What ended up phone phreaking


There is a legal legend that in the sixties or seventies of the last century a developer deliberately built a rounding error into a program for billing bank interest. At the third (or another) decimal place, he should have cut off the credit value and credited it to his own account. That should have brought him real clay. However, there is no evidence of this.

This legend could have been the first real cybercrime action.

In any case (2008) I have the Cybercrime based on the division of labor is defined as the planned commission of IT crimes that are individually or collectively of considerable importance. Your planning perpetrators fall back on established structures and groups with specialists whose services and actions they bring together to achieve the criminal goal. IT crimes in this sense also include, above all, those that use technical communication networks to carry them out.

By emphasizing the division of labor, cybercrime proves to be a very modern form of crime, which is actually confirmed by the experience and benchmarks from the last 20 years.

IT prehistoric times
electrotechnical age
electronic start-up time
Expansion and abuse
Internet and organized virus market
commercial internet and organized cybercrime
Conclusion 1: No alternative
Conclusion 2: New dangers
Conclusion 3: New perspectives

In this essay, I am concerned with the roots that were decisive for cybercrime and the forms that distinguish it from other forms of crime. For this purpose, I have determined historical key data that are likely to be decisive for the topics of telecommunications - TC, information technology - IT, business and, finally, cybercrime. I looked at them in their chronological order and placed them next to one another.

In the end, it doesn't matter whether I always set the right milestones, a technological cornerstone should be set a few years earlier or later, or whether I should have named other priorities. The key points show that the roots of IT go back several centuries and those of TK for almost 200 years. I did not even consider the philosophical and mathematical preparatory work (for example by Leibnitz). In any case, they owe their support and their contours to Industrialization.


I concentrate on cybercrime in the strict sense. These are the manifestations that telecommunications and information technology deliberately misuse to develop new forms of crime or new variants, which have thus become independent forms of crime. This is especially true for hacking, malware spreading and carding.

Carding, which sounds harmless, describes the handling of data spied on by payment cards and was given an organized structure through the establishment of CardersPlanet (2001). Cards had also been stolen and their data spied out and misused beforehand. But these were mainly forms of trickery and the auxiliary use of IT.

Special forms of carding emerged with phishing (around since 1996) and skimming, which arose around 2000 and has occupied the BGH since 2003 (time of the offense there: 2001), whereby for me the decisive factor is the use of reading devices (skimmers). Carding is better described with the generic term "identity theft", which ultimately means the misuse of all personal data for money and goods transactions as well as other activities under a foreign identity.

There were precursors to cybercrime until 1982, but no cybercrime worthy of the name. One of these forerunners is phreaking (from 1957), i.e. the creeping of telephone services. The same applies to the hacking against mainframes, which began sometime in the 1960s and was run by students who initially penetrated the computers at their universities through play. The first spam email was also rather stupid and thoughtless (1) as malicious.

Malicious hacking and viruses existed before, but organized cybercrime began 1990 with the first "hacking factories" in Bulgaria, which I have only known since the extremely important article by Paget (2). From then on she went off, the Dinknesh (3).

The subjects of copyrights, industrial property rights, fraud in trading platforms and web shops, child pornography, stalking and malicious opinion disputes are deliberately lacking here. These topics have seen new environments and forms with the Internet, but are not really new. They deserve attention, especially when they are used to generate profit and in covert structures. Nevertheless, I neglect it in order to concentrate on cybercrime in the narrower sense.

IT prehistoric times
first Atlantic cable
yeartelecommunicationsInformation technologyeconomyCybercrime
1728 Punched strips (wooden plates, looms)  
1835 relay  
1837Morse telegraph   
1847  Siemens 
1850first Atlantic submarine cable   
1861Phone of rice   
1871  Western Union introduces payment service 
1877Telephone connection   
1881Telephone switchboard   
1885  AT&T 
1887 Tabulator, punch card  
1890 vinyl record  
1892automatic exchange   
1894  Credit card 

Fast reader, 200 cycles per second
Eduard Rhein, 1940

Looms are pre-industrial machines that were optimized for mass production at an early stage. As early as 1728 - before Emanuel Kant was born - the weaving patterns were controlled by primitive predecessors of the punched tape. They consisted of strung wooden panels. Nevertheless, it was possible to use them to transport information and control work processes. This is IT.

The relay was the first electromagnetic switch. It originated in 1835. Mary Wollstonecraft Shelley had already invented "Frankenstein" in 1818.

Industrialization is the cradle of telecommunications. As their starting point I use the Morse code telegraph from 1837. It used electricity and cables. Siemens was founded only ten years later.

Even before telephony could function properly (Reis, 1861), the first transatlantic submarine cable was laid in 1850 - for communication using Morse code! It was so effective that it was worth carrying out the first major electrical engineering project.

Western Union was founded in 1851 and built telegraph connections across the United States. In 1871 the company started its payment service by telegraphic instruction.

