Welcome back, my fledgling hackers!
Hacking has a long and storied history in the U.S. and around the world. It did not begin yesterday, or even at the advent of the 21st century, but rather dates back at least 40 years. Of course, once the Internet migrated to commercial use in the 1990s, hacking went into hyperdrive.
For those of you are unaware of our long and proud history, I want to dedicate this post to provide you with some of the highs and lows of this 40 year history. It would be impossible to list every hack or hacker over the last 40 years, even if this were a 500 page book, so I will limit myself to a brief history and only try to touch upon the most significant hacks over that period of time. Of course, it goes without saying, that this history will be biased with my perspective of what was most significant. If you feel I have missed a significant event in this history, please feel free to add it in the comments along with its significance. Such a brief history is an ambitious project and is sure to miss some important hacks and events.
In addition, we are limited in this history to only discussing those hacks that were made public. Those that were not reported by their victims (national governments and large corporations are reluctant to report intrusions for fear of embarrassment and damage to their reputation) or were never discovered by the victims, cannot be included. So, of course, that biases this history to only to those unfortunates who were caught.
Famous People Who Were Hackers
Before we delve into this history of hacking, let’s take a look at some prominent people who were once hackers. In all reality, there are many respectable people in IT and IT security that have a hacker backgrounds, but few are willing to admit it. I personally know CIOs and CTOs of major corporations in the U.S. that have admitted to me that they were once hackers, but they won’t say so on the record and really don’t want their employers to know.
Steve Jobs
Before there was an Apple computer, Mac, iPod, IPad, or iPhone, Steve Jobs and his partner, Steve Wozniak, were developing a tool that became known as the Blue Box in 1972. This tool was capable of replicating the audio tones used by the telephone company (yes, children, once upon a time, their was just one telephone company in the U.S.) to enable long-distance calls—without paying for them.
Long before WikiLeaks, Julian Assange was an infamous teenage hacker in Australia. As a 16-year-old in Australia, Assange, aka Mendax, was hacking into the U.S. Department of Defense, NASA, the U.S. Navy, MILNET, Citibank, and Lockheed Martin, among many others. By 1991, Assange was caught hacking Nortel and was arrested and charged with 31 counts of computer crimes. In 1996, he plead guilty to 25 counts and paid a minimal fine with no jail time.
Kevin Poulsen
Now known as an astute tech writer for WIRED Magazine and author, Kevin Poulsen, was first a hacker. He is best known for hacking the phone system of KIIS-FM in Los Angeles to make certain he was the 102nd caller, which won him the prize of a new Porsche 944. Poulsen was caught be the FBI and sentenced to five years in the federal penitentiary with a three-year ban on using the Internet.
In the Beginning…
There really is no clear-cut beginning, unlike the Bible. Almost as soon as there were computers (ENIAC was developed for military ballistics work in 1946), there were hackers. Most of these hacks were minor, without major dollar loss or legal implications. Many people point to one event that may have marked the beginning of awareness of the risks and significance of computer hacking.
Lawrence Livermore Lab in Berkeley, CA was developed during WWII to do research on atomic weapons. After the war and up to the present, it continued to work on nuclear weapons development. During the Cold War between the U.S. and the Soviet Union, this lab was a focus of espionage, as it held secrets that could give either nation an upper hand in any conflict against each other.
In 1986, at the height of the Cold War, Clifford Stoll, an astronomer working in IT at the lab, was asked to resolve a $0.75 accounting error on the time- share system. In his research, Stoll discovered that there was an unauthorized user on the system. Stoll was able to trace the new, unauthorized user back to Germany.
This event, probably more than any other, triggered the national consciousness to the risks of hacking and started the process of developing a legal framework to prohibit hacking.
Morris Worm – 1988
In November 1988, the young Internet almost came crashing down. A 22-year-old Cornell graduate student by the name of Robert Tappan Morris had unleashed a worm that infected nearly 25% of the computers on the Internet (admittedly, there were few computers on the Internet then). This was particularly embarrassing for his father who had been a prominent NSA scientist and, at the time time, head of IT security for the world’s largest computer company, IBM.
