Welcome back, my fledgling hackers!
Hacking has a long and storied history in the U.S. and around the world. It did not begin yesterday, or even at the advent of the 21st century, but rather dates back at least 40 years. Of course, once the internet migrated to commercial use in the 1990s, hacking went into hyperdrive.
For those of you are unaware of our long and proud history, I want to dedicate this post to provide you with some of the highs and lows of this 40 year history. It would be impossible to list every hack or hacker over the last 40 years, even if this were a 500 page book, so I will limit myself to a brief history and only try to touch upon the most significant hacks over that period of time.
Of course, it goes without saying, that this history will be biased with my perspective of what was most significant. If you feel I have missed a significant event in this history, please feel free to add it in the comments along with its significance. Such a brief history is an ambitious project and is sure to miss some important hacks.
In addition, we are limited in this history to only discussing those hacks that were made public. Those that were not reported by their victims (national governments and large corporations are reluctant to report intrusions for fear of embarrassment and damage to their reputation) or were never discovered by the victims, cannot be included. So, of course, that biases this history to only to those unfortunates who were caught.
Before we delve into this history of hacking, let's take a look at some prominent people who were once hackers. In all reality, there are many respectable people in IT and IT security that have a hacker backgrounds, but few are willing to admit it. I personally know CIOs and CTOs of major corporations in the U.S. that have admitted to me that they were once hackers, but they won't say so on the record and really don't want their employers to know.
Before there was an Apple computer, Mac, iPod, or iPhone, Steve Jobs and his partner, Steve Wozniak, were developing a tool that became known as the Blue Box in 1972. This tool was capable of replicating the audio tones used by the telephone company (yes, children, once upon a time, their was just one telephone company in the U.S.) to enable long-distance calls—without paying for them.
Long before WikiLeaks, Julian Assange was an infamous teenage hacker in Australia. As a 16-year-old in Australia, Assange, aka Mendax, was hacking into the U.S. Department of Defense, NASA, the U.S. Navy, MILNET, Citibank, and Lockheed Martin, among many others. By 1991, Assange was caught hacking Nortel and was arrested and charged with 31 counts of computer crimes. In 1996, he plead guilty to 25 counts and paid a minimal fine with no jail time.
Now known as an astute tech writer for WIRED Magazine and author, Kevin Poulsen, was first a hacker. He is best known for hacking the phone system of KIIS-FM in Los Angeles to make certain he was the 102nd caller, which won him the prize of a new Porsche 944. Poulsen was caught be the FBI and sentenced to five years in the federal penitentiary with a three-year ban on using the internet.
There really is no clear-cut beginning, unlike the Bible. Almost as soon as there were computers (ENIAC was developed for military ballistics work in 1946), there were hackers. Most of these hacks were minor, without major dollar loss or legal implications. Many people point to one event that may have marked the beginning of awareness of the risks and significance of computer hacking.
Lawrence Livermore Lab in Berkeley, CA was developed during WWII to do research on atomic weapons. After the war and up to the present, it continued to work on nuclear weapons development. During the Cold War between the U.S. and the Soviet Union, this lab was a focus of espionage, as it held secrets that could give either nation an upper hand in any conflict against each other.
In 1986, at the height of the Cold War, Clifford Stoll, an astronomer working in IT at the lab, was asked to resolve a $0.75 accounting error on the time share system. In his research, Stoll discovered that there was an unauthorized user on the system. Stoll was able to trace the new, unauthorized user back to Germany.
Stoll contacted the FBI, CIA, and other law enforcement and received little or no help. Eventually, he set up fake files containing "national secrets" that the attacker found and stole. This is probably the first reported use of a honeypot. Eventually, the trail led to a hacker in Germany named Markus Hess. He was stealing these nuclear secrets and passing them to the Soviet Union for pay.
- Don't Miss: How to Set Up a Honeypot & How to Avoid Them
- Don't Miss: How to Set Up Honeypots with Dionaea
This event, probably more than any other, triggered the national consciousness to the risks of hacking and started the process of developing a legal framework to prohibit hacking.
In November 1988, the young internet almost came crashing down. A 22-year-old Cornell graduate student by the name of Robert Tappan Morris had unleashed a worm that infected nearly 25% of the computers on the internet (admittedly, there were few computers on the internet then). This was particularly embarrassing for his father who had been a prominent NSA scientist and, at the time time, head of IT security for the world's largest computer company, IBM.
