Where the term “Zero Day” comes from

After seeing a FOIA request earlier today that someone created asking for FBI training documents that teach staff how to understand/communicate using hacker leet-speak, I was reminded about something I’ve wanted to put in virtual ink for a while.

Leet speak or 133+ sp34k or hacker speak did not actually originate with hackers. Neither did the term “zero day”. Back in the late 80’s and early 90’s the Internet was but a pup and most of us communicated via BBS – a dialup modem (often a bank of modems on popular BBS’s) attached to an individual’s PC that members dialed into to connect. [We also used something called Prestel or Beltel which was essentially a big government run BBS]

Phone calls were expensive in those days so if you wanted to connect to BBS’s far away – and at the time I lived in South Africa and the best BBS’s were in the USA – then you needed to become a phone phreak. So I’d fire up a piece of DOS software called Bluebeep (created by the venerable Onkel Dietelmeyer), hold a headphone to a phone mouthpiece, generate CCITT5 tones and take control of international phone trunks to get free overseas phone calls. [I’d also hack into the Post Office X.25 network to get access to an overseas modem (a DTE) which I could then control with AT commands. X.25 was a precursor to the TCP/IP Internet]

Then once you’re connected to the BBS you could upload, download, send email via fidonet and talk to anyone else online. My favorite hacker BBS was in Orange County, Californa called Digital Decay and run by a chap called Arclight. Little did I know that my future wife was also in Orange County busy being a college kid.

At the time underground BBS’s were divided into two types: Those that were hacking and phreaking related and those run by the warez crowd. The hacker/phreak BBS’s would distribute exploits, tools like Bluebeep to hack the phone lines, copies of phrack and so on.

The warez crowd would distribute pirated software and they took their job very seriously. 133+ speak originated with the warez crowd and the hacking/phreaking crowd hated it.

The term Zero Day also originated in the warez scene. On warez BBS’s software would be divided into zero day, 1 to 7 day, 8 to 14 day and so on with the lower ‘day’ being the most elite and hardest to come by. The number of ‘days’ was the days since the software was released to the public and Zero Day was software that was not commercially released yet. So someone had hacked into the company servers to grab their commercial software before they released it.

The relationship between the warez crowd and the hacking/phreaking scene was that the hackers would invent the means to get zero day warez (exploits used to hack into a company), the phreaks invented and continually reinvented the means for ‘warez couriers’ distribute the warez among BBS’s (ways to circumvent trunk seize tone filters the phone companies were using for example). Hackers and phreaks looked down on the warez crowd – even though we’d get software from them – which was a little hypocritical.

This was all around 25 years ago. At some point ‘zero day’ became something applied to vulnerabilities and the number of days a vendor has had to fix them. And at some point ‘133t sp34k’ became something hackers use. I have no idea why or when this transition occurred. 133t sp34k used to be scorned by hackers as something warez ‘pups’ did.

Times change. Like hashtags originating on Twitter where they indicated subject, which originated on IRC where they were channels – and which syntactically may have been inspired by C preprocessor directives.

Edit: Very cool discussion thread on HN about this – including some other old-schoolers checking in.