Home » Data Protection » Malware/Cybercrime

Hacks, Phreaks, and Worms: Events That Changed Internet Security

The top eight events that changed the history of internet security (and two that didn't)

January 28, 2008 — Given the headlines lately, you could be forgiven for thinking that the biggest, baddest events in the history of computer security have all happened within the last few years. After all, there have been so many hacks disclosed that Stephen Northcutt of SANS recently observed, "The way we are going, there are only going to be a couple hundred people of any significant net worth in the United States that have not had their details lost in a privacy breach--and they are going to prove to be so ultra paranoid they never borrowed money or had a credit card."

In reality, the history of the most significant hacks, malware and other security bungles stretches back a lot further than the oft-cited chronology breaches compiled by the Privacy Rights Clearinghouse. That's why we've put together this list of the worst, but most important, moments in computer security--a sort of cynics' guide through the history of information security.

Some of the items on the list were chosen because of their legislative impact or technical sophistication. Others were picked as a result of the media attention they received, and still others because of the focus they brought to important security issues. One even happened well before computers became a personal item, back when the Internet had a mere 60,000 connections. But each event, in its own way, is one that we at CSO think is momentous.

Of course the list is arguable. That's half the fun.

1971: Captain Crunch Whistle
Phone phreaker (a term for a subculture of people who, ahem, experiment with telecom systems) John Draper discovered that a toy whistle packaged in boxes of cereal could be modified to emit a tone at 2600 hertz. That was the same frequency used by phone companies to indicate that a trunk line was available to route a new call. Blowing the whistle into the telephone receiver would disconnect one end of the trunk, allowing the side that was still connected to enter an operator mode (a useful function for maintenance and repair personnel as well as phreakers).

"The problem was that the telcos allowed this to be sent in-band, and thus end customers could create and 'transmit' these signals as well. Although most of this has been moved to out-of-band signaling, this problem still exists for many older switches, some in the states and several places overseas," says Mudge, a hacker turned computer researcher at BBN Technologies. The upshot: the phreaker gets free phone calls and various other opportunities for mischief.

Why significant: Widely cited as the seminal precursor to computer hacking. Draper went on to build blue boxes, which are capable of reproducing other tones used by the phone company and allow their users to make free long distance calls. Draper was exposed in a 1971 Esquire article, which sparked the interest of a certain duo named Steve Jobs and Steve Wozniak, who also began building blue boxes themselves. Of course, they later founded Apple.

1988: Morris Worm
Robert Tappan Morris, a 23-year-old Cornell University student, wrote some code as part of a research project aimed at determining the size of the Internet. The worm was meant to infect computers, but only to see how many connections to the Internet existed. Because of a flaw in the code, however, it ended up exploiting vulnerabilities in Unix and spread quickly, infecting multiple machines multiple times and rendering them unusable.

Why significant: Considered the first computer worm distributed on the Internet, and thus to some extent the beginning of the age of malware. Morris' worm also was the first to gain significant attention from the mainstream media--and the judicial system. In 1990, Morris was sentenced in U.S district court to three year's probation, 400 hours of community service and a $10,050 fine.