Eventually, Mr. Morris became the first person to be prosecuted with the Computer Abuse and Fraud Act of 1986 (Title 18, Section 1030 of the U.S.C.). This same law is still used to prosecute most hacking crimes in the United States. Morris was sentenced to three years probation and 400 hours of community service. Dr. Morris is now a tenured professor at the Massachusetts Institute of Technology (MIT).
Melissa Virus – 1999
The Melissa virus was a milestone in virus development as it was a macro virus. This means that it used macros embedded in MS Office documents to do its dirty work. This may have been the most successful virus in computing history, reportedly infecting up to 1 in every 5 computers worldwide.
Eventually, the developer of the Melissa virus, David L. Smith, was caught and prosecuted. Authorities tracked the GUID of the Office documents containing the virus to catch Smith. He plead guilty and was sentenced to 10 years in prison.
Back Orifice 2000 – 1999
Back Orifice debuted in 1999 as a rootkit and remote administration tool (RAT) for Windows 95 and Windows 98 systems. Developed by the hacker group, Cult of the Dead Cow, it did much to heighten the awareness of the vulnerabilities of Windows systems to malware.
Many of the members of the Cult of the Dead Cow became leading figures in cybersecurity including Mudge (Pieter Zatkow).
DMCA & Elcomsoft – 2001
The Digital Millennium Copyright Act (DMCA) of 2001 was a new U.S. law that made it illegal to pirate copyrighted material. This new law contained severe penalties for doing so. Almost as soon as the ink was dry on this law, the FBI arrested Dmitry Sklyarov of Elcomsoft as he came to the U.S. to attend Defcon in Las Vegas. The FBI claimed that Sklyarov and Elcomsoft were trafficking in a software program that could circumvent copyright protections. This made Sklyarov the first person arrested and prosecuted under this law.
Elcomsoft is a Russian company that sells digital forensics software that can also be used for hacking. For instance, they produce one of the best password-cracking software available anywhere. It was this software that the FBI considered illegal that lead to his arrest. Eventually, the FBI dropped the charges against Sklyarov and he was allowed to return to Russia. Elcomsoft was then prosecuted under this law and was found not guilty.
Anonymous Formed – 2003
Anonymous, the loosely organized hacking collective, made its first appearance on the scene in 2003. An outgrowth of the 4chan image boards, this group would gain probably greater fame than any other hacker organization.
It has conducted numerous widely reported hacks including Operation Chanology, an attack on the Church of Scientology’s website; Operation Payback, the DDoS attacks against MasterCard, Discover, Visa, and PayPal after they refused to allow people to use their services to send contributions to WikiLeaks; Operation Paris, in response to the recent attacks in Paris; Operation ISIS, an attempt to nullify ISIS recruiting efforts on the Internet; Operation Trump, an effort to keep Donald Trump from being elected president; and many others.
Several members and contributors of Hackers-Arise are also members of Anonymous.
TJX – 2007
TJX, the holding company of the off-price retailers such as TJ Maxx and Marshalls lost nearly 45 million customer records and credit cards numbers when hackers were able to compromise their network through an unsecured wireless network. It was the largest data security breach up to that time.
The hackers found one of its stores had an unsecured wireless network that they were able to access from the parking lot. From there, they were able to traverse the company network to the database servers holding the customer accounts and credit card numbers. TJX held all this data unencrypted, making the hackers task extraordinarily easy.
Carder Market & Max Butler – 2007
An American grey hat hacker, Max Ray Butler, aka Max Vision, takes over the world’s largest black market for stolen credit cards numbers, Carders Market. Eventually, in 2007, Butler (also the founder of the ArachNIDS vulnerability database) was caught and sentenced to 13 years in prison, the stiffest sentence imposed upon a hacker. Butler is cooperating with CERT and is likely to be released early as a result of his cooperation.
Georgia – 2008
Often marked as a milestone in the history of cyber warfare, Georgia, the former Soviet republic, was attacked with a massive DDoS attack against its internet architecture. As a result, all of the government and military internet-based communications were disabled, while Russian tanks and troops rolled into the Georgia province of South Ossetia. The DDoS attack was instigated by civilian hackers in Russia, probably at the direction of the Kremlin.