The first major technology for the modern information age was telephony. In 1877 there was the first permanent telephone connection and in 1881 the first telephone exchange with the "Fräulein vom Amt". AT&T was founded in 1885.

Automated information processing is likely to have its milestone with tabulating machines. In 1887 the first was used in connection with a US census. She sorted and added information packages in the form of punch cards.

I take the analog record from 1890 as the basis for the modern data carriers. The automatic, relay-controlled switching center followed in 1892 and thus not only a milestone for telecommunications, but also for electronic data processing. At that time, the circuit still worked on the basis of power surges of different lengths. It forms the basis for addressing in telephony.

In 1894, the first American restaurants introduced credit cards for their best customers. On them was the "good name" of the customer to whom the invoice was later sent. This is nothing more than the lid in the local pub.

yeartelecommunicationsInformation technologyeconomyCybercrime
1912 Tube amplifier  
1923 Enigma  
1924  IBM 
1934 transistor  
1935 Tape from AEG  
1938Telegraph network   
1939  Cash dispenser 
1940 Magnetic tape  
1941 Z3  
1943 Colossus  

Plug-in card, IBM (Shrigley)

In the first half of the twentieth century the basic building blocks for IT were created and finally the first computers were built in 1941.

In 1912 the relay was replaced by the switch tube and the first tube amplifier was introduced. As with the coil (potentiometer), not only could it be switched "on / off", but flow processes could also be controlled. The First World War and many technological refinements of mechanical processes, flight technology and assembly line technology followed (Ford, 1913).

For me, Enigma is the first processor (from 1923). The cipher machine is electrically powered and converts characters into others in a cryptic process. For this purpose, metallic disks are inserted into the device, which, like circuit boards, conduct electrical currents from one contact point to another. By rotating the discs and their specific switch functions, the information is cryptographically encrypted.

The IBM company was founded in 1924.

Ten years later, the tube was replaced as an electrical switch and the transistor was born. In 1935 the first tape recorder was manufactured by AEG.

A milestone for TK is the creation of the first teletype network in 1938. The following year, the ATM was presented and met with little response.

Great innovations in IT followed during the Second World War: After the mass production of magnetic tapes (1940), Konrad Zuse completed the first freely programmable computer with the Z3 (1941, Steam engine computer). The machine consisted of relays. Her tube computer followed in 1942 and 1943: ENIAC in Great Britain and Colossus in the USA).

electrotechnical age
Parallel modem
yeartelecommunicationsInformation technologyeconomyCybercrime
1947  GEMA 
1955Transistor computer - TRADIC
1956 hard disk  
1957   Phreaking
1958 integrated circuit  
1960Communication Satellite (Echo 1)   
1963 Cassette recorder - Philips Hacking - phone
1964 Disk Operating System - IBM  
1966 Acoustic coupler - modem  
1968 programmable
Calculator - HP
Euro check 
1969ARPANETUnix, floppy diskEC card,


Sputnik (1957, replica)

After the Second World War, the mass production of electrotechnical devices began and further building blocks were created and refined that are indispensable for today's IT.

GEMA, the best-known collecting society for copyrights in this country, was founded as early as 1947.

With TRADIC, the first computer equipped with transistors was put into operation in 1955. In 1956 the first hard disks were produced and replaced magnetic and punched tape tapes as mass storage devices. The integrated circuit IC followed in 1958. This is the first electronic component that combines a large number of circuit elements and, above all, transistors, thus introducing microtechnology. It is the forerunner of today's processors. IC and hard disk are two of the essential components of today's PCs.

As early as 1957, phreaking emerged as an early form of cybercrime. This summarizes methods for making free calls. Their most important methods are the manipulation of the dialing process and the exploitation of spied service numbers that the employees of telephone companies used for test purposes.

The first mainframes were used in the military and universities in the 1960s. At the same time, the first forms of hacking emerged from 1963, which at the time was limited to telephone technology and its systems. The first communications satellite was tested as early as 1960 (Echo 1) and in 1963 the Philips company presented the first cassette recorder.

To control mainframes, IBM introduced the first disk operating system in 1964, which revolutionized main memory (= working memory).

The acoustic coupler, a special type of modem, followed in 1966. This device converts digital data into (analog) tones, which can be transmitted in the analog telephone network and converted back into digital data in the remote station. The special feature of the coupler was that it had two tubes or bulging rings into which a telephone receiver could be inserted.

In 1968, Hewlett Packard began selling the first programmable pocket calculator (with a completely weird input logic). The following year, not only was the first floppy disk introduced, but Unix for mainframes was also created. Since then, this has been the leading operating system that controls computers, their peripheral devices and functions. The core of Windows can still today not deny its origin from Unix and Linux is nothing more than a post-programmed Unix.

On August 25, 1967, television in Germany became colored.

