1834: The First Cyberattack

Tom Standage has a great story of the first cyberattack against a telegraph network.

The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.

The telegraph's encoding system included a "backspace" symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day's market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs' pioneering misuse of the French network qualifies as the world's first cyber-attack.

EDITED TO ADD (6/13): More details.

Posted on May 31, 2018 at 1:23 PM • 19 Comments

Comments

AlexMay 31, 2018 2:01 PM

Interesting that this could have been avoided if the second (or any subsequent) tower in the chain interpreted the backspace symbol instead of of propagating it.

TatütataMay 31, 2018 2:18 PM

Attack? The legitimate messages still got through, and the préfet got his orders from Paris without any delay.

It would be more something of a clever hack, an early example of steganography, which depended on the message being relayed forward before it had been completely received.

According to the French Wikipedia entry, one of the Blanc brothers, Michel, (not to be confused with the actor), attempted to establish in 1832 a private optical telegraph line, also for the purpose of getting an edge in stock trading. But the public authority soon took it off the air along with others, asserting the public monopoly of fast transmission in the name of the prohibition on insider trading.

What would these "boursicoteurs", "hazardeurs", and other assorted "spéculateurs" say about private oceanic cable laid just to gain a few µs for one box filled with Xilinx and Altera FPGAs to send orders to another one?

High-frequency trading is reputed to endanger the financial system. Why could't lawmakers mandate the introduction of a fixed delay (5s?), or of random jitter, so that the bids would have to correspond more to the underlying value of the paper, rather than expressing an arbitrage between markets? That might be more practicable than the Tobin tax, which in my view would introduce a dose of friction in an otherwise overly reactive circuit. (lower the Q...)

David RudlingMay 31, 2018 2:33 PM

@Alex
This seems to be a re-hash of a 1999 article published elsewhere.

https://www.inc.com/magazine/19990915/13554.html

That earlier article explained why the onward propagation was not avoided.

"Normally, operators who had innocently made an error would encode a correction in a subsequent transmission. Both the error and its correction would then be duplicated from station to station. It was not until the message-plus-correction reached the end of the line that a telegraph official would step in to translate the transmission and remove the error."

PatriotMay 31, 2018 7:25 PM

@ David Rudling

"This seems to be a re-hash of a 1999 article published elsewhere."

Pretty funny. You are right. If an article about fraud in modern technology is itself fraudulent, that makes it a meta-fraud, a kind replay attack.

"Security is like a chain and humans are always the weakest link..." says Tom Standage. Make it a point of wisdom.

TatütataMay 31, 2018 9:22 PM

This story has been floating around for the last 180 years, so any article will rarely rely on a primary source, but would more likely repeat [and distort] some earlier secondary document.

The Bibliothèque Nationale de France digitized much of its out-of-copyright collection and makes it available at the Gallica web site

I probably found one of the earliest reports on this case, which was called "l'affaire des télégraphes", in the 29 January 1837 of the Journal des débats politiques et littéraires (click on the image to get to the article; the commenting system wouldn't accept the embedding HTML).

The article begins at the bottom of the leftmost column of page 2 as a report on the bill of indictment which had just been read at the assizes court in Tours, a city about 200km south-west of Paris. So this version is probably original, if it wasn't directly copied from the prosecutor's papers by the court reporter...

There are many additional details. The "errors" were inserted at the Tours telegraph station, as outbound messages from Paris were decoded and corrected at that point before being retransmitted to Bordeaux.

The Paris confederate had instructions to set the system in motion only when the bond market became interesting, i.e., if it swung more than X points in either direction. The instructions were sent to Tours as a small parcel addressed to another accomplice containing some items of haberdashery. The nature of the item (gloves, socks, or neckties), which was labelled in the accompanying letter as a sample, indicated whether the title was rising or falling, and the colour was related to the amount of change.

So it was a "compound" attack, using two consecutive channels, designed to defeat the error correction [a form of airgap?] by the Tours postmaster.

