Whether you like it or not, the internet was built by hackers. These were people who saw computers that were still the size of a room and decided that they could make them do something cool. That’s why the history of hacking includes people tinkering with, improving, and providing open access to their findings.
Continue reading to discover how hacking has evolved from accessing telephone lines for free long-distance calls, the different types of hacking, and the future of hacking.
Generally, hacking refers to unauthorized intrusion into a network or an individual computer. In addition, rather than just accessing these networks, hacking usually includes altering systems or security features to accomplish a goal different from the original purpose of the system.
Hacking didn’t start as a way to encrypt the files of individuals and businesses for ransom.
In fact, hackers originally referred to students attending the Massachusetts Institute of Technology during the 50s and 60s who created an elegant solution to a problem or practical jokes, such as when a replica of a campus police car was put on top of the school’s Great Dome.
Over time, that image and definition has morphed and now the image of a hacker is someone trying to exploit individuals or companies or those who steal personal and financial information and sell it on the dark web for a profit.
There are three types of hackers:
What Is Ransomware?
Ransomware is a virus that locks your personal files, making them inaccessible unless you pay a ransom. Usually introduced through an unsolicited email that contains a link, your computer is infected once you click the link.
In the first three months of 2016, private individuals, government agencies, police departments, and hospitals paid $209 million to access their own files.
The first hackers weren’t out to lock someone’s personal files and data for a profit. Instead, these hackers were trying to game the system or exploit weaknesses large corporations didn’t know they had.
More often than not, they were simply looking for a thrill of doing something that they weren’t supposed and tinkering with new ways and processes of doing something, similar to the MIT students.
In 1957, a blind man with perfect pitch, Joe Engressia, found that if he whistled the fourth E above middle C, he could stop a dialed phone recording. A few years later, after meeting Engressia, John Draper realized that a toy whistle distributed in Captain Crunch cereal boxes could make the same pitch and others that gained access to the phone system.
Their findings started a small, underground club called the Phone Phreaks, and soon they needed to find a better tool to make the sounds. This is when Draper invented the blue box, an electronic device that could make a specific set of tones that matched the tones of the phone company used to direct calls.
By using this tool Phone Phreaks could make calls all around the world and access areas of the phone system previously only available to the phone company. Soon, their technology spread around the world and they held conference calls deep inside the phone system where they could talk to others with the same interest.
This was like a precursor to chat rooms and forums, such as Reddit and Quora, and even to an extent the dark web.
In 1971, Ron Rosenbaum published an article in Esquire depicting the entire process and names. Once the article was published, many more people around the country tried gaming the system in the same way and caused a backlash to the Phone Phreaks. Soon, possession of a Blue Box could get you two years in jail.
A year later, Captain Crunch was indicted and served four months in jail.
Hacking and Social Engineering
Sometimes, the tones didn’t match perfectly and the Phreaks found themselves on a call with a phone company employee. For instances like this, they had to learn the lingo of these employees and the technical terms in order to make specific requests and gain even further access.
They called this social engineering, and to this day it is still an important part of hacking.
Inspired by the Esquire article, Steve Wozniak was so enthused that he tried creating his own blue box. He searched out John Draper and invited him to his dorm in Berkeley to show him how to use it.
After long discussions and lessons, Wozniak and his friend Steve Jobs drove back to Jobs’ house, but their car broke down. They tried using the blue box to call a friend to come pick them up when a police cruiser arrived and two cops got out and nearly arrested the duo.
Widely regarded as the first personal computer, the Altair 8800 had to be assembled and it took days to carefully and properly solder and build. And, it didn’t include a screen.
However, many hackers took to the Altair because it allowed them to add different features and additional circuits. And, because of the computing power, it could actually be usable and functional as a computer well into the 1980s.
One of the first computer hobbyist’s clubs, the Homebrew Computer Club first convened in a garage in what is now Silicon Valley. Quickly, membership grew from 32 members on March 5, 1975 to 240 within a couple months. Two years later, they had more than 1,500 on its mailing list.
The group focused on complete and open sharing of information, which is why many real “engineers” didn’t join because they didn’t have permission to do what had never been done before. These hackers set out to build their own computers, but without any practical reasons.
Instead, they built computers for the enjoyment and the challenge. Their computers could play games and music, created graphics and drawing programs. This directly led to Steve Wozniak building his perfect computer, the Apple I, which was quickly followed by the Apple II.
These ‘hackers’ used whatever hardware and software regardless of where it came from, including from a recently formed company by Bill Gates and Paul Allen called Micro-Soft. In fact, they sent a letter to the club threatening legal action if they didn’t stop using their software.