The introduction of the Euro-Check (1968) and immediately afterwards the EC card (1969) as new (in addition to the credit cards of the restaurant chains) generally accepted means of payment in addition to cash are of economic importance.

The era ends with the ARPANET. This was the first permanent network for (military) mainframes, which would later become the Internet. The CompuServe company was also founded in 1969, initially only leasing computer time to other companies.

electronic start-up time
CD-ROM (Kulshreshtha)
yeartelecommunicationsInformation technologyeconomyCybercrime
1971 Processor - Intel  
1972 Magnetic stripe  
1973 PC - Xerox AltoSWIFT 
1975TCP / IP in practiceSQLMicrosoft 
1976   Hacking jargon
1977  Oracle 
1978   Spam
1979 CD-ROM  

Intel 4004

In the seventies of the twentieth century the first personal computer was born and the main protocol for the Internet was introduced. With Microsoft and Oracle, two companies emerged (for example) that will be decisive in the following decades.

In 1971, Intel presented the first processor, an upgraded integrated circuit that was optimized for arithmetic operations.

In 1972 the magnetic stripe for payment cards followed and in 1973 Xerox introduced Alto, the first PC. This device already had a pointing device (mouse). This was the starting shot for modern IT. All miniaturizations were completed and merged - a process over 30 years since the Z3.

In 1973, SWIFT began, the banks' first international and increasingly automated clearing system for cross-border payments, which still exists today. It has only lost its importance because powerful clearing systems for private payment transactions have also become established (e.g. Visa, Master, Maestro, etc.).

In 1975 the Internet protocol (TCP / IP) was introduced for international computer networks. It is still valid today and forms the set of rules for addressing and sending data on the Internet.

In 1975 the database language SQL was also created. Together with Unix, the syntax and performance of SQL form the basis for all relational databases. Both have been expanded and optimized over time and form the basis for today's IT.

Also in 1975 the young founders of Microsoft started their business operations.

Hacking was a sporty academic specialty for many years. Her playful protagonists - the hackers - were enthusiastic about the functionality and possibilities of IT, tried to trick, found security gaps and on these occasions developed a special culture that oscillates between two extremes: On the one hand, she is concerned with securing IT through the Trying out and discovering gaps and, on the other hand, more and more profitable abuses were practiced. At first it was about two things: Either about the parasitic access to very expensive computing time or - more and more - about the access to secret information of others. Despite all the assertions of "we are the good guys", hacking is still exactly in this gray area of ​​tension. 1976 is a milestone because the hacking culture was given a name for the first time and its specific language usage was documented.

In 1977 the company Oracle was founded, which would be inconceivable without SQL. Today it is still the leading database provider worldwide.

In 1978 the first spam email was sent. Regardlessly and still thoughtlessly addressed to everyone who was reachable via the network at the time. In 1979 the CD-ROM was launched as a sound carrier.

Expansion and abuse
yeartelecommunicationsInformation technologyeconomyCybercrime
1981 MS-DOS Chaos Computer Club
1982 MultiplanAdobeVirus for Apple II
1983Domain Name System,
On-Screen Text - BTX
1984  Dellccc: online banking manipulation,
Cult of the Dead Cow
1985 Windows,
MS Excel
 KGB hack,
Bavarian Hacker Mail: Trojans,
Gotscha: Trojan, erases hard drive
1986.de  Boot virus for DOS
1987ISDN - introduction McAfeememory resident virus - Lehigh
1988  AOL 
  Virus epidemic in Russia


The eighties brought the breakthrough for user programs. A mass market slowly emerged, which was more and more hotly contested. The winner is Microsoft. From the mid-eighties onwards, the early cybercrime unfolded with power.

From 1981 the still insignificant company Microsoft marketed the DOS operating system on the consumer market. With the development of the spreadsheet program Multiplan, the company started an extremely aggressive predatory policy against all competitors in 1982, which it continued with the word processing program Word (1983).

With Windows, MS created the first version of a graphical user interface in 1985 - modeled on Apple. The operating system as device management and user guidance as a graphic attachment were still separate. That only changed in 1994 with OS2 - MS unpopular partner project with IBM - and in 1995 with Windows 95.

With the graphical user interfaces and user programs came the end of the omnipresent command line, which could only be operated by those who were familiar with the syntax and functions of their programs. Multiplan was still a hybrid that required the user to have a deeper knowledge of command characters. That was then different: graphic symbols (icons) and intuitive operating elements appeared on the screen and opened up more playful access to IT even for the uninformed user.

With Excel, MS created a spreadsheet program in 1985, to which most competitors actually capitulated.

Long later, in 1992, the Adobe company was founded. It was best known for its PDF editors, which make platform-independent document exchange possible.

With the start of testing teletext (1980), the first graphic form of electronic communication emerged. Teletext is, as the name suggests, text-based and is used on television for supplementary program information and messages that are fed in by the organizer.

