Pages

15 March 2015

Here is how cyber warfare began — 50 years ago


MARCH 12, 2015

(CNN) — Computer hacking was once the realm of curious teenagers. It’s now the arena of government spies, professional thieves and soldiers of fortune.

Today, it’s all about the money. That’s why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It’s also why Russian hackers have sneaked into Western oil and gas companies for years.

The stakes are higher, too. In 2010, hackers slipped a “digital bomb” into the Nasdaq that nearly sabotaged the stock market. In 2012, Iran ruined 30,000 computers at Saudi oil producer Aramco.

And think of the immense (and yet undisclosed) damage from North Korea’s cyberattack on Sony Pictures last year. Computers were destroyed, executives’ embarrassing emails were exposed, and the entire movie studio was thrown into chaos.

It wasn’t always this way. Hacking actually has some pretty innocent and harmless beginnings.

Curiosity created the hacker

The whole concept of “hacking” sprouted from the Massachusetts Institute of Technology nearly 50 years ago. Computer science students there borrowed the term from a group of model train enthusiasts who “hacked” electric train tracks and switches in 1969 to improve performance.

These new hackers were already figuring out how to alter computer software and hardware to speed it up, even as the scientists at AT&T Bell Labs were developing UNIX, one of the world’s first major operating systems.

Hacking became the art of figuring out unique solutions. It takes an insatiable curiosity about how things work; hackers wanted to make technology work better, or differently. They were not inherently good or bad, just clever.

In that sense, the first generation of true hackers were “phreakers,” a bunch of American punks who toyed with the nation’s telephone system. In 1971, they discovered that if you whistle at a certain high-pitched tone, 2600-hertz, you could access AT&T’s long-distance switching system.

They would make international phone calls, just for the fun of it, to explore how the telephone network was set up.

This was low-fi stuff. The most famous phreaker, John Draper (aka “Cap’n Crunch) earned his nickname because he realized the toy whistle given away in cereal boxes emitted just the right tone. This trained engineer took that concept to the next level by building a custom “blue box” to make those free calls.

This surreptitious little box was such a novel idea that young engineers Steve Wozniak and Steve Jobs started building and selling it themselves. These are the guys who would later go on to start Apple.

Wire fraud spiked, and the FBI cracked down on phreakers and their blue boxes. The laws didn’t quite fit, though. Kids were charged with making harassing phone calls and the like. But federal agents couldn’t halt this phenomenon.

A tech-savvy, inquisitive and slightly anti-authoritarian community had been born.

A new wave of hackers

The next generation came in the early 1980s, as people bought personal computers for their homes and hooked them up to the telephone network. The Web wasn’t yet alive, but computers could still talk to one another.

This was the golden age of hacking. These curious kids tapped into whatever computer system they could find just to explore. Some broke into computer networks at companies. Others told printers at hospitals hundreds of miles away to just spit out paper. And the first digital hangouts came into being. Hackers met on text-only bulletin board systems to talk about phreaking, share computer passwords and tips.

The 1983 movie “War Games” depicted this very thing, only the implications were disastrous. In it, a teenager in Washington state accidentally taps into a military computer and nearly brings the world to nuclear war. It’s no surprise, then, that the FBI was on high alert that year, and arrested six teenagers in Milwaukee — who called themselves the 414s, after their area code — when they tapped into the Los Alamos National Laboratory, a nuclear weapon research facility.

Nationwide fears led the U.S. Congress to pass the Computer Fraud and Abuse Act in 1986. Breaking into computer systems was now a crime of its own.

The damage of hacking started getting more serious, too. In 1988, the government’s ARPAnet, the earliest version of the Internet, got jammed when a Cornell University graduate student, curious about the network’s size, created a self-replicating software worm that multiplied too quickly.

The next year, a few German hackers working for the Russian KGB were caught breaking into the Pentagon. In 1990, hacker Kevin Poulsen rigged a Los Angeles radio station’s phone system to win a Porsche, only to be arrested afterward.

The cat-and-mouse game between law enforcement and hackers continued throughout the 1990s. Some hacked for money. Russian mathematician Vladimir Levin was caught stealing $10 million from Citibank. Others did it for revenge. Tim Lloyd wiped the computers at Omega Engineering in New Jersey after he was fired.

But hacks were still more of an annoyance than anything devastating, though it was quickly becoming apparent that the potential was there. The stock market, hospitals, credit card transactions — everything was running on computers now. There was a bone-chilling moment when a ragtag group of hackers calling themselves L0pht testified before Congress in 1998 and said they could shut down the Internet in 30 minutes.

The danger was suddenly more real than ever.

From curiosity to criminal

The ethos was starting to change, too. Previously, hackers broke into computers and networks because they were curious and those tools were inaccessible. The Web changed that, putting all that stuff at everyone’s fingertips. Money became the driving force behind hacks, said C. Thomas, a member of L0pht who is known internationally as the hacker “Space Rogue.”

An unpatched bug in Windows could let a hacker enter a bank, or a foreign government office. Mafias and governments were willing to pay top dollar for this entry point. A totally different kind of black market started to grow.

The best proof came in 2003, when Microsoft started offering a $5 million bounty on hackers attacking Windows.

“It’s no longer a quest for information and knowledge by exploring networks. It’s about dollars,” Thomas said. “Researchers are no longer motivated to get stuff fixed. Now, they say, ‘I’m going to go looking for bugs to get a paycheck – and sell this bug to a government.’ 

Loosely affiliated amateurs were replaced by well-paid, trained professionals. By the mid-2000s, hacking belonged to organized crime, governments and hacktivists.

First, crime: Hackers around the world wrote malicious software (malware) to hijack tens of thousands of computers, using their processing power to generate spam. They wrote banking trojans to steal website login credentials.

Hacking payment systems turned out to be insanely lucrative, too. Albert Gonzalez’s theft of 94 million credit cards from the company TJX in 2007 proved to be a precursor to later retailer data breaches, like Target, Home Depot and many more.

Then there’s government. When the United States wanted to sabotage the Iranian nuclear program in 2009, it hacked a development facility and unleashed the most dangerous computer virus the world has ever seen. Stuxnet caused the Iranian lab computers to spin centrifuges out of control.

This was unprecedented: a digital strike with extreme physical consequences.

Similarly, there’s proof that Russia used hackers to coordinate its attack on Georgia during a five-day war in 2008, taking out key news and government websites as tanks rolled into those specific cities.

Then there are hacktivists. The populist group Anonymous hacks into police departments to expose officer brutality and floods banks with garbage Internet traffic. A vigilante known as “The Jester” takes down Islamic jihadist websites.

What exists now is a tricky world. The White House gets hacked. Was it the Russian government or Russian nationalists acting on their own? Or freelance agents paid by the government? In the digital realm, attribution is extremely difficult.

Meanwhile, it’s easier than ever to become a hacker. Digital weapons go for mere dollars on easily accessible black markets online. Anonymity is a few clicks away with the right software. And there are high-paying jobs in defending companies like Google or JPMorgan Chase — or attacking them.

As a result, law enforcement tolerance for hacking has fallen to zero. In 1999, the hacker Space Rogue exposed how FAO Schwarz’s website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as “weev”) did the same thing to AT&T in 2010, he spent more than a year in prison until his case was overturned on a technicality.

The days of mere curiosity are over.

No comments:

Post a Comment