Wednesday, January 1, 2014

Cybercrime in the 1980s

Note: This is a section of the full research paper

In the 1980s the computer solidified its position in the upper income households, growing from over 1 million households with computers to in excess of 14 million by the end of the decade. In 1979, CompuServe introduced timesharing services to the public through a 100-baud service called ‘MicroNet’, with electronic mail as their first application. CompuServe added real-time messaging in 1980. By the end of 1981 they had 10,000 users. By 1987 it grew to 380,000. It was a bit pricey - $10 / hour. has an interesting vintage news report on the system (search ‘1981 primitive Internet report on KRON’).

Bulletin Board Systems continued to proliferate in the 80s. They didn’t have monthly access fees and were under the control of the person hosting the Board – not a corporation.  The Internet continued to remain the private domain of the government and some universities.

In the 1980s the cyber world, for all intents and purposes, was a geography-centric system, bounded within countries by telecommunications infrastructure borders and high international communications costs. Any cyber crimes that occurred within a country could be effectively investigated because the attack was likely staged within the same country and there just weren’t as many to investigate.

Motives and Crimes
Hacking in the 1980s was primarily about pursuit of knowledge, building reputations, a bit of politics, and games – games of breaking into systems and pulling off pranks. The hacker underground gathered and flourished in the anonymity and freedom of the Bulletin Board System where boards in the hundreds such as Hack-A-Trip, Hackers of America, Hi-Tech Pirates, Cult of the Dead Cow, Legion of Doom, PhoneLine Phantoms, and the Strata-Crackers formed. Through boards hackers shared their knowledge and displayed the trophies of their system exploits.

Curiosity / Reputation
Perhaps the most significant computer security event of the 1980s was the Morris Worm, a piece of computer malware written by Robert Morris, a graduate student at Cornell University. Though the only purpose of the worm was to propagate itself to other systems, it did degrade the performance of systems it compromised, causing significant impact to internet-connected systems it invaded.  It was estimated to

In 1988, Prophet of Legion of Doom compromised AIMSX, a BellSouth system. He did no damage, just explored. In his probing of the system he discovered a file containing information related to administration of the 911 system. Why did he download the file? It was a trophy – proof of his compromise of the system. Also, it was forbidden knowledge, and possession of forbidden knowledge was the currency with which reputation was purchased.[1]

Some system compromises were simply to pull off a prank.  In June of 1989 a person compromised a Southern Bell phone switch and redirected calls made to the Palm Beach County Probation Department to “Tina,” a phone-sex worker in New York State.[2]

One of the earliest computer viruses was created as a joke. Elk Cloner, written by Rich Skrenta, spread to Apple II systems through infected floppy disks. The payload of the virus simply periodically displayed a humorous poem, in addition to replicating itself to any floppy disk inserted into an infected system.

The department of defense wasn’t left alone either. A Defense Data Network security bulletin was published on October 18, 1989, warning of a malicious worm attacking VMS systems on the SPAN network.[3]

In 1989, a sixteen-year-old from Indiana gave an early glimpse of the future financially-motivated electronic crime wave to come two decades later. Fry Guy, so referred to in the computer underground because of his compromise of a McDonald’s mainframe, developed a knack for pilfering data from credit reporting agencies and for compromising phone-switching systems. Combining these two skills, he would phone Western Union and ask for a cash advance on a stolen card. To ensure the security of transactions, Western Union had a practice of calling the card owner back to verify the authenticity of the request. Having changed the card owner’s phone number temporarily to a public pay phone, Fry Guy would answer the phone as the cardholder and authorize the transaction.[4]

[1] The Hacker Crackdown page 112-113
[2] The Hacker Crackdown page 95
[4] The Hacker Crackdown page 100