Cybersecurity architect and adjunct professor at NC State University Jeff Crume joins WIRED to answer the internet's burning questions about the history of hacking. What was the first computer virus? Who is the most influential hacker in history? How did hacking work before the internet? Have hackers ever taken down a government website? Do VPNs really offer the anonymity we think they do? What is a firewall and how does it work? Answers to these questions and many more await on Hacking History Support.
Director: Jackie Phillips
Director of Photography: Grant Bell
Editor: Alex Mechanik
Expert: Jeff Crume
Line Producer: Jamie Rasmussen
Associate Producer: Paul Gulyas
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Casting Producer: Nick Sawyer
Camera Operator: Shay Eberle-Gunst
Sound Mixer: Paul Cornett
Set Designer: Liliana Starck
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Stella Shortino
Supervising Editor: Erica DeLeo
Additional Editor: Samantha DiVito
Assistant Editor: Fynn Lithgow
Director: Jackie Phillips
Director of Photography: Grant Bell
Editor: Alex Mechanik
Expert: Jeff Crume
Line Producer: Jamie Rasmussen
Associate Producer: Paul Gulyas
Production Manager: Peter Brunette
Production Coordinator: Rhyan Lark
Casting Producer: Nick Sawyer
Camera Operator: Shay Eberle-Gunst
Sound Mixer: Paul Cornett
Set Designer: Liliana Starck
Post Production Supervisor: Christian Olguin
Post Production Coordinator: Stella Shortino
Supervising Editor: Erica DeLeo
Additional Editor: Samantha DiVito
Assistant Editor: Fynn Lithgow
Category
🤖
TechTranscript
00:00Hopefully we'll stay out of jail on this.
00:02Ladies and gentlemen, start your lawyers.
00:04I'm Jeff Kroome. I'm a cybersecurity architect and adjunct professor at NC State University.
00:09Let's answer some questions from the internet.
00:11This is History of Hacking Support.
00:17Atmatscary34 asks,
00:19Who do you think is the most influential hacker in cyber history?
00:22Some of the really great hackers are ones you've never heard of
00:25because they, in fact, were so good they didn't get caught.
00:27Certainly one of the big names, he was certainly the most influential and infamous back in the day,
00:32is Kevin Mitnick.
00:34Kevin Mitnick was particularly known for his social engineering
00:37where he would basically try to con people, rely on their desire to trust each other,
00:42and get information out of people by pretending to be someone else.
00:46He served five years in prison.
00:48He was arrested for abusing the phone system.
00:51Back in those days, you had to pay for long-distance calls.
00:54He was able to break into the phone system and make calls for free.
00:58At Raymond Gauche1 asks,
01:00Where does the term hack come from?
01:02The term really traces its evolution from the 60s,
01:06where at MIT there was a model train club,
01:09and they used the term hack, or hacker,
01:11to refer to someone who was able to use the technology in an unconventional way, in a creative way.
01:17Then about the 70s, 80s, it kind of took a change,
01:20and most people began to associate hacking with unauthorized access.
01:25In the security community, we actually refer to at least three different types,
01:29and we refer to them by their hat color, believe it or not.
01:32No, they're not actually wearing hats necessarily,
01:34but we refer to black hats as the ones who are breaking into systems in order to do damage,
01:39in order to steal things, operating without permission.
01:42The white hat hackers, those are more like that original terminology that we referred to
01:47with the group from MIT, who were basically hobbyists,
01:52trying to find out where the limits of the technology, this sort of thing.
01:55They report those vulnerabilities, and they're trying to do something for the overall good.
01:59Now, you've got something in between, a gray hat hacker,
02:02where they claim to be doing some good, but maybe they cross a few lines here and there.
02:07James K. Polk, how did computer hackers do their hacking back in the 60s and 70s?
02:12It was all about physical access, because computers, there was no internet.
02:15All the computers that existed were pretty much in very known places.
02:20A company had a data center. It was on raised floor. It had to be cooled with air conditioning.
02:25The entry and access to those systems was controlled via badge reader. There were cameras.
02:30So it was basically security was guards, guns, and gates back in those days.
02:34If you didn't have access physically to the system, you couldn't do much damage.
