Be aware of security issues

Reminiscences from a simpler age, when security consisted of closing the door behind you.

A lull in work caught me daydreaming yesterday afternoon. I was thinking back to my first job in IT and in particular the interview for that job.

The person who became my first manager in IT asked some fairly deep-reaching questions, one of which I much later realised was to do with computer security and the threat of sabotage.

He asked me,“If I instructed you to enter a command that you knew would completely wipe all data from the system and completely destroy the mainframe what would you do?”

My reply was guarded, I didn’t have the job at that time, nowadays I would probably tell him to f*** off, but then I was young and green and had never even seen a real computer (I was introduced to it later that day when I visited one of the few air conditioned vaults in our town).

“Well, firstly I would check with you that I had really understood what you were saying, then I would repeat what the effect would be, if you persisted in your request I would probably go over your head and query it with your boss.”

That must have been the right answer because I got the job and sat, for the first time, in front of a dumb terminal and started to take help desk calls.

This was interspersed with sessions of operating the tape library, a job that consisted of watching a screen which displayed a list of tapes that needed to be loaded to the system, finding the tapes, which in those days stored a eye-popping five megabytes of data, loading them to the tape drive, and taking out the used tapes and putting them back into the library racks.

We had a great deal of fun trapping the less popular members of staff between the massive rolling shelf units then leaving the room and pretending not to hear them.

Data security was not as highly developed as it is these days; each login had a particular set of permissions so it was not unusual for people to share their login information so that certain tasks could be completed even with those key people absent. As this system contained personal and financial information about several million telephone subscribers this was not a great state of affairs.

I was thinking back to the question that I had been asked at my interview, I must be a bit stupid but I think I have finally, after half a lifetime I have realised what the question was really about; my thought had been that I was being asked to do something that the requester did not fully understand. The real question was “If I asked you to perform an act of sabotage, what would you do?”

I was a lot younger and less certain of myself in those days. I feared people with authority and would not have dreamed of questioning their authority, and that trait made me a perfect target for a saboteur. If you wanted to commit an act of sabotage you would not enlist the help of an experienced expert, you would pick out the weakest member of the team and prey on those weaknesses.

For all the expertise used by hackers and saboteurs, the easy way in is through the human element, the greener and less experienced, the better.

The public image of computers in those days was limited to teams of serious men strolling around wearing white coats carrying clipboards. The hairy geek was yet to be conceived, the home computer was not a serious proposition, and people regarded computer operators in the same way as they would heart surgeons. Some things have changed for the better, including awareness of computer security issues.