In contrast, Videotext (1983) is a network communication system based on the telephone network. A special terminal or modem was required, and the television set could be used as the screen. BTX merged with Datex-J in 1993, which in turn was discontinued in 1997.

American Online - AOL - became one of the world's leading internet access providers in 1988 (until the mid-1990s).

In 1983 the Domain Name System - DNS - was introduced. It is a supplement to the numerical addresses of the Internet Protocol and facilitates navigation by means of descriptive names. The German country domain .de was set up on this in 1986. The namespace was initially administered by the University of Dortmund and from 1993 by the University of Karlsruhe.

In 1979, the then state-owned Telekom began to digitize its switching centers. The signal transmission initially remained analog. That was the first step away from electromagnetic addressing and opened the way to value-added services, number portability, forwarding and other bells and whistles that we know today.

In 1987 Telekom introduced ISDN, i.e. completely digital telephony. The system is based on two networks, the signaling network, in which the connection is controlled and billed using the user data stored in databases (inventory data), and the connection network, which is used for the actual communication. This creates an "intelligent network" because the call number no longer depends on the physical nature of the network and the location of the subscriber, but on the switching data that is stored for him.

Finally, in 1989, the first mobile phone was presented.


Hypertext Markup Language - HTML - is a relatively simple scripting language that controls what is displayed on a screen, including text, formatting, and multimedia elements. Without them, the colorful Internet would be inconceivable. It was developed in 1989 at the CERN nuclear research center.

The computer magazine first appeared in 1983. It still exists today and is likely to be the most important print medium on this market.

Dell was founded in 1984.

In 1981 the Chaos Computer Club - - founded. He tries to preserve the imagination of the classic "academic" hackers, which includes not only the playful and not always entirely legal handling of IT. You have to let him know that destructive and profit-oriented actions are alien to him. For that he has the topics of information security and data protection are increasingly occupied. The BVerfG has asked him to comment several times and has quoted him widely in connection with the online search and data retention.

1984 made the Talked about for the first time in the general public when he demonstrated the loopholes in online banking via BTX on television by shifting DM 135,000 from a savings bank in Hamburg to his own bank account.

Another caliber is the "Cult of the Dead Cow" club, founded in the USA in 1984. He stands for activism, aggressively fights against reactionary websites that are hacked and changed (defacement), and for freedom of expression - especially in China. He is also constantly releasing anti-malware software.

The history of malware began in 1982 with the first circulating virus for Apple II. Viruses are characterized by the fact that they nestle in files, are transported with them and finally executed.

In 1985, several hackers from Hanover began researching military and other network-connected facilities in the USA for usable information on behalf of the KGB. Clifford Stoll turned it into an exciting novel (Das Kuckucksei).

In 1985 the Bayerische Hackerpost reported for the first time on Trojans. They are distinguished by the fact that they present themselves as a complete program that has a useful function. In the background, however, they have a harmful effect - like "Gotscha" who erased hard drives (also in 1985).

However, it is still the viruses that have continued to develop. In 1986 the first boot virus became known. It embeds itself in the mass storage media that are used to start the computer. This means that it is available after every start without having to call up a carrier file.

Lehigh was the first memory-resident virus (1987). It remained in the main memory and spread as a boot virus on all mass storage media with which the infected computer came into contact. This also applied to completely new or freshly formatted mass storage devices.

In 1987, the McAfee company was founded. This is where the commercial defense against malware probably began.

In 1989 a real virus epidemic broke out in Russia. With a bad tongue one could say: ... because that is where most of the pirated copies were in circulation.

Internet and organized virus market  
yeartelecommunicationsInformation technologyeconomyCybercrime
1990   polymorphic virus,
Hacker factories in Bulgaria
1991D network   
1992RIPE-NCCWindows 3.1,
1994Value-added services Amazon, Yahoo 
1995ISDN nationwide,
Multi-tasking on Windows,
Internet Explorer
1996DENIC eG Schlund + Partner,
Porn online, phishing
1997  Strato,
1998ICANN, DSL Google,
Napster (file sharing)
Virus factories in Russia,
1999 SETI (distributed computing),
OpenOffice.org under SUN
 HangUp team (Galaiko, Petrichenko, Popow),
Compuserve judgment


In the 1990s, IT conquered the mass market, the Internet was shaped and cyber crime began to organize itself.

TK set very important milestones: in 1991, widespread use of mobile telephony with the D-Net began. The first value-added services were introduced in 1994. Thanks to the intelligent networks, they enabled the billing of services that were not limited to technical connections, but also enabled additional services that were subject to a charge. This was followed by the nocturnal request on television: "Call me!"

In 1995 ISDN was introduced nationwide in Germany and DSL followed in 1998. Until then, fast and broadband data connections had only been promised using fiber optic cables - even on the last mile. With DSL it is possible to use the existing copper cables for broadband technology. Since then, the Internet has become faster, more colorful and more diverse.