02:38Then it started moving to where attackers were starting to use the phone system.
02:43Hackers that were hacking on the phone system were known as freakers, phone hackers.
02:47They would do different things to try to figure out how they could get into the phone system
02:52and control it remotely, maybe from a pay phone.
02:54There were not a lot of computer systems for them to break into yet.
02:57And then we start moving into the 70s. Now we didn't really have an internet that everyone had access to,
03:02but more and more systems were being made available over the public phone network.
03:08So they had modems and you could call into a system and then get access.
03:12If you knew the password, you could log in and then maybe take control of the system that way.
03:16So that's what happened really more in the 70s.
03:19In the 80s, especially as we move into the 90s, then we had the internet.
03:23And that's when really hacking changed very dramatically because everyone had access to everyone,
03:29everywhere in the world.
03:30It was a great thing for pretty much everyone, including the attackers.
03:35At Charlie's Curious asks,
03:37Have hackers ever taken down a government website?
03:39One of the first that I remember was back in about 1996 when the Central Intelligence Agency
03:44had their main website hacked and, at least for a short period of time,
03:49it said, welcome to the Central Stupidity Agency.
03:51Not a lot of damage done there, more just a reputational damage.
03:55It was basically electronic graffiti.
03:57So what could people do to prevent their websites, for instance, from being hacked?
04:01One of the first things is make sure that you change all of the default user IDs and passwords.
04:07We call that hardening. That's one form of hardening.
04:10Another is turn off all the unnecessary services.
04:13Every single thing that's turned on on a system is potentially another way a bad guy can use to get into your system.
04:20Also keep your software up to date because all the time vendors are fixing bugs in their software
04:26and many of those bugs are security bugs.
04:28And the bad guys will know about what those bugs are and they'll take advantage of them.
04:32Needs to be at minimum multi-factor authentication.
04:35Don't rely on voice recognition, by the way.
04:37We have deep fake technology from AI that potentially could fake that stuff out.
04:41Weedeeds asks,
04:42Question for cybersecurity mavens.
04:44Since signal is open source,
04:46doesn't that mean that some intelligent adversary could determine its encryption algorithm
04:50and come up with a way to decrypt signal communications?
04:53Well, yes, in general, but first of all,
04:56don't add people to your group chat if you don't know who they are.
04:59There's a notion in cryptography that's known as Kirchhoff's principle.
05:03And it says that nothing should be secret about a crypto system except the keys.
05:08In other words, knowing how an algorithm works should not give you any insight into how to break it.
05:14A good crypto algorithm will stand the test of time.
05:18Everyone can know how it works and yet they still can't break it.
05:21The only way to break an encrypted message is to guess what the key is.
05:24That's been the case.
05:25So if the keys are the secret to the system,
05:27then one thing you want to be able to do is generate those keys and keep them secret.
05:31You want a random key and then you want to store it somewhere safe.
05:35The more randomness you can get, the better your key will be.
05:38And then you don't have to remember that.
05:41You'll use some other form of multi-factor authentication or things like that
05:44in order to get access to the key.
05:46But the key itself will be saved on your system.
05:49And if it's really sensitive, you'll store it in a special place in hardware,
05:54where if someone tries to access that without permission,
05:58it'll actually blank the key and just wipe it out completely.
06:01Then that crypto device becomes effectively just a paperweight at that point.
06:05Deadbird Rugby says,
06:06I've seen some older generation folks on LinkedIn as cybersecurity analysts in the 90s.
06:11Yeah, he's probably talking about me.
06:13From what I remember, the internet was like the Wild West in the 90s.
06:17A lot of focus was just on putting up a firewall,
06:20putting up some sort of technology that gave us an initial block,
06:23an initial front door to separate our internal network from the external Wild West.
06:28But firewalls weren't nearly enough.
06:30They weren't enough then and they're not enough now.
06:33But that was what a lot of the view was.
06:35And we talk about the Wild West.
06:36Well, there was a Wild West then on the internet
06:38because everything was kind of unknown and unmonitored.
06:42We still have that today to a great extent.
06:44But then there's another layer deep below the surface that most people never see.
06:49Where you exist for the most part, if you're typical of most people,
06:52is you're on the surface web.
