Hacking's History
From phone phreaks to Web attacks, hacking has been a part of computing
for 40 years.
Hacking has been around pretty much since the development of the first
electronic computers. Here are some of the key events in the last four decades
of hacking.
E
arly 1960s
University facilities with huge mainframe computers, like
MIT's artificial intelligence lab,
become staging grounds for hackers. At first, "hacker" was a positive
term for a person with a mastery of computers who could push programs
beyond what they were designed to do.
Early 1970s
|
John Draper |
John Draper makes a long-distance call for free
by blowing a precise tone into a telephone that tells the phone system
to open a line. Draper discovered the whistle as a give-away in a box of
children's cereal. Draper, who later earns the handle "Captain Crunch,"
is arrested repeatedly for phone tampering throughout the 1970s.
Yippie social movement starts
YIPL/TAP (Youth International Party Line/Technical Assistance Program) magazine to help
phone hackers (called "phreaks") make free long-distance calls.
Two members of California's
Homebrew Computer Club
begin making "blue boxes," devices used to hack into the phone system.
The members, who adopt handles "Berkeley Blue" (Steve Jobs) and "Oak
Toebark" (Steve Wozniak), later go on to found
Apple Computer.
Early 1980s
Author
William Gibson coins the term "cyberspace" in a science fiction novel called
Neuromancer.
In one of the first arrests of hackers, the FBI busts the
Milwaukee-based 414s (named after the local area code) after members are
accused of
60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.
Comprehensive Crime Control Act gives
Secret Service jurisdiction over credit card and computer fraud.
Two hacker groups form, the
Legion of Doom in the United States and the
Chaos Computer Club in Germany.
2600: The Hacker Quarterly is founded to share tips on phone and computer hacking.
Late 1980s
The
Computer Fraud and Abuse Act gives more clout to federal authorities.
Computer Emergency Response Team is formed by U.S.
defense agencies. Based at Carnegie Mellon University in Pittsburgh, its
mission is to investigate the growing volume of attacks on computer
networks.
At 25, veteran hacker
Kevin Mitnick secretly monitors
the e-mail of MCI and Digital Equipment security officials. He is
convicted of damaging computers and stealing software and is sentenced
to one year in prison.
First National Bank of Chicago is the victim of a
$70-million computer heist.
An Indiana hacker known as
"Fry Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar sweep occurs in Atlanta for
Legion of Doom hackers known by the handles "Prophet," "Leftist" and "Urvile."
Early 1990s
After
AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a
national crackdown
on hackers. The feds nab St. Louis' "Knight Lightning" and in New York
grab Masters of Deception trio "Phiber Optik," " Acid Phreak" and
"Scorpion." Fellow hacker "Eric Bloodaxe" is picked up in Austin, Texas.
Operation Sundevil, a special team of Secret Service agents and members of Arizona's organized crime unit,
conducts raids in 12 major cities, including Miami.
A 17-month search ends in the capture of hacker
Kevin Lee Poulsen ("Dark Dante"), who is indicted for stealing military documents.
Hackers break into
Griffith Air Force Base, then pewwwte computers at
NASA and the
Korean Atomic Research Institute. Scotland Yard nabs "Data Stream," a 16-year-old British teenager who curls up in the fetal position when seized.
A Texas A&M professor receives
death threats after a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his Internet address.
|
Kevin Mitnick [photo / AP ] |
In a highly publicized case,
Kevin Mitnick is arrested (again), this time in Raleigh, N.C., after he is tracked down via computer by
Tsutomu Shimomura at the San Diego Supercomputer Center.
Late 1990s
Hackers break into and deface
federal Web sites, including the U.S. Department of Justice, U.S. Air Force, CIA, NASA and others.
Report by the General Accounting Office finds Defense Department computers sustained
250,000 attacks by hackers in 1995 alone.
A Canadian hacker group called the Brotherhood, angry at
hackers being falsely accused of electronically stalking a Canadian
family, break into the Canadian Broadcasting Corp. Web site and leave
message:
"The media are liars." Family's own 15-year-old son eventually is identified as stalking culprit.
Hackers pierce security in
Microsoft's NT operating system to illustrate its weaknesses.
Popular Internet search engine Yahoo! is hit by hackers claiming a
"logic bomb" will
go off in the PCs of Yahoo!'s users on Christmas Day 1997 unless Kevin
Mitnick is released from prison. "There is no virus," Yahoo! spokeswoman
Diane Hunt said.
