Cyber crime is a huge issue facing virtually every business across the globe today — and defense against that cyber crime is paramount to any company’s success, security, and brand reputation. But in order to defend against cyber crime, we need to understand where it comes from, and get into the headspace of those who are responsible for it — hackers.
You’ve probably read something about hackers and the dark web at some point— and if you’re familiar with our blog, you’ve read about cyber security and the perpetrators the corporate sphere likes to call “cyber criminals”. But it seems like all the information concerning “hacking” is written from the perspective of the businesses that are the targets of this hacking — from the people who don’t understand what hacking actually is, or where it originates from.
A good example of the broadening of the definition of hackers is a recent story about Tesla vehicles being “hacked.” What happened is this; a piece of tape was put on a “35 mph” sign on the road, tricking the Tesla Autopilot into reading an “8” rather than a “3.” This caused the cars to accelerate to a speed of 85 miles-an-hour in a 35 mile-per-hour zone.
While the argument could be made that this was a “low-tech hack,” it would be much more accurate to call it a prank. Because that’s what it was — someone tricking a program.
WHAT IS HACKING?
Unfortunately, “hacking” has become synonymous with any action taking place in the digital sphere that someone doesn’t like. For example, someone leaves their Facebook account open on their phone, their friend posts an embarrassing status: usually, the owner of the Facebook account will send out another follow-up status explaining that they were “hacked.”
This is not hacking. This is someone taking advantage of another’s negligence. And while other people’s negligence may be a tool available to hackers, it doesn’t warrant the term “hacking” attributed to it. Negligence is the ever-present avenue available to hackers — not the act of hacking itself.
No, to truly understand what hacking is, we have to go back. Way back…
1957 - THE YEAR OF 2600 HZ
Joe Engressia was born blind in Richmond, Virginia, in 1949, and had perfect pitch — meaning he could hear and produce any distinct note. At the age of seven, he discovered that by whistling at a certain pitch (the fourth E above middle C), he could trick the phone into “operator mode” — meaning he could explore the phone network unimpeded, as well as dial any number, anywhere in the US, for free.
This was a big deal — long distance calls were expensive, and it would be decades before long-distance charges would go by the wayside. At the age of seven, Engressia, who would later be known by the handles “Joybubbles” and “The Whistler” had unknowingly become the father of “phreaking.”
Self-described “phreaks” were the earliest form of hackers — their environment was the phone system, and their enemy was the Bell Phone Company. Soon after Engressia, another early phreak — Bill Acker — discovered he could achieve the same effect as Engressia by playing the tone of 2600 hz over a recorder. John Draper, with the help of perfect-pitch Engressia, found that the free plastic whistles in boxes of Cap’n Crunch cereal produced this 2600hz tone as well — earning Draper the handle “Captain Crunch”.
Groups of phreaks were coming onto the scene by this point, mostly in New York and California — separated by vast distances, they mostly delved into the phone networks individually, until they found each other.
Phreaks weren’t just interested in tricking phones into letting them place calls for free — they were tech-savvy people who had a genuine interest in how the phone system worked. They were engineers, visionaries, people looking for understanding into one of the most complex technological systems at the time.
In 1971, a publication by the name of Youth International Party Line, with the purpose of teaching other phreaks how to “beat the man,” wrote a story about “blue boxes” — devices that could be used to produce tones to trick phones into operator mode — which caught the eye of the budding phreaks Steve Wozniak and Steve Jobs. That’s right — the founder of Apple started out committing toll fraud against the Bell Phone Company.
The 1980’s witnessed the evolution from “phreaks” to “hackers” — but this new moniker wouldn’t be made up for another few years. As the internet entered the homes of America via the personal computer, bulletin board systems (BBSs), which were accessed via modem, provided phreaks a way to communicate and congregate.
This is when hacking started — hackers would use phreaking methods to discover telephone numbers associated with the modems of businesses, which could then be exploited later — the knowledge of which were passed to each other via underground e-zines — the first going by the name “Phrack.”
So, why are we discussing what is now ancient history? Because these phreaks and early hackers set the tone, lay the groundwork, and raised the generation of hackers that brought things into full swing.
CURIOSITY BEFORE CRIMINALITY
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
― Sun Tzu, The Art of War
We might not be on the topic of ancient warfare, but we’re close. Understanding why hackers do what they do is just as important as understanding how to defend against cyber attacks. We like to think of hackers as a monolithic group of people — the ubiquitous black hoody, dark room, sketchy ideals, and willingness to steal your data. And sure, there are hackers like that, but they’re far from the norm.
