Sunday, March 26, 2017

What the Phrack

Every wonder about all those "PH's" used in hacking terms like phreak, phrack and phishing? I watched a CBS Sunday Morning story about phone booths and it occurred to me that there are at least two generations who have no idea what "phreak" or "phrack" mean, or why phishing is spelled the way it is. It all goes back to phones.

Back when answering machines started to catch on, we could call our own landline from a pay phone to punch in a code on the keypad or, if calling from a rotary dial phone, hold a device up to the telephone handset that played a simulated tone sequence to tell the answering machines to play messages. Hackers of the 1970's and '80's figured out that those tones could be used in creative and unexpected ways to manipulate phone lines. Free long distance calls were a popular choice (and illegal, it must be noted, as it constituted fraud against telephone companies). Hackers also discovered that universities and governments sent data back and forth over phone lines, too. Remember the 1983 movie, "WarGames"? The act of these types of phone line shenanigans became known as "phreaking." I confess, I have no idea why hackers (also known as "crackers" back in the day) were called "freaks," but I can guess as early reverse engineers were considered social outsiders. Anyway, the spelling quickly evolved to marry the words "phone" with "freak."

Thus, a cultural pattern was born.

So, what's "phrack"? Well, it's actually capitalized. Phrack was the first and remains the longest-running hacker 'zine. Its founders named it by combining "phreak" with "hack." Understandably, early issues focused on the ways, means and underground culture of phone hacking, as it predated technologies like broadband and the Internet as we know it today. In its 7th issue in 1986, Phrack published, "The Conscience of a Hacker,"(sometimes referred to as "The Hacker Manifesto") which formed the basis for the archetype of a hacker as an outcast teenager in his mom's basement. In the 1990's data carriers moved from phone lines to Ethernet and Phrack branched out, too. They published arguably THE seminal article on uncovering and exploiting code bugs in 1996, "Smashing The Stack For Fun And Profit," by Aleph One (aka Elias Levy, the moderator of a popular network and host vulnerability disclosure forum at the time).

"Phishing" has similar roots in telephony. Phishing is a form of social engineering, more simply stated as a con job. It relies on the con artist, or phisher, tricking unsuspecting victims into supplying their user names and passwords to online properties in any number of ways. The term "fisher" was first used in 1995 in a multi-featured hacking tool targeting the then-king of the World Wide Web, AOL. The tool is long gone but AOHell's documentation is still online here (warning: strong language). "Fishing" transitioned to "phishing" in 1996 by members of the popular hacking forum (then known as "newsgroups") alt.2600 who adapted it in a nod to hacking's roots in phreaking.

As an aside, if you haven't seen "WarGames," you really should. Not only is it the phirst - er, first true hacking movie, it still holds up as one of the best IMHO.

No comments:

Post a Comment