Cyber Threats History: Rise of the Hacker Culture (1980s)


After John Draper and his electronic whistling abilities gained a wide audience, there was a major shift in computing and hacking enjoyed a golden era of sorts in the 1980s. Society started becoming aware of hackers as computers became increasingly accessible and as networks grew in both size (number of terminals) and popularity (number of users) throughout the late seventies and early eighties.

During the 80s, the hacker population probably went up 1000-fold and there are mainly three events credited with doing the most in this area. Personal computer and clones were made available to the public at cheap prices. People could afford to buy a terminal and set up a BBS. And, where you find BBS's, you find hackers.

The movie War Games depicted the existence of hacking and the potential power associated with it. War Games displayed hacking as a glamorous thing and made it look easy. The movie shone a flashlight onto the hidden face of hacking, and introduced the wider public to the phenomenon. This created a degree of mass paranoia with the threat of hackers getting into any computer system and launching nuclear missiles. However, for a vast teenager audience, the movie gleaned a different message. It implied that hacking could get you girls. Cute girls…

Almost simultaneously, two novels had a great impact in popular culture: Cyberpunk, by Bruce Bethke, and Neuromancer, by William Gibson. The combination of the aforementioned factors catapulted hacker culture into the mainstream media.

By the late 1980s, the home PC had become more prevalent but large corporations still cornered the market on the technology. However, computers were no longer limited to the realms of hardcore hobbyists and business users; anyone, including existing and yet-to-be-realized hackers, could acquire a computer for their own purposes. Modems, enabling computers to communicate with each other over telephone lines, were also more widely available and significantly extended the hacker’s reach.

While phreakers were still blowing whistles into phone receivers, a new type of delinquent emerged; the cracker. This term, disputed until today, refers to a criminal hacker who uses his skills with criminal intentions far beyond the simple exploration of computer systems. This new breed of “hacker” directed its knowledge and tenacity toward distinctly criminal pursuits, including the distribution of pirated commercial software, games, and viruses and worms that could virtually shut down systems. Hacker and cracker clubs surged in popularity becoming nothing short of an epidemic, and in 1986, the U.S. government tried to thwart the problem by passing the Computer Fraud and Abuse Act (CFAA).  

Historical Landmarks:

 

1980


Steve Bellovin, Tom Truscott and Jim Ellis develop and establish USENET for the UNIX to UNIX Copy (UUCP) architecture. USENET resembles a bulletin board system (BBS) but there is one major difference: the absence of a central server and dedicated administrator. USENET is a decentralized news network distributed among many servers that store and forward messages to one another.  

1981


A group of German computer enthusiasts with a strong political orientation forms the Chaos Computer Club (CCC) in Hamburg.  

CCC Logo


Ian Murphy, along with three friends, hacks the server used by AT&T to meter people’s calls. He changes the internal clocks so that customers would get midnight discounts in the midday, while those who waited until midnight to call long distance were hit with high bills. For the incident, Murphy (known to his friends as Captain Zap) becomes the first hacker to be tried and convicted as a felon.
 Ian Murphy

IBM introduces its first Personal Computer (PC) igniting a fast growth of the personal computer market. Its' a stand-alone machine, fully loaded with a 4.77 MHz Intel 8088 CPU and Microsoft´s MS-DOS operating system. Although the term personal computer is already in use alongside with "microcomputer" and "home computer", the IBM model 5150 sets the standard for what is later to be known as compatible PC products. Prior to this, the personal computer market is dominated by systems using the 6502 and Z80 8-bit microprocessors, such as the TRS 80 and Apple II series but from now on the standard will be the IBM PC compatible hardware platform.
 
IBM PC 5150  

1982


Rich Skrenta, a 15-year-old high school student, creates the Elk Cloner for the Apple II operative system. The Elk Cloner spreads using a technique now known as "boot sector" infection. If a computer boots from an infected floppy disk, a copy of the virus is loaded in the computer's memory. When an uninfected disk is inserted into the computer, the Elk Cloner copies itself to the disk, spreading from disk to disk.
  Elk Cloner
In Manhattan, at the Memorial Sloan-Kettering Cancer Center, a system administrator for a DEC VAX 11/780 computer finds his system down. Soon, dozens of other systems around the country are reported as being hacked by the 414s, a group of Milwaukee teenagers aged 15 to 22 using their area code as name of the gang. Using home computers connected to ordinary telephone lines, the group breaks into 60 computer systems at institutions ranging from the Los Alamos Laboratories to hospitals and banks.

A KGB operative steals the plans for a sophisticated control system and its software from a Canadian firm. In order to prevent the use of this control system on the Trans-Siberian pipeline, the CIA inserts a piece of software code into the computers overseeing the pipeline that changes the workings of the system causing computational chaos. The effects of this logic bomb are a monumental explosion, showing the world the potential power of cyber warfare.

