A Short History of Hacking.

Fiddling with modern technology used to mean prank calling the Pope. (Hey, Steve Jobs did it, and now he's the CEO of Apple!) But these days, it can mean hacking your way into some serious prison time, jeopardizing national security, or worse. So when exactly did this underground art form take a turn for the nefarious? And what's a cereal-box toy got to do with it all? mental_floss takes a brief look at the godfathers of hacking, including the geniuses who think your antivirus software's a joke.

In 1983, Mark Abene [wiki] was nothing more than a beanie-wearing mall rat with too much spare time. He didn't own a computer, so one day he wandered into a Radio Shack, cozied up to one at the store, and tapped out a few commands. And that's how his hacking habit began - as simple as that. By 1984, with echoes of Orwellian symmetry, he was already using his own PC to sneak into other people's computer systems. While his parents were busy upgrading to a touch-tone phone, Abene was figuring out how to redirect traffic between switchboards.

Then the world learned what a pimple-faced intruder with simple Radio Shack gear was truly capable of. In 1991, in response to the AT&T telephone system crash that left 60,000 customers without a phone line for nine hours, federal authorities burst into Abene's bedroom, guns drawn, and confiscated his computer equipment. Although Abene was ultimately acquitted in the scandal, authorities nailed him for related mischief. Today, his phone hacking, or "phreaking," is an infamous milestone in hacker history. At just 19 years old, Abene (a.k.a. Phiber Optik) became the first hacker to serve time in a federal prison.

Living the High-Tech Life

So, why do they do it? What motivates a suburban teen to hack into a university computer to chat with 40-something garbage collectors, or to compromise bank systems and steal credit card numbers? It's hard to know for sure. But one thing's certain: Not all hackers [wiki] are created equal. As technology has evolved, its human predators have evolved, multiplied, and diversified with it. Today, there are "phreakers [wiki]," who break into major telephone systems to make free phone calls, as well as "crackers [wiki]," who decode encrypted computer systems (often those belonging to major corporations) with alarming ease. Then there are your "spammers [wiki] " - the ones who remotely tap into "zombie" computers to send marketing emails to millions of unsuspecting dupes - and "phishers [wiki]," who con you with look-alike Web sites to steal your account information. Some of them are simply pranksters, out to do nothing more than upload a few erotic http://www.neatorama.com/images onto a government Web site just to prove they can. Others use their powers for good instead of evil, actually working for security agencies and helping define hacking as a worthwhile, productive endeavor. Yet, every hacker seems to have one underlying urge: to exist on the fringes of society and reveal vulnerabilities to all those coloring inside the lines. And it's been that way wince the dawn of the computer age.

Super Phreaking

In the 1960s, computers were Pontiac-size behemoths encased in glass or housed in wax-floor laboratories accessible only to keycard-wielding geeks. The term "computer scientist" implied a Princeton degree and a government pedigree. Only accredited professionals were allowed the privilege of programming these powerful computers to track university enrollments, analyze medical anomalies, or monitor traffic conditions. Everyone else - the ostensibly computer-illiterate general populace - could only sit back and absorb the impact from the sidelines.

Cap'n Crunch Whistle, now a collector's item.

This kind of elitism stuck in John Draper's craw. A Vietnam veteran who loved to tinker with electronics, Draper [wiki] happened upon an opportunity to take the tech bigwigs down a peg. In 1972, one of Draper's friends tipped him off to a curious discovery: a toy whistle from a Cap'n Crunch cereal box could be modified to emit a 2,600-hertz tone - the precise frequency needed to authorize Bell System long distance calls, thus making them free. For Draper, this unlocked a goldmine of vulnerabilities in major phone company systems, and to exploit it, he developed what was known as a blue box [wiki]. At the push of a button, Draper's invention could produce a number of different sound frequencies to manipulate the telephone route and switching systems. Dubbed "Cap'n Crunch," Draper soon found himself the unlikely father of phone phreaking and - arguably - the founder of the modern hack. Interestingly, he shared the news of his invention with Steve Wozniak [wiki], future cofounder of Apple Computer, at a potluck supper for the People's Computer Club in Menlo Park, Calif., where the two enjoyed a prankster rapport. Wozniak later used the blue box with his pal and future Apple head honcho Steve Jobs [wiki] to make untraceable prank phone calls, including one to the Pope.