Hackers are a counter culture that stems from the essence of every counter culture — to fight against the prevailing system. Hackers made it their mission to spread knowledge and to create an environment based around the freedom of that knowledge. To create a world where anyone with imagination can do whatever they want. Hacking culture is anti-corporate, anti-regulation, and anti-secrecy. It’s a technological meritocracy, a culture based around discovery and understanding of the digital systems that make up our world.
The first phreaks weren’t trying to commit toll fraud — they were trying to figure out how the telephone network functioned. When you know the in’s and out’s of a system, however, you also learn how to break it, and bend the rules.
A historian pours over historical records, a geologist studies rock formations, an astronomer gazes at the night sky — a hacker delves into the systems that make up the internet. It just so happens that reading a book, or looking at a rock or a star, isn’t illegal.
Hacking culture is just as vast and varied as any culture that permeates the globe — and in fact, hackers have created descriptions for their different operating codes: blackhat (focusing on stealing, spreading viruses, and breaking into systems), greyhat (those who will only steal from targets deemed “bad” enough), and whitehat (those who look, but do not touch, and will even defend systems against blackhats).
And when using the word “steal,” it’s imperative to note that what was stolen in the past was information — not money. It’s only a recent phenomenon in the history of hacking that credit card numbers, bank accounts, and other financial information are being stolen. Hackers live and die by the information available to them, and it’s the currency by which they measure their value amongst each other.
During the 90’s and the early-to-mid 00’s, information about vulnerabilities were known as “zero-days” — meaning this vulnerability had just been discovered, and had been around for less than a day — hence, “zero-day.” A hacker’s skill was determined by how many zero-days they had in their belt. And this upper echelon that controlled these zero-days looked down on the hackers that spent their time using old exploits and vulnerabilities in order to steal personal information from regular computer users.
True hackers didn’t worry themselves with the dealings of you or I — they focused on disrupting the big players on the scene: Microsoft, IBM, Dell, governmental bodies. The information gained through these hacks wasn’t usually used to exploit vulnerabilities of these organization’s customers either — the hacks were merely to show these companies that the hackers owned the internet — not the corporations.
Hackers, by the 90’s, had separated into what could only be described as tribes; groups of technologically savvy individuals who shared ideological values, who would compete with other groups of hackers for supremacy over the control of information. Before 2010, and the rise of e-commerce, there were of course blackhats that disseminated viruses to the public — but more often than not, these viruses were merely vehicles to test what they were capable of.
It’s like when you’re on a highway late at night, and there’s not a single car in sight — you start pushing on the gas pedal, and you find yourself going faster. For some of us, it’s too tempting not to do. For hackers, finding the newest vulnerability is the same thing; people who speed don’t want to harm other drivers, and definitely don’t want to get caught by the police. Most hackers don’t want to harm normal computer users, and don’t want to be caught by the feds.
Hackers wanted to show the companies that were slowly taking control of the internet (which the companies have succeeded in doing) that they didn’t have as much control as they’d like. And in fact, most hackers hack each other — just as a professional athlete finds it more rewarding to play against other professionals, so too do hackers find it more rewarding to hack other hackers.
The bad actors that most of society has deemed to be the face of the hacking community are what real hackers refer to as “script-kiddies.” They’re called this because they piggy-back off code written by the hackers who are driven by their curiosity to better understand systems, and use it to steal from businesses and individuals. It’s an unfortunate skill humanity possesses — we can turn anything into a weapon.
THE FACE OF HACKING TODAY
As the internet has become more and more populated, and more and more controlled by corporations and governmental bodies, so too has the hacker profile changed. It might be a surprise, but most serious hacking is now government-sponsored. China, Russia, North Korea, and indeed, America, are all working around the clock to conduct their own hacking operations.
Sometimes it’s to spread propaganda. Other times it’s to shut down systems, or conduct corporate espionage, and steal trade secrets. And there are, of course, independent hackers that want to steal your data, use ransomware to demand money from your business, and use malware designed to cripple your systems.
But the black-hoody hacker is a stereotype that was never truly real — merely a figment of our culture’s imagination. And so, when someone speaks about the dark web, know that it isn’t one place, or even a collection of websites all working together to steal your data and money. The dark web exists in the exact same space as the rest of the internet — just hidden behind passwords and addresses not many people know. And just like any multitudinous group of people, there’s in-fighting, disagreement, and different ideals amongst those who call the dark web their home.