Scott Fahlman uses emoticons :-) and :-(, with a specific suggestion that they be used to express emotion.
 Emoticon  

1983


On January 1st, NCP is officially rendered obsolete and every machine connected to ARPANET has to use more flexible and powerful TCP/IP. This use of this new protocol suite marks the start of the modern Internet.

The University of Wisconsin creates the Domain Name System (DNS) allowing data packets to be directed to a domain name, which is translated by servers into the corresponding IP number.

Bruce Bethke publishes the short story Cyberpunk about information technology and cybernetics, mixed with a degree of radical change in the social order.
  Cyberpunk
Ken Thompson describes a security exploit that he calls a "Trojan horse".

The FBI busts the "414s" and the incident appears as the cover story of Newsweek with the title "Beware: Hackers at play". As a result, the U.S. House of Representatives begins hearings on computer security hacking.

Fred Cohen coins the term "computer virus" to describe a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.

The movie War Games popularizes hacking and introduces the general public to the phenomenon.
   WarGames

ARPANET splits into two separate networks: the Military Network (MILNET) for unclassified defense department communications and the ARPANET for the academic research community. Separating the civil and military networks reduces the 113-node ARPANET by 68 nodes.
    

1984


A mysterious character calling himself Lex Luthor founds the Legion of Doom (LoD), an elite group of hackers and phreakers committed to widely distribute their knowledge. Soon after, the Legion of Doom Technical Journal begins to show up on boards throughout the underground. The group includes some hackers that would soon enter history as a result of theirs actions, namely Erik Bloodaxe (Chris Goggans), The Mentor (Loyd Blankenship) and Phiber Optik (Mark Abene).

The Chaos Computer Club demonstrates a serious problem in the Bundespost‘s (German post office) new Bilschirmtext (BTX) interactive videotext service. Using the security flaws, the CCC transfers a sizable amount of money into their own bank account through a script that ran overnight as a demonstration to the press and returns the money publicly.

The first Chaos Communication Congress, the annual European hacker conference organized by the Chaos Computer Club, is held in Hamburg.

The US Comprehensive Crime Control Act gives Secret Service jurisdiction over computer fraud.

The hacker group Cult of the Dead Cow (cDc) forms in Lubbock, Texas and begins publishing its electronic magazine.
 
CdC Logo

Eric Corley starts the hacker magazine 2600: The Hacker Quarterly exactly when TAP is putting out its final issue. The publication provides tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day along with a stream of explanations of how to exploit specific vulnerabilities in a wide range of operating systems and application environments.
   2600

William Gibson publishes Neuromancer, the first major cyberpunk novel. In it he coins the term “cyberspace”, term used to describe the network of computers through which his characters travel.
   Neuromancer

  ARPANET MILNET April 1984  

1985


Microsoft Windows 1.0 is released.
  
Windows 1.0 Logo

Phrack, an electronic magazine written by and for hackers, begins publishing. The uncensored commentary provides a fascinating glimpse over the personalities and world views of its contributors and editors.
    Phrack Logo

Peter Sommer publishes The Hacker's Handbook.

In a joint operation involving several law enforcement agencies, a number of equipment from BBS operators and users alike is seized across New Jersey in an operation on the Private Sector BBS - the official bulletin board of 2600 magazine.
    

1986


Two Pakistani brothers, Basit Farooq Alvi and Amjad Farooq Alvi, write a computer program to protect their medical software from piracy, and it is supposed to target copyright infringers only. Brain affects the IBM PC computer by replacing the boot sector of a floppy disk with a copy of the virus. The virus changes the disk label to ©Brain and slows down the floppy disk drive. The program includes the brothers' address, three phone numbers, and a message that tells the user his machine is infected and to call them for inoculation. It is considered to be the first computer virus for MS-DOS.  

Loyd Blankenship, the hacker member of LOD known as The Mentor is arrested. While in prison he writes The Hacker's Manifesto. Published in Phrak magazine, it soon becomes a true cornerstone of hacker culture.

Markus Hess, a German citizen recruited by the KGB, spies U.S. military information for the Soviets. Hess's hacking activities are discovered by Clifford Stoll, an astronomer working as systems administrator of the computer center of the Lawrence Berkeley Laboratory (LBL) in California. Hess was able to attack 400 U.S. military computers by using LBL to get into ARPANET and MILNET before being stopped.

The Internet Engineering Task Force or IETF is created to serve as a forum for technical coordination by contractors for DARPA working on ARPANET, US Defense Data Network, and the Internet core gateway system.
   IETF Logo

Seventeen year old Herbert Zinn is arrested after hacking into U.S. military and AT&T computers for months.