06:54That's maybe 5% of the content that's on the World Wide Web.
06:58And it's stuff that you can get to from your favorite search engine.
07:01It's been indexed, in other words.
07:02So you can go to the search engine and find it.
07:04The other 95% is kind of, if you think of an iceberg,
07:07this is the stuff below the surface.
07:09You know, the iceberg is deeper below the water level.
07:11So think about the iceberg.
07:13The other 95% that's below, that's the deep web.
07:16It's not necessarily nefarious stuff.
07:18It's just not stuff that everyone needs to get to.
07:20It's business records.
07:21It's things like that.
07:22Only authorized users would be able to go in and authenticate and be able to see that stuff.
07:27But, there's a subset.
07:28That's in an area we call the dark web.
07:30And it's dark because it's not indexed.
07:33You have to know where it is, so you're not likely to just stumble into it.
07:36In fact, you've got to use special tools to get there.
07:38And for what it's worth, I don't recommend that you go there.
07:40Because it's a rough neighborhood.
07:42Your system could be taken over, could be hacked,
07:45could have malware on it after you've visited some of these illicit sites.
07:48Now, is everything on the dark web terrible? No.
07:51Some group of the people that are on the dark web are people who are whistleblowers.
07:56People who are political dissidents.
07:57People who live in areas of the world where they can't speak freely.
08:01And maybe it's even journalists who need to be able to get a message out.
08:04And be able to do it with anonymity.
08:06But with anonymity comes also the possibility of illegal and illicit activities.
08:11It's dark because the lights are off.
08:13It's not dark because of what the content is there.
08:15But certainly some of the content is of a dark nature.
08:17A user on Reddit asked,
08:19What was the Stuxnet virus and why was it so successful?
08:23Well, Stuxnet was some malware.
08:26I'll just use that general term to refer to it.
08:28Designed specifically to target nuclear centrifuges in Iran.
08:32It was unleashed on those systems.
08:35Those systems didn't have general internet access.
08:37So the idea was that it would be brought in to the system physically.
08:42Implanted on those systems.
08:43And then it would cause the centrifuges to speed up and slow down and speed up and slow down.
08:48Which caused them to not be functional.
08:50The idea, of course, was to disrupt Iran's ability to enrich uranium.
08:54So, who was looking out for doing that?
08:57Well, there's a lot of attribution and it's one of those situations.
09:00One of my favorite quotes is,
09:01Those who know aren't talking.
09:02And those who don't, well, you can't shut them up.
09:04I'm going to keep talking.
09:05So now you know which one of those categories I'm in.
09:08I don't have any first-hand information.
09:09But it's been widely attributed in the public space that the US and Israel were involved in this particular attack.
09:16As a way to try to subvert Iran's nuclear ambitions.
09:20It was pretty successful for a good period of time until it turns out that the virus spread to some other systems.
09:27Those other systems then were discovered with an anti-virus tool.
09:31Then from there, the whole game started to unravel.
09:34At Mach5Turtle says,
09:36Yay, my data has been compromised due to the OPM data breach.
09:40Not sure that's a reason for celebration.
09:42My fingerprints and everything.
09:44Where will it all turn up next? How exciting.
09:46That's a case where data is turned over to someone else.
09:50And you have to trust that they're going to do the right thing.
09:52And maybe they do the right thing 99% of the time.
09:55But it's that other 1% where they didn't.
09:58And then that's where an attack occurs.
09:59So what can you do about this?
10:01Well, first of all, don't give your data to places where you don't have to.
10:04And most people give their data up very freely for very little in exchange.
10:09So make sure that you're understanding the bargain.
10:11Understand that your data is worth something to those companies.
10:14That's why they want to keep it.
10:16And make sure that what you're getting back in exchange for it
10:18is really a fair bargain.
10:20Also, you can do some things like credit monitoring,
10:23like credit freeze, credit lock, things like that.
10:26So that way, if someone tries to open a line of credit in your name,
10:29tries to get a credit card, tries to get a home loan, whatever like that,
10:33they try to do that in your name using information
10:35that they got from one of these data breaches,
10:37well, they won't be able to.
10:38That's something that you can do, at least in the U.S.
10:41And there are probably similar things you can do in other countries as well.
10:43At SC Magazine asks,
10:45A question for cybersecurity pros.
10:46Would you ban TikTok from your organization over security and privacy concerns
10:51raised about its ownership being based in China?
10:54First of all, my general approach to bans is I don't think they work.
10:58Not in the way that people hope that they will.
11:00When you ban something, you drive its behavior below ground.
11:05And once you drive it underground, then it's hard to monitor.
11:08Now, am I concerned about ownership?
11:11I'm concerned about ownership of all of these.
11:13Because just because a company is in China, or even if they're in the U.S.,
11:17doesn't necessarily make me think that there's going to be no violations of privacy
11:21or no manipulation of information.
11:23We've already seen that every country on Earth is really good
11:27and has people who will find ways to be good at manipulating people
11:33through misinformation and fake news.
11:35And we know that privacy violations occur everywhere.
11:38And we also know that privacy violations can occur even unintentionally.
11:42So there are concerns, certainly if a government is able to say,
11:46we are going to make you turn over those records to us.
11:49And now there's not independence from that service and the government.
11:54And that's a big concern.
11:55But that happens in a lot of cases.
11:57I heard Dai Kaiju asks,
11:59What are some ways elections are vulnerable from a security standpoint?
12:03And what can be done to shore up these platforms?
12:05Almost every case, I would choose the more high-tech alternative
12:08to the lower-tech alternative, except when it comes to voting.
12:11In that case, the reason I like paper ballots is because with a paper ballot,
12:15if the counting machine messes up,
12:17well, we just go back and take the paper ballots
12:19and run them through another one.
12:20If we have only electronic votes to begin with,
12:23we can't go run them all back through.
12:25We can't line up all the people that voted on that day
12:27and say, please go back, get in line again,
12:29and vote exactly the way you did before.
12:31It doesn't work like that.
12:32We could have a power outage at a voting station.
12:35Well, again, that doesn't affect paper ballots.
12:37It might affect the counting.
12:38And if we want to use machines to do counting of those,
12:41I think that's not so unreasonable.
12:43But there are a lot of things that technology helps us with.
12:47This is one where a lower-tech solution is probably better.
12:51Chronoport asks,
12:52Why did the I Love You virus overwrite other files?
12:55If you're a virus, you're trying to spread yourself as much as you can.
12:58The more types of files that you can overwrite,
13:01the more things you can infect,
13:03and the more other systems you can infect,
13:05and the harder it is to get the system disinfected.
13:08If you're the designer of a virus,
13:10you want it to spread as virally as possible.
13:12So infect as much stuff as you possibly can.
13:14Atalafolix asks,
13:16Who stopped WannaCry?
13:17WannaCry was one of the most famous examples of malware.
13:21It did a lot of damage.
13:22The guy that's given credit for stopping it is named Marcus Hutchins.
13:26He did it in May of 2017.
13:27He was doing some analysis of the malware
13:29and found that it actually made a call out to a particular website,
13:34to a particular domain name.
13:36It was really long and complex and gorp-y looking.
13:38Nothing that you would ever guess unless you were just decompiling the code.
13:41And he realized that as long as it didn't find the presence of that,
13:44it would continue to spread.
13:46So what he did then was go register that domain name
13:49so that then whenever the malware went out to go ping that site to see if it exists,
13:54it would in fact exist.
13:55And therefore the malware would stop replicating.
13:57So he basically found what was a kill switch that was built into the code.
14:02But that didn't necessarily stop and eradicate.
14:05The malware was still on a lot of people's systems
14:08and may still be out there in some cases.
14:10But at least it was a way to turn a kill switch and make it stop
14:13so that it didn't hurt other people for at least a good period of time.
14:17AtTheBossAlmighty asks,
14:19How exactly can hackers shut down a pipeline?
14:22I'm assuming this is a reference to the colonial pipeline ransomware case
14:26that was very infamous because in fact there was a pipeline that transported oil
14:31across the southeastern portions of the U.S.
14:33Well, it turns out that the attacker, the actual malware, the ransomware,
14:37did not actually shut down the pipeline.
14:40The operators of Colonial Pipeline decided they needed to shut it down
14:44in order to prevent further damage because they weren't quite really sure what was going on.
14:48They knew that they had experienced a ransomware case.
14:51They were being demanded a $5 million ransom in order to restore the systems.
14:56And they, in an abundance of caution, just felt like it was better to shut things down
15:00until they could figure out what happened.
15:02They eventually did turn things back on and, of course, we got back in operational.
15:06Interesting sideline with that story is they actually paid the $5 million ransom.
15:10But here was the unhappy part of that ending.
15:13The attackers gave them a tool that would decrypt the data that had been encrypted.
15:18So they paid the ransom, they got the tool, but the tool was so inefficient and so slow
15:23that it would never have recovered the data in time to do anyone any good.
15:27So they ended up having to rely on their own backups, incomplete as they might have been.
15:31And so they paid the $5 million ransom, didn't get their data,
15:34and it was kind of a worst of both worlds situation.
15:37However, in the end, there was one more twist.
15:40And that was that the FBI actually recovered half of that ransom.
15:43Don't expect that to happen in your case.
15:45Ed Noble Infantry asks,
15:47What is a firewall and how does it work?
15:49Well, a firewall was a building mechanism that was fire-retardant materials
15:53that would at least slow the spread of fire from one unit to the next.
15:56Now, when you apply that concept into network security,
15:59it's a place, a zone of separation
16:03where we're going to keep one level of trusted network away from another.
16:07Maybe an untrusted internet will keep that separate from a trusted internal network.
16:12And the firewall will basically be the gatekeeper.
16:14So we'll have a security policy in it,
16:17and it will look for certain types of traffic and say,
16:19that kind of stuff can come in, this other kind of stuff we're going to block
16:22because we don't use that kind of traffic,
16:24we don't need traffic coming from that area of the internet,
16:27or we don't need users of that sort.
16:30They're not part of our organization.
16:32So we put a gating factor, basically a guard between areas of networks
16:36where we have different zones of trust.
16:38AI Pitchside asks,
16:40I'm curious to know how people balance online security with the need for convenience.
16:44Do VPNs really offer the anonymity we think they do?
16:47The original purpose of VPNs was really just as a way to transport sensitive information over a public network.
16:54So if I wanted to send a secret message to you that only you could see,
16:57and that someone else who saw the traffic going across the internet would not be able to read,
17:02I would encrypt the message and then send it to you.
17:04So that way we have an encrypted connection between the two of us.
17:07Now, the VPNs that most people use today, not only can do that,
17:11but they also will hide the IP address that you're coming from.
17:14And that's where you start to get some of these anonymity features.
17:17The idea is that your ISP, whoever it is that's providing your internet connection
17:22and getting you as the on-ramp onto the highway that is the internet,
17:26they know what your IP address is.
17:28And they can see everything that comes and goes into your home network or into your computer itself.
17:34Unless you use a VPN, which then all they can do is see where the packets are coming from
17:38and where they're going, but they can't see the contents of it.
17:41So that gives you a certain level of anonymity.
17:43However, if you use a VPN, then what it will do is also hide where your originating IP address is.
17:49Because what will happen is no matter where you want to send a packet,
17:52if you've got the VPN turned on, it's going to go to the VPN access point first.
17:56Then from there, it will get routed to where it's supposed to go.
17:59So the ISP then at that point only sees,
18:02here you are sending all your traffic to this one VPN entry point,
18:06this VPN access point, and then stuff comes back from there.
18:09They won't be able to see the contents.
18:11They won't be able to see where it goes after that point.
18:13Now that gives you some anonymity and some privacy.
18:16However, don't be fooled.
18:17What you've done is shifted your trust from your ISP,
18:20which maybe wasn't so trustworthy in terms of guarding your privacy,
18:24to the VPN provider.
18:26Because the VPN provider now gets to see where all your traffic is going.
18:29And you don't really have a way to verify the way they're operating.
18:32So some VPNs will be very rock solid and will preserve your privacy.
18:36Others will not.
18:37So just by using a VPN, you may just be making it easier by concentrating all your data to one place.
18:43And if that place gets attacked, or if that place is a bad actor,
18:47then you've given them all your information.
18:49So, be careful.
18:50A VPN is not a panacea.
18:51It can help.
18:52AtHotGeologist6330 asks,
18:55Why are phishing emails and telephone scams still profitable despite increased awareness?
19:00Simple answer is people.
19:01Have you ever met them?
19:02Well, they can be exploited.
19:04We have this tendency as humans to trust other people.
19:07Even if you're very jaded,
19:08you see someone walking toward a building,
19:10their arms are full of stuff and it's raining,
19:12and you're at the door so maybe you hold the door open for them.
19:14But, if that person was planning to do that as a way to get into the building,
19:18well then they basically just socially engineered you into letting them come into the building
19:22and tailgate without using their badge.
19:24Social engineering is what lies at the heart of these types of attacks,
19:28of phishing emails, telephone scams, and things like that.
19:31Our tendency to trust.
19:32And in one context, that's a beautiful thing.
19:34Because we wouldn't want everyone to be so jaded that we never trusted another person ever again.
19:39But, we can't be trusting of everything either.
19:42Because then everything falls.
19:43The attackers are always going to try to find that crack that they can exploit.
19:48And they keep changing their tactics.
19:50They keep changing different ways of doing this.
19:52Phishers originally used mostly just email.
19:55Now they've moved into other areas as well in addition to email.
19:58They could do an SMS message to you.
20:00We call that, instead of phishing, we call that smishing.
20:03They could do phishing via voicemail.
20:05We call that vishing.
20:06There's even a new one called quishing, where they use QR code.
20:09This is a pseudo asks, are password managers safe?
20:13If you're asking a security person, is it safe?
20:15The answer is no.
20:16I don't even have to know what the question was.
20:18The answer is, it's not safe.
20:19Nothing is ever fully safe.
20:21Nothing is ever fully secure.
20:22Now, is it safe enough?
20:23It depends on which password manager you use, and how you use it, and where you put the password manager,
20:30and how you get access to the password manager itself.
20:34Most of these password managers will require you to set a strong password that you type in once,
20:39and then that unlocks all the other passwords that it keeps in its storage.
20:43If you have a trivial password on your password manager, you have an unsafe system.
20:48So, you need to have at least one really good password, and again, maybe use multi-factor authentication
20:53so that it doesn't rely just on a password to get in.
20:56Let me tell you what's better than a password.
20:58If you're trying to make sure that no one steals your password, don't have one in the first place.
21:03And you say, what does that mean? I don't get to choose that.
21:06Well, actually, you are more and more getting to choose a newer technology called PassKeys.
21:11There's an organization called Fido, Fast Identity Online, that came out with this standard.
21:15And PassKeys sounds like the same kind of thing, password, passkey.
21:19It's actually very different. PassKeys use cryptographic techniques.
21:23You don't have to remember what the password is. You don't have to choose what the password is.
21:27You unlock your device. The PassKeys is a cryptographic key that's kept on your device,
21:32and may or may not be synced with other devices that you have.
21:35It's relatively phishing resistant, if not almost impossible to phish,
21:40because it uses a challenge response system. And all of this stuff happens under the covers.
21:45And the good news is, password managers support both passwords, the good ones, and PassKeys.
21:50So you don't have to choose.
21:52Curiousbrain2781 asks,
21:54How likely is it to catch a virus nowadays? Assuming a standard up-to-date antivirus.
22:00It's actually still very possible. We continue to see that certain types of malware proliferate.
22:05Thankfully, we've gotten a little better at this. But the problem is, the game constantly keeps changing.
22:10So then we had to, as an industry, come out with things that were not just looking for literal signature,
22:15that is, a string of bits that were in there, in the particular malware itself, and that was the identifier.
22:22Now we're looking for things like behaviors. And if we're looking for those behaviors,
22:26maybe we're able to block these things more often.
22:29A lot of these viruses and malware will exploit different vulnerabilities in software.
22:34So that's why, as patching and updating of software levels has become more and more automated,
22:40we've been able to deal with a better defense than we had back in the day when these things were first coming out.
22:46Reboot your system every so often because some viruses and malware are not able to survive across a reboot.
22:52So you'd like to get rid of those and clean things that way.
22:55But in general, use tools that can disinfect your system. That will help a lot.
22:59Tyrone Biggums asks,
23:00What hack has caused the most damage? Depends on how you measure damage.
23:04Would it be financial damage? Would it be in terms of the number of systems that were affected?
23:08Would it be in terms of the number of lives that were impacted?
23:11Would it be in terms of the number of lives that were lost?
23:14There's a lot of different ways to look at this.
23:16There was one case where a ransomware instance happened at a hospital.
23:21And it caused the hospital systems to not be available and they started redirecting emergency traffic to other hospitals.
23:28One person died during transport to a more distant hospital.
23:32So there's a case where, indirectly, ransomware cost a person their life.
23:35At Sector, quadruple zero seven says,
23:39But what is the CIA triad?
23:40Well, CIA, if you talk to a cybersecurity person, probably doesn't mean Central Intelligence Agency, although it could.
23:47We think of this as one of the classical security teachings and that really lies at the fundamentals of everything we do in cybersecurity.
23:55Everything in cybersecurity is about these three.
23:57Confidentiality, integrity, and availability.
23:59So CIA, confidentiality, integrity, and availability.
24:03That's really everything we do in cybersecurity is about doing those three things.
24:07At Gunblaze1969 asks,
24:09What was the name of the first computer virus?
24:11Well, if you use the term virus in the larger sense of malware, I'm actually going to shift this question to refer to the first real example that the world came to know.
24:21And that was the Morris worm back in 1988.
24:24And that was where an MIT student came up with a way of planning a piece of software on a lot of different systems across the internet.
24:33And it spread automatically.
24:35That's what a worm does.
24:36It self-replicates.
24:37And it did this and got to 10% of the internet before it finally got shut down.
24:41So that was really the first one that made the world wake up to the fact that this stuff could actually have software that could do harm.
24:48At Peter Burkhead asks,
24:49How is it I never heard about phone freaking?
24:51It's an old attack.
24:53In the early days, when there really were not a lot of computers to break into, there was a phone system.
24:58And it was worldwide.
24:59And phone freakers were the ones who tried to manipulate the phone system.
25:02And it was discovered that you could actually control the phone system.
25:06Maybe even reconfigure the switch that's involved.
25:10You could get free long distance phone calls.
25:13There's a lot of different things you could do.
25:14And you could do this because the phone systems used a specific tone in order to put them into a management control mode.
25:22That mode was triggered by a tone at 2600 hertz.
25:27So if you could whistle 2600 hertz or get a tone generator and hold it up to a phone,
25:32you could then take over the phone and maybe even penetrate into the system from that.
25:37It turned out that Captain Crunch, the serial, came out with a toy prize.
25:43A whistle inside.
25:44And guess what?
25:45That whistle blew 2600 hertz.
25:47Now, Captain Crunch, I'm sure, had no idea that that's what was going to happen when they did that.
25:51They were just making a toy for kids.
25:53But the phone freaker community learned about that pretty quickly.
25:56And they got all over that and bought up a lot of Captain Crunch boxes.
26:00And now they were able to go in to pay phones and get free phone calls.
26:04But you don't hear about it much now because nobody really pays for long distance phone calls.
26:08Barrowolf asks,
26:09What movie has the most realistic concept of hacking?
26:12Sorry, movie industry.
26:13I'm not sure any of them have gotten it really all that right.
26:16How it works in the real world is not necessarily all that exciting to watch.
26:19It's often hours and hours of just mind-numbing activity of running different programs in the background
26:25until finally you trip onto something.
26:27It's not something that makes for a great spectator support.
26:29So that's why you see the movies take liberties with this in order to make it a lot more interesting.
26:35I don't know if hackers ever actually say, I'm in, but in every movie they certainly do.
26:39Okay, those are all the questions.
26:40Thanks for watching History of Hacking Support.
26:46What이나 appare them that are related to any of these things?
26:49Now, this is the idea that you see during the video is to answer,
26:52how many people in the world do the things that are happening to us?
26:53Who can send?
26:55Who can send?
26:56Who can send?
26:58Who can send?
26:59Who can send?
27:00Who can send?
27:01Who can send?
27:02Who can send?
27:03Who can send?
27:04Who can send?
27:05Who can send?
27:06Who can send?