Back then, phone phreaking offered hackers a potent allure. It meant unraveling a mystery and sharing the results with friends. It wasn't as much about the nefarious phone exploitation as it was about understanding the complexity. Draper, for example, would revel in routing calls through multiple countries just to talk to his neighbor. But no matter how harmless some of his work might have been, Draper did damage to the profit margins of some major companies. In 1976, he was arrested on toll fraud charges and spent four months in prison.

Today, the blue box still works on some foreign phone lines and a few toll calls, but Draper says phone companies have become increasingly adept at spotting illegal usage. The 2,600-hertz tone - now almost meaningless in an age of fiber optics - is a kind of phone phreaking mascot. It even inspired the name of the well-known hacker rag, 2600: The Hacker Quarterly. Meanwhile, Draper has become a god to the hacking masses. To an extent, the concepts of beating the telephone conglomerates, scanning for security flaws, and exploiting a hack as far as possible all originate with Draper. He's promoted the mystique with a hacker portal (www.webcrunchers.com - link not working?) that documents his early days. But now he's working as a security software developer and running a security site (www.crunchtv.net) that seems to disavow hacker mantras.

The Birth of the Worm.

After Draper, there was a time shift in computing. While phreakers were still blowing whistles into phone receivers, a new type of delinquent emerged: the cracker. By the late 1980s, the home PC had become more prevalent but large corporations still cornered the market on the technology. In response, hackers tried even harder to get in on the fun. Hacker clubs surged in popularity - most notably, Germany's Chaos Computer Club, a kind of think tank that fought for free access to computer infrastructure, and Masters of Deception [wiki], a New York hackers club fronted by the Radio Shack hack himself, Mark Abene. Code tinkering for sport was becoming nothing short of an epidemic, and in 1986, the U.S. government tried to thwart the problem by passing the Computer Fraud and Abuse Act (CFAA).

Ironically, computers were about to fall victims to crime and abuse never before imagined. In 1988, Robert Tappan Morris [wiki], a Cornell University grad student (and son of the chief scientist at the National Computer Security Center), created the first Internet "worm [wiki]," a destructive program that replicates itself and moves through a computer network at breakneck speed. Partly to demonstrate his cracking prowess to classmates and partly to show how an MIT security system was vulnerable to attack, Morris wrote a software program that exploited a glitch in a Unix email program. Allegedly, Morris intended the worm program to infect only the MIT network. But during a 12-hour period, it spread rapidly, infecting thousands of systems and forcing some universities to shut down their computers altogether.

Shocked by how quickly the worm was spreading, Morris helped a friend send out an anonymous message with instructions for system administrators to stop the plaque. But it was too late; the worm had propagated beyond control. In the end, every university affected had to spend thousands of dollars to fix its infected computers. Morris became the first person indicted under the CFAA when the U.S. government fined him $10,000 and sentenced him to probation and community service. However, the source code for the worm remains in wide circulation today. Almost 18 years after the incident, hackers are still using Morris' worm as a starting point for new viruses.

When Code Goes Criminal

By the 1990s, hacking had clearly transitioned from the child's play of Cap'n Crunch toys to a brave new world of tech crime. And nothing underscored that shift more than when Kevin Mitnick [wiki] became the first hacker to earn an FBI Most Wanted distinction.

