FIT – MGT5155 – Week 6
The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.
Dr. Perez and fellow classmates, first off I am incredibly tardy on this weeks post, my apologies. It’s Been a crazy week with my company being acquired and a number of competing priorities. Anyway, this week I did have the opportunity to spend an incredible amount of time in the air traveling around for regularly schedule QBRs (Quarterly Business Reviews) as well as delivering the acquisition news and what it means to our business. Unfortunately, United Airline’s Wifi service is in line with the rest of their service, but I suppose I should be happy none of the planes that I was on ran out of gas (Links to an external site.).
While I was in flight, with no internet access I had a lot of time to think about my favorite “Infamous Attack”, after a few minutes of thought it was really an easy decision. One of my favorite books “Ghost in the Wires” (Links to an external site.) which takes you on a journey with Kevin Mitnick from his perspective.
“Ghost in the Wires reads like a contemporary über-geeky thriller…. For those interested in computer history, Ghost in the Wires is a nostalgia trip to the quaint old days before hacking (and hackers) turned so malicious and financially motivated.”―J.D. Biersdorfer, New York Times Book Review
The “Infamous Attack” that I chose is one perpetrated by Mitnick and told in the book “Takedown” (Links to an external site.), the story of how Tsutomu Shimomura (Links to an external site.) a security expert working at the UC San Diego Super Computer Center took down Kevin Mitnick (Links to an external site.), possibly the worlds most infamous hacker. In December of 1994, Mitnick broke into Shimomura’s computer and stole software that allowed access to cellular phone frequencies. This hack triggered a game of cat and mouse between Shimomura, the FBI, and Mitnick that would last four years. (Shimomura, 2017) As someone who grew up in the 80s, addicted to computers, first the TRS-80 and an acoustic coupler (Links to an external site.), then a Commodore 64 and my 1200 baud modem (Links to an external site.) I am nostalgic about the hacking and phone phreaking that took place in the 80s and 90s. I have always been intrigued by the early hackers like Captain Crunch and others because they were the pioneers. In the early BBS (bulletin board systems) like Exec-PC BBS (Links to an external site.), the entire community was filled with hackers, crackers, (Links to an external site.) and phreakers (Links to an external site.).
For those of us old enough to remember POTS (Links to an external site.) lines, the squeal of a modem connection, and the feeling of connecting with a global community of people just like you. It’s hard to not say thank you because for me, someone who had their head buried in a computer form the age of eight I am not sure where I would be today without the opportunity I was provided to feed my obsession. In the 80s and 90s hackers, crackers, and phreaks where digital explorers, unlike many of the attacks discussed by other like the Olympic Games program which gave birth to Stuxnet, the Target hack, the Equifax hack, WannaCry, and other ransomware attacks, etc. Hackers, crackers, and phreaks like Kevin Mitnick and Captain Crunch (John Draper) (Links to an external site.) (Cap’n Crunch Whistle and the Secrets of the Little Blue Box, n.d.) were curious, they were not interested in monetary gain, they were not employed by a nation-state, this is why so many people like me sported “Free Kevin” t-shirts (Links to an external site.).
Attacks have become far more intricate these days, the curiosity motivator in the context of the modern day attacker/hacker seems almost non-existent, this is because the curious hackers can now hack legally, bug bounty programs are everywhere, with sites like HackerOne (Links to an external site.) listing pretty much every available bug bounty program. Since I started this post talking about United Airlines, I may as well end it with the story of Oliver Beg (Links to an external site.)who earned a million miles via the United Airlines bug bounty program (Links to an external site.).
The world has changed significantly from the days when hackers, crackers, and phreaks were people I admired as the pioneers of a digital frontier to what we see today, organized crime syndicates and nation-states exploiting a connected world.
When I think about the hackers of yesteryear I think about the pioneers of an industry I love, people like Barry Kildall (Links to an external site.), Steve Wozniak (Links to an external site.), Dan Bricklin (Links to an external site.), Bob Frankston (Links to an external site.), Richard Stallman (Links to an external site.)and many others who were pioneers in many cases exploited by those with differing motivations. The Kevin Mitnick’s and John Draper’s of the world represented those of us who didn’t like the Gary Kildall, Digital Research, CP/M and Bill Gates, Microsoft, DOS story (Links to an external site.). (How Bill Gates Outmaneuvered Gary Kildall, 2005) While may think these days are over, they are not, what is different is that most of the Gary Kildalls today are Open Sourcing their code, this makes it much harder for the Bill Gates’ of the world. Few people have heard of Scott Hansen, but he is the third founder of Google (well maybe the number two founder, but this is debatable), a book I recently read entitled “Valley of Genius” (Links to an external site.) provides some great insight on some of the unsung heroes of Silicon Valley.