Eventually, Mr. Morris became the first person to be prosecuted with the Computer Abuse and Fraud Act of 1986 (Title 18, Section 1030 of the U.S.C.). This same law is still used to prosecute most hacking crimes in the United States. Morris was sentenced to three years probation and 400 hours of community service. Dr. Morris is now a tenured professor at the Massachusetts Institute of Technology (MIT).
The Melissa virus was a milestone in virus development as it was a macro virus. This means that it used macros embedded in MS Office documents to do its dirty work. This may have been the most successful virus in computing history, reportedly infecting up to 1 in every 5 computers worldwide.
Eventually, the developer of the Melissa virus, David L. Smith, was caught and prosecuted. Authorities tracked the GUID of the Office documents containing the virus to catch Smith. He plead guilty and was sentenced to 10 years in prison.
Back Orifice debuted in 1999 as a rootkit and remote administration tool for Windows 95 and Windows 98 systems. Developed by the hacker group Cult of the Dead Cow, it did much to heighten the awareness of the vulnerabilities of Windows systems to malware.
The Digital Millennium Copyright Act (DMCA) of 2001 was a new U.S. law that made it illegal to pirate copyrighted material. This new law contained severe penalties for doing so. Almost as soon as the ink was dry on this law, the FBI arrested Dmitry Sklyarov of Elcomsoft as he came to the U.S. to attend Defcon in Las Vegas. The FBI claimed that Sklyarov and Elcomsoft were trafficking in a software program that could circumvent copyright protections. This made Sklyarov the first person arrested and prosecuted under this law.
Elcomsoft is a Russian company that sells digital forensics software that can also be used for hacking. For instance, they produce one of the best password-cracking softwares available anywhere. It was this software that the FBI considered illegal that lead to his arrest. Eventually, the FBI dropped the charges against Sklyarov and he was allowed to return to Russia. Elcomsoft was then prosecuted under this law and was found not guilty.
Anonymous, the loosely organized hacking collective, made its first appearance on the scene in 2003. An outgrowth of the 4chan image boards, this group would gain probably greater fame than any other hacker organization.
It has conducted numerous widely reported hacks including Operation Chanology, an attack on the Church of Scientology's website; Operation Payback, the DDoS attacks against MasterCard, Discover, Visa, and PayPal after they refused to allow people to use their services to send contributions to WikiLeaks; Operation Paris, in response to the recent attacks in Paris; Operation ISIS, an attempt to nullify ISIS recruiting efforts on the internet; Operation Trump, an effort to keep Donald Trump from being elected president; and many others.
Several members and contributors of Null Byte are also members of Anonymous.
TJX, the holding company of the off-price retailers such as TJ Maxx and Marshalls lost nearly 45 million customer records and credit cards numbers when hackers were able to compromise their network through an unsecured wireless network. It was the largest data security breach up to that time.
The hackers found one of its stores had an unsecured wireless network that they were able to access from the parking lot. From there, they were able to traverse the company network to the database servers holding the customer accounts and credit card numbers. TJX held all this data unencrypted, making the hackers task extraordinarily easy.
An American grey hat hacker, Max Ray Butler, aka Max Vision, takes over the world's largest black market for stolen credit cards numbers, Carders Market. Eventually, in 2007, Butler (also the founder of the ArachNIDS vulnerability database) was caught and sentenced to 13 years in prison, the stiffest sentence imposed upon a hacker. Butler is cooperating with CERT and is likely to be released early as a result of his cooperation.
- Don't Miss: The Hacking of Blackhat, the Movie
Often marked as a milestone in the history of cyber warfare, Georgia, the former Soviet republic, was attacked with a massive DDoS attack against its internet architecture. As a result, all of the government and military internet-based communications were disabled, while Russian tanks and troops rolled into the Georgia province of South Ossetia. The DDoS attack was instigated by civilian hackers in Russia, probably at the direction of the Kremlin.
