Welcome to this first article in a series of three, where I will cover the history of hacking. This first article will cover the years 1970 to 1990. Initially, the term “hacker” was used as a term of honour for someone who was able to come up with creative solutions to programming problems. However, it was during this period that the term hacker changed from something positive to something negative. This happened when a journalist got the term changed after an interview. There is a lot of disagreement about when exactly this happened, therefore I will refrain from giving a precise year. This is also the period when you start hearing the name Kevin Mitnick for the first time. He has been described far and wide in many places, including in a movie.
1971 is the year when the concept of phreaking, hacking the telephone system, is born in its modern form. It happens when a Vietnam veteran named John Draper, also called Captain Crunch, discovers that a small whistle that comes with the Captain Crunch breakfast can be used to get free long-distance calls. The whistle emits a tone of 2600 hertz, and when it is sent down the phone line, all long-distance calls are free! Later, Draper builds what becomes known as the Blue Box, a small piece of electronics that can automate the trick of getting free phone calls. The Hacker magazine that appears in 1984 under the name 2600 – The Hacker Quarterly got its name from this frequency. The founders of Apple Computer, Steve Jobs and Steve Wozniak, earn a little extra money during their studies by selling these ‘Blue Boxes’. The blueprints for this Blue Box are made public in a magazine called Esquire Magazine in an article called Secrets of the little Blue Box. After this is done, cheating with the telephone system becomes very common in the United States. One of the reasons is of course that it is very easy, but also because at the time there was an additional tax on long distance calls that was used to finance the Vietnam war. Therefore, it was seen as a sacred duty to cheat as much as possible to bring an end to the war.
In 1972, the first computer underground magazine is founded, it is called YIPL, which stands for Youth International Party Line. It is later renamed TAP magazines for Technical Assistance Program. The magazine was founded by Abbie Hoffman and existed until 1984. Hoffman was a mildly colourful character who for a long period of his life lived on the run from the authorities under an alias. However, it was not because of computer or phone fraud, but because of a conviction for trafficking in Cocaine.
It is also here in the 70s that the first Bulletin Board Systems (BBS’s) appear. Some of the best known of the kind from the underground were Catch-22 and Sherwood. You may be surprised that we have only talked about phone hacking so far, but there is a good reason for that. Hacking as we recognize it today only appeared in the early 80s.
In 1982, the first hackers as we know them today are arrested. This is the group that was known as the 414 Gang. During nine days in 1982, the six members break into 60 computer systems, these systems extend from a computer in a cancer research centre to military computers in Los Alamos. Unfortunately for them, their skills are not good enough to camouflage where the calls to these computers are coming from and they are arrested.
The hacker concept and methodology came to the surface in 1983 with the film War Games. How many people have been inspired by that film is unknown, but there are at least quite a few who got their first modem after seeing it, including myself. It is also in 1983 that the responsibility for fraud with credit cards and computers is given to the Secret Service.
One of the most active BBS networks was Plovernet. Two people who were active on this network must be mentioned right away, one is Emmanuel Goldstein, the founder of 2600 magazine, and Lex Luthor who founded the Legion of Doom (LoD) in 1984. The name came from the Superman series where it is the name of the group of supervillains. There is another group of interest that is founded in the same year, the Chaos Computer Club (CCC) in Germany. We’ll come back to CCC later, for now we’ll stick with LoD.
One of the reasons LoD became as strong as it did was that the members each had their own area of expertise. So, if someone got stuck in a hack, he was sure to find someone in the group who had answers to the challenges. In the beginning, most of the members of the group were exclusively Phreakers, phone hackers, but as the systems that controlled the phone network became more and more advanced and computerized, they gradually became more like the hackers as we know them. Lex Luthor himself was an expert in COSMOS, i.e. Central System for Mainframe Operations.
LoD was so active in the 80s that the authorities were of the belief that virtually everyone in the computer underground had a connection to LoD. The LoD then published their own magazine, the LoD Technical Journal. One of the hackers in LoD, The Mentor, wrote a new version of hacker ethics in 1986, and a part of it was used in the movie Hackers from 1995 with Angelina Jolie in one of the main roles. It was called ‘The Hacker Manifesto’, it is too long to reproduce here, but a link to it can be found at the end of this article. There are many stories and legends surrounding LoD, and the later spin off, Masters of Deception (MoD). A detailed history can be found in the book by Bruce Sterling The Hacker Crackdown. We will dwell here on one of them, namely the story of the E911 document.