What Is a DDoS Attack?
A Distributed Denial of Service attack, or DDoS, disrupts normal traffic to a targeted server or network by flooding the target with internet traffic. Usually, hackers use multiple compromised computer systems, which include computers and IoT devices that clog up a server, site, or network, and subsequently block regular, legitimate traffic.
As computers and technology entered the 80s and 90s, the history of hacking entered a new phase, both from the side of the government and businesses and the side of the hackers. For instance, as the government and private businesses realized the potential for cybercrimes, they passed laws and began prosecuting hackers.
On the other side, most hackers were still just looking for a new thrill and to beat the system. Most of the major hacks during this time weren’t for financial gain (though some were prosecuted for lost time and productivity of businesses and employees). This was the early stages of hacking and computers, and people began choosing sides.
Without his own computer, Mitnik went to Radio Shack and hacked the computers and modems that were located in the store. Just like his idol, John Draper, he used social engineering and with some friends, bluffed their way past a guard into the headquarters of the telephone company and stole technical manuals at the age of 17. He was arrested and served a juvenile sentence.
In 1988, Mitnik hacked into computer giant DEC and copied details of secret software and was soon arrested and served a year in jail.
After his release, he hacked the passwords of investigators following him while he was on parole. This counted as breaking his parole and quickly a judge issued a warrant for his arrest. He spent the next two and a half years on the run and became at one point the FBIs #1 Most Wanted.
When he was finally arrested in 1995, he was held in county jail for four and a half years without a trial. In 1999, he was sentenced to five years in jail, though he had already served most of it and was released on supervised release in 2000.
As personal computers became more popular, the Federal Government faced growing concern about the lack of criminal laws to fight the emerging field of computer crimes. In order to close those loopholes, Congress passed the Computer Fraud and Abuse Act (CFAA) in 1986.
The law included language that criminalized computer-related acts, such as:
Updates to the CFAA
Over the years, Congress has updated the law to meet new challenges and sophistication of hackers, computers, the internet, and new viruses. In 2008, Congress made changes that included:
- Eliminated the requirement that the defendant’s action must result in loss exceeding $5,000
- Created a felony offense where damage affected ten or more computers
- Criminalized explicit threats to cause damage to a computer, to steal data, to publicly disclose stolen data, and threats to not repair damage already caused to a computer
On May 8, 1990, federal and state law-enforcement agents raided homes and businesses in 14 cities across the country and seized about 40 personal computers and 23,000 data disks. These raids generally took place in middle-class suburban neighborhoods and targeted credit card thieves and telephone abusers.
There were 27 search warrants executed that resulted in three arrests. However, it has been criticized as a failure by some because it led to a number of unsuccessful prosecutions and many of the raids didn’t lead to any arrests.
On the other hand, it was the first major publicized action by the federal government against hackers and sent a clear message to others. Plus, it did stop the illicit hacking of some of the best hackers in the world for a short time.
What Is Phishing?
Phishing is a cyberattack that uses unsolicited emails to trick the recipient into believing that the link contains something they need or want, such as a request from their bank or a note from someone at their company.
Once the link is clicked, or the personal information is given, then the hacker can easily gain access to private information, files, email addresses, and even financial records.
As we entered the new millennium and the popularity of the internet exploded, computers became smaller, more prevalent, and businesses were more reliant on the technology than ever before.
Some hackers saw this is an opportunity to get rich. During the late 90s and the early 2000s, cybercrimes morphed from pranks that caused lost productivity to worms that affected nuclear facilities.
During this time, hacking officially entered a new age.
Right before the year 2000, David L. Smith from New Jersey masked a virus as a simple Microsoft Word attachment to an email. Once the unsuspecting recipient downloaded the file, the virus replicated itself and sent out copies to the first 50 names in the victim’s contact list.
Some estimates claim that roughly 20% of the world’s computers were infected. However, no sensitive information was stolen, though many businesses were disrupted. Eventually, some businesses had to restrict internet access or shut down their email networks, including Microsoft, Intel, Lockheed Martin, and Lucent.
In the end, David L. Smith served 20 months behind bars and caused an estimated $80 million in damages in lost productivity.
15-year-old Michael Calce, better known as Mafiaboy, successfully took down CNN, Yahoo, Amazon, eBay, Dell, and eTrade because he wanted to impress other members of the online hacking community.
His hack, named “Project Rivolta”, used a DDoS attack that overwhelmed corporate servers and caused websites to crash. His ability to knock down these important sites (at the time Yahoo! was the most popular search engine and second most visited site) caught the eye of the President, the Attorney General, and made cybercrime legislation a top priority.
