People now see hackers as crooks and thieves, so it's difficult to picture the term "hacker" having positive connotations. But being a hacker wasn't always a negative thing. People first used the term in a modern context at the prestigious Massachusetts Institute of Technology (MIT). Hacking was a word popularized by engineering students in the 1960s to describe the process of finding new methods to improve systems and devices to make them work more effectively. The history of ethical hacking involves the creative endeavors undertaken by some of the world's best minds. But there's more to the origins of hacking than that.
The Origins of the Hacker
Below is the journey of the secret history of hacking:
- The history of hacking dates back to 1961, when researchers from MIT altered the functioning of a toy railway set. There was no internet in the 1970s, and giant corporations and government agencies utilized computers exclusively. Since telephone service was costly, hackers targeted telephone systems to obtain free phone calls.
- Computers became more prevalent in the 1980s. The history of ethical hacking delineates that the internet was originally intended for research and defense. However, cyber criminality grew as it grew in popularity.
Governments began to intervene, enacting legislation such as the United States Computer Fraud and Abuse Act. Unauthorized computer access was forbidden, and hacking was declared a severe offense.
- The internet became increasingly popular in the 1990s. Criminal activities rose as more internet users demanded free services, fraudulent credit cards, and drugs. Robert Morris and Kevin Mitnick, in the secret history of the hacking documentary, were jailed for hacking into computer networks to steal proprietary code.
- Ultimately, prominent e-commerce, search engine, and social networking sites became targets as the internet grew in the 2000s. The International Space Station, too, has been hacked.
Gradually, businesses of all sizes were concerned about the security of their systems. They began to recruit ethical hackers to improve system security.
Many ethical hackers started their careers as criminals and served prison sentences. Instead of attacking systems, they began to utilize their hacking skills to help businesses on the other side of the line. This is how the negative history of hacking led to ethical hacking becoming an essential need for businesses.
Phreakers and Tiger Teams
A phreak is an individual who accesses any telephone network unlawfully to tap telephone lines or make long-distance phone calls for free. Phone providers have recently implemented additional security measures, rendering phreaking more difficult.
A tiger team consists of specialists who try to physically breach a secure facility or work on hacking tactics to breach a virtual environment. Although people occasionally use this phrase more broadly to refer to any group of competent individuals, it is frequently used in IT to refer to teams managing cyber risks and anti-hacking actions.
If you wish to join a tiger team, start by taking CEH courses and going through the online cyber security course details.
The Origins of Phreakers
Although the golden period of phreaking lasted from the early 1970s through the early 1990s, the first instances of hacking date back to the 1950s.
Joe Engressia is the original phreaker and is considered the father of phreaking. At the age of seven, Joe discovered that recreating the 2,600 Hz pitch of the phone routing signal in the 1960s would stop a dialed phone recording. Phreakers then exploited this vulnerability to reset the line and dial numbers to make free phone calls.
When Ron Rosenbaum's tale "The Secrets of the Little Blue Box" was published in Esquire in October 1971, phreaking became more popular. The technique grew common on college campuses, motivating Steve Jobs and Steve Wozniak, future Apple Inc. founders, to create blue boxes long before making their first Macintosh.
Phreaking became connected with political radicalism in the 1970s. Abbie Hoffman, the leader of the Youth International Party, took interest in phreaking to fight the American Telephone & Telegraph Company's monopoly (AT&T).
Hoffman and a phreaker known as "Al Bell" started producing a newsletter called Party Line in 1971, which outlined how to hack telephone lines for their purposes. TAP, which stands for "technology assistance program," was given to Party Line in 1973.
Hoffman campaigned for phone line liberation because he felt that seizing control of communications networks would be a critical step towards a mass rebellion. AT&T stated in the mid-1970s that it lost $30 million per year to telephone fraud, including phreaking.
Phreaking was essentially eliminated in 1983 when officials upgraded telephone lines to CCIS, which separated signaling from the voice line. Although the practice of phreaking faded out of existence, the spirit of phreaking lives on through computer hacking.
When personal computers and modems were available in the early 1980s, many phreakers became hackers, perpetuating their anti-bureaucratic attitudes and confidence in the freedom of communication.
The Relationship Between Phreakers and Hackers
Phreaker is a mix of the words "phone" and "freak." Phreakers mimicked the tones of phone system operators to route calls and detected payments to avoid paying for a costly call. The phreaking culture eventually morphed into the hacking culture with the introduction of personal computing and the internet.
The Rise of the Black Hat Hacker
During the 1980s and 1990s, the term "hacker" became entirely linked with criminal activities.
Because of the enormous success of the personal computer as a tool for both enterprises and individuals, a great deal of critical data and information was savable in computer programs rather than on paper. Hackers began to realize the potential for stealing data that could be sold or used to scam businesses.
Furthermore, notorious hacking attempts became familiar news stories. People saw hackers as criminals - digital trespassers – who used their hacking skills and abilities to break into private systems, steal data, and even blackmail companies into giving over enormous sums of money.
These hackers are now known as black hat hackers since they are only interested in exploiting their expertise for the wrong reasons and are frequently linked to various illegal activities. The great bulk of media attention goes to black hat hackers, and there have been high-profile breaches on large firms like eBay and Sony in recent years.
