Page semi-protected

Timeline of computer security hacker history

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Timeline of computer security hacker history. Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking, e.g. first-of-its-kind events, events that began a new style of hacking/cracking, those that required some new kind of cybersecurity defense, or that had a significant impact on the public's view of hacking/cracking.










  • Joe Engressia, a blind seven-year-old boy with perfect pitch, discovered that whistling the fourth E above middle C (a frequency of 2600 Hz) would interact with AT&T's implementation of fully automatic switches, thereby inadvertently opening the door for phreaking




  • William D. Mathews from MIT found a vulnerability in a CTSS running on an IBM 7094. The standard text editor on the system was designed to be used by one user at a time, working in one directory, and so created a temporary file with a constant name for all instantiations of the editor. The flaw was discovered when two system programmers were editing at the same time and the temporary files for the message-of-the day and the password file became swapped, causing the contents of the system CTSS password file to display to any user logging into the system.[5][6][7][8]






technical experts; skilled, often young, computer programmers, who almost whimsically probe the defenses of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized

The newspaper describes white hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated that "The Company realizes the benefit to NCSS and in fact encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".[12]


  • Chaos Computer Club forms in Germany.
  • Ian Murphy aka Captain Zap, was the first cracker to be tried and convicted as a felon. Murphy broke into AT&T's computers in 1981 and changed the internal clocks that metered billing rates. People were getting late-night discount rates when they called at midday. Of course, the bargain-seekers who waited until midnight to call long distance were hit with high bills.[13]


  • The 414s break into 60 computer systems at institutions ranging from the Los Alamos National Laboratory to Manhattan's Memorial Sloan-Kettering Cancer Center.[14] The incident appeared as the cover story of Newsweek with the title "Beware: Hackers at play".[15] As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
  • The group KILOBAUD is formed in February, kicking off a series of other hacker groups which form soon after.
  • The movie WarGames introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs.
  • In his Turing Award lecture, Ken Thompson mentions "hacking" and describes a security exploit that he calls a "Trojan horse".[16]









  • Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the role-playing sourcebook GURPS Cyberpunk is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation, including the trial of Knight Lightning.
  • Australian federal police tracking Realm members Phoenix, Electron and Nom are the first in the world to use a remote data intercept to gain evidence for a computer crime prosecution.[22]
  • The Computer Misuse Act 1990 is passed in the United Kingdom, criminalising any unauthorised access to computer systems.




  • Summer: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
  • Hackers adapt to emergence of the World Wide Web quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker web sites.
  • AOHell is released, a freeware application that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte email bombs and their chat rooms disrupted with spam messages.
  • December 27: After experiencing an IP spoofing attack by Kevin Mitnick, computer security expert Tsutomu Shimomura started to receive prank calls that popularized the phrase "My kung fu is stronger than yours".[24]



  • Cryptovirology is born with the scientific discovery of the cryptoviral extortion protocol that would later (circa 2005) be relabeled as ransomware.[26]


  • June: Eligible Receiver 97 tests the American government's readiness against cyberattacks.
  • First high-profile attacks on Microsoft's Windows NT operating system[27]
  • In response to the MP3 popularity, the Recording Industry Association of America begins cracking down on FTPs [1]. The RIAA begins a campaign of lawsuits shutting down many of the owners of these sites including the more popular ripper/distributors The Maxx (Germany, Age 14), Chapel976 (USA, Age 15), Bulletboy (UK, Age 16), Sn4rf (Canada, Age 14) and others in their young teens via their ISPs. Their houses are raided and their computers and modems are taken. The RIAA fails to cut off the head of the MP3 beast and within a year and a half, Napster is released.





  • May: The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an AMA Computer College student for his thesis.
  • September: teenage hacker Jonathan James becomes first juvenile to serve jail time for hacking.


  • February: A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.
  • July: Russian programmer Dmitry Sklyarov is arrested at the annual Def Con hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA).


  • January: Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign.
  • May: Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage.




  • May: Jeanson James Ancheta receives a 57-month prison sentence, [2] and is ordered to pay damages amounting to $15,000.00 to the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, for damage done due to DDoS attacks and hacking. Ancheta also had to forfeit his gains to the government, which include $60,000 in cash, a BMW, and computer equipment. [3].


  • November 29: FBI Operation Bot Roast II: 1 million infected PCs, $20 million in losses and 8 indictments[36]


  • January 17: Project Chanology; Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.


  • April 4: Conficker worm infiltrated millions of PCs worldwide including many government-level top-security computer networks.[37]



  • January 12: Operation Aurora Google publicly reveals[38] that it has been on the receiving end of a "highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google"
  • June: Stuxnet The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of SCADA systems. It slowly became clear that it was a cyber attack on Iran's nuclear facilities - with most experts believing that Israel[39] was behind it - perhaps with US help.
  • December 3: The first Malware Conference, MALCON takes place in India.



  • May: MyBB is hacked by newly founded hacker group, UGNazi, the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board uses their software.
  • June 5: The social networking website LinkedIn has been hacked and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion.


  • February 7: The Bitcoin exchange Mt.Gox filed for bankruptcy after $460 million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4 million went missing from its bank accounts.[41]
  • November 24: In response to the release of the film The Interview, the servers of Sony Pictures are hacked by a hacker group calling itself "Guardian of Peace".


  • December 23: Ukraine's power grid was attacked by hackers, making it the first known successful cyberattack on a power grid.