Two telegraph office employees were implicated at the Tours relay station. Each received 1500 francs for signing on to the scheme, followed by 150 francs/month and bonus of 20 francs per message passed. In all, you had something like one half-dozen people involved between Paris and Bordeaux.

For comparison, the Tours employees' normal daily wage was 1,50 francs! And the postage on the parcel was 1,60 francs, more than what they were typically earned in a day. While the scheme worked, 121 parcels had been send from Paris to Tours. The sudden wealth and the strange parcels were probably bound to attract attention one day or the other.

The total amount of data sent was at the most only a few hundred bits; that's a lot of plata per transmitted bit!

The scheme was discovered when one of the of the employees tried to pass on his scheme to a friend while on his deathbed.

The two bankers/speculators/conmen/etc. went on the become famed casino developers and owners. Real ones, not fake moguls à la SCROTUS.

I suppose that the two surviving telegraph employees, Guibout and Renaud, were the only ones who suffered any legal consequences

Clive RobinsonMay 31, 2018 10:43 PM

Hmm,

As Alphonse Karr noted,

    plus ça change, plus c'est la même chose

Two things in that story hold true even today,

1, There are always crooked traders.
2, They are always trying to be the fastest, nomater the cost.

Whilst the first is an observation that is somewhat trite. The second has seen technology taken to the very edges of the laws of nature, including mining a tunnel through a mountain just to cut a couple of milliseconds off of a communications signal by shortening the distance light has to travel...

But seriously I realy do not think this was the first "cyber-attack", we know that back in Ceasers time a primitive form of "Message Confidentiality" (scytale) was invented. Therefor we know that there was a reason to develope ciphers two millennia or so ago.

Likewise vying for "first place" "in the known world" with optical telegraphs was the acient traders of the Mediterranean, who waved burning brands/tourches during the night to transmit messages via simple codes.

I guess it all depends on your definition of what "cyber" is.

tenlittlebulletsJune 1, 2018 1:55 AM

@Tatütata
Many thanks for digging up primary sources!

Does this make The Count of Monte Cristo (1844) the first cyber-thriller, or just the first bestselling one? It used a similar "playing the bond market via telegraphic tampering" ruse as a plot point: The Count hits the financier Danglars in the pocketbook by bribing a telegraph operator to send "fake news" (sorry!) of a disaster in the Spanish bond market. Danglars gets advance notice via a crony in the finance ministry, dumps all his shares for a fraction of what they're worth, sets off a financial panic, and wakes up a million francs poorer after the correction comes in and the price rebounds.

It'd be interesting to find out whether the fictional version was directly based on the news story, or whether it was playing off of more widespread suspicions about telegraphic data integrity. I also wonder if any other authors went there before Dumas...

echoJune 1, 2018 5:02 AM

@Tatütata, @tenlittlebullets

OMG yes. I totally LOVED the Count of Monte Cristo movie with Richard Chamberlain. I can't remember ever reading the book. I may have done but it would have been ages ago.

I stepped back and looked around the other articles on this site. The Chinese wives article is a big WHAT?! The US, UK, and Chinese historical and cultural comparisons are a big headache. This and the security conferance paper on poker plus the gambling and consequences are a lot to cogitate on.

Without going into too many details I know within bureaucratic systems messages are hijacked. This can be a mix of data corruption and stenographic style nods and winks sometimes but not always linked with corruption. I never ever read an analysis of this kind of thing nor even a dramatised account like the article linked to by the topic. The stories always seem to focus on the criminals and fall guys not abuses of power.

SethJune 1, 2018 8:58 AM

@Tatütata, thanks for finding those sources and details.

I'll address a couple of the questions I had that seemed to be shared by a few other commenters. The errors weren't corrected since the telegraph system used semaphores. Each character was sent by changing a set of flags, so characters would have been sent through the system individually - by the time an individual operator saw the backspace character they already would have sent the previous character on.
The article also states the system was for government use only, which is why no one just sent a message with the changes in the stock market. From wikipedia's information on the semaphore line, the system also included some basic flow control, and could have sent the message from Tours to Bordeaux in under an hour.

