Using programming knowledge to illegally access a computer or network.

The word hack by most accounts originated at the Massachusetts Institute of Technology (MIT), where the Tech Model Railroad Club (TMRC) was founded in 1946. The members of the club created automated model trains that operated using telephone relays; they used the word hack to mean a creative way of solving a problem. A second meaning of hack, also in use at MIT, was “an ingenious, benign, and anonymous prank or practical joke, often requiring engineering or scientific expertise and often pulled off under cover of darkness.”

This sense of hacking as a creative solution with an element of humor or mischievousness has remained steady through time. Like the multiple meanings within the etymology of the term hack, the various meanings of computer hacking have evolved as our technological world has evolved.

Origins

In 1961, MIT purchased the first PDP-1. While it was a large computer that filled much of a room and cost (at the time) a whopping $120,000, it was compact and inexpensive compared to the hulking mainframe computers previously available. The members of the TMRC were fascinated with the new computer, and many of the club members formed MIT's computer science department. These students spent a great deal of time exploring and expanding the PDP-1's capabilities. They developed programming tools for it, composed and played music on it, and even played chess on it. In 1962, they created the very first videogame, called Spacewar!

The precursor to today's Internet, ARPAnet, appeared in 1969. Built by the U.S. Defense Department as an experiment in digital communications, ARPAnet was the first transcontinental high-speed computer network. It linked universities, contractors, and labs, providing students and researchers a place to communicate with each other without regard to geographical boundaries. A hacker community formed through these networks, sharing hardware and software “hacks” and developing a shared vocabulary.

The earliest hackers were known as phreakers and explored the telephone system. The term phreakers comes from the combination of phone and freak. In 1971, John Draper discovered that a prize whistle from Cap'n Crunch cereal (the origin of his nickname) could reproduce the 2,600-hertz tone needed to access AT&T's long-distance system in “operator mode.” This allowed phreakers to explore proprietary aspects of the system, as well as make free calls. Draper was arrested many times over the following few years for phone tampering.

In 1975, two members of the Homebrew Computer Club in California started selling blue boxes, tone producers based on Draper's discovery, to allow people to make free long-distance phone calls. Their names were Steve Wozniak and Steve Jobs, who would go on to start Apple Computers in 1977.

While exploring the phone system was not illegal, stealing long-distance telephone service was. In spite of the involvement of the Federal Bureau of Investigation (FBI) at this point, hackers continued exploring new technologies without much legal or law enforcement interference. When hackers were prosecuted, they were often given probation and a small fine. Hackers often sought to share what they discovered, either through publication or online bulletin boards, much to the chagrin of companies whose security flaws or functions were discovered. As technology advanced at a rapid pace, hacker knowledge and ability to locate weaknesses in systems outpaced the law. This somewhat antiauthoritarian spirit of exploration and sharing of knowledge would remain in the nuances of hacking's definition, although the technological universe was about to change.

Personal computing revolution

The early 1980s saw the first personal computers: The IBM PC, running MS-DOS, appeared in 1981, and Apple's Macintosh appeared in 1984. These computers sold for as low as $1,500, a fraction of the cost of the mainframe or PDP computers of the past. Computers were no longer confined to universities and laboratories—they were affordable enough for people have them in their homes. ARPAnet was still in service, so these desktop computers (instead of whole-room computers) could be hooked up to the telephone network and talk with each other.

The potential universe for hackers to explore grew exponentially. The demand for new software applications and faster computers continued to grow. Computer software companies sprung up. People could now explore the new technology easily on the desktop computers. The hacker community grew, and online bulletin-board systems thrived where groups could meet to share tips. With the growth of the computer and software industry, many security flaws could be found, and hackers were interested to see what they might unlock.

In 1983, the movie War Games, starring Matthew Broderick, was released. He played a teenage hacker who accesses a Pentagon supercomputer and narrowly avoids starting a nuclear war. The computer is named WOPR (War Operation Plan Response), supposedly a pun on an early NORAD computer that was called BRGR. While the idea of teenager starting a nuclear war was perhaps far-fetched, it illustrated a growing concern about what these new technologies and the information they controlled might do should they be compromised.

In a case of life imitating art, that same year the FBI arrested six teenagers in Milwaukee who referred to themselves as the 414s, after the city's area code. They were accused of breaking into over sixty computer networks, including the Los Alamos National Laboratory. One hacker received immunity for testifying against the others; the rest received probation.