In 1992, RIPE-NCC began operating as the European namespace administration. It administers the numerical address spaces of the Internet Protocol, which are intended for Europe, the AS numbers for the autonomous systems and forwards name requests for the second level domains of the European country administrations. RIPE-NCC had initially taken on the task of national administrations itself and quickly passed it on to the national operators.

In 1995, the industry association eco took over the German Internet hub - DE-CIX - and expanded it in Frankfurt a.M. to become the most important in the world to this day. A significant part of the data traffic to Eastern Europe and the Middle East is processed through it.

The DENIC cooperative was founded in 1996 and took over the administration of the German namespace from the University of Karlsruhe. The .de domain owes its leading role as a country domain to its liberal registration practice and the low prices of hosting companies (for example Schlund + Partner and Strato, founded in 1996 and 1997).

In 1998 with ICANN a kind of umbrella company with 21 administrative boards from all over the world was created for the administration of the address spaces, the domains and the autonomous systems in the Internet. These tasks had previously been carried out by the IANA, which has since been a kind of subdivision of ICANN.

The administration of the Internet, and especially that of the central root server, was until then directly subordinate to the US administrative authorities. With control over the root server, accessibility can be controlled and excluded within certain limits. In the meantime, root servers are also operated on other continents, so that unilateral influence is considerably more difficult.

ICANN still has a powerful political role to play through the administration of the numerical address spaces, the permitted DNS spaces and the AS numbers. The dominance of the USA can still be clearly felt.


The fundamental technical breakthroughs for IT were complete in the 1980s. In the nineties it conquered the mass market, whereby the user interface Windows 3.1 and the ability to multi-tasking since Windows 95 are likely to be of particular importance. The latter is the ability of a computer to carry out multiple processing operations at the same time. Unix (since 1969) and Linux (since 1992) can do this too, but they have not yet played a role in the consumer market.

With Windows 3.1 MS had slept through the influence of the Internet. In 1995, the company made the first free Internet Explorer available, effectively replacing the Netscape browser. In this context, MS was repeatedly accused of making the market access of competitors more difficult and hindering by bundling the operating system and browser. In Europe in particular, this led to competition law sanctions against the company.

It was not until 2002 that Firefox, an open source product, came onto the market that took significant market shares from the MS browser.

Serious competition to MS products began to mature in 1999 when SUN, an established mainframe provider, acquired the open rights to OpenOffice.org and supported the free international developer community. The performance of this office package may not come close to the commercial MS Office. However, it forms serious competition.

On the German market, it was AOL, Compuserve and the subsidiary T-Online founded by Telekom in 1995 that offered Internet access services. All three companies combined this with their own content offers and host storage on which their customers could present themselves on the Internet.

The search engine Yahoo was created in 1994, AlltheWeb (Fast) in 1997 and Google in 1998. They scoured the Internet with crawlers and built up powerful databases, with AlltheWeb initially surprising with excellent accuracy. Google, on the other hand, has been optimizing its search routines to this day and has not unjustly become the market leader and the criticized data octopus.

With Metager, a meta search engine was created at the computer center of the University of Hanover in 1996 that promised to make around 99 percent of the German Internet available. For this purpose, it does not fall back on its own data collections, but compiles the answers from other search engines and presents them to the user.

The beginning of the commercialization of the Internet is shown by the founding of Amazon (1994) and eBay (1995).

Napster was the first provider of file sharing services in 1998. The files offered and distributed are not stored on central file servers, but are exchanged directly by the "peers" involved. The file sharing service only manages the availability of its users and the inventory of the data they offer. With the increasing spread of protected music and film works as well as commercial programs, file sharing platforms are under criticism and legal attacks.

In search of messages from extraterrestrial intelligence experts, the SETI project has been running a variant of file sharing since 1999: the computing power of many connected PCs is used to evaluate logs to search for characteristics of intelligence. This type of distributed computing is also used today in botnets for cracking access codes and encryption.


In response to virus scanners, malware writers created the first polymorphic virus in 1990. It was constantly changing its shape and size, so that it could not be recognized with the usual methods.

In Bulgaria in 1990 and in Russia in 1998, hacking factories were set up as a result of economic crises, and later in Russia, hacking schools were also set up. In them, hacking attacks and malware programming were carried out on a commercial basis as commissioned work for money.

In 1996, the first porn offers became known on the Internet and phishing emerged in connection with spam e-mails, i.e. the targeted spying out of access data for online banking. In 1999, Galaiko, Petrichenko, and Popow formed the HangUp team, which in the years to come will produce notable malware related to Trojans, worms, and botnets.

In 1995 SoftRAM came onto the market. Double-Space already existed and it led to a (slight) increase in storage space on mass storage devices (hard drives and floppy disks) by compressing all files into a single large one. SoftRam promised the same for the RAM, which was still rare and expensive at the time. The fake was discovered after it was published in the c't.

