We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Robert Clark: Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell (2013) by Phil Lapsley
What do you get when you tie together the following unlikely pieces of information:
In Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell, you get one hell of a great read into the earliest historical accounts of hacking – phone hacking by phreaks. If you loved The Cuckoo’s Egg, then this is a must read. Phil Lapsley spent many years researching the technology and interviewing all the players from both sides. He spoke to the very first phone phreaks in the 50s, the kids at Harvard and MIT, blind teens, and the outlaws and then caught up with the AT&T folks for their side of the story. The very entertainingly told story weaves together the technology (without getting bogged down in it) with the law and, finally, the human stories behind it all. As Lapsley points out, consistent with many from the computer culture, such as Jeff Moss of Black Hat, neither are hackers necessarily bad nor is hacking an inherently negative thing.
Phil Lapsley built a career as a successful engineer and founder of two technology companies. He always had a fascination with phone phreaking and, ironically, his digital Kindle version of this book was hacked, stripping away its digital rights management technologies and getting posted on a free download site. Now he could feel like the president of AT&T and say, “Damn kids!”
Exploding the Phone lays itself out primarily in chronological order except that it uses the “wanted harvard mit Fine Arts no. 13 notebook, 121 pages and 40 page reply, K.K. & C.R. plus 2,800; battery; m.f. El presidente no esta aqui asora, que lastima. B. David Box 11595 St. Louis, MO 63105” as its introduction. What this leads to is an introduction into two separate groups of phone phreaks: an original group of four students from Harvard and MIT and, ultimately, a second group years later who were trying to track down the Harvard/MIT students’ research – the 121 pages with 40-page reply written in their Fine Arts 13 notebook, a notebook never used for, as you might guess, fine arts.
Through this journey we learn the technical details of Alexander Bell’s telephone invention and Western Telegraph’s dismissal of it as a toy (and missed purchase opportunity). We learn how it grew into the behemoth communication system with the largest hard-wired technical flaw ever developed. A flaw that was arrogantly described, unknowingly, in great detail via the November 1960 issue of the Bell System Technical Journal. As Ralph Barclay discovered at Washington State University in 1960, the journal describe Bell’s entire system including the multi-frequency tones piping over the telephone line and, especially, the specific pitch 2,600 Hz or seventh octave E.
After he read the journal, the vulnerability was obvious to him, but if you were a Bell engineer bragging about your system because you were the only game in town with no fear of any competitor building a similar system, you’d miss the obvious alternate use of the information. After building his “box” for free calls and being accused of being a “bookie” (apparently one of the largest uses of blue boxes were by bookies arranging bets for the mob), Ralph found himself in front of a judge. When he told the judge he got his information out of a journal, the judge asked the telephone representative if this was true. The telephone representative admitted it was. The judge then concluded, “[W]hen I was a kid we used to freeze water into the shape of nickels to put into pay phones . . . this is nothing more than a new and ingenious way to do the same thing.”
The book covers many more stories of other phone phreaks, many that you know: Captain Crunch/John Drapper, but also many that you may not know, such as Woz and Jobs’ venture into producing blue boxes for sale. Each story of these phreaks is told not only with great technical details but also diving into the human side of the story with their personalities and motives coming forth full force for us to enjoy and sometimes laugh at.
Lapsley also does an excellent job of focusing on AT&T’s “Greenstar System” used to spy on its customers, which is eerily similar to surveillance systems used today. He tracks Greenstar and its use by law enforcement (without disclosing its details) to bring some of the first prosecutions for phone phreaking. The chapter coving these prosecutions does a great job of following these early cases, many that form the framework for the “rights in property” exception to today’s wiretapping statutes.
If you are interested in the history of hacking, then Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell this is a must read. A mentor once said to me that the best litigators are those who are well-read. If you want to be among the best cybersecurity practitioners, you should know where we’ve been in order to know where we are going. Exploding the Phone, Where Wizards Stay Up Late, and The Cuckoo’s Egg, are three historical must-reads. Fortunately, Exploding the Phone is a rollicking, entertaining look at hacking’s earliest history, and I highly recommend it as Canon-worthy!!