First detected in November 2008, the Conficker Worm struck fear into nearly ever Windows user and their IT departments in 2009 and 2010. The worm used the vulnerability in Windows systems that became known as MS08-067 (Metasploit now has an exploit that tests for this vulnerability). The Conficker worm created one of the largest botnets in history, maybe as large as 15 million computer systems around the globe.
This worm gave the developer access to the personal information of the computer user while adding them to a massive worldwide botnet that could be used for DDoS attacks, password cracking, and spamming, among many other malicious activities. Despite concerted international efforts, no one is certain who was responsible for Conficker and what its ultimate purpose was.
In 2010, Google was the victim of a massive attack, presumably from Chinese state-sponsored hackers. These attacks were undertaken to compromise Google's Gmail service. Google speculated that Chinese authorities were seeking information on dissidents in their country that used Gmail to communicate. As a result, Google withdrew from the China market, the world's largest.
This was probably the most sophisticated hack ever. Undoubtedly, this malware was developed by the NSA, probably in collaboration with Israel. Its intention was to slow the Iranian nuclear development efforts and it accomplished that goal.
This worm was first released in the wild in 2009 and traveled around the world. It was soon discovered by security researchers, but its goal was unknown. Eventually it found its way to the offline uranium-enrichment facility in Natanz, Iran, where it infected the Siemens PLC controllers on the centrifuges used to enrich uranium. It did not disable them, but rather made them operate at speeds that were inadequate to properly enrich the uranium, all the while reporting to the control room that all was well.
This bit of malware was sophisticated and unique. First, it was very specific; It only infected the Siemens-produced controllers used on that enrichment facility. Second, it was harmless on all other infected computers. Only when it detected the target PLCs did it "phone home" for an upgrade. Third, it used a hash collision likely generated by NSA's supercomputers to bypass the Microsoft's software-signing certificate authentication process. In all, the world has never seen such sophisticated malware, but I am sure that won't last for long.
- Don't Miss: A More In-Depth Explanation of Stuxnet
The PlayStation Network of Sony Corp. was hacked in April 2011, and over 77 million users' personally-identifiable information was compromised. It was one of the largest data security beaches in history. Sony blamed Anonymous, but Anonymous denied involvement.
Mt. Gox, based in Tokyo, Japan, was one of the first bitcoin exchanges and probably the most widely used. Begun in 2010, it closed its website and exchange in 2014. During that time, over 850,000 bitcoins ($450 million at the time) were missing from its exchange.
It was eventually revealed that Mt. Gox had been hacked numerous times over the years by various hackers. The CEO of Mt. Gox was arrested in 2015 for falsifying the account records to cover the losses.
In December 2013, Target revealed that its database servers had been hacked and millions of customers' data had been compromised. The hackers apparently exploited the point-of-sale systems that were running Windows XP to enter the network, then traveled to the database servers from there to exfiltrate the data.
Evidence points to a Russian cybercrime organization that purchased the exploit from a Russian teenager for $1,700. Soon after the Target hack, major retailers across the U.S. experienced the same attack, most notably Home Depot. This attack was probably responsible for the largest data breach in history, compromising over 100 million credit cards numbers. It had a significant impact upon these retailers reputation for information security and led to U.S. credit card issuers to finally begin the transition to the more secure, chip-based credit cards, something the European issuers had done over a decade before.
Just before Christmas of 2014, Sony Entertainment's computer systems were hacked presumably by the North Korean government in response to a movie that Sony was about to release. This movie did not reflect well on the North Korean dictator, Kim Jong Un. The hackers were able to copy movies, emails, and confidential corporate documents that were very embarrassingly to Sony.
Independent researchers found evidence that the attack was likely an insider job by former employees who had a grudge against the corporation. For more on this hack, check out my articles here and here.
In 2015, a company in Italy known as "Hacking Team" was hacked and the contents of its email and file server posted online. What makes this hack so significant is that it clearly shows how hacking has become a legitimate business. Emails from their servers show that Hacking Team, like Vupen, developed zero-day exploits and sold them to governments around the world. These exploits are largely used by governments to watch and monitor their citizens' online activities.
- Don't Miss: More Info on the Hack of Hacking Team
I hope this brief history of hacking clearly demonstrates to you the importance and significance of hacking over the last 40 years or so. As more and more of our lives become digital, hacking and IT security will become even more important, making them the most valuable and critical skills of the 21st century!