1987


A student at the Clausthal University of Technology, using the REXX scripting language, writes the Christmas Tree EXEC worm and causes major disruption to the European Academic Research Network, the BITNET, and IBM's worldwide VNET networks. The program draws a crude Christmas tree as text graphics, then sends itself to each entry in the target's email contacts file. It is the first widely disruptive computer worm.
  Christmas Tree Exec  

1988


The First National Bank of Chicago is the victim of $70-million computer theft.

Robert Tappan Morris, a graduate student at Cornell University, allegedly plans to perform an experiment to map the size of the ARPANET. To attain this goal, he writes a program capable of copying itself across the network but after 12 hours of its release, the worm is completely out of control and is has infected already at least 6,000 UNIX servers, approximately 10% of entire network, clogging government and university systems. It will take years completely eradicate the worm causing damages estimated at around $10,000,000. Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10K.
   Robert Morris

Is response to the Morris worm incident, the Computer Emergency Response Team (CERT) is founded.

The Father Christmas worm spreads over DECnet networks attacking VAX/VMS systems with the aim of sending a Christmas greeting from "Father Christmas" to the affected system.

Dave Rhodes, a college student who wanted to make a little extra cash with little extra effort, creates the first known electronic chain letter, titled Make Money Fast.

Jarkko Oikarinen creates the first Internet chat network, called Internet Relay Chat (IRC).

The Jerusalem virus causes a major epidemic being detected in many enterprises, government offices and academic institutions on Friday, May 13th. It duplicates itself every Friday and on the 13th of the month, causing system slowdown; however, on every Friday the 13th after May 13, 1988, it also corrupts all available disks on the infected systems.

1989


The Datacrime virus (a Jerusalem modification) appears and is extremely dangerous: from October 13th through December 31st, it initiates a low-level formatting of a hard disc's zero cylinder which leads to the destruction of tables stored in FAT files and irrevocable loss of data.

Acid Phreak (Eli Ladopoulos) founds the Masters of Deception (MOD), a new hacker group based in New York. After a series of disputes, Phiber Optik and Erik Bloodaxe leave the LOD and join the MOD.

A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, is arrested for acts of cyber espionage like breaking into US government and corporate computers and selling operating-system source code to the KGB. Markus Hess, discovered by Clifford Stoll, is part of this group.

The 24th issue of Phrack includes an administrative document, copied from a BellSouth computer, describing the organization of the Enhanced 911 emergency response system.

Joseph Popp unleashes the first large-scale computer extortion scheme. 20,000 discs containing a trojan are sent to addresses all over the world. Under the pretense of a quiz on the AIDS virus, users unwittingly load the program that would automatically installs itself on the system, creating its own concealed files and directories and modifying system files. After 90 loads, the operating system encoded the names of all files, rendering them invisible and leaving only one file accessible. This file threatens to destroy all computer data unless the user pays $500 into a foreign account.
  AIDS Computer Virus

The politically motivated WANK worm spreads over DECnet. VMS machines worldwide are penetrated by the anti-nuclear worm having their login screens altered to:
   WANK
    

The WANK worm is the first documented case of hacktivism.


Tim Berners-Lee proposes an information management system using the Hypertext Transfer Protocol (HTTP). It’s the birth of the World Wide Web.

Kevin Mitnick secretly monitors the e-mail of MCI and DEC security officials. He is convicted of damaging computers and stealing software and sentenced to a year in jail.
  Kevin Mitnick

Kevin Poulsen (Dark Dante) is indicted on 19 counts of conspiracy, fraud, wiretapping and money laundering. He goes on the run and avoids capture for 17 months.
  Kevin Poulsen


Previous ChapterNext Chapter: The Internet Expansion (1990s)

Cyber Threats History: The Age of Phreaking (1970s)


The 70's were a magical decade, producing a new type of hacker, one focused on telephone systems. These hackers, known as phreakers, discovered and exploited operational characteristics of the newly all-electronic telephone-switching network that enabled them to make long distance calls free of charge. In the 1970s, the cyber frontier was wide open and hacking was all about exploring and figuring out how the wired world worked.

The phreaker movement is an important early example of anti-establishment subculture that spawns influential hackers and visionaries in the realm of the personal computer. Back then, phreaking offered hackers a potent allure. It meant unraveling a mystery and sharing the results with friends. It was not as much about the nefarious phone exploitation as it was about understanding the complexity of the system. The only thing missing for the hacking scene was a virtual clubhouse where all the best hackers could meet and to overcome that, in 1978 two guys from Chicago created the very first public dial-up Bulletin Board System.  

Historical Landmarks:

 

1970


After monitoring around 33 million toll calls to find phreakers, AT&T scores 200 convictions.   Universities and defense contractors begin connecting to ARPANET and the network keeps expanding.  