The dialer was created in 1997. These dial-in aids promised the automatic configuration of the Internet access and bent the settings with glee so that the PCs only made contact with expensive value-added services. The variety of shapes of the dialers and the tricks they were equipped with were remarkable. They were distributed especially as Trojans and it was reported that individual variants secretly and maliciously changed the system settings and then changed their form when started for the first time. From then on, the program obediently asked if it could change the settings and indicated the consequences. The prosecution failed because of this.

The rip-off ended in 2003 with a registration requirement for dialers and value-added services (01900, 0900). The freely tarifiable and often misused value-added service numbers under 01900 disappeared completely from the market after a transition period.

With the flourishing domain name system, grabbing emerged in 1998, i.e. the snatching away of brand names and other valuable names with the hope of negotiating a good price for them. With regard to brand names, this soon became a criminal offense (trademark abuse, extortion).

With the Information and Communication Services Act - IuKDG - a body of law was created in 1997 to regulate telecommunications and the Internet. Large parts of it are devoted to the granting of anonymity and data protection.

A key part of this is the Telecommunications Act, which replaced the Telecommunications Systems Act. The absurd separation between teleservices and media services was only put to an end in 2007 by the Telemedia Act.

In 1999, the much-criticized Compuserve judgment was issued against the company's German managing director. He was held responsible for illegal but foreign content that was mainly hosted in the United States. The judgment did not stand on the appeal.

The discussion about the responsibility of access and host providers for third-party content never stopped completely and most recently revived in connection with the blocking of child pornographic websites.

commercial internet and organized cybercrime  
2000  Dotcom bubble,
EMC chip
Skimming with readers
2001  WikipediaCardersPlanet (Odessa),
Javaphile (China) against the White House
2002  FirefoxOnline betting (Gambino Lucchese)
2003   Second life 
2004  Flatrate, Flatrate, YouTube, Pirate Bay, WikileaksSasser, home banking Trojan Korgo (HangUp)
2005   Sports betting (betwsc.com; Offshore: Belize),
TJX hack: 94 million customer records,
Financial agents
2006  FaceBook,
ccc: NEDAP voting computer
Russian Business Network, Skt Petersburg,
Botnet: Gozi (HangUp),
McAfee: Organized Cybercrime
2007  iTANPharming,
Attack on Estonia, malware kits
2008   combined hacking and skimming attack against RBS World Pay,
dDoS against Lithuania and Georgia
2009   Twitter worm: JS / Twettir,
Russian ATMs infected with Trojans
2010   Stuxnet


Since 2000, the Internet has established itself as an economic area and cybercrime has organized itself. Stuxnet from 2010 heralds the open cyber war.

When the dot-com bubble burst in 2000, massive amounts of capital were destroyed. Vague hopes and exaggerated expectations for products that had long since become unmarketable had given rise to masses of "Internet" companies whose money was suddenly cut off and disappeared amid loud lamentations.

Only the solid companies from the nineties survived the disaster and there are only a few commercial start-ups such as Second Life (2003), YouTube (2004) and FaceBook (2006) that have been able to establish themselves better or worse on the market.

The open source movement became really successful with the free online lexicon Wikipedia (2001) and the software products OpenOffice.org (from 1999), Firefox (2002), Thunderbird (2003) and a productive Linux (2003) including web server (LAMP).

This series also includes Wikileaks, which has published political documents since 2004 and thus fights for freedom of expression and openness to information - most recently by publishing military documents from the wars in Afghanistan and Iraq.

The "Pirate Bay", founded in 2004, plays a special role in this and now operates what is probably the most important file-sharing service and thus also facilitates access to commercially protected works. Pirate parties emerged from the support of Pirate Bay, which entered parliament in Sweden and achieved considerable success in Germany.

Two economic innovations should be emphasized. As early as 2000, the EMV chip was introduced on the first payment cards, which, in addition to the machine-readable feature, prevents the misuse of counterfeit payment cards if not, at least makes it considerably more difficult. In response to phishing with spam emails, the financial sector in Germany introduced indexed TANs in 2007, making card crime more difficult in the long term.

In 2006 the the vulnerability of the NEDAP voting computer, the introduction of which in Germany was finally prohibited by the Federal Constitutional Court.

In the last 10 years the Internet has blossomed into an integral part of society, economy and administration. It can no longer be "switched off" without pain, as is demanded from time to time. This is especially true for the economy, which has relocated key tasks in the banking and retail sectors to the Internet and could no longer row back without huge effort. This also applies to the information services that have now been established. In any case, I do not want to do without heise.de, de.wikipedia.org, gesetze-im-internet.de and the databases of the BGH and BVerfG with all new decisions.

In any case, social networks are also gaining popularity. Your users and operators still have to get used to critically and above all self-critically questioning what they reveal about themselves and what they can use to make themselves vulnerable.

