Heartbleed in Context: A Brief History of “Hacking”
/The recent Heartbleed attacks that exposed vulnerabilities in some of the most well-known Internet moguls resulted in one of the most severe security incidents in the history of online data transfer. The Heartbleed security bug, technically identified as CVE-2014-0160 and called “TLS heartbeat read overrun,” is found within the open-source OpenSSL cryptographic library, which is used to provide Secure Sockets Layer (SSL) encryption capabilities for data in transit on the Web. For those of us a little less tech-savvy, Heartbleed provides “hackers” access to information stored on commonly used servers. Of the more popular websites, Heartbleed revealed vulnerabilities in sites including Yahoo!, Pinterest and Reddit, all of which hold personal user information that may have been lost to data theft. In this post, we place the recent Heartbleed attacks in historical context with a brief overview of “hacking” history.
Although the term “hacking” is relatively modern, technological tampering has existed from the onset of data transfer in the late nineteenth century. The earliest known cases of data interruption occurred in the 1870s, when switchboard operators at the Bell Telephone Company intentionally misdirected and disconnected telephone calls. Operators often eavesdropped on conversations as well, and used their control to exploit personal and sensitive information from unknown telephone users.
In the late 1960s, computers hackers made their first appearance. A “hack” is a technical modification of a data transfer that provides a bypass of a standard operating system. The term was coined by model train enthusiasts at the Massachusetts Institute of Technology (MIT) who manipulated their train sets for fun. Later, many of these model train “hackers” applied similar manipulations to then new computer systems in an effort to optimize programs, adjust specific applications, or learn new techniques for personal use. These modifications often resulted in programs that operated at higher efficiency levels than was capable by the original parent program.
The most well-known example of early data manipulation is the UNIX operating system, which was developed in the late 1960s by Dennis Ritchie and Keith Thompson of Bell Labs. The work of early hackers is not what we commonly associate with today's cyber manipulation. The example above of train set manipulation that led to program optimization was done to benefit rather than exploit the user. This mode of thinking changed in the 1970s, when telephone systems once again became the primary target of data exploitation. As telephone systems became fully electronic, hackers discovered and exploited switching networks to place long distance calls free of charge. Known as “phreakers,” these hackers manipulated the twenty-four hour clock of telephone switching networks so that, for example, a long distance call made at 1 p.m. registered as if it had been placed at 1am instead, when long distance charges didn't apply. Later they would learn to abuse poorly designed call forwarding systems or unsecured voice mails for free phone calls and even communication between each other.
Parallel to phone hacking was the rise of the electronic age. In the 1980s, computers moved from corporate to personal life. The growth and widespread use of the modern personal computer and Internet allowed hackers to shift from phone networks to electronic ones. Modems enabled computers to communicate with each other, which significantly extended the hacker’s technical reach and created new vulnerabilities for electronically stored information. Steven Levy famously captured the birth of a new subculture in his 1984 publication Hackers: Heroes of the Computer Revolution, in which he detailed early hacking history and summarized the “hacking” world: “Access to computers, and anything that might teach you something about the way the world works, should be unlimited and total.”
Eventually society “caught up” to the abuse of these new technological systems. In the United States, the Federal Computer Fraud and Abuse Act became law in 1986, making computer tampering a felony crime punishable by fine and jail time. By the mid-1990s, several high-profile arrests had taken place and the seriousness with which governments and businesses dealt with hacking activities found new heights around the world.
Large numbers of new users joined the interne as the world wide web came online over the course of the 90s. In turn, hackers could exploit larger and larger numbers of vulnerable systems. Security problems with Windows and lack of computer security knowledge among the millions of new users gave hackers ample opportunities. At the turn of the century viruses like Melissa and ILOVEYOU infected millions of computers and caused low levels of panic. Over the last fifteen years security and awareness has improved, but as Heartbleed demonstrates, vulnerability to technological tampering still exists.
A history of hacking suggests that the relationship between humans and the technological systems they create is not always passive. For most networks of telephones or computers exist unacknowledged, as convenient benefits of human advancement, but some individuals decide to see how they can change or exploit these systems. Sometimes, like those who improved model train sets at MIT, they are honestly trying to improve the system. Others, like the authors of computer viruses, try to use these systems to harm others. In both, individuals are actively influencing how we construct and interact with technology. Though we are inconvenienced (at best) by computer viruses, it's fun to consider what they reflect about the society in which we live and how it developed.