How Allan Scherr Hacked Around the First Computer Password 89
New submitter MikeatWired writes "If you're like most people, you're annoyed by passwords. So who's to blame? Who invented the computer password? They probably arrived at MIT in the mid-1960s, when researchers built a massive time-sharing computer called CTSS. Technology changes. But, then again, it doesn't, writes Bob McMillan. Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early '60s, came clean about the earliest documented case of password theft. In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn't nearly enough time to run the detailed performance simulations he'd designed for the new computer system. So he simply printed out all of the passwords stored on the system. 'There was a way to request files to be printed offline by submitting a punched card,' he remembered in a pamphlet (PDF) written last year to commemorate the invention of the CTSS. 'Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.' To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab's director Robert Fano, and leaving 'taunting messages' behind."
More on CTSS (Score:5, Interesting)
CTSS is notable for a lot of things. Like having the first e-mail, and the first spam.
http://opinionator.blogs.nytimes.com/2011/06/19/did-my-brother-invent-e-mail-with-tom-van-vleck-part-one/
The first documented hacking occurred earlier, to make certain networking-esque programs work.
Re:what is a password? (Score:5, Interesting)
it's a route, the way to connect to your phone. A password is more like a key, if you have one then you can get into your whatever.
Worst password/pin. A telephone system at a major event many years ago, each journalist was given a unique 4 digit pin, they enter it and get dialtone and dial. Took about 10 seconds for them to workout that they could just pump in 4 digit codes until they got dial tone and they were then using other peoples accounts. Or the Video store software that stored passwords in plain text in a file called PW.TXT.
First keylogger? (Score:5, Interesting)
I'm sure not the first time it happened, but while in college in the mid '80s, the computer lab was set up with 68k-based evaluation boards to use for embedded systems programming assignments. The boards had two serial ports, one to the ASCII terminal and another to the Sun server. The boards normally operated in a transparent pass-through mode when they weren't being used, and a hot-key was used to access the board directly.
We realized that we could easily install code to look for "login:" and "password:" coming from the server and catch the replies and save them in memory. We'd check back towards the end of the day and harvest the results. We were on very good terms with the head of the CS department, so when we told him about our little exploit and proved it with his password, he was more amused than anything else.
We didn't keep or use any of the passwords, but thinking back on it, it could have been quite lucrative to sell them to a certain group of CS students who were quite prone to cheating. Those were the ones that you could put their assignment printouts together (I worked as a TA for a while) and hold them up to the light to see they were identical except for the variable names. One of them also set fire to the pile of final assignments that had been left on the floor outside a professor's office in a 100+ year old building, figuring if nobody's assignment got turned in, the professor couldn't grade them (yeah, too dumb to realize all those programs were still on the server). That was a very narrowly avoided tragedy. Ah, memories.
By 1970, the FBI was arresting hackers (Score:3, Interesting)
When I was attending a small techical college which had government contracts, one student got passwords to several research accounts and used them for homework and for the primitive games of the time. He started with guessing simple ones and shoulder surfing. After a couple of catch-and-release sequences, he seemed to self-destruct. He started running CPU and memory intensive do-nothing programs to deliberately tie up the computer. He was finally arrested, expelled, tried, convicted, and jailed.
He was sure proud he could do it. He was sure resentful that computer time wasn't free.