Hacking in one sense began back in the 1940’s and 1950’s when amateur radio enthusiasts would tune in on police or military radio signals to listen in on what was going on. Most of the time these “neo-hackers” were simply curious “information junkies,” looking for interesting pieces of information about government or military activities.The thrill was in being privy to information channels that others were not and doing so undetected.
Hacking and technology married up as early as the late sixties, when Ma Bell’s early phone technology was easily exploited, and hackers discovered the ability to make free phone calls, which we discuss in the next section. As technology advanced, so did the hacking methods used. It has been suggested that the term hacker, when used in reference to computer hacking, was first adopted by MIT’s computer culture. At the time, the word only referred to a gifted and enthusiastic programmer who was somewhat of a maverick or rebel.
The original-thinking members of MIT’s Tech Model Railroad Club displayed just this trait when they rejected the original software that Digital Equipment Corporation shipped with the PDP-10 mainframe computer and created their own, called Incompatible Timesharing System (ITS). Many hackers were involved with MIT’s Artificial Intelligence (AI) Laboratory. In the 1960s, however, it was the ARPANET, the first transcontinental computer network, which truly brought hackers together for the first time.
The ARPANET was the first opportunity that hackers were given to truly work together as one large group, rather than working in small isolated communities spread throughout the entire United States. The ARPANET gave hackers their first opportunity to discuss common goals and common myths and even publish the work of hacker culture and communication standards (The Jargon File, mentioned earlier), which was developed as a collaboration across the net.
Phone System Hacking
A name that is synonymous with phone hacking is John Draper, who went by the alias Cap’n Crunch. Draper learned that a whistle given away in the popular children’s cereal perfectly reproduced a 2600 Hz tone, which he used to make free phone calls. In the mid-1970s, Steve Wozniak and Steve Jobs—the very men who founded Apple Computer—worked with Draper, who had made quite an impression on them, building “Blue Boxes,” devices used to hack into
phone systems. Jobs went by the nickname of “Berkley Blue” and Wozniak went by “Oak Toebark.” Both men played a major role in the early days of phone hacking or phreaking. Draper and other phone phreaks would participate in nightly “conference calls” to discuss holes they had discovered in the phone system. In order to participate in the call, you had to be able to do Dual Tone Multi-frequency (DTMF) dialing, which is what we now refer to as a Touchtone dialing.What the phreaker had to do was DTMF dial into the line via a blue box.
The box blasted a 2600 Hz tone after a call had been placed. That emulated the signal that the line recognized to mean that it was idle, so it would then wait for routing instructions.The phreaker would put a Key Pulse (KP) and a Start (ST) tone on either end of the number being called; this compromised the routing instructions and the call could be routed and billed as a toll-free call. Being able to access the special line was the basic equivalent to having root access into Bell Telephone.
Part of the purpose of this elaborate phone phreaking ritual (besides making free calls) was that the trouble spots that were found were actually reported back to the phone company. As it turns out, John Draper was arrested repeatedly during the 1970s, and he ultimately spent time in jail for his involvement in phone phreaking.
But possibly the greatest example ever of hacking/phreaking for monetary reasons would be that of Kevin Poulsen to win radio contests. What Poulsen did was hack into Pacific Bells computers to cheat at phone contests that radio stations were having. In one such contest, Poulsen did some fancy work and blocked all phone lines so that he was
every caller out of 102 callers. For that particular effort, Poulsen won a Porsche 944-S2 Cabriolet. Poulsen did not just hack for monetary gain, though; he was also involved in hacking into FBI systems and is accused of hacking into other governmental agency computer systems as well. Poulsen hacked into the FBI systems to learn about their surveillance methods in an attempt to stay in front of the people who were trying to capture him. Poulsen was the first hacker to be indicted under U.S. espionage law. Computer Hacking As mentioned earlier, computer hacking began with the first networked computers back in the 1950s.The introduction of ARPANET in 1969, and NSFNet soon thereafter, increased the availability of computer networks. The first four sites connected through ARPANET were The
University of California at Los Angeles, Stanford, University of California at Santa Barbara and the University of Utah.These four connected nodes unintentionally gave hackers the ability to collaborate in a much more organized manner. Prior to the ARPANET, hackers were able to communicate directly with one another only if they were actually working in the same building.This was not all that uncommon of an occurrence, because most computer enthusiasts were congregating in university settings. With each new advance dealing with computers, networks, and the Internet, hacking also advanced.