Conficker Worm – 2009
First detected in November 2008, the Conficker Worm struck fear into nearly ever Windows user and their IT departments in 2009 and 2010. The worm used the vulnerability in Windows systems that became known as MS08-067 (Metasploit now has an exploit that tests for this vulnerability). The Conficker worm created one of the largest botnets in history, maybe as large as 15 million computer systems around the globe.
This worm gave the developer access to the personal information of the computer user while adding them to a massive worldwide botnet that could be used for DDoS attacks, password cracking, and spamming, among many other malicious activities. Despite concerted international efforts, no one is certain who was responsible for Conficker and what its ultimate purpose was.
Operation Aurora – 2010
In 2010, Google was the victim of a massive attack, presumably from Chinese state-sponsored hackers. These attacks were undertaken to compromise Google’s Gmail service. Google speculated that Chinese authorities were seeking information on dissidents in their country that used Gmail to communicate. As a result, Google withdrew from the China market, the world’s largest.
Stuxnet – 2010
This was probably the most sophisticated hack ever. Undoubtedly, this malware was developed by the NSA, probably in collaboration with Israel. Its intention was to slow the Iranian nuclear development efforts and it accomplished that goal.
This worm was first released in the wild in 2009 and traveled around the world. It was soon discovered by security researchers, but its goal was unknown. Eventually it found its way to the offline uranium-enrichment facility in Natanz, Iran, where it infected the Siemens PLC controllers on the centrifuges used to enrich uranium. It did not disable them, but rather made them operate at speeds that were inadequate to properly enrich the uranium, all the while reporting to the control room that all was well.
This bit of malware was sophisticated and unique. First, it was very specific; It only infected the Siemens-produced controllers used on that enrichment facility. Second, it was harmless on all other infected computers. Only when it detected the target PLCs did it “phone home” for an upgrade. Third, it used a hash collision likely generated by NSA’s supercomputers to bypass the Microsoft’s software-signing certificate authentication process. In all, the world has never seen such sophisticated malware, but I am sure that won’t last for long.
PlayStation Network – 2011
The PlayStation Network of Sony Corp. was hacked in April 2011, and over 77 million users’ personally-identifiable information was compromised. It was one of the largest data security beaches in history. Sony blamed Anonymous, but Anonymous denied involvement.
Aaron Swartz 2011
Aaron Swartz was an icon and martyr for the cause of information freedom. Swartz is known for his development of the web format RSS, and his involvement in the organization Creative commons and partner in Reddit. In January 2011, Swartz was arrested by MIT police for connecting a computer to the MIT network and downloading academic journal articles. Federal prosecutors charged him with wire fraud and eleven violations of the Computer Fraud and Abuse Act, US Title 18 Section 1030 (for more on the Computer Abuse and Fraud Act, see my article “Be Careful Out There! The Legal Consequences of Hacking). These charges could have meant up to 35 years in prison for Swartz.
In August 2013, Aaron Swartz was inducted into the Internet Hall of Fame.
Jeremy Hammond – 2013
Jeremy Hammond was a computer hacker and hacktivist who was convicted in November 2013 to 10 years in Federal prison for hacking Stratfor, the private foreign intelligence firm and releasing the information and emails to WikiLeaks. Interestingly, the presiding judge at his trial, Loretta Preska, had ties to the firm Stratfor through her husband and yet refused to recuse herself.
Hammond founded the website www.hackthissite.com at just age 18. Hammond had long been a staple in the information security community and is a good example of someone using their skills for the common good, despite being labeled as criminal by the U.S. justice system.
Mt. Gox – 2011-2014
Mt. Gox, based in Tokyo, Japan, was one of the first bitcoin exchanges and probably the most widely used. Begun in 2010, it closed its website and exchange in 2014. During that time, over 850,000 bitcoins ($450 million at the time and over $14 billion presently) were missing from its exchange.
