Saturday, June 11, 2011

4 Generations of "computer crime"?

I read this interesting slide show tonight.  It talked about change in software companies over the past 20+ years.

It divided these companies into generations like so:
  1. First Generation (IBM) "The money is in the hardware, not the software"
  2. Second Generation (MSFT) "Actually, the money is in the software"
  3. Third Generation (GOOG) "The money is not in the software, but it is differentiating"
  4. Fourth Generation (Facebook/Twitter) "Software is not even differentiating, the value is the data"
I found this an interesting idea.  I wonder if you could do the same to define "generations" of "computer crime".

  1. First Generation: Steal Service (70's and 80's - phreaking, war-dialing, etc)
  2. Second Generation: Steal Software (80's and 90's - cracking, serials, etc)
  3. Third Generation: Steal Network (90's up and 00's - DDoS, illicit file servers, shells, etc)
  4. Fourth Generation: Steal Data (2000-present - SQLi, carding, etc - monetization) 
I know this is probably more often roughly split up like:
  1. Pre-history - Phone systems
  2. PC's - Attacking individual PCs, PC software, viruses, etc
  3. Networks - Attacking network services
  4. Network Applications - Attacking networked applications
Obviously, none of these divisions completely work - there are significant outliers in each case.

But I'm starting to think that we should acknowledge that it has always really been about the application - only the goals have changed.  That ultimately, the problem has always been bad software (requirements, design, implementation, testing, configuration, etc) whether it was phone switch hacking or virus/cracking activity or DDoS/root shells or "modern" web hacking.


  1. Aside from identifying bad software - we are still faced with the issue of evolving technologies without perfecting (or at least securing) previous technologies.

    Just a view. :)

  2. Thank you for your comment. I apologize for letting it languish in moderation - I did not have my settings properly adjusted and I was not notified. I have corrected this.