The Nineties in America - Salem Press (2009)

using phone technology. In 1994, he was caught and
pleaded guilty to a number of computer crimes. He
served almost four years in prison and was barred
from using computers for three years after his re-
lease. He later became a journalist, writing about
computer security, among other things.

Social Engineering and Trojan Horses In social en-
gineering, a hacker uses deception to gain informa-
tion that can be used to compromise the security of a
computer or network. A Trojan horse is a program
designed to appear to be doing one thing (such as
searching the Internet for information) but that ac-
tually does something else (such as searching a com-
puter’s cookies for a credit card number). A Trojan
horse is often introduced into a system by social en-
gineering. For example, a Trojan horse can be in-
stalled by requesting a user to click a link in an e-mail

or Web page. It is interesting that

some of the earliest attacks by Mit-

nick and Poulsen were through

social engineering, and that many

of today’s worst attacks are perpe-

trated by Trojan horses, installed

by social engineering.

There were numerous Trojan

horses in the 1990’s. Some of

the most interesting Trojans were

programs that appeared to be

remote administration tools for

Microsoft Windows 98. The same

technology that could be used for

remote administration of Win-

dows was perfect for a Trojan

horse that could take information

from a user’s computer, while be-

ing controlled remotely. ProRAT

(Professional Remote Adminis-

tration Tool) and Back Orifice

(developed by Josh Buchbinder,

better known as Sir Dystic of the

Cult of the Dead Cow) were two

remote administration tools that

had Trojan horse versions.

Impact During the 1990’s, hack-

ers attacked a number of impor-

tant computer systems. As a result

of their success, government, in-

dustry, and individual computer

users realized that securing their

computers and computer networks was extremely

important. Society ceased thinking of hackers as

misguided enthusiasts and began to treat them as

criminals.

Further Reading

Baase, Sara.A Gift of Fire: Social, Legal, and Ethical

Issues for Computing and the Internet. 3d ed. Upper

Saddle River, N.J.: Prentice Hall, 2007. A well-

written book that covers cyber security, privacy,

and law.

Mitnick, Kevin D., and William L. Simon.The Art of

Intrusion: The Real Stories Behind the Exploits of

Hackers, Intruders, and Deceivers. New York: John

Wiley & Sons, 2005. Another book by Mitnick de-

scribing hacking from the viewpoint of a real

hacker.

Mitnick, Kevin D., William L. Simon, and Steve

The Nineties in America Hackers
397

In his 2002 bookThe Art of Deception: Controlling the Human El-

ement of Security(coauthored with William L. Simon), Kevin Mitnick

describes how he got his start on the road to computer hacking:

My first encounter with what I would eventually learn to callsocial

engineeringcame about during my high school years when I met

another student who was caught up in a hobby calledphone

phreaking. Phone phreaking is a type of hacking that allows you to

explore the telephone network by exploiting the phone systems

and phone company employees. He showed me neat tricks he

could do with a telephone, like obtaining any information the

phone company had on any customer, and using a secret test

number to make long-distance calls for free. (Actually it was free

only to us. I found out much later that it wasn’t a secret test num-

ber at all. The calls were, in fact, being billed to some poor com-

pany’s MCI account.)

That was my introduction to social engineering—my kinder-

garten, so to speak. My friend and another phone phreaker I met

shortly thereafter let me listen in as they each madepretextcalls to

the phone company. I heard the things they said that made them

sound believable; I learned about different phone company of-

fices, lingo, and procedures. But that “training” didn’t last long; it

didn’t have to. Soon I was doing it all on my own, learning as I

went, doing it even better than my first teachers.

The course my life would follow for the next fifteen years had

been set.

Birth of a Social Engineer