ARPANET December 1970  

1971


Esquire Magazine publishes an article about phreaking which attracted the attention of many young technophiles as it features John Draper, his friend Josef Engressia and the blue box. The author, Ron Rosenbaum, exposes the phreaking world in his history called "Secrets of the Little Blue Box", portraying Captain Crunch as a romantic hero.

Abbie Hoffman and Al Bell start the pioneer phreak magazine The Youth International Party Line (YIPL). Later, the name is changed to TAP for Technological American Party or Technological Assistance Program and it is a phone phreaking newsletter that teaches the techniques necessary for the unauthorized exploration of the phone network.

Creeper is an experimental self-replicating program written by Bob Thomas at BBN Technologies and it is designed not to damage but to demonstrate a mobile application. Creeper infects the DEC PDP-10 computers running the TENEX operating system used on the ARPANET. The program is able to gain access independently through a modem and copy itself to remote computers via the ARPANET. Infected systems display the message, “I’M THE CREEPER: CATCH ME IF YOU CAN.” While it is now widely credited as being the first computer worm, the concept did not yet exist at the time of its creation.

Ray Tomlinson of BBN sends the first email message between users on different hosts connected to the ARPANET, initiating the use of the "@" sign to separate the name of the user from the machine's name.

ARPANET September 1971  

1972


The Esquire article leaves John Draper under such a pressure that he is arrested on toll fraud charges and sentenced to five years' probation.

The Reaper program, anonymously created, is also a computer worm, like the Creeper, but its purpose is to delete the latter. It spreads to networked machines and if it locates a Creeper virus, deletes it.

The Advanced Research Projects Agency (ARPA) is renamed Defense Advanced Research Projects Agency (DARPA).
  
ARPANET August 1972    

1973


Robert M. Metcalfe starts to develop the Ethernet technology as part of his PhD dissertation.

Vinton Cerf, from Stanford, the developer of the existing ARPANET NCP protocol, joins Robert Kahn to work on open-architecture interconnection models with the goal of designing the next protocol generation for the ARPANET. This new protocol was to allow diverse computer networks to interconnect and communicate with each other.

A cashier at New York's Dime Savings Bank uses a computer to embezzle over $2 million.

DARPA is renamed back to ARPA (Advanced Research Projects Agency).

By the end of the year there are 37 sites on the ARPANET, including a satellite link from California to Hawaii. Also in 1973, the University College of London in England and the Royal Radar Establishment in Norway become the first international connections to the ARPANET. The backbone is still running at 50 kbps.
  ARPANET September 1973    

1974


A virus named Rabbit appears and it doesn’t do anything except multiply and spread to other machines. The name is a comment on the speed with which the program multiplies. It clogs the system with copies of itself until it reaches a level of low performance threshold where the computer crashes.

Telenet, a commercial version of ARPANET, debuts. It is the first commercial packet switched network and its available to the general public.

First use of term Internet by Vint Cerf and Bob Kahn in a paper on Transmission Control Protocol (TCP).
   ARPANET June 1974  

1975


John Walker writes Pervading Animal, a game for the Univac 1108. The rules of the game are simple: the player thinks of an ANIMAL and the program asks questions in an attempt to identify it while the related program, PERVADE, creates a copy of itself and also of the ANIMAL program in every directory to which the current user had access. When users with overlapping permissions discover the game, it spreads across the multi-user UNIVACs, and it infects other computers when tapes are shared.

After some time, as a result, all directories would contain copies of 'Pervading Animal.' Univac programmers attempted to use the Creeper-Reaper model to control the situation: a new version of the game scanned for older versions and destroyed them. However, the issue is fully resolved only when a new version of the operating system is released, modifying the file system and preventing the game from multiplying. Though non-malicious, analysts are still debating today whether "Pervading Animal" was another virus or the first Trojan "in the wild".

John Brunner publishes the novel "The Shockwave Rider", in which an omnipotent "tapeworm" program runs loose through a network of computers.  

The Shockwave Rider

Bill Gates and Paul Allen start Microsoft.
  Bill Gates and Paul Allen

Two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. Oak Toebark (Steve Wozniak), the technical whiz, builds the boxes, while Berkeley Blue (Steve Jobs), the marketing genius, sells them for $150 a pop. They split the profits and, along the way, realize they make a pretty good team.
   Steve Wozniak and Steve Jobs   ARPANET July 1975  

1976


Stephen Wozniak, Steve Jobs, and Ron Wayne form Apple Computer.
   Apple Logo

The Department of Defense begins testing the TCP/IP protocol and soon decides to implement it on ARPANET.

