The Start of Catalan Internet: Digital security then, and now
Internet security-based crimes are more sophisticated than they were twenty years ago, but user awareness has also increased
The concept of digital security has evolved over recent decades proportionally to internet itself. In fact, at the end of the 20th century, security was taboo among the hacker community. Internet could only be explained by its inherent freedom of access and service and, therefore, the use of concepts related to security seemed a bit like putting gates around it.
It is important to read two texts that became foundational in modern internet for an idea of how far we have come in terms of internet privacy and security. On one hand, A Declaration of the Independence of Cyberspace published by John Perry Barlow in 1996: “We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth”. On the other, A Cypherpunk’s Manifesto published by Eric Hughes (1993): “One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all”. From both two texts it can be seen that freedom of access to information is rule number in for hacker ethics.
THE INITIAL HACKERS
Let’s focus on Catalonia. Mercè Molist is an old hand on the internet in our country. A journalist and writer specialising in technology, IT and security, she has been studying the hacker culture for three decades. Molist explains that Catalan hackers managed the servers of the universities in the early 21st century: “It might be said that security didn’t exist then. For hackers it meant shutting off access to internet resources, which were designed to be open to everyone”.
This ended when things started to get out of hand: “This changed when university students started to go overboard, entering their professors’ computers to copy exams and destroy the work of other students…”, explains Molist. So gradually it was the hackers themselves who entered the servers of the Catalan universities, which ended up establishing the first Catalan and Spanish digital security companies.
“Hackers don’t steal or destroy. They snoop around. They warn you if there’s a problem”, Mercè Molist.
One of the most famous cases was that of the group of hackers called !Hispahack, formed primarily by Catalan IT experts, which ended with four arrests by the Civil Guard in 1998. They were accused of crimes of disclosure of secrets and computer damage to the systems of the Congress of Deputees, NASA, and the Polytechnic University of Catalonia, among others. The case was heard a year later and they were absolved.
Molist’s admiration for the hackers is no secret. She was the founder and main author of the wiki Hackstory.net, a collaborative website that was set up in the summer of 2008 to record the history of the hacker community. Years later, she revised, filtered and sorted all the material published on HackStory before writing the book Hackstory.es in 2013, the untold story of the IT underground in the Iberian Peninsula. For her, there is a clear difference between hackers and bad hackers. In the article “Why I fell in love with hackers” she explains just that: “The hackers who I love wouldn’t harm a fly. That doesn’t mean they haven’t had fun attacking a system at some time, but they don’t steal or destroy. They snoop around. They warn you if there’s a problem”.
THE SECURITY OF .CAT
Since it began fifteen years ago, the .cat domain has set the guidelines in terms of digital security, later followed by other domains. Pep Masoliver has been working in the IT team of the .cat Foundation since 2007 and explains the reasons why the .cat domain is more security and private than the others: “If you register a .cat and you’re the owner, no personal data will be displayed. The direct and practical outcome of this for users is that you save a great deal on spam”, explains Masoliver, “what’s more, the DNSSEC system we use has an additional security layer that foresees a large amount of what might be malicious activities”.
Pep Masoliver remembers the start of the .cat domain: “We started very gradually, taking small yet safe steps so as not to stumble. In fact, when I joined in 2007 we didn’t even have an office, and that was my first job when I started work”.
Pep Masoliver continues to look back and explains how the concepts of internet security has changed since the turn of the 21st century. He points out that the substantial change can be understood through examples such as that of the Whois website. Stop. What’s that? Whois is a kind of open, public directory used to consult the owner of a domain or IP address on the internet. In other words, anyone can enter Whois, type in an URL in the right place, and find out certain data on the owner: “It was created without bearing in mind the fact that someone might use this data to send spam, for example. Users were unaware that their data could be accessed by anyone, including their home phone number.”
MORE SOPHISTICATED DANGERS ON TODAY’S INTERNET
However, the bad guys were also more innocent than they are now: “Fifteen years ago, some people received calls in the early hours because their phone numbers were public on Whois and the automatic calling system of the company to have obtained the phone number was in the United States or India”, continues Masoliver. Although users are more careful than we used to be, the dangers on the internet are more sophisticated.
“We are all players in extensive market research”, Pep Masoliver.
When banking came into play, the concept of internet security was taken to a whole new level for the managing of on-line payments: “This is when digital security and cryptography in accesses and permissions comes to the fore”, explains Mercè Molist. We now know that if you shop on line you have to acknowledge a series of security elements such as an SSL certificate, and identity validation on a second device such as a mobile phone. We also know that “Macs also need an antivirus”, adds Masoliver sarcastically. It’s not a done deal, but: “Even nowadays users are very thoughtless in the use of their mobiles, a device that keeps you connected and sends information 24 hours a day”, warns Masoliver.
We ask Pep if we are controlled through our mobile phones, and he puts our minds at rest by saying that there’s no need to become paranoid. However, “you might say that we’re all players in extensive market research”. The phone operator knows whenever you switch on your phone and start to browse or open an app. All our internet activity can be tracked and potentially analysed to determine our tastes, hobbies, and consumer habits when shopping: “The two companies that know you best are your mobile operator and the company owning the operating system on your mobile ”, says Masoliver.