WannaCry, a computer virus that encrypts data and demands a ransom to unscramble it, hit thousands of computers in May, causing several hospitals in Britain to close their doors. Hardly a week now goes by without a large company admitting that its systems have been breached: Yahoo recently confessed that 1bn accounts had been compromised in an attack in 2013. Cyber-attacks are a scourge of modern life, but their history goes back further than you might expect.
The world’s first national data network was constructed in France during the 1790s. It was a mechanical telegraph system, consisting of chains of towers, each of which had a system of movable wooden arms on top. Different configurations of these arms corresponded to letters, numbers and other characters. Operators in each tower would adjust the arms to match the configuration of an adjacent tower, observed through a telescope, causing sequences of characters to ripple along the line. Messages could now be sent much faster than letters, whizzing from one end of France to the other in minutes. The network was reserved for government use but in 1834 two bankers, François and Joseph Blanc, devised a way to subvert it to their own ends.
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.
The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.
All this holds lessons for us as we grapple with online mischief today. The first is to avoid complacency. Network intrusions (like that at Yahoo) often go unnoticed for many years, and many (if not most) may never be detected. Malware like WannaCry hits the headlines because its effects are so visible, but it gives an inaccurate picture of the scale of the cyber-security problem. Most attackers, like the Blancs, do not advertise their presence.
Second, regardless of the technology, security is like a chain and humans are always the weakest link. The French telegraph system looks hopelessly insecure to modern eyes, with its telegraph towers in plain sight. But its key weakness was the human failings of its users, something that remains true today. Focusing on security as a purely technological challenge misses an important part of the picture: it depends on setting the right social and economic incentives too.
Finally, network attacks do not just pre-date modern electronic networks – they are as old as networks themselves. The tale of the Blanc brothers is a reminder that with any new invention, people will always find a way to make malicious use of it. This is a timeless aspect of human nature, and is not something that technology can or should be expected to fix.