After testing and registering the patent, Robert Metcalfe and David Boggs publish a seminal paper on Ethernet technologies opening a new era for computer communications.
    ARPANET November 1976  

1977


UUCP (Unix-to-Unix CoPy) is developed at AT&T Bell Labs and distributed with UNIX one year later.
   ARPANET December 1977  

1978


The first intentional commercial spam is sent by Digital Equipment Corporation (DEC) marketing manager Gary Thuerk in 1978. Rather than send a separate message to each person, which is the standard practice, he orders an assistant to write a single mass e-mail to 393 West Coast ARPANET users, advertising the availability of a new model of DEC computers. Although the term "spam" has not yet been coined, Thuerk's message gets the same response as modern spam; users are outraged at the misuse of an information network for commercial purposes but the spam does generate some sales.

Randy Suess and Ward Christiansen, creates the first personal-computer bulletin-board system: the CBBS (Computerized Bulletin Board System). It is the dawn of a new means of communication for the electronic underground.
  ARPANET December 1978  

1979


John Shoch and Jon Hupp at Xerox Palo Alto Research Center design a computer worm, a short program that searches a network for underused processors. Though built to improve computer efficiency, it is the genesis of the destructive, modern worm. The term "worm" is taken from the book "The Shockwave Rider," to describe a program that propagates itself through a computer network.
  ARPANET December 1979

The BeginningNext Chapter: Rise of the Hacker Culture (1980s)

Cyber Threats History: The Beginning (1960s)

In the early years of the 21st century the word "hacker" has become associated with people lurking into dark rooms and anonymously terrorizing cyberspace. But hacking and phreaking have been around since the 1960s when computers were true behemoths housed in restricted laboratories accessible only to a few geeks. Back in those days it was impossible for any teenager to buy a computer and only accredited professionals were allowed the privilege of programming these powerful machines.

The original hackers were only students, computer programmers and systems designers, adherent of a new subculture that originally emerged in the 1960s around the Massachusetts Institute of Technology (MIT)'s Tech Model Railroad Club (TMRC). The members of this model train group "hacked" their electric trains, tracks, and switches to make them perform faster and differently. A hack was simply an elegant or inspired solution to any given problem.

Later, a few of the members of the TMRC transfer their curiosity and rigging skills to the new mainframe computing systems being studied and developed on campus. At this time, MIT employed some nerds to do some artificial intelligence and computer research. These guys actually created the models for the machine you are working on right now and were truly the first programmers and engineers in the field of IT.

This new Artificial Intelligence Laboratory, with its huge mainframe computers, became the staging ground for the first computer hackers emerging at MIT. At first, "hacker" was a positive term for a person with a mastery of computers who could push programs and systems beyond what they were originally designed to do. For these early pioneers, a hack was a feat of programming prowess and such activities were greatly admired as they combined expert knowledge with a creative instinct.

These early computer hackers were programming enthusiasts, experts primarily interested in modifying programs to optimize their performance, customize them for specific applications, or just for the fun of learning how things worked. Very often, the shortcuts and modifications produced by these hackers were even more elegant than the original programs they replaced or circumvented. In fact, the most elegant—and enduring—hack from this period is the UNIX operating system, developed in the late 1960s by Dennis Ritchie and Keith Thompson of Bell Labs.  

Historical landmarks:


1947


Lieutenant Grace Murray Hopper discovers a moth trapped between relays in a Navy computer, the Mark II Aiken Relay Calculator. She calls it a "bug," and the operators affixed the moth to the computer log, with the entry: "First actual case of bug being found". Later, Grace Hopper put out the word that they had "debugged" the machine, thus introducing the term "debugging a computer program".  

FirstBug  

1948


Norbert Wiener published "Cybernetics," a major influence on later research into artificial intelligence and coined the term "cybernetics" from the Greek word meaning to "steer" or "navigate"   Norbert Wiener  

1949


Hungarian-American scientist John von Neumann formulates the theory of self-replicating programs, providing the theoretical basis for computers that hold information in their "memory."
   
John von Neumann  

1953


IBM shipped its first electronic computer, the 701. During three years of production, IBM sold 19 machines to research laboratories, aircraft companies, and the federal government.
    IBM 701

1954


In November, the Bell System Technical Journal published an article describing the R1 signaling system in use at the time and the process used for routing telephone calls over trunk lines. This was the first step in a very serious mistake but the information could not be used, as the frequencies used for the Multi-Frequency, or "MF", tones were not published in this article.

1956


MIT researchers built the TX-0, the first general-purpose, programmable computer built with transistors. For easy replacement, designers placed each transistor circuit inside a "bottle," similar to a vacuum tube.
   
MIT TX-0  

1957


The USSR launches Sputnik, the first artificial earth satellite. In response, the United States forms the Advanced Research Projects Agency (ARPA) within the Department of Defense (DoD) to establish US lead in science and technology applicable to the military.

