The 50s-90s: the birth of global communications and the birth of hacking.
Cyber security has been a lot higher on the agenda these last few years. Governments, media and corporations, large and small have been talking about it, and all of these have been affected by attacks.
But until recently, only a handful of stories made the headlines, leaving a skewed image of how cyber security has developed. In cyber security awareness month, it’s useful to take a look back at where it all started and how things have changed.
Arguably the first cyber breach started in 1957 when a blind eight year old discovered that whistling at a certain pitch (2600hz) reset the telephone trunk. By connecting to the telephone exchange using a free number and resetting the trunk he could make free calls. This was later developed into the ‘blue box’, which provided the pitch electronically. John Draper, who created the blue box, was later arrested.
The first big government attack on record was in 1982 when the CIA, under Ronald Reagan, tampered with software to control the SCADA systems in a Siberian Pipeline, causing the largest non-nuclear explosion seen from space. In 1989, the Worms Against Nuclear Killers worm brought down NASA systems days before launch of the Galileo spacecraft which had Plutonium-based power supply units.
A few major incidents aside, prior to the 90s hacking was very much a ‘band of brothers’ activity – a way of showing off your skills. Mass fraud was considered very bad form and stolen bank account details were used only to fund online costs. Hacking communities started to build up in the 80s where hackers could discuss their achievements. Altos Chat was the first major hacking forum and was the place where Pad and Gandalf, perhaps the original UK hackers, met to share tips.
In the 1990s the secret services of the US and the Australian Federal Police started cracking down hard on hackers, and offering reduced sentences to those who shopped their friends. The self regulating community disappeared and hackers started using their skills for profit. In one of the first examples, an Australian hacker used stolen credit card details to order $50,000 of goods including a jet ski from the US which ended up at the docks as no duty could be paid.
The big stories of the 90s were viruses and hacks which damaged many computers and costs companies millions. 8lgm (8-legged groove machine), a group of hackers set up by Pad & Gandalf, compromised major organisations such as the FTSE, NASA, MoD, and Oracle. Pad & Gandalf both served custodial sentences whilst a third member, Wandii, walked free after the jury accepted his plea that he was “addicted” to computers. Also coming to light in early in the 90s were attacks on US Government systems known as “Solar Sunrise” and “Moonlight Maze”. It was discovered that these attacks had started some years before.
This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.
About the ICT Knowledge Transfer Network
The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.
The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.
The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk