Remember, remember the 5th of November. Gunpowder, treason and… patch?
On 5th November 1605, the Gunpowder Plot was foiled when Guy Fawkes was caught guarding explosives designed to assassinate King James I. As many will be aware, this is the story, that gives reason to Bonfire Night every year. Guy Fawkes and a group of plotters had planned to kill the king at the State Opening of Parliament and had filled a cellar directly beneath the House of Lords with gunpowder. When the plot failed, people naturally celebrated the King’s survival, with traditions such as the lighting of bonfires, still happening to this day.
Thankfully, Guy Fawkes didn’t succeed in his attempt to assassinate King James, but his efforts can still serve as a timely reminder as to the importance of keeping your computers up-to-date, each time that pesky notification warns you that it’s time to update. Perhaps this might seem farfetched. After all, the computer wasn’t invented for another 200 years, but hopefully, by the end of this blog post, the story of the Gunpowder Plot will remind why those update messages are worth listening to.
Thankfully, the modern-day ruling classes don’t face the threat of assassination to the same extent as those during the 1600s. Nonetheless, there are other threats that are designed to cause mass-disruption in the name of a political or religious cause. With the increased use of technology, cybercrime, cyberterrorism and cyberwarfare are all on the increase and all have the potential to cause great harm.
For example, just last week, Georgia faced a cyber attack in which 15,000 of the country’s websites were taken offline. Amongst those affected were local news organisations and government websites of which included local courts and the website of President Salome Zurabishvili. Speculation as to those responsible has been rife, with many drawing similarities to an attack in 2008 in which Georgian government, banking and media websites were also taken offline.
Cyber attacks such as these that target entire nation-states share similarities with the Gunpowder Plot of 1605. Prior to the assassination attempt, those plotting against King James were able to lease a cellar that was directly beneath the House of Lords. As is well known, they would then go on to fill this cellar with gunpowder. They had spotted a vulnerability (a cellar they could lease) that would allow them to attack their target (King James).
Whilst we are still unaware as to who was responsible for the recent attack on Georgia, we do know a little about what happened. A vulnerability within the servers of Proservice, who were responsible for hosting the 15,000 websites, was exploited, and as a result, the server crashed. In other words, some 400 years later and people are still exploiting vulnerabilities to cause disruption and in today’s world, there are few things more disruptive than attacking a nation’s internet network.
Whilst the exploitation of vulnerabilities can affect nation-states, these vulnerabilities aren’t exploited purely to harm countries or governments. They can also affect everyday people and businesses too.
Earlier this month it was revealed that there were still vulnerabilities within both Alexa and Google Home devices which could allow hackers to eavesdrop on conversations without alerting the owner. Whilst voice assistants are still fairly uncommon in the office, it is estimated that sales of such devices will triple by 2023. This means that an additional eight billion voice assistants will be purchased worldwide during that time, with many of them making their way into the workplace. If these vulnerabilities can still be found and exploited, it’s not much to speculate that malicious individuals may use them to listen to sensitive and confidential business conversations that happen each and every day.
It’s not just hardware or new technology that might have vulnerabilities though. Also last month, news emerged that cyber security software company Avast had been hacked and that their internal network had been breached. Avast believes that the attack was designed to install malware into their CCleaner software, which is a used to speed up computers and can be installed directly to an internet browser such as Google Chrome. CCleaner has been downloaded more than 2.5 billion times, which means had the attack been successful, and had malware been installed into the software, the ramifications would have been huge and incredibly far-reaching.
As with the Gunpowder Plot whereby a leased cellar beneath the House of Lords was used maliciously, vulnerabilities are not always noticed and can often seem inconspicuous. This is one of the main reasons as to why it is so important to patch and update as and when prompted. Whilst the notifications can be annoying, these updates will ensure that any vulnerabilities found are concealed or closed, and no longer open to exploitation.
To continue our analogy further, think of it as someone thinking about the cellar prior to it being filled with gunpowder, and realising that leasing a cellar directly beneath the House of Lords may not be the best idea. Had that been the case, they could have removed the opportunity for leasing, and the plotters would have been unable to exploit the vulnerability.
Software developers and programmers don’t purposefully put vulnerabilities into their work, but mistakes can and do happen. When you consider how complex technology is and that people are constantly looking for a means to manipulate and attack systems, it is inevitable that vulnerabilities will be found.
Therefore, it’s paramount that you make sure you update your computers when prompted. Frustratingly, it may take some time, but those updates are there for a reason and patching vulnerabilities so that they can no longer be exploited is a big part of that. Make sure you don’t leave vulnerabilities open and update when required.