart idea – using the power of software to count the number of internet-connected computers automatically rather than manually. He wrote a simple worm designed to spread through early computer networks. It had a few components – some shady, some slightly less so – and one big mistake.
The Morris worm spread through early computer networks by exploiting vulnerabilities in the Sendmail function of the Unix operating system. Once installed, it would scan the infected computer’s directory and more-or-less mail itself to other computers on the same network. Interestingly, this function contained a special limitation – it would not try to mail itself to computers that were part of government or military networks.
Computers back in the late ’80s had passwords, but they suffered from a problem that persists today – passwords are really easy to guess. The Morris worm incorporated a number of brute-force password-checking techniques – such as seeing if the password was the same as the hostname – and also included a list of about 500 commonly-used passwords (link shows the password checker code) of the day, starting with “academia” and ending with “Zimmerman.”
Persistence Mechanism (Mistakes Were Made)
The worm was originally designed not to re-infect computers that had already been infected, but Morris realized this would make it very easy for administrators to defeat the worm. All they’d have to do was flip a setting in an uninfected computer to tell copies of the worm that it was already infected. In response, Morris created a wrinkle. One out of every seven times, the Morris worm would infect a host even if it received a notification that the machine had already been infected once. This turned out to be a fateful decision.
The Morris Worm struck so suddenly that US officials thought that it was an attack from the USSR. Instead of infecting most computers once and a small number of computers twice, the Morris Worm infected 6,000 computers so many times that they were unusable. For perspective, 6,000 computers comprised 10% of the early internet. In fact, in the aftermath of the Morris worm, the internet temporarily ceased to be. The various networks segmented themselves while the worm ran its course in order to prevent further infection.
Why is the Morris Worm a Useful Story?
All told, the Morris worm cost up to $96 million USD to clean up. It was one of the first large-scale attacks to bring down the internet, a harbinger of events like WannaCry and NotPetya. It was a hallmark of the vulnerability of the early internet – so why is reminding people about it a good strategy for marketing?
A Solvable Problem
Although the Morris worm caused a lot of expensive damage, it was solvable. The code could be understood. The infected computers could be fixed. It wasn’t a problem like ransomware, which can destroy equipment permanently, or a vulnerability like Specter, which is so serious that it’s basically un-patchable. By association, your product will help reduce these complex problems to a level of fixability and understandability.
In the aftermath of the Morris worm, the first US-CERT team was established. Competitors from a host of industries came together to fortify the internet against future disasters – a truly inspiring collaboration. Since nostalgia marketing produces feelings of connectedness, this story will help prospects feel connected to your brand.
Robert Morris was the first individual ever to be prosecuted and charged under the Computer Fraud and Abuse Act (CFAA). But unlike some of those prosecuted in later years, the charges didn’t ruin his life. Morris served three years of probation and returned to the industry, becoming an MIT professor in 2006. The story, in other words, has a pretty happy ending.
Information security has a lot of stories in its history. These stories are important. They remind prospects that the problems in their industry used to be easier to understand and solve. And they give them the hope they one day, they’ll be that way again. For more information on this history of information security, as well as other techniques to market to information security professionals, download our free white paper today!
Editor’s note: This post was written by nDash writer Andrew Sanders. Andrew is a freelance writer with a background in information security, telecommunications, and cybersecurity. To learn more about Andrew, or to have him write for your brand, check out his nDash profile page.