As the name suggests, it is about the American emergency phone number. One of the most ELITE of the hackers in LoD was Prophet. Prophet was the author of the file ‘UNIX use and Security from the ground up’. In 1986 he had been convicted of illegal intrusion into computer networks, and in that connection, he had gotten rid of most of the material he had about hacking and phreaking. Unfortunately for him, he didn’t resist the temptations of Cyberspace, and in the fall of 1988, he was once again at work with some of the most acidic systems on the web, along with two other LoD members Leftist and Urville.
At the beginning of September ’88, he breaks into one of BellSouth’s computer systems AIMSX. AIMSX was an internal business network for BellSouth where employees could store e-mail documents and other goodies. Since AIMSX had no dialup lines connected, the system was considered invisible and there was therefore no security worth talking about. There were in effect no requirement for passwords for the individual users on the system.
Prophet broke into the system by posing as one of the recognized users. He was on the system approximately ten times and one of the times he copied one of the documents on the system to have a trophy from his intrusion. This document turned out to be about how the administration of the 911 system was done and was not a document that BellSouth was interested in making public. And it wasn’t, at all, information that they thought hackers should have access to! Prophet’s copying of this document would prove to be the beginning of the end for the LoD, becoming the very heart of the lawsuits that resulted from the investigation launched by the authorities in the late 80’s and culminating in 1990 after AT&T’s long-distance network goes down on January 15th. January 15 is one of the most sensitive holidays in the United States, it is Martin Luther King Day. That the network goes down on this exact day is a coincidence, and is due, it turns out, to a software error.
Back to Prophet. We have now reached February 1989, and Prophet now believes himself safe enough after his AIMSX hack that he sends a copy of the document to Knight Lightning who is then the editor of the underground magazine Phrack. It is made public in Phrack No. 24 on 25 February 1989 under the synonym The Evesdropper.
In the 80s, there was not widespread knowledge of computers in police circles, saying words like Ram, CPU, UNIX and the like to police people did not get a big reaction. But saying hackers tampered with the 911 emergency call system was a sure-fire way to get a reaction. Although that was not the point of this article, we quickly slip into 1990. Three days after the breakdown on January 15, four police agents are stationed in Knight Lightning’s room. One of them named Timothy Foley accuses him of being responsible for the crash three days earlier. Knight Lightning was horrified at the accusation. Although he was not the cause of the crash, he was familiar with hackers who boasted that it was something they could do with their arms behind their backs. After being confronted with the E911 document, he began to cooperate with the authorities. Knight Lightning was convicted at a trial in July of the same year. His was just one in a series of cases targeting members of the LoD.
Now we jump from the hackers in the US to a group of hackers in Australia known as The Realm. A long more detailed story about them, as well as some hackers from the USA and England, can be found in the book Underground.
The Australian hackers’ specialty was X.25 networks. They got their access to the international X.25 network through the then government-owned Overseas Telecommunications Commission (OTC). It required that the hackers gain access to an account on the computer that controlled the settlement of the traffic that went out of Australia and out onto the network. This happened in several ways but one of the most widespread was to call a company that had access to the system and trick the password out of them. The policy on the system was that usernames consisted of the first three letters of the company name and three numbers, NOR001, NOR002 etc. So, everyone was able to guess multiple usernames on the system, then it was just a matter of calling the company and coming up with one song from the warm countries, and voila, global network access.
One of the things that signalled ELITE in the underground at that time was getting on ALTOS. ALTOS was a computer in Germany that had an early form of live chat of the same kind as IRC. Also, the hackers from LoD, CCC and hackers not affiliated with any particular group came there. The reason the Australian hackers had such a high profile was not only because of their expertise with X.25 networking, but also because they had a tool called DEFCON. It was a small program designed to automate the scanning for interesting connections on the X.25 network. DEFCON was very hard on the Australians. It was not given to anyone outside of The Realm. Not even Eric Bloodaxe, who was one of the stars of LoD, got it when he asked.
