As mentioned earlier, computer hacking began with the first networked computers back in the 1950s.The introduction of ARPANET in 1969, and NSFNet soon thereafter, increased the availability of computer net- works.The first four sites connected through ARPANET were The University of California at Los Angeles, Stanford, University of
California at Santa Barbara and the University of Utah.These four con- nected nodes unintentionally gave hackers the ability to collaborate in a much more organized manner. Prior to the ARPANET, hackers were able to communicate directly with one another only if they were actu- ally working in the same building.This was not all that uncommon of an occurrence, because most computer enthusiasts were congregating in university settings.
With each new advance dealing with computers, networks, and the Internet, hacking also advanced.The very people who were advancing the technology movement were the same people who were breaking ground by hacking, learning the most efficient way they could about how different systems worked. MIT, Carnegie-Mellon University, and
Stanford were at the forefront of the growing field of Artificial
Intelligence (AI).The computers used at universities, often the Digital Equipment Corporation’s (DEC) PDP series of minicomputers, were critical in the waves of popularity in AI. DEC, which pioneered com- mercial interactive computing and time-sharing operating systems, offered universities powerful, flexible machines that were fairly inexpen- sive for the time, which was reason enough for numerous schools to have them on campus.
ARPANET existed as a network of DEC machines for the majority of its life span.The most widely used of these machines was the PDP- 10, which was originally released in 1967.The PDP-10 was the pre- ferred machine of hackers for almost 15 years.The operating system, TOPS-10, and its assembler, MACRO-10, are still thought of with great fondness. Although most universities took the same path as far as com- puting equipment was concerned, MIT ventured out on their own.Yes, they used the PDP-10s that virtually everybody else used, but they did not opt to use DEC’s software for the PDP-10. MIT decided to build an operating system to suit their own needs, which is where the
Incompatible Timesharing System operating system came into play. ITS went on to become the time-sharing system in longest continuous use. ITS was written in Assembler, but many ITS projects were written in the language of LISP. LISP was a far more powerful and flexible lan- guage than any other language of its time.The use of LISP was a major factor in the success of underground hacking projects happening at MIT.
By 1978, the only thing missing from the hacking world was a vir- tual meeting. If hackers couldn’t congregate in a common place, how would the best, most successful hackers ever meet? In 1978, Randy Sousa and Ward Christiansen created the first personal-computer bul- letin-board system (BBS).This system is still in operation today.This BBS was the missing link that hackers needed to unite on one frontier.
However, the first stand-alone machine—which included a fully loaded CPU, software, memory, and storage unit—wasn’t introduced until 1981 (by IBM).They called it the personal computer. Geeks every- where had finally come into their own! As the ’80s moved forward,
things started to change. ARPANET slowly started to become the Internet, and the popularity of the BBS exploded.
Near the end of the decade, Kevin Mitnick was convicted of his first computer crime. He was caught secretly monitoring the e-mail of MCI and DEC security officials and was sentenced to one year in prison. It was also during this same time period that the First National Bank of Chicago was the victim of a $70 million computer crime. Around the same time that all of this was taking place, the Legion of Doom (LOD) was forming.When one of the brightest members of this very exclusive club started a feud with another and was kicked out, he decided to start his own hacking group, the Masters of Deception (MOD).The ensuing battle between the two groups went on for almost two years before it was put to an end permanently by the authorities, and the MOD mem- bers ended up in jail.
In an attempt to put an end to any future shenanigans like the ones demonstrated between the LOD and the MOD, Congress passed a law in 1986 called the Federal Computer Fraud and Abuse Act. It was not too long after that law was passed by Congress that the government prosecuted the first big case of hacking. Robert Morris was convicted in 1988 for the Internet worm he created. Morris’s worm crashed over 6,000 Net-linked computers. Morris believed that the program he wrote was harmless, but instead it somehow got out of control. After that, hacking just seemed to take off like a rocket ship. People were being convicted or hunted left and right for fraudulent computer activity. It was just about the same time that Kevin Poulsen entered the scene and was indicted for phone tampering charges. He “avoided” the law suc- cessfully for 17 months before he was finally captured.
Evidence of the advances in hacking attempts and techniques can be seen almost every day in the evening news or in news stories on the Internet.The Computer Security Institute estimates that 90 percent of Fortune 500 companies suffered some kind of cyber attack over the last year, and between 20 and 30 percent experienced compromises of some kind of protected data by intruders.With the proliferation of hacking tools and publicly available techniques, hacking has become so main- stream that businesses are in danger of becoming overwhelmed or even
complacent. Companies that develop defense strategies will protect not only themselves from being the target of hackers, but also the con- sumers, because so many of the threats to Web applications involve the end user.