During the Trojan War, the Greeks depart in ships, leaving behind a large wooden horse as a victory offering. It’s hauled inside the walls of Troy. Come nighttime, Greek soldiers descend from the horse’s belly to slay the guards and commence destruction of the city.
Whether this actually happened, and whether it happened on the traditional date given (based on calendrical hints in ancient accounts), archaeological evidence has established that a Trojan War did occur in Asia Minor around 1200 BCE.
Today, a Trojan horse is software that seems to perform one action but actually performs another, usually with malicious intentions. What cybersecurity lessons might we learn from the original Trojan Horse?
| • | Persistence: The Greeks had besieged Troy for ten years without result. |
| • | Epistemology: Things are not always what they seem to be. |
| • | Virgil, updated: Beware of strangers bearing gifts. |
| • | Social engineering: The horse flattered the Trojans, who loved horses and were delighted with the gift. |
| • | Engineering: The horse was on wheels, designed to make it easy for the Trojans to pull it inside their defenses. |
| • | Ignoring warning messages: Two prominent Trojans cautioned against accepting the gift. They were both disregarded. |
| • | Delay: Soldiers inside the Trojan Horse did not do their damage immediately but waited for an opportune moment. |
| • | Size: A handful of Greeks unleashed lots of damage. |
| • | Negating security from inside: They killed the guards and opened the gates from within, rendering Troy’s strong walls useless against the waiting Greek army. |
| • | Scope of damage: Troy was burned and destroyed. |
| • | Permanent effects: Troy lost the war. |
Today, you could lose only your data, your hard drive, your thesis, your job, your money, your business, your identity, or some awful combination of these.—RA