1998
Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two
Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway.
In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of
fake information requests, a hacker attack called "spamming."
Hackers break into
United Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed.
Hackers claim to have broken into a Pentagon network and stolen software for a
military satellite system. They threaten to sell the software to terrorists.
The U.S. Justice Department unveils
National Infrastructure Protection Center, which is given a mission to protect the nation's telecommunications, technology and transportation systems from hackers.
Hacker group L0pht, in testimony before Congress, warns it could
shut down nationwide access to the Internet in less than 30 minutes. The group urges stronger security measures
1960s
The Dawn of Hacking
The first computer hackers emerge at MIT. They borrow their name from a
term to describe members of a model train group at the school who "hack" the
electric trains, tracks, and switches to make them perform faster and
differently. A few of the members transfer their curiosity and rigging skills
to the new mainframe computing systems being studied and developed on campus.
1970s
Phone Phreaks and Cap'n Crunch
Phone hackers (phreaks) break into regional and international phone
networks to make free calls. One phreak, John Draper (aka Cap'n Crunch), learns
that a toy whistle given away inside Cap'n Crunch cereal generates a 2600-hertz
signal, the same high-pitched tone that accesses AT&T's long-distance
switching system.
Draper builds a "blue box" that, when used in conjunction with the
whistle and sounded into a phone receiver, allows phreaks to make free calls.
Shortly thereafter,
Esquire magazine publishes "Secrets of the
Little Blue Box" with instructions for making a blue box, and wire fraud in the
United States escalates. Among the perpetrators: college kids Steve Wozniak and
Steve Jobs, future founders of Apple Computer, who launch a home industry
making and selling blue boxes.
1980
Hacker Message Boards and Groups
Phone phreaks begin to move into the realm of computer hacking, and the
first electronic bulletin board systems (BBSs) spring up.
The precursor to Usenet newsgroups and e-mail, the boards--with names
such as Sherwood Forest and Catch-22--become the venue of choice for phreaks
and hackers to gossip, trade tips, and share stolen computer passwords and
credit card numbers.
Hacking groups begin to form. Among the first are Legion of Doom in the
United States, and Chaos Computer Club in Germany.
1983
Kids' Games
The movie
War Games introduces the public to hacking,
and the legend of hackers as cyberheroes (and anti-heroes) is born. The film's
main character, played by Matthew Broderick, attempts to crack into a video
game manufacturer's computer to play a game, but instead breaks into the
military's nuclear combat simulator computer..
The computer (codenamed WOPR, a pun on the military's real system called
BURGR) misinterprets the hacker's request to play Global Thermonuclear War as
an enemy missile launch. The break-in throws the military into high alert, or
Def Con 1 (Defense Condition 1).
The same year, authorities arrest six teenagers known as the 414 gang
(after the area code to which they are traced). During a nine-day spree, the
gang breaks into some 60 computers, among them computers at the Los Alamos
National Laboratory, which helps develop nuclear weapons.
1984
Hacker 'Zines
The
hacker magazine
2600 begins
regular publication, followed a year later by the online 'zine
Phrack. The
editor of
2600, "Emmanuel Goldstein" (whose real name is
Eric Corley), takes his handle from the main character in George Orwell's
1984. Both publications provide tips for
would-be hackers and phone phreaks, as well as commentary on the hacker issues
of the day. Today, copies of
2600 are sold at most large retail
bookstores.
1986
Use a Computer, Go to Jail
In the wake of an increasing number of break-ins to government and
corporate computers, Congress passes the Computer Fraud and Abuse Act, which
makes it a crime to break into computer systems. The law, however, does not
cover juveniles.
1988
The Morris Worm
Robert T. Morris, Jr., a graduate student at Cornell University and son
of a chief scientist at a division of the National Security Agency, launches a
self-replicating worm on the government's ARPAnet (precursor to the Internet)
to test its effect on UNIX systems.
The worm gets out of hand and spreads to some 6000 networked computers,
clogging government and university systems. Morris is dismissed from Cornell,
sentenced to three years' probation, and fined $10,000.
1989
The Germans and the KGB
In the first cyberespionage case to make international headlines,
hackers in West Germany (loosely affiliated with the Chaos Computer Club) are
arrested for breaking into U.S. government and corporate computers and selling
operating-system source code to the Soviet KGB.
Three of them are turned in by two fellow hacker spies, and a fourth
suspected hacker commits suicide when his possible role in the plan is
publicized. Because the information stolen is not classified, the hackers are
fined and sentenced to probation.