Hackers already had a tradition of publishing and sharing their discoveries, and in 1984 a hacker magazine, 2600: The Hacker Quarterly, began publication. The magazine's name comes from the 2,600-hertz tone that John Draper used to hack into AT&T's operator mode. The editor, Eric Corley, goes by the pen name Emmanuel Goldstein, a reference to the narrator in George Orwell's 1984. The magazine publishes articles on a variety of topics, including privacy issues, computer security, and the digital underground.

By the mid-1980s, repeated break-ins into government and corporate databases and networks forced Congress to respond. The Counterfeit Access Device and Abuse Act (18 U.S.C. § 1030) was passed in 1984. It was the first federal law designed specifically to prosecute computer crimes. It focused on prosecuting computer activity that accessed government information protected for national defense or foreign relations, financial information from financial institutions, and government computers. In 1986, the Computer Fraud and Abuse Act (CFAA) amended the Counterfeit Access Device and Abuse Act and expanded the law's coverage from a “federal interest computer” to any “protected computer.”

The first known computer virus, called Brain, appeared in 1987. It infected MS-DOS systems and was released through the Internet. It was benign compared to the viruses we see today: The virus simply put a small file on the computer's hard drive with business card information for Brain Computer Services in Pakistan.

Hackers were not just limited to Computers; changes in hardware and software on media players and game consoles could allow these devices to use media that was homemade, pirated, or free. In 1988, the Digital Millennium Copyright Act (DMCA) was passed; it criminalized the creation and distribution of hardware and software that disabled copyright protections on digital media.

In 1988, twenty-three-year-old Cornell University graduate student Robert Morris created the Internet's first worm. The son of a National Security Agency (NSA) computer security expert, he wrote ninety-nine lines of code and released them to the Internet as an experiment. The self-replicating software multiplied more quickly than anticipated and wound up infecting more than 6,000 systems. Almost one-tenth of the entire Internet at the time was affected, and the network was out of service for days. The first and only person tried under the CFAA, Morris was arrested and sentenced to three years of probation, 400 hours of community service, and a $10,000 fine. He later formed an Internet startup, Viaweb, which he sold in 1998 for almost $49 million.

A hacker named The Mentor published what is now a classic treatise on hacking, The Conscience of a Hacker, in 1989. The last line reads: “You may stop this individual, but you can't stop us all.”

The rise of the Internet

In the late 1980s and early 1990s, commercial Internet service providers (ISPs) began to emerge. They replaced ARPAnet, the first Internet, which was decommissioned in 1990. Online retailers began to appear, such as Amazon.com in 1995. Personal information began flowing through the Internet—hackers noticed. Enthusiasm for the growing Internet led to more serious hacks, some just for exploration, and some for criminal gain.

Four hackers calling themselves the Legion of Doom were arrested in 1990 for stealing technical information on BellSouth's 911 emergency telephone network. While they did not do anything with it, the information could have disabled 911 service for the entire country. Three of the hackers were found guilty and received prison sentences ranging from fourteen to twenty-one months, along with almost $250,000 in damages.

In 1990, the Secret Service and Arizona's organized crime unit joined forces to create Operation Sundevil, a crackdown on “illegal computer hacking activities.” It resulted in three arrests and the confiscation of computers, the contents of electronic bulletin board systems (BBSs), and floppy disks. The arrests and following court cases resulted in the creation of the Electronic Frontier Foundation (EFF), which focuses on defending civil liberties issues affected by technology.

The 1990s also saw the first hacker breach of big banking. In 1994, Russian hacker Vladimir Levin had Citibank's computers transfer an estimated $10 million to his accounts; Citibank recovered all but $400,000 of what was stolen. In January 1998, Levin pled guilty in federal court to charges of conspiracy to commit bank, wire, and computer fraud. He admitted using passwords and codes stolen from Citibank customers to make the transfers. Levin was sentenced to three years in prison and was ordered to pay Citibank $240,000.

The first Defcon hacker conference was held in Las Vegas, Nevada, in 1993 and continues as an annual event. The term comes from the movie War Games and references the U.S. armed forces defense readiness condition (DEFCON). In the movie, Las Vegas was selected as a nuclear target. It also references DEF, the letters on the number 3 on a standard phone, with con meaning conference.

