Steal this book! F@&! the System! Do those phrases bring back any memories? For me, they conjure up images of Chicago’s Old Towne & New York’s Greenwich Village in the late '60s and early '70s. And that seems like a fitting start for a blog entry on computer security because…well, it’s a long story.
In the 1960s, some rather interesting people gained more than a little attention based on their innate ability to understand how things work and their desire to use that knowledge to help rebel against the perceived “authority system” of the day. One group of such people, the Youth International Party, or yippies as they were more commonly known, was frequently in the news. They were self-proclaimed representatives of the youth of the nation and were prominent activists during the presidential election.
Among other activities, the yippies published small booklets that contained all sorts of suggestions to aid the hippie community. These suggestions included ways to deceive and defraud “the system,” rebel against authority, and generally create chaos. (Footnote: All of this was supposed to help bring about a revolution that would do away with injustice, end all wars, and make all people equal. It didn’t.)
One of those authorities was the telephone company. In fact, two similar booklets, STB and FTS, had sections devoted to telephony that explained how to go about making free phone calls (among other things).The early methods were pretty simple:
“A number 14 brass washer with a small piece of scotch tape over one side of the hole will work in old style phones (also parking meters, laundromat dryers, soda and other vending machines). The credit card bit works on long distance calls”.
The booklets also suggested and outlinted denial of service attacks to be directed at the telephone company:
“You can knock off thousands of phones, switchboards and devices if all goes right. It's best to do this on the phone in a large office building or university. You certainly will knock out their fuses.”
There wasn’t a lot of security on the phones or the computers that controlled them back then, and what did exist was easily bypassed. Methods to do so were pretty well known in the underground, having been spread by the little books and word of mouth. Telephones weren’t the only target, however. Credit card fraud was also a popular activity: STB detailed creative ways to enact credit card fraud, involving resin cleaner, a flat iron, and a razor blade. These how-to books were early precursors to a lot of the material that later showed up on hacker bulletin boards and were exchanged at hacker conferences like DEFCON, etc.
From those humble yippie beginnings arose YIPL/TAP, short for Youth International Partyline/Technical Assistance Program, a publication that turned John Draper (aka Cap’n Crunch) into a phone phreaking icon as he busily went about allegedly making and receiving free calls using a variety of methods, including the now-infamous “blue box.” You could build one of the boxes pretty easily – and lots of people did – but if you didn’t want to build one, you could buy one from two kids at Stanford named Steve Wozniak and Steve Jobs.
Computers were already being used in university research, military intelligence, and government environments (that is a completely different subject), but as the '70s passed the halfway mark they became increasingly accessible to the general public. On college campuses and in the workplace, computers began to appear more frequently. They provided a way to automate repetitive tasks, not to mention work with lots of numbers very quickly.
Some of the people who were lucky enough to have access to computers at their workplace or campus around the world--or who happened to know someone who did--began experimenting with the connectivity options that computers could provide. While the "Net" as we currently know it was not yet around, there were services like Sprint and CompuServe. Their local dial-in access numbers gave anyone with the number and a working access code access to the @telenet prompt. Telenet (not to be confused with telnet), was the first packet-switched network that was publicly available. Access to it was a gateway to a virtual array of hosts worldwide that continued to grow as more and more computers were able to attach and connect. Something big was about to happen, even if it was only at 300 baud.
In 1978, Ward Christensen created the first “real” computer bulletin board for public use called, accurately enough, CBBS (computer bulletin board system). From that point on, other little computer systems called bulletin boards began to spring up, hosted by system administrators (sysops) with varying interests. These systems ran on all sorts of computers, from C64 to Tandy and everything in between. Some of them ran on tape drives, others ran off 5 1/4-inch floppy disk. Some had hard disks. Security was not really an issue for these systems. The point of them was to let people on, and to take part in this whole new aspect of community.
Some were part of small networks and offered the opportunity to take part in “chats”, sometimes with as many (!) as three other people. These networked bulletin boards were able to increasingly provide technophiles worldwide with an opportunity for communication, community, and something to hack into, even if some of them had to use (free) long distance calls to do it.
In fact, bulletin boards, due to their seemingly anonymous nature, were the perfect way for people interested in phreaking to communicate, and some were devoted solely to that purpose. The users could exchange information relatively quickly, learning new methods and sharing in a sort of camaraderie as they matched wits with the people attempting to stop telephone fraud. People were beginning to take an interest in both the power and the community of computing. In fact, the community was the power, and the main attraction. It’s somehow fitting that this point in time can be traced back to the chaos that was the 60s, and the cry "All Power to the People"... I suppose in some ways you could say all power had indeed come to the people. They didn't know it quite yet, but they were about to find out.
For more on Symantec's 25th anniversary, click here