In the late 1950s, AT&T began switching its telephone networks with the implementation of fully automatic switches that used specific frequency tones to communicate between them. One of these internal-use tones was a tone of 2600 Hz which caused a telephone switch to think the call was over, leaving an open carrier line which could be exploited to provide free long-distance and international calls.

Around 1957, Josef Engressia, a blind seven-year-old child with perfect pitch and an emotional fixation on telephones, accidentally discovered that whistling at certain frequencies could activate phone switches. Josef enjoyed the phone system and being a curious child, he called recorded messages all over the world, because it was free, and is was a good past time.

One day, he was listening to a message and whistling. When he hit a certain tone, the message clicked off. Joe fooled around with other numbers and the same pitch, and found he could switch off any recorded message. Unaware of what he had done, Josef called the phone company and wanted to know why this happened. He didn't understand the explanation given but soon after he learned to whistle the 2600 Hz pitch that interrupted long-distance telephone calls and allowed him to place a free long-distance call to anywhere in the world.

1959


IBM´s 7000 series mainframes were the company´s first transistorized computers. At the top of the line of computers - all of which emerged significantly faster and more dependable than vacuum tube machines - sat the 7030, also known as the "Stretch".
  IBM Stretch  

1960


In November, Bell's previous mistake was completed when another article titled "Signaling Systems for Control of Telephone Switching" was published, this time containing the frequencies used for the digits that were used for the actual routing codes. Now, with these two precious bits of information, the phone system was at the disposal of anyone with a cursory knowledge of electronics. Once the company realized what they had done, it was too late and the information had already been made public. The error was now irreversible; phreaks learned the MF, and began using everything from their mouths to pipe organs to phreak calls.

AT&T introduces its Dataphone, the first commercial modem, specifically for converting digital computer data to analog signals for transmission across its long distance network.
   Dataphone

The term "hacker" is used by MIT train enthusiasts who hacked their train sets to change how they work. Later, these same enthusiasts emerge as the first computer hackers.

The word "cyborg" is coined by Manfred Clynes.
   

1963


Programmers develop the American Standard Code for Information Interchange (ASCII), a simple computer language that allows machines produced by different manufacturers to exchange data.  

ARPA launches Project MAC (the Project on Mathematics and Computation, also known as Multiple Access Computer, Machine Aided Cognitions, or Man and Computer).  

1964


AT&T begins monitoring telephone calls in as effort to discover the identities of "phone freaks," or "phreakers," who use tone generators (known as blue boxes) to make free phone calls.

Online transaction processing made its debut in IBM´s SABRE reservation system, set up for American Airlines. Using telephone lines, SABRE linked 2,000 terminals in 65 cities to a pair of IBM 7090 computers, delivering data on any flight in less than three seconds.  

1965


William D. Mathews from MIT found a flaw in a Multics CTSS running on an IBM 7094 that disclosed the contents of the password file and it is probably the first reported vulnerability in a computer system.  

1969


John T. Draper, a retired air force technician, was driving around to test a pirate radio transmitter he had built, when he broadcasted a telephone number to listeners as feedback to measure his station's reception.

John Draper

A callback from a "Denny" resulted in a meeting with a group of phone freaks, most of them blind. Interested in his electronic skills, they wanted him to build a multifrequency tone generator to gain easier entry into the AT&T system, which was controlled by tones. One the blind boys was Josef Engressia who had already identified the exact frequencies. They informed him that a toy whistle, included as a gift in the boxes of Cap'n Crunch breakfast cereal, generated a 2600 Hz tone when one of the whistle's two holes was covered.

Cap'n Crunch Whistle

This was the tone used by AT&T long lines to disconnect one end of the trunk, allowing the still connected side to enter an operator mode. Experimenting with this whistle inspired Draper to build electronic devices capable of reproducing other tones used by the phone company.

Blue Box

It was the birth of the worldwide famous blue boxes and of Captain Crunch, the pioneer phreaker nicknamed after a plastic whistle.

Programmers at AT&T's Bell Laboratories develop the UNIX operating system, the first multi-tasking operating system.

ARPA awarded the ARPANET contract to BBN Technologies. The company selected a Honeywell DDP-516 computer configured with 24 kB of expandable core memory as the base on which they would build the switch. The physical network linked four nodes: University of California at Los Angeles, SRI (in Stanford), University of California at Santa Barbara, and University of Utah. These nodes were wired together via 50 kbps circuits creating an early network used by government research groups and universities, and the forerunner of the Internet.

ARPANET 4 Nodes

Previous ChapterNext Chapter: The Age of Phreaking (1970s)

Cyber Threats History: An Overview

Before going over the history of cyberspace threats, let me take a moment to define what they are and to categorize them according to my personal view.

A cyber threat can be loosely defined as a conscious attempt to obtain unauthorized access to a computer system to extract or manipulate data or to violate the confidentiality, integrity, authenticity or availability of data inside the system.