Defcon and the other big hacker conferences (such as Black Hat or RSA) focus on so-called ethical hacking. There are demonstrations of security flaws, such as the 2015 sniper rifle hack, or the takeover of a Jeep's computer system while it was driving (which led to a recall of over 1 million cars). Bug bounties are offered by companies large and small (such as Facebook, Microsoft, and the Justice Department) for hackers that turn in security flaws. Shame boards list those who attend and find themselves hacked, as well as an award for the most epic fail. In 2015, some of the contenders were the U.S. Office of Personnel Management for compromising personal information for over 20 million people, and the Ashley Madison cheating website hack, believed to have affected over 40 million people.

Despite the CFAA, hackers continued to break into government computers. In 1996, the General Accounting Office reported that hackers tried to break into Defense Department files more than 250,000 times in 1995; about 65 percent of the attempts succeeded. In August, hackers added swastikas and a picture of Adolph Hitler to the U.S. Department of Justice website and renamed it the Department of Injustice. The next month, hackers broke into the Central Intelligence Agency's (CIA's) website and changed the department's name to Central Stupidity Agency.

By 1998, the Symantec AntiVirus Research Center estimated that 30,000 computer viruses were circulating on the Internet. That same year, federal prosecutors charged a juvenile for the first time with computer hacking after a boy shut down an airport communications system in Massachusetts. No accidents occurred and his name was not released; however, he pled guilty and was sentenced to two years of probation, 250 hours of community service, and restitution to Bell Atlantic for $5,000.

A hacker think tank called L0pht (pronounced “loft”) testified before Congress in 1998 that it could shut down the Internet in half an hour. (The congressional hearings were about software and Internet security flaws.) With the government, retailers, and financial institutions utilizing the Internet, more personal and financial data than ever before had became accessible to hackers that had an interest in finding it.

Hacking today

Verizon's 2014 Data Breach Investigations Report, the best-known annual study of data breaches, indicated that the majority of the breaches, about 60 percent, were due to criminals looking to steal money in some fashion. This is illustrated by the serious hacks of payment systems at retailers like Target, Home Depot, and many more in recent years.

Thieves use more than payment systems to steal money. For instance, in August 2015, nine people were charged in the largest known computer hacking and securities fraud scheme to date. They stole over 150,000 press releases from three major newswire companies about publicly traded companies and made insider stock trades, which generated over $30 million, based on the information. The defendants were in Ukraine and various locations in the United States

In addition to stealing information and money, sometimes hacks cost money simply because of their disruption. As of 2000, a new computer virus was created every hour, according to the Symantec AntiVirus Research Center. In February 2000, some of the Internet's most popular sites were made inaccessible by distributed denial-of-service (DDoS) attacks. DDoS attacks overwhelm a server with requests so that it cannot accept more traffic and sometimes crashes. Yahoo, eBay, CNN, Amazon.com, and E*Trade were some of the sites affected. The FBI estimated that such attacks cost about $1.7 billion in lost business and other damages. To counteract this trend, in 2003, Microsoft started a $5 million bounty on hackers attacking Windows. It continues a bug bounty program to this day. These bounties provide balance to the black market for unpatched bugs because members of organized crime and others are willing to pay well for these access points.

Viruses and malware have also shown that they can wreak havoc on systems ranging from phones to appliances, to nuclear power plants. These systems are managed and maintained by computers and Internet connections. For example, between 2009 and 2010, Iran's nuclear program was infected by a virus named Stuxnet. This virus was unlike any other because it caused physical destruction of the equipment controlled by the computers. Stuxnet targeted the rotation speeds of centrifuges and caused one-fifth of them to destroy themselves, which delayed the progress of Iran's nuclear program. The attackers also took over the facilities' workstations and blasted “Thunderstruck” by AC/DC at highest volume. It is suspected that the virus was developed by the U.S. and Israeli governments, but in the digital realm, reliable attribution of any hack is very difficult.

Hacking has also taken on social and political purposes (this kind of hacking is called hacktivism). Hactivists sometimes work alone, like The Jester, who takes down Islamic jihadist websites. Some work in loose groups, such as Anonymous and Lulz Security (abbreviated to LulzSec). Their targets have been varied, ranging from the Church of Scientology to PayPal. There is no defined leadership for such groups, and sometimes their actions are condemned by others within the group. Quinn Norton of Wired wrote of Anonymous in 2011:

The hacker fascination with pushing boundaries of all sorts has been around as long as we have had access to computers. In fact, that fascination has played a major role in the advancement of technology. As our virtual worlds become more intricately intertwined with our physical worlds, these explorations will likely continue to provoke the tensions between security and the convenient and free flow of information.

Further Reading

See also: Computer harvesting; Data breaches