  1. ^ Marks, Paul (December 27, 2011). "Dot-dash-diss: The gentleman hacker's 1903 lulz". New Scientist. Retrieved January 11, 2012. 
  2. ^
  3. ^
  4. ^
  5. ^ "untitled1.html". Retrieved 14 March 2015. 
  6. ^[dead link]
  7. ^
  8. ^
  9. ^ David Price: Blind Whistling Phreaks and the FBI's Historical Reliance on Phone Tap Criminality CounterPunch, June 30, 2008
  10. ^
  11. ^
  12. ^ a b McLellan, Vin (1981-07-26). "Case of the Purloined Password". The New York Times. Retrieved 11 August 2015. 
  13. ^ "The Greatest Hacks of All Time". WIRED. 
  14. ^ Elmer-DeWitt, Philip (August 29, 1983). "The 414 Gang Strikes Again". Time. p. 75. 
  15. ^ "Beware: Hackers at play". Newsweek. September 5, 1983. pp. 42–46, 48. 
  16. ^ Thompson, Ken (October 1983). "Reflections on Trusting Trust" (PDF). 1983 Turing Award Lecture. ACM. 
  17. ^ 'Hacking' into Prestel is not a Forgery Act offence" (Law Report), The Times, 21 July 1987.
  18. ^ Cliff Stoll (1989). The cuckoo's egg. New York: Doubleday. ISBN 0-370-31433-6. 
  19. ^ Burger, R.: "Computer viruses - a high tech disease", Abacus/Data Becker GmbH (1988), ISBN 1-55755-043-3
  20. ^ Spafford, E.H.: "The Internet Worm Program: An Analysis", Purdue Technical Report CSD-TR-823 (undated)
  21. ^ Eichin, M.W. and Rochlis, J.A.: "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", MIT(1989)
  22. ^ Bill Apro & Graeme Hammond (2005). Hackers: The Hunt for Australia’s Most Infamous Computer Cracker. Five Mile Press. ISBN 1-74124-722-5. 
  23. ^ Esquibel, Bruce (1994-10-08). ""Operation Sundevil" is finally over for Dr. Ripco". Electronic Frontier Foundation. Retrieved 2009-03-08. 
  24. ^ Kevin Poulsen (January 21, 2000). "The case of the kung fu 'phreak'". ZDNet. Retrieved 12 May 2015. 
  25. ^ "Recent Large Name Phreaker Busts by Anonymous". EmpireTimes. March 11, 1995. 
  26. ^ A. Young, M. Yung. "Cryptovirology: Extortion-Based Security Threats and Countermeasures". IEEE Symposium on Security & Privacy, May 6–8, 1996. pp. 129–141.  IEEEExplore: Cryptovirology: extortion-based security threats and countermeasures
  27. ^ Hackers jam Microsoft's site, 1997
  28. ^
  29. ^ "U.S. Department of Justice, For Immediate Release, Dallas, Texas". USDOJ. September 16, 1999. 
  30. ^ Rob Lemos. "Campaign seeks to defang Rafa's hacker image", "Security Focus", April 11, 2005.
  31. ^ Iain Thomson (2005-11-04). "FBI sting nets botnet hacker". Archived from the original on 2007-12-20. Retrieved 2008-09-26. 
  32. ^ Jeremy Kirk (17 May 2007). "Estonia recovers from massive denial-of-service attack". Network World. Retrieved 14 March 2015. 
  33. ^ Michael Cooney (13 June 2007). "FBI: Operation Bot Roast finds over 1 million botnet victims". Network World. Retrieved 14 March 2015. 
  34. ^ McMillan, Robert (June 21, 2007). "Pentagon shuts down systems after cyberattack". InfoWorld. IDG. Retrieved 2008-03-10. 
  35. ^ Aitoro, Jill R. (March 5, 2008). "Defense officials still concerned about data lost in 2007 network attack". Government Executive. National Journal Group. Retrieved 2008-03-10. 
  36. ^ Michael Cooney (29 November 2007). "FBI 'Bot Roast II: 1 million infected PCs, $20 million in losses and 8 indictments". Network World. Retrieved 14 March 2015. 
  37. ^ Markoff, John (2009-08-26). "Defying Experts, Rogue Computer Code Still Lurks". New York Times. Retrieved 2009-08-27. 
  38. ^ "A new approach to China". Google Inc. 2010-01-12. Retrieved 17 January 2010. 
  39. ^ Broad, William J.; Sanger, David E. (18 November 2010). "Worm in Iran Can Wreck Nuclear Centrifuges". The New York Times. 
  40. ^ Apr 27, 2011 10:56 AM ET (April 27, 2011). "PlayStation data breach deemed in 'top 5 ever' - Business - CBC News". Retrieved 2011-04-29. 
  41. ^ "The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster - WIRED". WIRED. Retrieved 14 March 2015. 
  42. ^ Romm, Tony; Geller, Eric. "WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical". POLITICO. Retrieved 22 October 2016. 

Further reading

  • Allan Lundell (1989). Virus! The secret world of computer invaders that breed and destroy. Wayne A. Yacco. ISBN 0-8092-4437-3. 
  • Bill Landreth (1985). Out of the Inner Circle. Tempus Books of Microsoft Press. ISBN 1-55615-223-X. 
  • Owen Bowcott and Sally Hamilton (1990). Beating the System: Hackers, phreakers and electronic spies. Bloomsbury. ISBN 0-7475-0513-6. 
  • Philip Fites, Peter Johnston and Martin Kratz (1989). The computer virus crisis. Van Nostrand Reinhold. ISBN 0-442-28532-9. 
  • Bruce Sterling (1992). The Hacker Crackdown: Law and disorder on the electronic frontier. Penguin. ISBN 0-14-017734-5. 
  • Steve Gold (1989). Hugo Cornwall's New Hacker's Handbook. London: Century Hutchinson Ltd. ISBN 0-7126-3454-1.