There are numerous ways to organize these activities and you can find thousands of different takes on the subject, this one is mine and I say cyber threats can be grouped into 4 main categories:  

Cyber Terrorism


Cyberterrorism has become one of the most significant threats to the national and international security of modern states, and cyberattacks are occurring with increased frequency. Being a politically and emotionally charged subject, it was never possible to reach an international consensus regarding the development of an accepted comprehensive definition of the term "terrorism".

Therefore, there are literally hundreds of definitions of terrorism, many of them biased by the political view of its creators. I won't get into that debate but I will quote a political description of terrorism used by the United Nations General Assembly, back in 1994: "Criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or any other nature that may be invoked to justify them." With this in mind, how can we define cyberterrorism? It is obviously a very controversial term with many possible definitions depending on the scope of the actions performed.

Trying to avoid all the debate around the motivation, targets and methods involved I would define cyberterrorism as the use of the Internet and information technologies to organize and execute attacks against networks, computer systems and telecommunications infrastructures with ideological motivations.
   
Cyber Terrorism


In spite of the existence of a large amount of subjectivity in what exactly constitutes cyberterrorism, it’s only logical to assume that the concept must feature computer systems either as targets or as tools. Thus, cyberterrorism can be studied within the framework of a convergence of terrorism and cyberspace. In order to be considered as terrorism, an attack should aim at producing violence against persons or property, or at least cause enough harm to generate fear. Further, to qualify as “cyber” has to imply attacks and threats against computers, networks, or the information they store.

This should not be mixed with the use of the Internet by terrorist groups for organization, propaganda or recruitment because these activities are not a direct attack at anything. Therefore, the goal of cyberterrorists is to destroy, incapacitate, or exploit critical infrastructures causing terror in the general population and not just share information between them.

In our world, a terrorist does not need to have powerful explosives, only a computer and Internet access. Most importantly, the Internet provides cyberterrorists with a new target, bigger than any traditional target they could possibly hit in a direct physical attack. Theoretically, without the need to build a bomb or sacrifice themselves, cyberterrorists can disrupt the critical infrastructure of an entire nation, create havoc in the global economy, and instill fear and chaos among millions of people.
 CyberTerrorism

Western officials still believe their enemies are less developed in their IT capabilities and therefore they are likely to pose only a limited cyber threat. However, this serious mistake might have severe consequences in the future. The near future…

Cyber Crime


Although cybercrime and cyberterrorism activities can sometimes coexist, in their essence they are very different things because criminals mostly seek to attack systems in pursue of some form of monetary gain. Many individuals and organized crime groups are using a wide array of illegal tools and schemes to commit identity theft and online fraud. The purpose of this post is not to create an exhaustive list of illegal of these activities but nevertheless I will outline the major ones:  

Phishing


Basically, phishing is deceiving users to enter personal details at a fake website whose look and feel are almost identical to the legitimate one. The scheme is usually carried out via e-mail and is a good example of a social engineering technique used attempting to acquire private information such as usernames, passwords, and credit card details.  

CyberCrime

The term is a variant of fishing probably influenced by phreaking, and refers to "bait" used in hopes that the potential victim will "bite" when receiving communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators. By clicking on links to websites that are infected with malware or opening a malicious attachment, their financial information and passwords may then be stolen. There are many variants of phishing like Smishing or Vishing, just to mention a few.

Smishing


This is the use of social engineering techniques via SMS (Short Message Service), the technology used for text messages on cell phones. Hence the name, derived from "SMs phISHING".

Vishing


This is the criminal practice of using social engineering over the telephone system, and it has been facilitated by VoIP (Voice over IP) exploiting the general public's trust in landline telephone services. The term is a combination of "voice" and phishing.  

Spamming


Spam is the use of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Individuals or organizations (called spammers) distribute unsolicited e-mail messages with hidden or fake information mainly advertising in order to sell products but often also spreading several forms of malicious software (malware) and conducting various phishing schemes.

The term usually refers to e-mail spam, but it is also applied to similar practices in almost any other media like instant messaging, Usenet newsgroups, Web search engines, blogs, etc. The name comes from a Monty Python sketch in which Spam (spiced ham) is included in almost every dish.  

Spyware


This is malicious software installed on a system through users' deception to collect information without their knowledge. Spyware can get into the system bundled with desirable software or hidden using a Trojan horse making it difficult to detect.

This kind of software may also be intentionally installed by the administrator of corporate computers in order to monitor users' behavior but then it's considered to be monitoring software.  

Industrial Espionage


Big companies compete against each other in the global market and may seek to obtain sensitive information to improve their competitive advantage in various areas through their ability to conduct industrial espionage.  

