In Depth

Famous for Fifteen Minutes: A History of Hacking Culture

In this excerpt from "The dotCrime Manifesto: How to Stop Internet Crime," security pioneer Phillip Hallam-Baker traces the development of the hacking culture from pranksters and bullies, to sophisticated professionals.

By Phillip Hallam-Baker

February 21, 2008 — CSO — It is often said that generals always prepare to fight the last war. A risk that is anticipated and planned for can usually be averted. It is the unplanned-for risks that overwhelm us. The appearance of professional Internet criminals was predicted in fiction long before the Internet became a mass medium. During the early years of the Web, we spent a great deal of time and energy looking for ways to defeat the professional thief. The mischief maker, the prankster, and the juvenile delinquent were overlooked.

Then a group of hackers cracked the Web site of the CIA.

The attack did not result in the loss of classified information, did not disrupt the work of the agency, and did not threaten the critical infrastructure. Nevertheless, the damage to the agency’s reputation was considerable. In the 1960s and 1970s, a standard move for the plotters of a military coup was to take over the national television and radio stations. A group of teenage vandals had managed the cyberspace equivalent.

As the overlooked risk became the concern, the anticipated risk was forgotten. Companies building Web sites learned to think of Internet security in terms of protecting their brand from embarrassment. Users learned that they could use the Internet without concern for their own security because government regulations make financial institutions such as credit card companies responsible for risk.

Meanwhile, the Internet became an increasingly important part of the economy. When asked why he robbed banks, Willie Sutton replied, “That’s where the money is.” Today the Internet is where the money is—lots of it—and the Willie Suttons of the Internet have been busy finding out ways to direct some of that money into their own pockets.

Organized crime rings operating out of Eastern Europe, Russia, Nigeria, and Boca Raton, Florida, are using the Internet to steal hundreds of millions of dollars per year. Their methods include confidence tricks, consumer fraud, and extortion.

By the time the professional cybercriminal finally appeared on the scene, security experts had learned to avoid suggesting money as the motive for an attack. As far as the press, the public, and most customers were concerned, Internet security was almost entirely a problem of juvenile delinquency, and anyone who suggested otherwise was engaged in scare-mongering.

The only Internet security problem that could be acknowledged was teenage hackers whose amazing technical skills were matched by a complete lack of social skills. According to the carefully constructed media image,

• Email
• Print
• Comments
• Digg This
• SlashDot