The data scandals of recent years show that large collections of data can also encourage misuse. The situation is reminiscent of early capitalism at the end of the nineteenth century, when stock corporations and large industrial projects emerged and burst or revealed themselves as large-scale fraud.


In any case, this also applies to cybercrime, which flourished strongly in the first decade of the new millennium.

In 2001 CardersPlanet was founded by 150 Russian programmers in Odessa. This board was used for carding trading, i.e. trading with spied bank and payment card data. This now ranges from simple account data from magnetic strips to dumps with account data including PIN and / or verification number to complete profiles with social security numbers, accounts at PayPal and eBay, etc.

A mafia-like and hierarchical organization emerged behind CardersPlanet.com, which took its "fair" share of all small and large criminal transactions. Other carder boards also increasingly started trading in counterfeit personal papers and university degrees. Reports from 2009 and 2010 speak of the following boards, which award monopolies for criminal services - for example for skimming devices - and service providers who operate web shops and payments for illegal data, program and device trading for a large proportion.

Since 2002, Gambino Lucchese, a member of the American-Italian mafia, has been organizing online betting. In 2005, illegal sports betting followed at betwsc.com, the servers initially being operated "offshore" in Belize.

In contrast, the adolescent kid from the north German lowlands, who has been desperate private users without firewalls with his Sasser worms since 2004, looks almost cute.

In contrast to viruses, worms consist of independent programs that hook into the automatic processing of the PC. Sasser developed so much self-activity that the PCs collapsed under the load as soon as they were started. The bot programs that are common today do that very differently. Your goal is to first spy on the zombie and then abuse it for a long time and as unnoticed as possible.

Sasser also existentially met airlines and other companies that remained very quiet. For good reason. According to US company law, the board members are personally responsible for IT security and no one was prepared to admit anything other than an unexpected technical failure.

The HangUp team developed the home banking Trojan Korgo back in 2004. During phishing, it was no longer important to persuade bank customers to enter their account number, PIN and TAN. The malware spied on online banking immediately. The later and more refined variants automated the process, fooled the user into a successful transaction and at the same time misused the spied iTAN for their own transfers, not without also shooting down the user's internet access in order to cover up the traces of the malware and its backers.

The biggest hack known to date concerned the financial services provider TJX, where around 94 million customer data records were stolen from 2005 and were offered in dark markets until recently. In 2008 the hack took place at RBS World Pay. Although only around 100 customer data were tapped there, the limits of their accounts were set high at the same time. The showdown took place on November 8th, 2008, when the cashing known from skimming was operated in 49 cities and at 130 ATMs around the world and around 9 million dollars were stolen.

In 2009 it became known that Russian ATMs were infected with a Trojan horse and were skimming the source.

In 2005, the financial agents became known as a mass phenomenon. Today, they are increasingly setting up new accounts in their own name, through which the spoils from phishing or other criminal transactions are passed on and laundered. The judiciary shot at them very early and there were convictions for frivolous money laundering. They also bear the civil damages. Bad business.


In 2006 the HangUp team struck again and distributed Gozi, the first functioning botnet malware. It probably worked with the rogue provider Russian Business Network on this.

Botnet programs are malware that focuses on remote control of strange computers (zombies). Like other malware, they must first spread and become established.

The pharmaceuticals that have been in use since 2007 are very preferred. They serve many counterfeit and tampered websites that use injection techniques to install malicious code in the user's browser. This is mostly just a "starter", i.e. a command string with which the malware is first loaded. It then nests, analyzes its environment and then requests the program parts that it needs here. After the update, it nests in the zombie, disguises itself and often first of all peeks out the personal data of the user that it can get hold of. Depending on its orientation, it installs keyloggers for keystrokes, other spy routines, mail servers for sending e-mails or web servers in order to serve as data storage in turn.

The storm worm has shown that the zombies are handled very carefully. The malware is very cautious, tries to remain inconspicuous and hardly interfere with ongoing operations. It updates itself and waits for orders. This can be the sending of spam, a DoS attack, the assumption of administrative functions for the botnet or simply being a terminal for illegal actions by the botnet operator. Always at your service!

The programmers of botware must be familiar with file sharing, remote maintenance, the misuse of exploits (weak points in programs), the use of rootkits (camouflage) and the harmful functions that are to be carried out. This also includes knowledge of economic processes (home banking, price manipulation, financial transactions), social engineering in order to dup the user and leave them careless, and social skills in order to protect himself from criminal prosecution or other embarrassing stalking.

Such a range of requirements can hardly be met by individuals. In 2010, Paget estimated that running a botnet takes around three good programmers. Balduan reported on operating groups as early as 2008, which consist of several craftsmen and a "head" who negotiates orders, assigns and monitors the work to the craftsmen and finally distributes the wages. This is especially true for malware development, with Balduan viewing exploit dealers and rootkit developers as independent suppliers.

