In November 1988, a Cornell graduate student named Robert Morris Jr. inadvertently sparked a national crisis by releasing a self-replicating computer worm on the VAX 11/750 computer at MIT’s Artificial Intelligence Laboratory. Maurice had no malicious intent; It was just a science experiment to see how many computers it could infect. But he made a huge mistake, and once again made the injury rate very high. The worm spread so quickly that it disabled the entire computer network at Cornell University, paralyzed those at many other universities, and even infiltrated computers at Los Alamos and Livermore National Laboratories.
To make matters worse, his father was a computer scientist and cryptographer who was the chief scientist at the NSA’s National Computer Security Center. Although it was not intentional and witnesses testified that Morris “had no cheeky or dishonest bones in his body,” he was found guilty of aggravated computer fraud. The judge was merciful while sentencing. Instead of a 15-20 year prison sentence, Morris received three years of probation with community service and had to pay a $10,000 fine. He went on to found Y Combinator with his longtime friend Paul Graham, among other accomplishments.
The Morris worm is one of five cases of hacking that Scott Shapiro highlights in his new book, Imaginary Bear Goes Phishing: The Dark History of the Information Age in Five Extraordinary Break-ins. Shapiro is a legal philosopher at Yale, but as a child, his mathematician father — who worked at Bell Labs — sparked an interest in computing by bringing home various components, such as microchips, resistors, diodes, LEDs, and breadboards. Their father/son outings have included an annual attendance at an IEEE conference in New York City. Then, a classmate of Shapiro’s high school biology class introduced him to programming on the school’s TRS-80, and Shapiro was hooked. He moved on to work on the Apple II and majored in computer science in college but then lost interest and went to law school instead.
With fellow Yale University student Oona Hathaway, Shapiro co-authored a book titled The Internationals: How a Radical Plan to Criminalize War Reshaped the World, a comprehensive historical analysis of the laws of war spanning from Hugo Grotius, the father of international law in the seventeenth century, all the way back to 2014. This experience has raised many questions about the future of war – namely, electronic warfare and whether they themselves are “the rules”. The topic seemed like a natural choice for his next book, especially given Shapiro’s background in computer science and coding.
Despite this background, Shapiro told Ars, “I honestly had no idea what to say about it.” “I found it very confusing.” He was then asked to co-teach a special course titled “Cyber Conflict Law and Technology” with the Department of Computer Science at University Hathaway and Yale University. But the equal mix of law students and computer science students trying to learn about two very different technical fields has proven to be a difficult combination. “It was the worst class I’ve ever taught in my career,” said Shapiro. “At any given time, half the class was bored and the other half confused. I learned nothing from it, and neither did any of the students.”
This experience led Shapiro to spend the next few years trying to crack that particular nut. He honed C, x86 and Linux assembly code and immersed himself in the history of hacking, making his first hack at the age of 52. But he also approached the problem from his area of expertise. He said, “I’m a philosopher, so I like to go to first principles.” “But computer science is only a century old, and hacking, or cybersecurity, is probably a few decades old. It’s a very young field, and part of the problem is that people haven’t thought about it in principle.” The result was Imaginary bear goes phishing.
The book is a lively and engaging read full of fascinating stories and colorful characters: the infamous Bulgarian hacker known as the Dark Avenger, whose identity remains unknown; Cameron Lacroix, 16, from South Boston, best known for hacking Paris Hilton’s Sidekick II in 2005; Paras Jha, a student from Rutgers University, built a “Mirai botnet” — apparently from a calculus test — and nearly destroyed the Internet in 2016 when it was hacked. Maine Craft; And, of course, the titular GRU hack Fancy Bear that was so pivotal in the 2016 presidential election. (Fun fact: John von Neumann, notes Shapiro, “built a self-replicating bot in 1949, decades before any other hacker… [and] Written without a computer. “)
But Shapiro also provides insight into why the Internet remains so insecure decades after its invention, as well as how and why hackers do what they do. And his conclusion about what to do about it might be a bit controversial: There it is he There is no permanent solution to the problem of cybersecurity. “Cybersecurity is not primarily a technological problem that requires a primarily engineering solution,” Shapiro wrote. “It is a human problem that requires an understanding of human behavior.” This is his motto throughout the book: “Hacking is about the people.” Shapiro portends the “death” of the solution.
Ars spoke with Shapiro to find out more.