The very people who were advancing the technology movement were the same people who were breaking ground by hacking, learning the most efficient way they could about how different systems worked. MIT, Carnegie-Mellon University, and Stanford were at the forefront of the growing field of Artificial Intelligence (AI). The computers used at universities, often the Digital Equipment Corporation’s (DEC) PDP series of minicomputers, were critical in the waves of popularity in AI. DEC, which pioneered commercial interactive computing and time-sharing operating systems, offered universities powerful, flexible machines that were fairly inexpensive for the time, which was reason enough for numerous schools to have them on campus. ARPANET existed as a network of DEC machines for the majority of its life span.The most widely used of these machines was the PDP-10, which was originally released in 1967. The PDP-10 was the preferred machine of hackers for almost 15 years.The operating system, TOPS-10, and its assembler,MACRO-10, are still thought of with great fondness. Although most universities took the same path as far as computing equipment was concerned, MIT ventured out on their own. Yes, they used the PDP-10s that virtually everybody else used, but they did not opt to use DEC’s software for the PDP-10. MIT decided to build an operating system to suit their own needs, which is where the Incompatible Timesharing System operating system came into play. ITS went on to become the time-sharing system in longest continuous use.
ITS was written in Assembler, but many ITS projects were written in the language of LISP. LISP was a far more powerful and flexible language than any other language of its time.The use of LISP was a major factor in the success of underground hacking projects happening at MIT. By 1978, the only thing missing from the hacking world was a virtual
meeting. If hackers couldn’t congregate in a common place, how would the best, most successful hackers ever meet? In 1978, Randy Sousa and Ward Christiansen created the first personal-computer bulletin-board system (BBS).This system is still in operation today. This BBS was the missing link that hackers needed to unite on one frontier. However, the first stand-alone machine—which included a fully loaded CPU, software, memory, and storage unit—wasn’t introduced until 1981 (by IBM).They called it the personal computer. Geeks everywhere had finally come into their own! As the ’80s moved forward, things started to change.ARPANET slowly started to become the Internet, and the popularity of the BBS exploded.
Near the end of the decade, Kevin Mitnick was convicted of his first computer crime. He was caught secretly monitoring the e-mail of MCI and DEC security officials and was sentenced to one year in prison. It was also during this same time period that the First National Bank of Chicago was the victim of a $70 million computer crime.Around the same time that all of this was taking place, the Legion of Doom (LOD) was forming. When one of the brightest members of this very exclusive club started a feud with another and was kicked out, he decided to start his own hacking group, the Masters of Deception (MOD).
The ensuing battle between the two groups went on for almost two years before it was put to an end permanently by the authorities, and the MOD members ended up in jail. In an attempt to put an end to any future shenanigans like the ones demonstrated between the LOD and the MOD, Congress passed a law in 1986 called the Federal Computer Fraud and Abuse Act. It was not too long after that law was passed by Congress that the government prosecuted the first big case of hacking. Robert Morris was convicted in 1988 for the Internet worm he created. Morris’s worm crashed over 6,000 Net-linked computers. Morris believed that the program he wrote was harmless, but instead it somehow got out of control. After that, hacking just seemed to take off like a rocket ship. People were being convicted or hunted left and right for fraudulent computer activity. It was just about the same time that Kevin Poulsen entered the scene and was indicted for phone tampering charges. He “avoided” the law successfully for 17 months before he was finally captured. Evidence of the advances in hacking attempts and techniques can be seen almost every day in the evening news or in news stories on the Internet.
The Computer Security Institute estimates that 90 percent of Fortune 500 companies suffered some kind of cyber attack over the last year, and between 20 and 30 percent experienced compromises of some kind of protected data by intruders.With the proliferation of hacking tools and publicly available techniques, hacking has become so mainstream that businesses are in danger of becoming overwhelmed or even complacent. Companies that develop defense strategies will protect not only themselves from being the target of hackers, but also the consumers,
because so many of the threats to Web applications involve the end user.