In 1976, while other Americans were celebrating the centennial, Mitnick was sweeping floors at a Radio Shack - not because he loved cleaning, but because he loved using their computers at night to hone his cracking skills. Before long, he'd developed a habit of unraveling computer code in order to see how an operating system worked or (later) how a cell phone connected to a network. Combine that kind of know-how and enthusiasm with a gregarious personality, and you've got a problem. Mitnick once called Motorola and charmed them into sharing their source code for free - information he promptly used to break into the computer systems at Motorola, Nokia, Sun Microsystem, and Fujitsu.

Kevin Mitnick's Wanted Poster: First ever for computer crime.

The New York Times broke the story about Mitnick's activities that ultimately led to his 1995 arrest and a five-and-a-half-year prison term. However, there remains widespread misunderstanding (and controversy) about the case. Mitnick denies causing any serious damage to the computer systems he hacked, though he admits sneaking into private networks was wrong. Regardless, the government - still uncertain of what hackers were capable of - treated him as a seriously dangerous man. Authorities were bombarded with claims that Mitnick had done everything from wiretapping the FBI to hacking his way ito NORAD. (He denies those allegations, as well.) They assumed he could crack anything, even fearing he could launch nuclear bombs or shut down the Internet by whistling into a phone. In fact, after he was released from prison, Mitnick was barred from owning or using any electronic communications devices. When he played the role of a computer whiz on a 2001 episode of "Alias," the producers would only allow him access to a dummy computer.

Mitnick has influenced an entire generation of hackers with his innovative and stealthy cracking tactics, such as using IRC (Internet Relay Chat) [wiki] technology, an Internet conferencing system. He's also written treatises stating his belief that the future of hacking lies in "social engineering," in which sensitive computer and coding information is not obtained through people's computers, but from the persons themselves, via false emails and the like. But Mitnick's greatest legacy might be in setting a good example. Today, he's on the straight-and-narrow. The master hacker now spends about 25 percent of his time earning primo consulting fees helping fellow specialists break into "secure" systems in order to show companies how their networks are vulnerable.

Hack to the Future

Perhaps because of the Mitnick case, government authorities in America and other foreign countries hurried to establish Internet crime division. In 1990, the U.S. Secret Service launched Operation SunDevil [wiki], a crackdown on telephone abuse and credit card fraud. Only months into its investigations, a task force raided the homes of several suspected hackers and confiscated their equipment.

Such dramatic courses of action may help protect the public, but combating hacker crime can be problematic because there remains so much uncertainty about who is hacking and why. The term "hacking" is usually considered negative, but many security experts don't classify attempting a cyber break-in as illegal - only the resulting crimes. What's more, there are plenty of hackers devoted to protecting computer systems. A perfect example is the hacker collective "L0pht Heavy Industries [wiki]," which met in Boston throughout the 1990s to discuss security flaws on the Internet. In 1998, the group reported to Congress that it could shut down the entire World Wide Web in 30 minutes. (Note: This is only partially true, because the Internet consists of disparate zones. A hacker could conceivably shut down individual Internet zones, but not all of them at the same time. Nevertheless, it was a major eye-opener for the U.S. government.)

While helpful hacking is possible, there will always be the tech-savvy among us who have bad intentions. New phenomena such as "denial-of-service" [wiki] attacks, which flood a network with traffic to slow down targeted computer systems, and "phishing [wiki]," where hackers con unsuspecting customers into entering personal information on fake Web sites, have replaced phreaking as the big cracking techniques of the day. Also, because wireless hotspots are becoming so common, hackers now are working on programs that can de-encrypt various signals and wreak havoc on corporate networks without leaving a trace.

So, where will it end? No one really knows. But as long as technology continues advancing, you can bet the imagination and skills of hackers will advance right along with it.