In a separate incident, a hacker is arrested who calls himself The
Mentor. He publishes a now-famous
treatise
that comes to be known as the
Hacker's Manifesto. The piece, a defense of
hacker antics, begins, "My crime is that of curiosity... I am a hacker, and
this is my manifesto. You may stop this individual, but you can't stop us
all."
1990
Operation Sundevil
After a prolonged sting investigation, Secret Service agents swoop down
on hackers in 14 U.S. cities, conducting early-morning raids and arrests.
The arrests involve organizers and prominent members of BBSs and are
aimed at cracking down on credit-card theft and telephone and wire fraud. The
result is a breakdown in the hacking community, with members informing on each
other in exchange for immunity.
1993
Why Buy a Car When You Can Hack One?
During radio station call-in contests, hacker-fugitive Kevin Poulsen and
two friends rig the stations' phone systems to let only their calls through,
and "win" two Porsches, vacation trips, and $20,000.
Poulsen, already wanted for breaking into phone- company systems, serves
five years in prison for computer and wire fraud. (Since his release in 1996,
he has worked as a freelance journalist covering computer crime.)
The first Def Con hacking conference takes place in Las Vegas. The
conference is meant to be a one-time party to say good-bye to BBSs (now
replaced by the Web), but the gathering is so popular it becomes an annual
event.
1994
Hacking Tools R Us
The Internet begins to take off as a new browser, Netscape Navigator,
makes information on the Web more accessible. Hackers take to the new venue
quickly, moving all their how-to information and hacking programs from the old
BBSs to new hacker Web sites.
As information and easy-to-use tools become available to anyone with Net
access, the face of hacking begins to change.
1995
The Mitnick Takedown
Serial cybertrespasser Kevin Mitnick is captured by federal agents and
charged with stealing 20,000 credit card numbers. He's kept in prison for four
years without a trial and becomes a cause célèbre in the hacking
underground.
After pleading
guilty to seven charges at his trial in March 1999, he's eventually
sentenced to little more than time he had already served while he wait
for a trial.
Russian
crackers siphon $10
million from Citibank and transfer the money to bank accounts around the world.
Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to
transfer the funds to accounts in Finland and Israel.
Levin stands trial in the United States and is sentenced to three years
in prison. Authorities recover all but $400,000 of the stolen money.
1997
Hacking AOL
AOHell is released, a freeware application that allows a burgeoning
community of unskilled hackers--or script kiddies--to wreak havoc on America
Online. For days, hundreds of thousands of AOL users find their mailboxes
flooded with multi-megabyte mail bombs and their chat rooms disrupted with spam
messages.
1998
The Cult of Hacking and the Israeli Connection
The hacking group Cult of the Dead Cow releases its Trojan horse
program,
Back
Orifice--a powerful hacking tool--at Def Con. Once a hacker
installs the Trojan horse on a machine running Windows 95 or Windows 98, the
program allows unauthorized remote access of the machine.
During heightened tensions in the Persian Gulf, hackers touch off a
string of break-ins to unclassified Pentagon computers and steal software
programs. Then-U.S. Deputy Defense Secretary John Hamre calls it "the most
organized and systematic attack" on U.S. military systems to date.
An investigation points to two American teens. A 19-year-old Israeli
hacker who calls himself The Analyzer (aka Ehud Tenebaum) is eventually
identified as their ringleader and arrested. Today Tenebaum is chief technology
officer of a computer consulting firm.
1999
Software Security Goes Mainstream
In the wake of Microsoft's Windows 98 release, 1999 becomes a banner
year for security (and hacking). Hundreds of advisories and patches are
released in response to newfound (and widely publicized) bugs in Windows and
other commercial software products. A host of security software vendors release
anti-hacking products for use on home computers.
2000
Service Denied
In one of the biggest denial-of-service attacks to date, hackers launch
attacks against eBay, Yahoo, Amazon, and others.
Activists in Pakistan and the Middle East deface Web sites belonging to
the Indian and Israeli governments to protest oppression in Kashmir and
Palestine.
Hackers break into Microsoft's corporate network and access source code
for the latest versions of Windows and Office.
2001
DNS Attack
Microsoft becomes the prominent victim of a new type of hack that
attacks the domain name server. In these denial-of-service attacks, the DNS
paths that take users to Microsoft's Web sites are corrupted. The hack is
detected within a few hours, but prevents millions of users from reaching
Microsoft Web pages for two days
.