It was eventually revealed that Mt. Gox had been hacked numerous times over the years by various hackers. The CEO of Mt. Gox was arrested in 2015 for falsifying the account records to cover the losses.
Target / Home Depot Hack – 2013
In December 2013, Target revealed that its database servers had been hacked and millions of customers’ data had been compromised. The hackers apparently exploited the point-of-sale systems that were running Windows XP to enter the network, then traveled to the database servers from there to exfiltrate the data.
Sony – 2014
Just before Christmas of 2014, Sony Entertainment’s computer systems were hacked presumably by the North Korean government in response to a movie that Sony was about to release. This movie did not reflect well on the North Korean dictator, Kim Jong Un. The hackers were able to copy movies, emails, and confidential corporate documents that were very embarrassingly to Sony.
Independent researchers found evidence that the attack was likely an insider job by former employees who had a grudge against the corporation.
Hacking Team – 2015
In 2015, a company in Italy known as “Hacking Team” was hacked and the contents of its email and file server posted online. What makes this hack so significant is that it clearly shows how hacking has become a legitimate business. Emails from their servers show that Hacking Team, like Vupen, developed zero-day exploits and sold them to governments around the world. These exploits are largely used by governments to watch and monitor their citizens’ online activities.
The Presidential Election of 2016
The U.S. Presidential will likely go down and one of the most significant hacks in history. Presumably, the Russian state and Russian state-sponsored entities endeavored to influence the U.S. Presidential election in favor of Donald Trump. These activities included posting divisive and false information on social media sites such a Facebook and Twitter and hacking the emails of Trump’s opponent and her campaign manager, John Podesta. These emails were then transferred to WikiLeaks, where they were released by Julian Assange and his comrades at WikiLeaks. In addition, the Russian hackers attempted to infiltrate the software of the voting machines, but were apparently unsuccessful.
NSA’s EternalBlue
In late 2016 and early 2017, a shadowy organization– appropriately named the Shadow Brokers–was trying to sell exploits on the Internet that they said were stolen from the US spy agency, NSA. When they were able able to sell these exploits for their asking price, they released them on the web on April 14, 2017. As it turned out, these were real, stolen exploits from the NSA and could effectively give the owner access to nearly every Windows 7 and earlier computer. Not only would they get access, but they would have system administrator privileges allowing them to do ANYTHING on that system. The primary exploit (hack) became known as EternalBlue.
Within days of the release of this exploit, Microsoft issued a security alert and patch that became known in Microsoft parlance as MS17-010. Unfortunately, not everyone patched their systems and this exploit was responsible for millions of computers (and their owners) being compromised. The exploit was built into the WannaCry, Petya, and NotPetya ransomware.
Ultimately, experts agreed that the likely actor behind this hack/exploit was Russian intelligence. At the same time, we must not forget that the NSA was responsible for developing the exploit and was actively using it to spy on its own citizens.
SolarWinds
In January 2021, the venerable cybersecurity firm, FireEye, announced they had been hacked and their custom pentesting tools stolen. Little did anyone suspect that this was the leading edge of one of the biggest and most damaging hacks in history!
Within days, it became apparent that not only was FireEye hacked, but some of the most sensitive departments in the US government (including Homeland Security and State Department) and many of the largest corporations in the US (including Microsoft, Cisco, Intel and many others) had also been hacked. When all was said and done, at least 18,000 entities had been hacked.
It turns out that Russian hackers (probably the GRU or its affiliates) had broken into network management software developer, SolarWinds, servers and implanted malware within the companies software. When customers received their updates in March 2020, these updates included a backdoor into their systems. For a conceptual demonstration of this type of hack, see my tutorial on Evilgrade to install malware when an application gets updates and upgrades.
At the time of this writing, it is still unclear of the damage of this hack. Sensitive US government documents have been exposed to the Russian hackers and Microsoft has stated that their source code has been downloaded. With time, we will likely find out the full extent of this devastating hack.
Summary
I hope this brief history of hacking clearly demonstrates to you the importance and significance of hacking over the last 40 years or so. As more and more of our lives become digital, hacking and IT security will become even more important, making them the most valuable and critical skills of the 21st century!