Very Brief History of Hacking

Prehistory of Hacking (before 1969)

In the beginning there was the phone company ? the brand-new Bell Telephone, to be precise. And there were nascent hackers. Of course in 1878 they weren't called hackers yet. Just practical jokers, teenage boys hired to run the switchboards who had an unfortunate predilection for disconnecting and misdirecting calls ("You're not my Cousin Mabel?! Operator! Who's that snickering on the line? Hello?"). Now you know why the first transcontinental communications network hired female operators.

Flash forward to the first authentic computer hackers, circa the 1960s. Like the earlier generation of phone pranksters, MIT geeks had an insatiable curiosity about how things worked. In those days computers were mainframes, locked away in temperature-controlled, glassed-in lairs. It cost megabucks to run those slow-moving hunks of metal; programmers had limited access to the dinosaurs. So the smarter ones created what they called "hacks" - programming shortcuts ? to complete computing tasks more quickly. Sometimes their shortcuts were more elegant than the original program.

Elder Days of Hacking (1970-1979)

In the 1970s the cyber frontier was wide open. Hacking was all about exploring and figuring out how the wired world worked. Around 1971 a Vietnam vet named John Draper discovered that the giveaway whistle in Cap'n Crunch cereal boxes perfectly reproduced a 2600 megahertz tone. Simply blow the whistle into a telephone receiver to make free calls; thanks for using AT&T.

Counterculture guru Abbie Hoffman (above) followed the captain's lead with The Youth International Party Line newsletter. This bible spread the word on how to get free phone service. "Phreaking" didn't hurt anybody, the argument went, because phone calls emanated from an unlimited reservoir. Hoffman's publishing partner, Al Bell, changed the newsletter's name to TAP, for Technical Assistance Program. True believers have hoarded the mind-numbingly complex technical articles and worshipped them for two decades.

The only thing missing from the hacking scene was a virtual clubhouse. How would the best hackers ever meet? In 1978 two guys from Chicago, Randy Seuss and Ward Christiansen, created the first personal-computer bulletin-board system. It's still in operation today.

The Golden Age of Hacking (1980-1991)

In 1981 IBM announced a new model ? a stand-alone machine, fully loaded with a CPU, software, memory, utilities, storage. They called it the "personal computer." You could go anywhere and do anything with one of these hot rods. Soon kids abandoned their Chevys to explore the guts of a "Commie 64" or a "Trash-80."

The 1983 movie War Games shone a flashlight onto the hidden face of hacking, and warned audiences nationwide that hackers could get into any computer system. Hackers gleaned a different message from the film. It implied that hacking could get you girls. Cute girls.

The territory was changing. More settlers were moving into the online world. ARPANET was morphing into the Internet, and the popularity of bulletin-board systems exploded. In Milwaukee a group of hackers calling themselves the 414's (their area code) broke into systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Center. Then the cops put the arm on them.

The Great Hacker War

To pinpoint the start of the "Great Hacker War," you'd probably have to go back to 1984, when a guy calling himself Lex Luthor founded the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting the best of the best ? until one of the gang's brightest young acolytes, a kid named Pier Optik, feuded with Legion of Doomer Erik Bloodaxe and got tossed out of the clubhouse. Phiber's friends formed a rival group, the Masters of Deception.

Starting in 1990, LOD and MOD engaged in almost two years of online warfare ? jamming phone lines, monitoring calls, trespassing in each other's private computers. Then the Feds cracked down. For Phiber and friends, that meant jail. It was the end of an era.

Crackdown on Hacking (1986-1994)

With the government online, the fun ended. Just to show that they meant business, Congress passed a law in 1986 called the Federal Computer Fraud and Abuse Act. Translation: A felony gets you five. Then along came Robert Morris with his Internet worm in 1988. Crashing 6,000 Net-linked computers earned Morris the distinction of being the first person convicted under the Act's computer-crime provision. Translation: a $10,000 fine and too many hours of community service.

Soon you needed a scorecard to keep up with the arrests. That same year Kevin Mitnick broke into the Digital Equipment Company's computer network; he was nabbed and sentenced to a year in jail. Then Kevin #2 ? Kevin Poulsen ? was indicted on phone-tampering charges. Kevin #2 went on the lam and avoided the long arm of the law for 17 months.

Operation Sundevil was the name the government gave to its ham-handed 1990 attempt to crack down on hackers across the country, including the Legion of Doom. It didn't work. But the following year Crackdown Redux resulted in jail sentences for four members of the Masters of Deception. Phiber Optik spent a year in federal prison.

Some people just couldn't learn from their mistakes, though. In February 1995 Kevin Mitnick was arrested again. This time the FBI accused him of stealing 20,000 credit card numbers. He sat in jail for more than a year before pleading guilty in April 1996 to illegal use of stolen cellular telephone numbers.

Zero Tolerance for Hacking (1994-1998)

Seeing Mitnick being led off in chains on national TV soured the public's romance with online outlaws. Net users were terrified of hackers using tools like "password sniffers" to ferret out private information, or "spoofing," which tricked a machine into giving a hacker access. Call it the end of anarchy, the death of the frontier. Hackers were no longer considered romantic antiheroes, kooky eccentrics who just wanted to learn things. A burgeoning online economy with the promise of conducting the world's business over the Net needed protection. Suddenly hackers were crooks.