__________

Hackers, Crackers, and Phreakers, Oh My!
Other Prominent Hackers

Ian Murphy (a.k.a. Captain Zap):
That "Sneakers" Guy

Ian Murphy is the king of the old-school hackers. One of the first phone phreakers to hit the scene in the mid-1960s, Murphy developed a device that allowed him to listen in on phone conversations - mostly eavesdropping on girls in the neighborhood. But in 1981, he and three accomplices broke into the AT&T phone system and changed its internal clocks so that customers would get midnight discounts in the midday, while late-night callers got stuck with outrageous bills. For the incident, Murphy became the first hacker to be charged with a computer crime. He also provided the inspiration for the 1992 film "Sneakers." Today, he runs his own data security company.

Kevin Poulsen (a.k.a. Dark Dante):
Wired for Success

Armed with self-taught lock-picking skills and a freakish knowledge of high-tech wiring, Kevin Poulsen [wiki] pulled off one of the most famous hacks in history. Poulsen hijacked all phone lines running into Los Angeles radio station KIIS-FM to ensure he would be the 102nd caller in its car giveaway contest. It worked. He won a Porsche 944 S2. Later, he used his talents to help a friend resurrect outdated phone numbers from the Yellow Pages in order to start an escort service. In April 1991, he was arrested on charges of fraud and money laundering, after being featured on an episode of "Unsolved Mysteries." After paying more than $50,000 in restitution and serving 51 months in prison, he revamped his bad-boy image by working as a journalist for tech publications. Today, he is the senior editor of Wired magazine.

Tsutomu Shimomura:
Kevin Mitnick's Arch-Nemesis

Tsutomu Shimomura [wiki] is the famous anti-hacker who aided in the arrest of cracker kingpin Kevin Mitnick. Shimomura's motivation for tracking down Mitnick was part work (he was a research scientists at the San Diego Supercomputer Center) and part revenge. In 1994, a hacker stole Shimomura's personal files and distributed them over an online community for expert computer programmers. The culprit was Mitnick. Using a trace-dialing technique and locating telephone loop signals, Shimomura hacked his way to locating Mitnick for the FBI. In 1996, he co wrote about the experience in a book called Takedown, which was later adapted into a movie.

Jon Johansen (a.k.a. DVD Jon):
A Different Kind of Movie Enthusiast

Jon Johansen [wiki] was only 15 years old when he wrote the code for DeCSS, a program that de-encrypts a DVD so that you can save it - not just watch it - on your computer. The program is a large part of what allows average Joes everywhere to exchange DVD files through networks, which clearly violates the Digital Millennium Copyright Act of 1998. Authorities have arrested DVD Jon twice, but he's never been convicted. His latest target? Apple Computer and the protected music files on its iTunes Music Store. and while media corporations may hate him, plenty of folks in his Norwegian homeland love him. Supporters marched in the Oslo May Day parade carrying "Free DVD Jon" signs and even made T-shirts advertising his software code.

David Smith: Not-So-Sweet Melissa

If you'd never been personally affected by hacking before 1999, the Melissa virus [wiki] probably changed that. That's when New Jersey programmer David Smith [wiki] unleashed the first self-replicating worm to attack the Internet since Robert Morris' 1988 worm. Traveling via Microsoft Outlook email software, Melissa brought computer networks at some 300 corporations to their knees. It's estimated Smith caused nearly $500 million in damages, but he was sentenced to five years in prison for $80 million in damages. Why? Because that was the maximum allowed under federal law. "The Melissa case," wrote author Richard Power, "had reached the outer limits of what was even conceived of in the federal sentencing guidelines."

Steve Jobs and Steve Wozniak:
From Phreaking to Freaking Rich

Yup, the two guys that founded Apple Computer in 1976 did a little hacking themselves. After John "Cap'n Crunch" Draper developed the blue box [see main article], Wozniak and Jobs decided to get in on the phone phreaking action. Wozniak, the technical whiz, built the boxes, while Jobs, the marketing genius, sold them for $150 a pop. They split the profits and, along the way, realized they made a pretty good team.

_____________

The article above was written by John Brandon for the May-June 2006 issue of mental_floss magazine and is featured in Neatorama in partnership with the magazine. Be sure to check out mental_floss' cool website and blog: