HACKING THROUGH THE AGES
From phone lines to fake certificates and social engineers, hacker tradecraft has evolved spectacularly over the years
PEOPLE HAVE DONE BAD THINGS with computers for decades. Even before personal computers, people (“phreakers”) used to abuse telephone systems. The hacking journal 2600 takes its name from the 2600Hz tone required to trick AT&T phone lines into giving free calls in the 1960s. This was possible because the same line carried both voice and connection-management signals.
Such in-band signalling was done away with in the 70s when a new signalling system was introduced. This enabled different networks to send this data out of band. This system, known as SS7, is still in use today, and is vulnerable to a manin-the-middle attack. This has been exploited to allow second-factor SMS codes to be intercepted, and accounts to be compromised.
The Morris Worm is widely regarded as the first self-replicating worm to spread over the internet. It was actually a well-intentioned effort to highlight security flaws and count the number of computers on the internet, but an error led to it crippling somewhere between 2,000-6,000 of them (watch HaltandCatchFire S2 E3). Robert Morris won the dubious honour of being the first person convicted under the Computer Fraud and Abuse Act (CFAA), but post-conviction completed his Ph.D. at Harvard and went on to be a professor at M.I.T.
THE WORM THAT TURNED
The worm exploited a number of vulnerabilities in Unix tools, as well as weak passwords. The problem was re-infection. Morris didn’t want his worm to have to ask targets if they were infected and then infect them only if they replied no—this could be stopped by canny sysadmins installing a program that just says yes all the time. So he specified that one-seventh of the time machines would be re-infected. This, it turns out, was high enough that machines quickly ended up running several copies of the worm and became unusable.
Fast-forward to today, and in the headlines we see not only that rogue packages have been hiding in the NPM registry for years and opening shells on JavaScript developers’ machines, but also that several Russian individuals have been indicted in the US for attempting to disrupt the 2017 French presidential election, the 2018 Winter Olympics, and Ukraine’s power grid. The groups with which these hackers affiliate, it’s alleged, all report to Russia’s GRU military intelligence unit. It’s a little chilling to be reminded that critical infrastructure may be compromised relatively easily.
The Stuxnet worm is widely believed to have been developed by the US and Israel. It was discovered in 2010 targeting Supervisory Control And Data Acquisition (SCADA) systems in Iran, where it’s estimated to have crippled one-fifth of their nuclear reactors. The worm was notable because of its ability to attack airgapped (not directly connected to the internet) systems, by exploiting vulnerabilities in how they handled USB devices.