Ciber Crime

Many business competitors hire international corporate spies and organized crime organizations to gain advantage in pricing, manufacturing or product development.  

Pedophilia


Although very seldom associated with cybercrime, pedophilia-sharing networks grew exponentially with the widespread use of the Internet. What was once limited to very secretive and geographically confined groups enjoyed for some years of large and new means for gathering new maniacs and was a prosperous business for many savages. But in recent years, officials all around the world are actively monitoring the systems and the pedophile barbarians took a deep dive into the underworld.  

Cyber Warfare


Cyberwarfare can be seen as the set of actions taken by a nation or state against another nation's computer systems for the purpose of causing damage or disruption thus making cyberspace the new domain in warfare. Cyberspace is an open field for military planners and some western countries are officially moving beyond classic warfare, involving physical force. But there is big debate focused on how to apply the existing body of international law on warfare and protect civilians in the event of an open cyber war.
  
Cyber War

Accordingly, cyberwarfare programs are government-sponsored projects to develop capabilities with the future prospect of causing widespread damage to critical infrastructures. Recently, the world knew about the deployment of Stuxnet, the first cyberweapon really developed to be used against a foreign nation. This cyber weapon intended to cripple Iran’s nuclear program is good example of how hard it is to say when cyber actions reach the threshold of war because in cyberspace it can be almost impossible to identify the enemies. In cyberwarfare there are no satellite photos of tanks or troop movements and very little can be done to prove whether a nation has launched an attack.  

CyberWar

Several nations are now aggressively working to develop information warfare doctrine, programs, and capabilities that include real cyberweapons. These new cyberweapons can have a significant impact by disrupting the supply chains, communications, and economic infrastructures that support the daily lives of citizens across the target nation. A very important aspect of this problem is that cyber attacks may have serious humanitarian consequences including damage to infrastructure like power grids, toxic waste facilities or derail passenger trains. Even more dangerous, derail trains loaded with lethal chemicals or contaminate the water supply in major cities.
   
Cybernetic War

Besides this, intelligence services use cyber tools as part of their information-gathering and espionage activities.  

Hacktivism


Hacktivism is a very controversial activity. The term (formed by joining the words hack and activism) was allegedly first coined in 1996 by a member of the Cult of the Dead Cow hacker group named Omega and refers to the use of computers and computer networks for political ends.

The term hacker usually refers to someone capable of finding weaknesses in a computer system. These skilled individuals may be motivated by a wide variety of reasons, such as monetary profit, political protest, or the challenge of defeating the system's security.
 
Anon

An hacktivist is a hacker who utilizes information technology to spread social, ideological, religious, or political messages. Therefore, hacktivists are politically active hackers that might pose a threat mostly by spreading propaganda rather than causing damage to critical infrastructures. Their attacks are aimed at supporting their political views or a plethora of other causes.
    Anonymous

Acts of hacktivism are carried out in the belief that proper and clever use of computer programming will be able to produce similar results to those produced by regular activism. Pending on your personal political views, you can think of hacktivists either as freedom fighters or as terrorists.

The Invisible Web


The Invisible Web (also called Deepnet, the Deep Web, or the hidden Web) refers to World Wide Web content that is not part of the so called Surface Web, which is indexed by standard search engines. The Deep Web contains many meaningless and harmless things, like web form submission data or web site navigation pages but has also a lot of information that can't be browsed in a Google search, and therefore can used for criminal activities.

Someone has said that searching on the Internet today can be compared to dragging a net across the surface of the ocean: a great deal may be caught in the net, but there is a wealth of information that is deep and therefore missed.  

Most of the Web's information is buried far down on dynamically generated sites, and standard search engines do not find it. Traditional search engines cannot find or retrieve content in the deep Web because those pages do not exist until they are created dynamically as the result of a specific search. The Deep Web is several orders of magnitude larger than the surface Web and this parallel world, containing a much wider range of information, is a precious resource for private companies, governments, and all kinds of researchers. 
 

image
To discover content on the Web, search engines use web crawlers that follow hyperlinks. This technique is ideal for discovering resources on the surface Web but is often ineffective at finding Invisible Web resources. For example, these crawlers do not attempt to find dynamic pages that are the result of database queries due to the infinite number of queries that are possible.

The Darknets

A darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Darknets were originally designed to ensure safety of political dissidents and circumvent network censorship used by totalitarian regimes, but also as a reaction to mass surveillance performed by governmental organizations.. Although such networks are still heavily used for these purposes, criminals made their way into them, attracted by the anonymity they provide.

The most famous of these Darknets is the Tor network.Often confused with the DeepWeb, it is a completely different things and in fact it is not even part of the DNS system and therefore, technically it is not part of the logical infrastructure of the World Wide Web


Next Chapter: The Beginning (1960s)