This model only works on prepayment. Balduan describes his extreme characteristics with the coordinators. They are criminal project managers and calculate according to three metrics: effort, profit and risk of detection. Then the coordinator recruits people for certain tasks or buys half-finished services, for example carding data that has already been spied out, in order to carry out cashing.

Rumor has it that the Russian mafia will advance the necessary capital.


Let's take a step back: In 2007, malware kits became more common. With clicks and simple mouse movements, malicious programs could be tinkered with, which were soon deactivated and removed by the virus scanners. They had little to do with professional malware.

As early as 2001, the Chinese group Javaphile launched a defacement attack against the White House and spoiled its website. Although the perpetrators came out, they were not persecuted in China. Her head became a security advisor instead.

That initiates a movement Paget calls hacktivism. Further highlights of these more social activities are the cyberwar-like attack on Estonia (2007) and the dDoS attacks against the disloyal countries Lithuania and Georgia (2008) as well as against Radio Free Europe and in connection with freedom movements in the Israeli-Palestinian conflicts.

The examples detailed by Paget show that the disputes are becoming more and more lasting and destructive, also on a social level.

This marked the beginning of the transition to cyber war. Its protagonists are not only the military, but also the powerful criminal organizations, strong nationalist and activist groups, terrorists and finally also commercial enterprises that want to maintain or improve their positions with industrial espionage, destructive pinpricks and final blows.

The recently discovered malware Stuxnet marks the transition to the hotter cyberwar. Its development seems to have been really expensive, it attacks several previously unknown exploits under MS and has specialized in the control of industrial plants. It leaves the virtual world and shows that it can attack critical infrastructures.

The last word is with the rogue providers. An example is the Russian Business Network - RBN, known since 2006 and later submerged, which offers WhoIs protection and bulletproof servers as well as the associated social services: silence and cash in on the secret. The more inquiries there are, the more expensive the service becomes.

Conclusion 1. No alternative


It took mankind several centuries to turn information technology and telecommunications into a virtual environment with a life of its own and firmly embedded in reality. It took less than two decades to fill this technotope with economic mechanisms in such a way that it is indispensable. The third millennium started with a slavish network dependency that not only offered undreamt-of information opportunities, but also options for physical destruction.

In view of the Ford industrialization and totalitarianism, Huxley spoke of a (fascistoid) brave, or better said: courageous new world. On the other hand, the world into which we are currently moving is really brave.

The opportunities and dangers of the cyber world are far from being fully assessed and weighed against each other. The commercial economy has already surrendered to it and is hardly able to pull the rip cord any more. The option to switch off a virtual side world no longer exists. It has become an integral part of the real world.

This is evident not least from the fact that information services and trading platforms are most easily accessible and operated via the Internet. The same applies to communication: fast, faster, immediately.

This is dangerous and deadly for political and strategic decisions. In computer-based stock exchange trading, stupid coincidences led to crashes and the 2000 year changeover in the Berlin fire brigade led to the failure of all important information and communication lines. Their fire engines and rescue vehicles drove patrols through billows of smoke and drunk people.

But there is no way back. A financial economy without online banking and internationally networked ATMs cannot be restored. The same applies to the large retail sector, which has given up its small branches and is now presenting itself on the Internet.

I would not want to do without the market overviews and the information offers that are now available to me, even if there is no need.

Conclusion 2: New dangers


Stuxnet shows that we are on the threshold of cyber war. His warriors will not allow themselves to be stopped by international law, but only if they can expect painful punishments.

We just have to assume that reality has connected itself to its virtual image. It is real and no longer surreal, reflects the usual market mechanisms and has enough interfaces where one environment can merge into the other. webmoney, paysafecard and the dusty e-gold are examples of financial systems that operate equally in the real and the virtual world, the home banking Trojans that switch on in the transfer, and even more so the Stuxnet Trojans that control and control industrial plants able to sabotage are examples of how the virtual world can have a destructive effect on the real one.


There is also targeted hacking. His milestone is to obtain administrator rights. Whoever has them can manipulate everything that the attacked IT can manage and control. The deeper IT penetrates reality, the broader the manipulation options that the hacker can gain. It can control air conditioning, which destroys food, medicines or other things, disrupt transport systems or unrestrained economic infrastructures. I am thinking primarily of financial clearing facilities and no longer just computer-aided, but computer-based stock exchange and securities trading. I suspect that your backups are incomplete because so far it has only been about their operational optimization. Punctual and targeted attacks could therefore cause chaos without equal.

The same applies to the control of infrastructure processes, for example in the power supply or telecommunications. An overload in one place, a malfunction in the other and a failure in the third can trigger cascade processes that break the whole system. If the whole thing is expanded with massive attacks (military, terrorism, criminal attacks), then we have cyber war.

Conclusion 3: New perspectives