Computer Fraud and Abuse Act
Officials implemented The Computer Fraud and Abuse Act (CFAA) in 1986 to supplement the first federal computer fraud statute and prevent hacking. It has been updated multiple times over the years, most frequently in 2008, to include a wide variety of behavior much beyond its initial objective.
The CFAA forbids entering a computer without authority or over authorization, although it does not define "without authorization." It has become a weapon ripe for misuse and exploitation against practically every area of computer activity, thanks to draconian punishment systems and flexible provisions.
As technology improves, the application of criminal law governs technology-related behavior. US Congress passed the first national computer crime statute thirty years ago based on perceptions of the importance of technology and increased illegal activities.
However, as computers have become more widely available and used, government control of computer behavior has gone into overdrive. Over thirty years, federal cybercrime has evolved from almost non-existent to affecting every area of computer activity for frequent and infrequent users.
If you wish to fight cybercrime, the KnowledgeHut CEH training online will help you achieve your goals.
Computer Misuse Act (1990)
The Computer Misuse Act (CMA) was developed in 1990 as the law that governs how people can legitimately access data on computers. It also made any unauthorized access to information and the practice of making changes to data stored without the owner's permission illegal.
Regina v Gold and Schifreen, a 1978 case in which two hackers stole the login data of a BT engineer at a trade exhibition and used them to access BT's Prestel service remotely, influenced these rules.
They stole the details and utilized them to log in to the system using a method known as shoulder surfing. They found the late Duke of Edinburgh's email address to prove how far they could dig.
They were jailed under the Forgery and Counterfeiting Act 1981 after BT monitored the account they were using and reported suspicious behavior to the authorities. However, the decision was reversed on appeal because they had not attempted to profit from using the Prestel service.
CMA Penalties
- If charged under the Computer Misuse Act, three degrees of penalties are imposed on hackers depending on the offense and severity of the act.
- If found guilty of accessing a computer without authorization, the lowest degree of penalty is imposed on the hacker. Convicts face two years in jail and a £5,000 fine.
- If found guilty of gaining unauthorized access to computers to steal data and defraud people, hackers get an unlimited fine based on the intensity of the crime and the damage caused, though proving intent can be difficult.
- Suppose a person manipulates the material of a system or offers the means for others to do so, such as distributing malware to ruin or change the contents of a computer. In that case, they might face a ten-year jail sentence and an infinite fine.
- If the potential harm extends to endangering human welfare or jeopardizing national security, the penalty could be life in prison.
Ethical Hackers Begin
After the introduction of laws and regulations and an increasing need for better cybersecurity for businesses, governments, and individuals alike led to the creation of many jobs for people with expertise.
Ethical hackers can help businesses in the following ways:
- Many of the main threats to organizations today, including online scams, gadget theft, distributed denial-of-service (DDoS) attacks, and insecure networks, may be avoided through ethical hacking.
- Ethical hacking strengthens a business's network, improves the threat detection process, and trains the internal security staff to recognize dangerous hacking techniques.
- Most impressively, ethical hackers carry out penetration testing to find lapses in a business's online security and fix them to prevent hackers from getting their hands on sensitive data.
Penetration Testing
Penetration testing is a method of ethical hacking involving launching simulated cyberattacks to gain access to or utilize computer networks, networks, portals, and applications.
Security specialists can utilize penetration testing processes and technical testing instruments to check the integrity of an institution's security guidelines. Pen tests check the regulatory submission, employee safety awareness, and the company's capacity to spot and understand security issues and unauthorized access.
Ethical hacking techniques, which imitate a cyberattack, assist security experts in evaluating the efficiency of information security safeguards within businesses. The pen test looks for security flaws in networks, web apps, and user security to breach an organization's cyber defenses. The goal is to identify system flaws before attackers do.
Know more about the Penetration Tester Tools.
Common Pen Testing Techniques
- External testing: It entails launching assaults on the institution's network perimeter from outside its systems, such as the Extranet and the Internet.
- Internal testing: Conducted from within the external structure, this test aims to determine what would happen if the network perimeter were breached or what an authorized user could do to access specific information resources within the network.
- Blind testing: In this scenario, the tester attempts to mimic the behaviors of a local hacker. The testing team has no information about the business. It must rely on publicly accessible data (such as the corporate website, domain name registration, and so on) to obtain information and run penetration tests on the target.
- Double-blind testing: Only a few people inside the company are aware of the testing in this activity. IT and security personnel are not alerted or informed in advance and are "blind" to the intended testing operations. It encourages surveillance and ensures escalation and response procedures are in place for when the attackers show up.
- Targeted testing: Often known as the "lights-on" technique, enlists the help of both IT and detection process teams. Testing efforts and information about the goal and network design are known. Targeted tests take less time and effort than blind tests. Still, they don't always give the same comprehensive view of an institution's security flaws and emergency preparedness as other testing methods.
Conclusion
Ethical hacking may assist a business in various ways, including strengthening computer and network security through penetration testing and enabling preventative actions to avert security breaches. If you're looking to start a career in ethical hacking, taking CEH training online is an excellent way to do so.