In the summer of 1994 a gang masterminded by a Russian hacker broke into Citibank's computers and made unauthorized transfers totaling more than $10 million from customers' accounts. Citibank recovered all but about $400,000, but the scare sealed the deal. The hackers' arrests created a fraud vacuum out there in cyberspace.

Hack 2K (1999+)

As the millenium approached, general cyber-hysteria over the infamous Y2K bug was further inflamed by several serious hacker attacks. Well-documented by the media, these invasions were experienced directly (perhaps for the first time) by the growing masses of casual web surfers. In the second week of February 2000 some of the most popular Internet sites (CNN, Yahoo, E-Bay and Datek) were subject to "denial of service" attacks. Their networks clogged with false requests sent by multiple computers under the control of a single hacker, these commercial sites crashed and lost untold millions in sales. In May, a new virus appeared that spread rapidly around the globe. The "I Love You" virus infected image and sound files and spread quickly by causing copies of itself to be sent to all individuals in an address book.

Recent attacks on seemingly "secure" sites such as The White House, FBI and Microsoft.com have proven that despite massive public and private investment in cyber defense technology and methodology, hackers continue to pose a serious threat to the "information infrastructure."

Who are hackers, and what makes them tick?

Two experts in the field of cyber forensics and psychology have some answers to that question. One is Marc Rogers, a behavioral sciences researcher at the University of Manitoba in Winnipeg, Canada, and a former cyber detective. The other is Jerrold M. Post, a psychiatrist at George Washington University in Washington, D.C.

Rogers and Post have identified some basic behavioral trends for hackers who commit crimes. Rogers says one characteristic is that they tend to minimize or misconstrue the consequences of their activities, rationalizing that their behavior is really performing a service to society. (Some researchers call this the Robin Hood Syndrome). They may also tend to dehumanize and blame the victim sites they attack. Post says the same hackers share a sense of "ethical flexibility," which means that since human contact is minimized over the computer, hacking becomes like a game where the serious consequences can be easily ignored.

Not all hackers are criminals.

1. Old School Hackers: These are your 1960s style computer programmers from Stanford or MIT for whom the term hacking is a badge of honor. They're interested in lines of code and analyzing systems, but what they do is not related to criminal activity. They don't have a malicious intent, though they may have a lack of concern for privacy and proprietary information because they believe the Internet was designed to be an open system.

2. Script Kiddies, or Cyber-Punks: Most commonly what the media calls "hackers." These are the kids, like Mafia Boy, who most frequently get caught by authorities because they brag online about their exploits. As an age group, they can be between 12 and 30 years old, they're predominantly white and male, and on average have a grade 12 education. Bored in school, very adept with computers and technology, they download scripts or hack into systems with the intent to vandalize or disrupt systems.

3. Professional Criminals, or Crackers: These guys make a living breaking into systems and selling the information. They might get hired for corporate or government espionage. They may also have ties to organized criminal groups.

4. Coders and Virus Writers: Not a lot of research has been done on these guys. They like to see themselves as an elite. They have a lot of programming background and write code but won't use it themselves. They have their own networks to experiment with, which they call "Zoos." They leave it to others to introduce their codes into "The Wild," or the Internet.

Underlying the psyche of the criminal hacker may be a deep sense of inferiority. Consequently, the mastery of computer technology, or the shut down of a major site, might give them a sense of power. "It's a population that takes refuge in computers because of their problems sustaining real world relationships," says Post. "Causing millions of dollars of damage is a real power trip."

Hacker Hoax Reality

Jdbgmgr.exe Hoax (2002): An email instructs users to delete the file "Jdbgmgr.exe" (teddy bear icon), because it is a destructive virus spread through MSN Messenger.
The file is actually a vital system file for Windows.

WTC Survivor (2001): An email advises users to delete any message with the subject line "WTC Survivor" or else a virus will delete their entire C: drive.
This massive chain-letter hoax played on people's emotions following the Sept. 11, 2001, tragedy.

Kournikova (2001): In February, an email with an attached JPEG image of tennis star Anna Kournikova propagates in cyberspace.
The "JPEG" was a relatively harmless virus easily detected by anti-virus software. Thus, many companies were unwilling to admit whether it had affected their systems, resulting in a light sentence for the author of the virus.

Red Alert Virus(2000): An email alert claims a deadly computer virus will destroy any computer that visits Microsoft's Web site using the Internet Explorer browser.
Popular suspicion of Microsoft and its vulnerability to hackers contributed to the success of this hoax.

Good Times (1994): An email alert warns users to avoid messages with "Good Times" in the subject line, as the attached virus will erase a computer's entire hard drive.
Many corporate and academic email servers crashed throughout 1995 under the strain of this hoax chain letter. Frightened users forwarded the alert to "all," prompting others to hit the "Reply to All" button with questions or comments.

Michelangelo Virus (1992): In January, a major U.S. computer manufacturer announces it accidentally shipped 500 PCs carrying the "Michelangelo" virus. A media feeding frenzy implies the virus has spread to "millions" of computers.