A Cyber Crime Saga

I had both a sense of duty and a sense of dread as I began reading Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott Shapiro.

My duty was sourced in the feeling, fueled by ubiquitous media reports of stolen personal information from credit card companies or plundered customer lists of national retailers, that I needed to understand online data risk to intelligently protect myself and my employer. There was the dread of plodding through what I anticipated would be a nearly unintelligible tome with dense, jungle-like explanations of how a computer server in Belarus may access a laptop to swipe my personal information and sell it to a Chinese malcontent to purchase Bitcoin. It turned out my dread was unfounded and the reading itself quite pleasurable and interesting.

Shapiro begins with two statements. First, “We live in an information society where wealth, status, and social life depend on the storage, manipulation, and transmission of information.”

We also live in a world with the occasional bad actor. “Cybercrime is a business, and businesses exist to turn a profit.” Shapiro explicates the stories of five famous hacks, the personalities involved, and, in layman’s terms, how each were able to succeed.

Uniquely qualified to unwind what in less capable hands would either be boring or convoluted, Shapiro is both an attorney and a philosopher. He is a professor of law and professor of philosophy at Yale Law School and the director of the Yale Center for Law and Philosophy and Yale’s Cybersecurity Lab. He is the author of Legality and the co-author of The Internationalists: How a Radical Plan to Outlaw War Remade the World.

It is Shapiro’s training as a philosopher that is in full bloom at the heart of a central premise in his book that there are societal issues, personal circumstances, and personality profiles that are drawn to endless solitary hours of writing computer code. The virus writer is not “bad, evil, depraved, maniac, terrorist, technopathic, genius gone mad, sociopath.” Rather, “the majority were under the age of twenty-two and all were male.” As an 18-year-old arrested for hacking stated, “I did it to impress people in the hacking community. I wanted to prove myself.”

To understand the history of hacking, Shapiro walks us through the basics of software coding, the early days of the monster central processing units that filled rooms and generated so much heat that they needed their own cooling systems, Alan Turing’s duality principle, Linux, Apache, Python, JavaScript, the invention of the internet, and why our toasters and refrigerators are overripe to be infected by malware acting as entryways to our laptops and subsequently, a millisecond later, to our personal information, credit cards, medical histories, and a ransom demand.

The First Hack

The first computer hack occurred on Nov. 2, 1988, at 11 p.m. Robert Morris Jr. was a PhD student in computer science at Cornell who “wanted to build a program that could explore cyberspace.” As an intellectual exercise, he hoped to see how many computers he could infect with his worm. He returned from dinner a few hours after releasing the virus and realized his experiment was barreling through the nascent internet taking down networks across the country.

Morris became the test case for the first federal prosecution of a cyber crime. A unanimous verdict convicted him of felonious computer fraud. Jail time was averted, a $10,000 fine and 400 hours of community service was handed down, and his parents were saddled with a $150,000 legal bill. “At least my parents still love me,” he stated when it was all over. 

For those among us who keep nude photographs on iPhones, the retelling of how a “young boy from a poor, broken home in South Boston was able to hack the cellphone of one of the most famous celebrities in the world” is instructive. Recall Paris Hilton. What was made public, in addition to her photos, were her entire contact list, email history and entire world of privacy.

In detailing how this happened, we learn how lax software vendors, Apple and others, were publishing their code and manuals online. Microsoft is just one example, albeit a very large one: “Because Microsoft cut its teeth on personal computers, security was never a substantial concern,” explains Shapiro. It wasn’t until 2002 that Bill Gates, CEO of Microsoft, alerted the thousands of programmers he employed “that security would now be a priority.”

Shapiro walks us through the hack of the Democratic National Committee computers during the 2016 presidential election between Hillary Clinton and Donald Trump and how a simple request to a staffer to reset a password allowed the bad actors in. Shapiro methodically traces this to the Russians. “The optimistic scenario saw Putin merely trying to bloody Hillary Clinton.”

What is intensely clear in Fancy Bear Goes Phishing is that computers are only as secure as the users who operate them.