MikeAJune 2, 2018 10:59 AM

@Alex (the first one) and @Seth
Anybody who thinks the telegraph companies were silly to just forward messages as sent and clean things up later might want to look at modern high bandwidth/low latency networks. These typically "drop" a packet by smudging the error-detection bits at the end and continuing to send the packet (which was already in transit by the time the error is detected), rather than by delaying sending over the next hop until the packet has been validated. Otherwise, a whole packet's worth of latency is introduced, and valuable high-speed buffer memory is tied up. I sometimes wonder if some sort of "invisible DDOS" could be done with something like firing packets "wrong enough" to be detected and (actually) dropped by the victims edge router, but clogging the pipes leading to that router with (allegedly) dropped packets that will probably not even be seen by that router.

tangerineJune 2, 2018 1:18 PM

A station repeating each character as received not only relayed the character to the next down-stream station but acknowledged the character to the up-stream station. The up-stream station would send a backspace if there was an error, but by that time the error had already propagated.

justinacolmenaJune 2, 2018 9:44 PM

Try to open an account with any stock brokerage firm today. Just try it. You are fighting terms and conditions about "professional" or "non-professional" access to up-to-the-minute stock quotes vs. 15-20 minutes delayed quotes, and yes, you'd better believe they make a profit exploiting even their own customers who are left to trade on delayed quote information.

It's highly proprietary, and no, they will NEVER let that go, as per NYSE and FINRA regulations, NASDAQ, blah blah blah....

echoJune 5, 2018 8:45 AM

@justinacolmena

In the Uk one of the planned features of "big bang" City deregulation was the orinary person could buy or sell shares as easily as over the counter in their local supermarket. Under pressure from stockbrokers I believe this element was delayed for two years. One of the major retailers did begin an initiative to provide consumer access to share dealing but this evaporated fairly quickly. I am not awareof any easy outlet which provides share dealing on equitable terms as imagined at "big bang" so business as usual?

BobJune 7, 2018 5:54 AM

@justinacolmena

"professional" means that you are directly registered with your local trading bureaucracy (SEC, etc) and makes a huge difference to how the broker reports and handles your request.

Live feeds cost the supplier more that delayed feeds.

If you're trading on delayed feeds, brokers might make money by avoiding costs by batching trades upstream and matching your trades internally but there's no margin in trying to "exploit" your leet trading moves.

EtienneJune 7, 2018 6:36 PM

It wasn't a telegraph "line" else how would a telescope function?

No, it was a tower, where the operator used semaphore flags.

This isn't really considered "cyber" but I guess it could be called "information technology".

Clive RobinsonJune 7, 2018 8:29 PM

@ Etienne,

This isn't really considered "cyber" but I guess it could be called "information technology".

How do you define "cyber" and from when?

Or to put it another way what was natural philosoogy before it was natural philosophy, science or experimental or theoretical physics?

There are always dangers of looking at deeds of the past through modern glasses, and we should be mindfull of this unless we either don't or incorrectly learn the leasons that history can teach us.

Thus I could argue that as the telegraph was attacked via an optical instrument and detector, and that visable light radiation is EM radiation just as RF is, then cyber being a modern term can be applied retrospectively...

The simple fact is that it was with little doubt an "information attack". Irrespective of the method employed by the attackers, information attacks are in the modern day considered a proper subset or class of cyber attacks.

Perhaps even more extreme as an example argument, would be shaving the heads of foreign slaves?

You are probably aware of the story of the head of a slave being shaved, a message tattooed and the hair alowed to grow back to hide the message. Well if all foreign slaves heads were shaved the message would have become known, even somewhat retrospectively[1] thus information "would have leaked through a side channel" several millennia before the terms were invented.

[1] Unless the idea of a much later politician had been applied,

    Three can keep a secret, provided the other two are dead.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.