Continuing our previous discussion about the history of hacking, we now come to the final stage of computer hacking as it enters the 21st Century. It’s easy to say something like ‘9/11 changed everything.’ 9/11 did force a sea change in terms of how governments viewed physical and cyber security, but the factors were in place several years before and continued throughout this time period.
As previously noted, the first elements of cyberwarfare took place in 1991. Five years later, Moonlight Maze was an investigation regarding a massive data breach affecting the Pentagon, NASA, the Department of Energy and other agencies.
In Eastern Europe around the year 2000, ‘cyber arms marketplaces’ began to develop, offering cyber weapons for sale to the highest bidder. Computer crime became cyber terror, with attacks such as the Melissa Virus (1999), ILOVEYOU Virus (2001), and the Code Red Worm (2002). Non-political acts of sabotage caused financial and other types of damage. In 2000, a disgruntled employee caused the release of 800,000 litres of untreated sewage into waterways in Maroochy Shire, Australia.
All of these acts were viewed individually and not given long-term worldwide attention. However, in the post-9/11 era, governments and corporations looked at computer hacking in a different light; hackers were more than innocent pranksters. Now, computer hacking was a form of ‘asymmetric warfare.’ Hackers were potentially soldiers, or terrorists. New guidelines and principles began to take shape.
At the same time, infosec-related incidents took on a new level of urgency and impact. In 2003, the Titan Rain attacks focused on American computer systems, gaining access to many United States defense contractor computer networks including Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. In 2007, the country of Estonia suffered an almost crippling level of cyber attack against many government, university, and banking systems. The attacks triggered military organizations to reconsider the importance of network security to modern military doctrine.
Computer hacking also became an avenue for staggering amounts of money. Data breaches rippled across major companies from 2006 forward, and now have become a part of our regular news landscape. Computer hacking also allowed people like Ivan Turchynov to make $100 Million by hacking press release companies for information that would impact the stock market. Entertainment companies like Sony and HBO were hit by hackers interested in upcoming shows and in some cases, the hackers also gained access to email and payroll information.
Governments began using offensive cyberwarfare during this period, as shown in the case of the Stuxnet bot designed to cripple the Iranian nuclear program. Executive orders now ensure sanctions, freezing assets of those who threaten the national security, foreign policy, economic health, or financial stability of the US. Government probes continue to highlight vulnerabilites in every computer system, such as this incident where the avionics of a 737 were remotely penetrated by white hat hackers.
Advanced persistent threats continued through the end of the 2010. Operation Aurora aimed attacks at dozens of organizations and companies including Google, Morgan Stanley and Yahoo. Even as recently as a year ago, cyber-warfare events continue, including a potential attack on the Russian electrical grid by the United States. Yesterday’s newspaper proves that computer hacking is still a thing between nation-state actors, and we can only guess at what the future holds.
The Moral of the Story
So if you’ve come this far, you might be saying “Okay, thanks. So what?” The moral of the story is a bit sad, in that hacking’s storied past has been co-opted by bad people who only see hacking as a means to an end. It wasn’t always like that, but that’s the prevailing argument today. Don’t believe me? Just watch this video about how Hollywood views hacking.
I freely admit: this history is by no means exhaustive. I wrote this to illustrate a central truth about computer hacking that the next generation of geeky kids needs to understand. Hacking isn’t just about curiosity, or discovery anymore. Computer hacking brings you into the orbit of some dangerous people: career criminals, spies, and potential terrorists.
Does that mean all technical knowledge is dangerous? No, of course not. White hat hackers, pen testers, and other associated infosec professionals utilize that knowledge in a safe and responsible way every day.
But here’s the thing. Now that hacking has evolved to its current state, it would be a mistake to think that there’s a safe middle ground. Hacking is largely seen as an extension of criminals and state-acted warfare, is that something you want to be a part of? If you take nothing else from this discussion, let it be this: Technical knowledge can be a powerful tool in the right hands. But, as Uncle Ben said in Spiderman: ‘With great power comes great responsibility.’
My hope is that this discussion will help put some historical and cultural context around hacking, and finally to one of the central themes of Mesh:
Mesh and Hacker Culture
One of the things I wanted to do when I started writing Mesh is to focus on the original tenets of hacker culture: discovery, curiosity, and responsibility. Up until the seventies and eighties, to be a hacker was to be one of the strongest geeks in the room. The guy who could do anything, make it work no matter what, and then humbly disappear into the background.
Currently, hacking is seen as a threat and as we grow and change in the 21st century, there will be a need to carve out the culture of hacking and making from cracking and taking. In Mesh, we’ll watch some geeky kids in the future make that discovery.
We’ll cheer Roman, Zeke, Taj, and everyone else as they hack their way past world-changing, death-defying odds. When they finally succeed, we’ll be ready to step forward into the world they risked everything to save. After all, if we aren’t willing to make the world a great place for everyone, what are we doing with ourselves?
Thanks very much for coming along with me on this journey through the history and culture of hacking.
I link a number of articles throughout this essay – but I’d also like to cite these articles, too: