Many say that the world’s first cyber attack happened in 1988, when Robert Morris, a 20-something graduate student at Cornell, inadvertently set loose a computer worm that quickly clogged up large sections of the internet. Morris’s intentions were not malicious—he just wanted to gauze how big the internet was, but the program he created to achieve that had the characteristic behavior of a worm—it replicated itself. Morris was sentenced to three years probation and 400 hours of community service along with a large fine for his recklessness, thus becoming the first person to be successfully charged under the Computer Fraud and Abuse Act.
Today, more than 20 billion devices from laptops to refrigerators and cars to fitness trackers, are connected to the internet providing hackers with an unfathomably large playground. Every year hundreds of millions of users are hit by cyber attacks that defraud them of their money or their personal information. But the history of cyber attack goes further than the Morris worm. In fact, it goes back to the time when there was no internet and wireless telegraphy wasn’t even a thing. What existed instead was a large data network based on optical telegraphy called the semaphore.
The semaphore system (which we talked about in some detail a while ago) consisted of a chains of towers, each of which had a system of movable wooden arms on top. Different configurations of these arms corresponded to different letters, numbers and symbols. Operators in each tower would observe the configuration of the adjacent tower through a telescope, and then reproduce them on his own tower. This way a message could be transmitted from station to station and along the line at a remarkable speed.
The semaphore network was reserved for government use, but in 1834, two brothers, François and Joseph Blanc, devised a way to hack into the system for their personal gain.
François and Joseph Blanc traded government bonds at the stock exchange in the French city of Bordeaux, which closely followed the market movement at the Paris stock exchange. Being the largest stock exchange in France, Paris naturally set the pace for trading at stock markets in other cities across the country. However, these secondary markets were always behind by a few days since information about changes in the market took several days to arrive from Paris by mail coach. If traders could get the information more quickly, they could act before the market moved and thus make more money. Some tried using messengers and carrier pigeons, but the Blanc brothers knew they were not reliable. Pigeons often got lost, and messenger weren’t necessarily faster than the mail coaches. They figured out another way to do it.
The brothers bribed a telegraph operator in the city of Tours, to whom news about the stock market was delivered by an accomplice in Paris. The telegraph operator’s job was to transmit that news from Tours to Bordeaux using the semaphore system. However, the telegraph was for government use and the bribed operator could not simply transmit a few personal messages, because he would be detected. So the Blanc brothers instructed the operator to introduce a specific set of codes into routine government messages being sent over the network. These codes were made to appear like errors but actually contained critical information about the market that traders such as the Blancs sought after.
Normally, when an operator made innocent mistakes in signaling, he would encode a correction in a subsequent transmission. Both the error and its correction would then be duplicated from station to station. Once the end station had received both the error message and the correction, the error would be corrected. The Blancs put another accomplice, equipped with a telescope, close to the last station on the line to Bordeaux. He would read the “errors”, translate it and relay the news to the Blancs.
The scam went undetected for two years and was only exposed when the crooked operator in Tours fell ill, and he decided to bring into his confidence a friend, who he hoped would take his place. Unfortunately for him, his friend had a clearer conscience and reported the operator to the authorities. Down went the Blanc brothers, but because there was no clear law regarding misuse of the telegraph system, the brothers were released.
Looking back at the incident now, one can see that the French semaphore system was hopelessly insecure, and if not the Blancs somebody else would have taken advantage of it, perhaps in some other ways. As long as there is a loophole, people will exploit it, and as with all security systems, the weakest link is always the human. A strong email password is useless if you write it down and keep it in your wallet. No matter how advanced a credit card company’s fraud detection technology is, it still cannot prevent its users from giving out their card number and pin to anonymous callers. In the case of the Blancs, it was corruption of the telegraph employees.
“The tale of the Blanc brothers is also a reminder that with any new invention, people will always find a way to make malicious use of it,” writes Tom Standage of The Economist. “This is a timeless aspect of human nature, and is not something that technology can or should be expected to fix.”
Comments
Post a Comment