Our modern society demands a degree of connectivity between citizens, businesses, financial institutions and governments that must cross political and cultural boundaries. Digital technology provides this connectivity and gives its users many valuable benefits. But at the same time, it provides a rich environment for criminal activity, ranging from vandalism to stolen identity to theft of classified government information.
Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem. The term purportedly originated in the 1960s, when it was used to describe the activities of certain MIT model train enthusiasts who modified the operation of their model trains. They discovered ways to change certain functions without re-engineering the entire device.
These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. Some of their hacks became so successful they outlived the original product, such as the UNIX operating system, developed as a hack by Dennis Ritchie and Keith Thompson of Bell Labs. To the general public a “hack” became known as a clever way to fix a problem with a product, or an easy way to improve its function.
The malicious association with hacking became evident in the 1970s when early computerized phone systems became a target. Technologically savvy individuals, called “phreakers” discovered the correct codes and tones that would result in free long distance service. They impersonated operators, dug through Bell Telephone company garbage to find secret information, and performed countless experiments on early telephone hardware in order to learn how to exploit the system. They were hackers in every sense of the word, using their resourcefulness to modify hardware and software to steal long distance telephone time.
This innovative type of crime was a difficult issue for law enforcement, due in part to lack of legislation to aid in criminal prosecution, and a shortage of investigators skilled in the technology that was being hacked. It was clear that computer systems were open to criminal activity, and as more complex communications became available to the consumer, more opportunities for cyber crime developed.
In 1986 the systems administrator at the Lawrence Berkeley National Laboratory, Clifford Stoll, noted certain irregularities in accounting data. Inventing the first digital forensic techniques, he determined that an unauthorized user was hacking into his computer network. Stoll used what is called a “honey pot tactic,” which lures a hacker back into a network until enough data can be collected to track the intrusion to its source. Stoll’s effort paid off with the eventual arrest of Markus Hess and a number of others located in West Germany, who were stealing and selling military information, passwords and other data to the KGB.
The Berkeley lab intrusion was soon followed by the discovery of the Morris worm virus, created by Robert Morris, a Cornell University student. This worm damaged more than 6,000 computers and resulted in estimated damages of $98 million. More incidents began to follow in a continuous, steady stream. Congress responded by passing its first hacking-related legislation, the Federal Computer Fraud and Abuse Act, in 1986. The act made computer tampering a felony crime punishable by significant jail time and monetary fines.
In 1990, during a project dubbed Operation Sundevil, FBI agents confiscated 42 computers and over 20,000 floppy disks that were allegedly being used by criminals for illegal credit card use and telephone services. This two-year effort involved 150 agents. Despite the low number of indictments, the operation was seen as a successful public relations effort by law enforcement officials. Garry M. Jenkins, the Assistant Director of the U.S. Secret Service, explained at a press conference that this activity sent a message to criminals that, “they were on the watch everywhere, even in those sleazy and secretive dens of cybernetic vice, the underground boards.”
While largely effective, the decisions and activities of law enforcement with regard to investigating cyber crime are not always perfect. If law enforcement makes a mistake, law abiding citizens might suffer. The Steve Jackson Games publishing company was nearly forced out of business after being accused of possessing an illegally copied document. The Secret Service believed this document was in Jackson’s possession, and confiscated the computers used in his business. When the equipment was not returned in a timely manner, he was forced to lay off employees, miss deadlines and his business was nearly ruined. When the computers were returned, Jackson discovered that company emails had been accessed and customer data was deleted. The Secret Service never pressed charges for any crime.
The Electronic Frontier Foundation (EFF) formed in 1990 as a response to threats on civil liberties that can occur through overzealous activities and mistakes made by law enforcement personnel who are investigating cyber crime and related matters. It is a collection of technologists, lawyers and other professionals who act to defend and protect consumers from unlawful prosecution.
Crime and cyber crime will continue to be present in our society, regardless of the best efforts of the criminal justice system. The public and private sector need highly skilled individuals to combat this threat and help prevent the prosecution of innocent people. Talented individuals who want to pursue a cybersecurity career in criminal justice must have proficiency with communication technology, understand regulatory concerns and be familiar with homeland security law. Cybersecurity is an exciting field for people with a curious nature and who never tire of learning new things while balancing complex social and technological concerns.