One of the hackers in The Realm was Force. Force was a very methodical hacker, all his discoveries on the X.25 network were very carefully put into plastic folders and binders in his room. One day while he is scanning with DEFCON, he connects with a new computer that starts broadcasting numbers on his screen. He has done nothing but establish a connection, yet the computer happily starts typing what turns out to be credit card numbers onto his screen. For three hours the computer continues to send out credit card numbers, and he could see from the header on some of the cards that they are registered in CitySaudi, which is the Arab branch of one of the world’s largest banks, namely Citybank.
When he goes through the data that the computer has spewed out, he can see that the last part of the data not only contains credit card numbers, but also the names of some of the card holders. In addition, there was an overview of what card holders what credit limit, one of them had up to 5 Million Dollar! There was also an overview of what had been of transactions on these cards, restaurant visits, a Mercedes bought in cash and one person had visited a brothel. All Force could think at that time was that he would have free network connections for the rest of his life.
At that time in the 80s, connections to networks were quite expensive, therefore many of the hackers were involved in what is called carding, i.e. abusing credit cards to avoid having to pay for their network connections themselves. It was considered a little underpowered, but ok when used for nothing more than connecting to the international BBS’s. Unfortunately for them, it is also something that attracts the attention of the authorities, especially in the United States.
In January ’89 there is an article in The Australian, where the headline reads: Citybank hackers score $500,000. It was something that attracted attention, both among the ‘normals’ but especially in the underground who thought they were above this kind of crime. There is doubt as to whether it was the hackers from The Realm who did it, but a lot of money actually disappeared from accounts at Citybank. You can hardly expect anything else when their computer spits out accounts when you connect to them. At the time, Australia did not have a law against hacking, but this hack and several others caused the authorities in the United States to put a lot of pressure on Australia to get them to put an end to the hackers’ ravages of American computer systems. This causes the Australian government to introduce laws to be used against hacking in general and the Realm hackers in particular. After playing cat and mouse for a little over a year, they are all eventually put behind bars, only to be sentenced to very lenient sentences at the beginning of ’91. Some of them get away with it by saying that they are addicted to hack. Be that as it may, there has not been such an active underground in Australia since. Another one of the hackers in The Realm was known as Mendax, better known today as Julian Assange, founder of Wikileaks.
Here at the end, we slip right back to Germany to just quickly talk about an alliance between German hackers and the Russian KGB in 1988. The most famous of these hackers were Pengo and Hagbard who were loosely associated with the CCC. They both came from West Berlin and were part of a group that broke into computers at the Lawrence Berkeley Laboratory (LBL) in the USA, and from there moved on to the ARPAnet. From there they moved on to what was known as MILNET which was the military branch of ARPAnet. From MILNET, they get access to parts of the US Department of Defence’s network.
The system administrator at LBL is a certain Clifford Stoll, who will be known to some. He spends months pursuing these hackers, and thereby discovers that what they are looking for on the military networks is classified information. At that time, they managed to download the blueprints for the space shuttle and sell them on to the Russian intelligence service. They are eventually caught by putting some fake files on the network, it made them ask for the information via regular mail, and even though the recipient address was not directly to themselves, it was enough to bring them down. The sentences they received ranged from 14 months up to 2 years. Later, Hagbard committed suicide in a forest, or he was murdered – there is no agreement on that. In any case, it has become an integral part of the legends of the underground. The whole story can be read in the book written by Clifford Stoll, it is called The Cuckoo’s Egg and is by any standard an exciting read.
The Hacker Manifesto: http://www.mithral.com/~beberg/manifesto.html
Underground Book: https://www.wikiwand.com/en/Underground_(Dreyfus_book)
Tom Madsen has been active in the cybersecurity industry for more than 20 years. Tom graduated from the University of Aalborg and covered several technical roles in security during his professional career. He is certified as CISSP, CISA, CISM, CGEIT, CRISK, CCSP, CDSPE and CSSLP, and has published the book "The Art of War for Cybersecurity". He is currently writing a book 'Security Architecture - How & Why'.