Early Days of Hacking

omputer crime makes the headlines regularly today and the word "hacking" immediately brings to mind criminal activity.  But, it wasn't always that way.  Hacking has a long history, going back over fifty years.  Back then, it was a harmless activity performed to garner bragging rights.

Hackers first surfaced in the 1960s at the Massachusetts Institute of Technology (MIT).  The term "hacker" itself first appeared in the November 20, 2021 issue of MIT's student paper, The Tech.  Back then it was used to describe tinkering with computers and finding innovative ways to make things happen.  Today's "geeks" were then referred to as "hacks".  That creativity evolved into today's criminal acts.

The first real incident of criminal hacking began with phone hackers or "phreakers", as they were known, in the 1970s. These phreakers broke into phone networks to make free calls.  The most famous, John Draper (aka Cap'n Crunch), used toy whistles from Cap'n Crunch cereal to generate a 2600-hertz sound that permitted him to access AT&T's system and enabled him to make long distance calls free of charge.  Shortly after that, wire fraud in the US escalated.

The 1980s saw these phreakers move into computer hacking.  In 1988, Robert Morris created the first internet worm.  It crashed 6,000 Government and university computers.  He was fined $10,000.00 and sentenced to three years' probation; the first person convicted under the Computer Fraud and Abuse Act of 1986.

The arrival of the World Wide Web opened the flood gates.  Hackers then abandoned the old Bulletin Board Systems (BBS), the predecessor to email, and set up hacking websites.  Hacking how-to information became more widely available and hacking became more widespread and dangerous.  As the internet became more sophisticated, so did the criminals. 

Fast Forward

Today, online networking such as social media, chat rooms, blogging, instant messaging and dating sites, makes it possible for us to communicate remotely with large groups of people - none of whom we know - and leaves us open to some form of abuse.  We believe that, as individuals with small social media accounts, we're too insignificant to be in a hacker's radar, but that isn't the case.  I've heard the following story from two young girls living miles apart, one in Montreal, the other in upstate New York. Both girls opened their respective small-scale Twitter accounts one day and found that they were suddenly following over a thousand accounts and sending tweets in Russian!  Since neither girl speaks Russian, the purpose of the hack - simple nuisance or political pot-stirring - will never be known.

We laugh at what, on the surface, appears to be a relatively minor hack which was easily handled with a password change, but cases such as identity theft and fraud are not so easily cleared.  The targets are average people; their innocence and ignorance make them perfect sitting ducks.  The frightening thing is many such cases occur without the victims' knowledge.  When the fraud is discovered, damage is oftentimes extensive; lives and reputations ruined.

"Security is everybody's business," says Bob Boyer, Senior Architect of Security in Information Technology at Standard Life Assurance.  His job is to research the best ways to make his company's computer systems and databases secure and he knows how easy it is for outside sources to infiltrate inadequately secured systems.  He tells this story about a friend who was inexplicably pulled over by the police and learned that there was a warrant out for his arrest.  Someone had used his identity to acquire a credit card in his name, rented a car, and then abandoned it.  That resulted in a charge of car theft.  Not only did he have to clear his name in Quebec, he had to then clear it with the Canadian government so that he could travel for his work.  This man's life was completely disrupted - all without his knowledge.

No hacking today is innocent, points out Boyer.  The motivation has changed.  Today's hacker is not interested in making the odd free phone call or planting a happy face on your computer screen.  He's after bigger things such as your bank account or your credit card.  Phishing and spear phishing - a targeted form of phishing aimed at specific groups or individuals - are very effective at obtaining personal data.

According to Boyer, it is very easy to harvest information from various social media and gaming sites.  Combine that with additional information obtained through phishing, and you have enough data to commit identity fraud.  He stresses using caution when putting personal information and photos on any site.  "Remember," he says, "Once it's out there, it's out there forever."

Should we panic? No, but we must take the threat seriously.  The first line of defense is to take steps to make our social media accounts safer.  We can't stop all hackers, but we can certainly make it a little harder for them.

Ten Tips to Keep Your Accounts Safer

1. Don't reveal personal information on social networking sites.
2. Make sure your wireless network is secure at all times.
3. Maximize privacy settings on social networks by enabling secure browsing.
4. Be careful about the photos you post.  They may reveal things about you, and your location, that you would rather keep private.
5. Choose strong passwords, change them regularly and don't tell anybody what they are.
6. Beware of links such as "hHa Is tHIS you in VIDoe?-http://www.infectedlink.ru".  They are worms.  Once clicked, they self-replicate to spread and infect networks.
7. Consider using an assumed name to keep your identity secret for personal safety.
8. Be aware of what friends write about you, particularly about your personal details and activities.
9. Remember your smartphone is not just a phone, but a computer and is also a target for viruses and spyware.
10. Log out of any mobile devices.  If your phone is lost or stolen, you've granted immediate access to Facebook and Twitter accounts.
    

Sources

• Cowlard, Grace. Protect your social media channels from a hack attack. 3 August 2011. Document. 5 February 2014.
• Get Safe Online.org. 28 January 2014. Document. 5 February 2014. <https://www.getsafeonline.org>.
• History of Hacking. 04 October 2004. Document. 6 February 2014. <http://www.library.thinkquest.org/04oct/00460/hackingHistory.html>.
• Identity Theft and Identity Fraud. n.d. Document. 5 February 2014. <www/rcmp-grc.ca/scams-fraudes/id-theft-vol-eng.htm>.
• Mailonline. n.d. Document. 5 February 2014. <www.dailymail.co.uk/news>.
• Romeri, Monica Jade. New Social Media Statistics You Need to Know. 18 February 2014. Document. 25 February 2014. <http://socialmediatoday.com/monica-romeri/2181461>.

Thanks to Bob Boyer, Senior Architect, Security, Information Technology, Standard Life Assurance Company.

Images (unless otherwise indicated):  Google Images