For roughly 17 months, a worm program less than 1 MB in size secretly took over the Siemens SCADA control systems at Iran’s nuclear refinement plants. Once there, the worm commanded that 5,000 of the 8,8000 uranium centrifuges to spin out of control, then suddenly stop and then resume, all while reporting that everything was normal.
This ruined thousands of uranium samples in secret and wasted thousands of hours of work and millions of dollars in uranium resources.
While no proof was ever given, many believe that the US was responsible for the attack.
What Is a Botnet?
Botnets are commonly used in DDoS attacks and are a collection of any type of internet-connected device that an attacker has compromised. Botnets take advantage of the combined computing power to send large amounts of spam, to steal credentials at a high scale, or to spy on people and organizations.
Though there are some gray hats, or those who straddle the line between black hat and white hat hacking, most hackers fall very clearly into one of the two categories. One of the main reasons is how much money can be made from illegal activities.
As you can see from the modern hacks listed below, many hacks now result in significant financial loss. And those data breeches that focus on personal information that don’t seem to cause any financial loss at the time, usually are used later for financial gain through stealing identities, phishing campaigns, or both.
In less than 12 hours, $45 million was stolen from ATMs located in 24 countries and on five continents. In New York City alone, a team of eight people made 2,904 illegal ATM withdrawals, stealing about $2.4 million.
How did they get access to all this money?
Hackers infiltrated a credit card processing company through their payment processing, which are usually less secure than going straight to the issuing companies or banks themselves. Once they had access, the hackers eliminated the withdrawal limits on prepaid Visa and Mastercard debit cards.
After the hackers gained access to a dozen account numbers, they sent the pin numbers to field operatives located around the world withdrew money. Because they were prepaid debit cards and not individual accounts, it took longer for the financial institution to realize the fraud.
In an apparent retaliation of US sanctions against Russia for their invasion of Ukraine, according to US officials, the Russian government used hackers to access the unclassified system of the White House, including non-public details of the president’s schedule.
The FBI, Secret Service, and US intelligence agencies said they considered the attacks among the most sophisticated ever launched against US government systems and the hackers routed the intrusion through computers around the world.
In order to get to the White House, the hackers initially broke into the State Department through a phishing email, showing once again that many sophisticated cyberattacks begin with human error.
According to US officials and many cyber security companies, the Lazarus Group, a cybercrime organization that may be connected to the North Korean government, released WannaCry in May of 2017. This ransomware worm encrypted a victim’s computer and demanded payment to recover files.
The attacks spread through a flaw in Microsoft Windows first discovered by the US National Security Agency, where it was stolen by hackers and posted by the Shadow Brokers, a group that regularly taunts the US government.
Some officials believe that as many as 200,000 computers in 150 different countries have been affected, including the UK’s health service.
Unfortunately, the future of hacking will probably mirror the history of hacking to this point. That means that cybercriminals will stay ahead of cyber security and intelligence agencies by using new methods and more sophisticated attacks.
Some of the most important future threats include:
Most countries are concerned with state-sponsored attacks or hacktivism because of the lack of control and preventative measures available.
Plus, these types of attack can shut down different aspects of the country, such as the power grid or telecommunications. As the number of connected devices continues to grow, if the internet went down for a day, the entire system would be vulnerable.
White hat hacking is very popular and HackerOne, of the companies that connect people who like to spend time searching for flaws in software with companies willing to pay for the bugs they find, had over 200,000 registered users. According to the company, about 12% of those earn $20,000 a year or more and roughly 3% earn more than $100,000.
These white hat hacker companies help large corporations such as GM, Microsoft, and Starbucks hire these freelancers. Often, freelancers provide a number of benefits, such as:
These hackers are one of the ways that hacking stays true to its root of finding better, more efficient ways of doing something, of tinkering with computers to find new functions, and of creating open access to information.
According to the United States Bureau of Labor Statistics (BLS), information security analysts, a technical name for white hat hackers and cybersecurity professionals, earned a median annual salary of $95,510 in 2017.i
While there is no specific title for white hat hackers, many agree that a master’s degree in information security or a master’s degree in computer science are options as a good start, though often times a bachelor’s degree or even an associate’s can provide enough foundation.
Are you interested in protecting individuals and businesses from the threats of hack, malware, ransomware, and DDoS attacks?
Find the perfect graduate program in computer science for you and one of the key topics you may study is cybersecurity so you can learn how to stay ahead of cyber criminals and black hat hackers.
Or, if machine learning is more you passion, discover 10 master’s in machine learning programs!