chapter 2 A History of Computer Crime in America Introduction In any subject area, having an historical perspective is critical for truly under- standing the subject matter. It is difficult to fully understand what is occurring now without knowing what occurred in the past. In this chapter, we will ex- amine the history and development of computer crime. We will see how com- puter crimes have evolved over the past few decades and take a look at what crimes are occurring now. This should help provide a background of knowl- edge that will assist you throughout the rest of the book. First, seeing how computer crime has developed will give you a better perspective on the current status of computer crime. Second, it will give you a good idea of how computer crime has changed, and how current criminal techniques have developed. Finally, only with an historical context will you be able to see likely future trends. Some computer historians have included vandalism to buildings that damaged computer systems as part of the history such crime. For the purposes of this book, physical damage to a computer for the sake of vandalism won’t be con- sidered. We focus instead on crimes where the computer is either the vehicle for a crime or where the data on a computer system is the target of a crime. We are not concerned with situations where computer technology did not play a central role in the crime. We also won’t be considering the theft of computer equipment. In those situations, the crime is not truly a computer crime. The computer was 31 32 Chapter 2 ■ A History of Computer Crime in America merely an item with monetary value and is no different from jewelry, art, or any other valuable item a thief might target. Before we delve into the history of computer crime, there are a few terms we need to clarify. The first is the term hacker, which we used in Chapter 1, ‘‘Introduction to Computer Crime.’’ Many in the hacking community object to the term hacker being used in the media to denote illegal intrusions onto systems. In the hacking community, a hacker is one who experiments with a system in order to learn more about it. This has led to a variety of terms being used to clarify the in- dividual’s actual motive and activities. Let us briefly define those terms, as it will help you throughout this chapter and this book. A hacker is a person who wishes to understand a given system in depth, often through reverse-engineering techniques. A cracker is a person who uses those techniques to intrude on systems with malicious intent. A phreaker is a person who is hacking or cracking phone systems. In the past two decades, it has become more common to refer to white-hat, gray-hat, and black-hat hackers. A white-hat hacker is not conducting illegal activities, he is merely learning about systems. A white-hat hacker may actually be performing an authorized intrusion test of a system. A black-hat hacker is conducting illegal activities; these are the people traditionally associated with computer crimes. This term is synonymous with cracker. Usually, when the media discusses hacking, they are actually referring to black-hat hackers. A gray-hat hacker may break laws, but usually without malicious intent. For ex- ample, he or she may break into a target system, and then rather than wreak havoc on the system, will notify the system administrator of the flaw in the security. This person is still committing crimes, but usually without malicious intent. The next term we need to define is the term attack. In computer-security par- lance, an attack is any attempt to breach a system’s security. This can be an at- tempt to crack a password, to get into a wireless network, or to execute a denial of service, just to name a few common examples. From an investigative point of view, we are only concerned with those crimes that violate a particular law. In Chapter 3, ‘‘United States Computer Laws Part I,’’ we will examine federal laws and in Chapter 4, ‘‘United States Computer Laws Part II,’’ we will look at state laws. It is possible that an attack may not violate a law, although most will. Let’s also define a few network terms that will be used in this chapter and throughout the book. Now, if your background in computer networks is lacking, you may want to refer to Appendix A, ‘‘Introduction to Computer Networks,’’ for The ‘‘Prehistory’’ of Computer Crime 33 a more comprehensive tutorial, but for now we will just define a few terms. The first of those terms is node. A node is any device connected to any network that has an address. Computers use numerical addresses called IP addresses. These ad- dresses take the form of four numbers, each between 0 and 255, separated by dots, such as 192.168.1.1. A router is a device that allows data packets to be transmitted between various networks. (That is a simplified definition; a more thorough one is given in Appendix A, but this will do for now.) A server is a computer set up to respond to requests from users. For example, a Web server responds to requests from clients and gives them Web pages. A client is a computer that connects to a server in order to request some sort of data. A host is similar to a node, except that a host refers to an actual computer (be it a client or server), whereas the term node can refer to other devices such as network printers and routers. With these few terms defined, we can move forward with our discussion of the history of computer crime. The ‘‘Prehistory’’ of Computer Crime The earliest days of computer crime, the 1960s and 1970s, were very quiet from a computer-crime perspective. The majority of incidents were actually just pranks played on computer systems at universities by bright and inquisitive students. Not only did the incidents usually cause minimal if any damage, there were ac- tually few laws against such activities, so they literally were not crimes. The entire purpose of hacking, in those days, was simply to understand a given system far better than any manual would allow. A major reason for there being so little computer crime during this period was a lack of widespread access to computers and networks. In these ‘‘prehistoric’’ days of computer crime, there was no widespread public access to networks, no Internet, and no laws regarding computer activities. In fact, the only people who had any access to computers and networks tended to be university professors, students, and researchers. To understand the history of computer crime, one needs to understand the his- tory of the Internet. As the Internet grew and online communications became more commonplace, so did computer-based crimes. Before there could be any networks, much less the Internet, there had to be some method of moving a data packet from point A to point B. The first paper written on packet switching was by Leonard Kleinrock at MIT in 1961. Now, this may seem a somewhat arcane 34 Chapter 2 ■ A History of Computer Crime in America topic for book on computer crime. However, computer-crime forensics fre- quently involves tracking down packets to their source. Whether it be tracing an e-mail used in a phishing scam, tracking down someone who has hacked into a bank server, or proving the origins of harassing e-mails, the ability to track packets is key to investigating computer crime. In later chapters, as we discuss investigative techniques, you will see specifics on those issues. In Chapter 10, ‘‘Collecting Evidence from Other Sources,’’ we will actually show you how to track down packets. But for now, it is important that you realize the critical nature of packet switching to all Internet communications, and ultimately to solving many if not most computer crimes. Packet switching allowed the crea- tion of networks, and eventually the Internet itself. A packet is basically a unit of data. Packets will have a header that defines their point of origin, their destina- tion, and what kind of packet they are (i.e., e-mail, Web page, etc.). Once packet- switching techniques were well established, widespread networks were the next logical step. Today, the Internet is ubiquitous. It is rare to find a business that does not have a Web page or an individual who does not have an e-mail account. The Internet permeates our lives. However, this is a relatively new phenomenon. Let’s briefly look at the history of the Internet and how it grew to the massive global communication network it is today. The Internet actually began as a research project called ARPANet (ARPA was the Advanced Research Projects Agency, part of the U.S. Defense Department). In 1969, the network consisted of just four nodes: the University of Utah, the Uni- versity of California at Santa Barbara, the University of California at Los Angeles, and Stanford University. Twelve years later, in 1981, the network had grown to 213 nodes, still a paltry number compared to the millions of Internet users we have today. And in those days, those 213 nodes were simply research institutions, universities, and government entities. In those early days, computer crimes were quite rare. There was no Internet to utilize, and the nascent ARPANet was only accessible to a very small group of people, all of whom were engaged in research.