Cap’n Crunch Whistle and the Secrets of the Little Blue Box. (n.d.). Retrieved October 4, 2018, from http://telephone-museum.org/telephone-collections/capn-crunch-bosun-whistle/
Great Rivalries in Cybersecurity: Tsutomu Shimomura vs. Kevin Mitnick. (n.d.). Retrieved October 4, 2018, from https://www.cybersecuritymastersdegree.org/tsutomu-shimomura-vs-kevin-mitnick/
How Bill Gates Outmaneuvered Gary Kildall. (2005, August 18). Retrieved October 4, 2018, from http://arnosoftwaredev.blogspot.com/2005/08/how-bill-gates-outmaneuvered-gary.html
Shimomura, T. (2017, June 04). Catching Kevin. Retrieved October 4, 2018, from https://www.wired.com/1996/02/catching/
Tung, L. (2016, August 09). This Dutch hacker can fly a million miles on his United Airlines bug bounty. Retrieved October 4, 2018, from https://www.zdnet.com/article/this-dutch-hacker-can-fly-a-million-miles-on-his-united-airlines-bug-bounty/
Jonathan, interesting read, I had never heard of WANK, and I always enjoy learning something new. In the mid-90s I worked in big pharma as a Unix Sys Admin, I was a recent college grad, with this being my second job out of school, I used a Sun Microsystems IPC all-in-one workstation in college and Slackware Linux on my desktop, I spent all my time in Emacs and wrote all my paper with LaTeX. When I was hired by a pharmaceutical company with ~120K employees, I was given the reigns of the new Unix systems ranging from Sun Solaris, to DEC Tru64, to IBM AIX, to HP-UX, to SGI IRIX. It was amazing how many DEC and Mainframe people worked in IT in this massive company and how few Unix capable engineers there were, especially given that the plan was to replace a large DEC VMS footprint running on both DEC VAX and DEC Alpha machines. The organization (and the pharma industry back then) was so DEC centric they were deploying Windows NT 3.51 on DEC Alpha, it made total sense to everyone because of course, the developers of Windows NT were also the developers of VMS, the story was that WNT being the letters following VMS was not a coincidence. (Russinovich, 2018)
I remember DECnet, CIQBA, FDDI, and our DEC email system (I think it was called Teamworks) all too well, I don’t miss these days. 🙂 Ken Olsen could have owned the world, if he had just embraced the PC era and open computing, DEC tried to correct late in the game with the acquisition of Compaq, OpenVMS, and Digital Unix, but it was too late. I will say that the industry never really successful delivered something like VMS clustering, which just worked.
BTW – I would argue that the term hacking originated in the 1990s. Gordon French held the first Homebrew Computer Club meeting in his garage in 1975; the attendees were all hackers (Love, 2013). John Draper (aka Captain Crunch) was hacking (phreaking) Ma Bell in the 60s and 70s, Ron Rosenbaum published an article in Esquire Magazin in October 1971 entitled “Secrets of the Little Blue Box” (Rosenbaum, 2011) where he talks about hacking the phone system and the hacker subculture.
Love, D. (2013, March 05). An Incredibly Important Tech Event Happened 38 Years Ago Today. Retrieved October 7, 2018, from https://www.businessinsider.com/homebrew-computer-club-2013-3
Rosenbaum, R. (2011, October 07). The Article That Inspired Steve Jobs: “Secrets of the Little Blue Box”. Retrieved October 7, 2018, from http://www.slate.com/articles/technology/the_spectator/2011/10/the_article_that_inspired_steve_jobs_secrets_of_the_little_blue_.html
Russinovich, M. (2018, September 19). Windows NT and VMS: The Rest of the Story. Retrieved October 7, 2018, from https://www.itprotoday.com/compute-engines/windows-nt-and-vms-rest-story
Sergio, like most things in life, attacks or I should say successful exploitation can often be traced to human error. I think this is what makes social engineering so interesting, look around at the amount of data we, as a society are willing to volunteer online. Modern day culture and the rise of FOMO (Fear Of Missing Out) (Rivera, 2018) has created a fertile social engineering hunting ground for hackers, as our society moves closer to “The Truman Show”, we have the actors, those volunteering information, and the voyeurs, those who just watch, wait and manipulate. Our digital footprint makes us more vulnerable to attack; it can make us more or less likely to be hired, it can impact our creditworthiness, etc. I believe that we have no idea of the psychological impact of the experiment we are currently conducting, only time will tell, but as a Gen-Xer, a technologist and a parent I would be willing to take the bet that we will need to achieve better equilibrium because the trajectory we are currently on seems dangerous. (Walton, 2017) I guess my question here is, are we more afraid of the nation-state or the organized hacktivists like Anonymous or are we more afraid of the truly dangerous social engineers like Facebook who are trying to spread “emotional contagion”? (Kramer, Guillory, & Hancock, 2014)
Kramer, A. D., Guillory, J. E., & Hancock, J. T. (2014). Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences, 201320040.
Rivera, J. (2018, August 04). The Rise of Fomo – Julia Rivera – Medium. Retrieved October 7, 2018, from https://medium.com/@riverajulia0/the-rise-of-fomo-4e9c2419b791
Walton, A. G. (2017, October 03). 6 Ways Social Media Affects Our Mental Health. Retrieved October 7, 2018, from https://www.forbes.com/sites/alicegwalton/2017/06/30/a-run-down-of-social-medias-effects-on-our-mental-health/#4367e3592e5a