Today’s cybercrime risk environment is unlike anything we’ve witnessed before. No longer are we dealing with lone wolf individuals “just playing around” [think: War Games, the 1983 movie]. Today’s technology crimes involve highly developed, complex, and effective hacking software – including ‘spy tools’ that have slipped into the wild.
At its advent, the rapid development of the information technology industry, and the rise of hacking, caught corporations and governments flat-footed. To avoid these earlier company’s mistakes – and better manage risk today – it’s important to understand the evolution of cybercrime from its beginnings in the 1970s to today.
The first virus created an entire industry
The Creeper worm, a program that can replicate itself onto different computers automatically, created by Bob Thomas of BBN Technologies back in 1971 is widely acknowledged as the first computer worm. . The program was not originally designed as a malicious piece of code, but rather a research effort to replicate information on multiple computers. The Creeper worm was difficult to control and in order to remove it from infected systems, the first anti-virus tool – Reaper – was created.
The creation of computer viruses like Creeper, and related exposure of system vulnerabilities, led to the creation of the first cyber security services and companies. Frighteningly, early hacking activity and creation of what eventually became malicious software were rudimentary by today’s standards. Today’s technology crimes involve highly complex and effective hacking software designed to disrupt business and government operations, steal information and identities, and conduct myriad types of criminal activity.
New threats develop
Starting in the 80s and 90s, nation-states increasingly entered the game and spent heavily on developing sophisticated military and intelligence grade tools to penetrate enemy systems or counter perceived industrial espionage threats. These government level efforts helped bring about the sophisticated cyber threats we face today. In one example, what was then the Soviet Union planned to steal software from a Canadian company to control its Trans-Siberian Pipeline. Countering the threat, the CIA allowed the Soviets to “steal” the software but altered it to cause the pipeline to explode.
Attempts to steal intellectual property, customer lists, new product development, bogus invoice schemes and many others proliferated at the speed of light. In 1989, Robert Morris, a graduate student at Cornell, unleashed the “Morris worm” that impacted approximately 6,000 computers after 24 hours of being released – roughly one tenth of all computers that were then connected to the Internet. It impacted many prestigious universities including Harvard, Princeton and Stanford, as well as public and private research centers. This incident is widely accepted as the first of many Denial of Service (DOS) attacks of the era. Many other derivatives of this DOS attack quickly followed.
Rudimentary hacking grows into sophisticated phishing
In the early 1990’s hacking became much more sophisticated and much more deadly. An indicative example is the evolution from root kits (software designed to control a computer or similar device and mask its existence in the network) to sophisticated phishing programs that infected a computer once an unwary employee clicked a link or visited a specific web page. The infected computer would then spread the virus to others on its network, allowing hackers to control each infected computer. Today’s ransomware is a descendant of these programs.
By the late 1990’s, the internet had changed how cybercriminals and security professionals thought about computers. Everyone was now connected and the points of entry into an individual’s computer, whether at home or at work, multiplied exponentially. Technology rapidly advanced on both sides as the battle to steal and defend went global.
Yet the point of entry into many systems, the principal vulnerability, lay in the people using or having access to systems. Trick someone into entering credentials by clicking on a link or a spoof email appearing to come from a trusted source, and a cyber-thief could gain access to personal or business credentials. Convince an employee to insert a disc or drive and download malware for money and you could bypass security software designed to defend against entry into a network from outside.
Cybercrime continues to evolve
With significant advancements in computer processing, quantum computing, and artificial intelligence, the interconnectivity of risk will increase even further. It’s not hard to believe we may be in for another round of speed-of-light surprises when it comes to cybercrime.
As security professionals we must continuously ask: where are we still vulnerable, and what’s next that we need to prepare for?
Here are few ideas worth exploring further:
- Quantum computing – will even the most advanced encryption become vulnerable as computing power advances to speeds that will render encryption techniques useless, and what does that mean for all of the data now stored in the cloud?
- Artificial Intelligence – credit card companies and banks are harnessing AI to monitor vast amounts of data to detect fraud, reduce losses, and mitigate the impact of criminal activity. How are criminal elements using AI themselves to identify vulnerabilities or mirror profiles to avoid detection?
- Physical risk – where is the intersection between the vulnerabilities in our technology systems and our physical security at times when normal operations are disrupted, such as during a hurricane or wildfire, and how might a determined cybercriminal seek to take advantage?
A brief timeline – from individuals to nation states
The following is a timeline tracing the progression of cybercrime from early attempts by individuals to infiltrate systems to significant events and developments over the last several decades:
1960s: First computer hackers emerged at MIT borrowing the term “hacking” from a model train group at the school who would break into electric train systems. A few members moved from trains to the mainframe computer systems being developed on campus.
1970s: The first computer worm was developed by Bob Thomas in 1971 and lead to the first antivirus program “Reaper.”
1980s: First electronic bulletin board systems dedicated to advising on hacking and hubs for stolen information (ex: passwords, credit card numbers, etc.).
1982: After learning that the Soviet Union planned to steal software from a Canadian company to control its Trans-Siberian Pipeline, the CIA altered the software to cause the pipeline to explode (it resulted in the largest non-nuclear explosion ever witnessed to that point in time). This incident is considered the first cyber-attack by a nation.
1983: Police arrested 6 teens from “414 Gang”, who broke into 60 computers in nine days, including the Los Alamos National Laboratory (which supports the development of nuclear weapons).
Many instances like this have occurred as hackers appeared to be excited parties “testing the boundaries” of new internet systems. Instances of increased nation-state attacks on each other develop later on.
1986: Computer Fraud and Abuse Act expanded the Comprehensive Crime and Control Act passed in 1984 to cover hacking. This law made it a crime to break into computer systems (but didn’t cover juveniles).
1988: Robert Morris developed the “Morris Worm” - a self-replacing worm on government’s ARPAnet (precursor to the internet) to test its effects. Unfortunately, the worm affected around 6,000 computers, and clogged university and government systems.
Chris Wysopal and hacking friends testified before the US Senate, stating that they could overpower the internet in half an hour. A recent story by the Washington Post indicated that the security threat they addressed still exists at the same level it did 20 years ago.
1989: West Germany hackers were arrested for breaking into US government and corporate computers to sell secrets to the KGB.
Hacker’s Manifesto was released, which defended hackers as just curious beings and not malicious individuals.
Joseph Popp created the first ransomware attack in the hopes of extorting money using a floppy disk to infiltrate systems and email (poorly designed and easily removable for victims). Programs were made to lock out the attack.
1990s: Operation Sundevil - Secret Service arrested hackers in 14 US cities to crack down on credit card theft and wire fraud.
Computer Misuse Act passed in the UK.
1993: Beginning of the Def Con hacking conference.
1994: Netscape Navigator browser made the Internet more accessible, especially to hackers - so they moved all their bulletin boards there.
1995: Famous hacker Kevin Mitnick was captured by federal agents and charged with stealing 20,000 credit card numbers. He pleaded guilty to seven charges and served little jail time. He currently works as a computer security consultant and hacker.
Russian hackers siphoned $10 million from Citibank and transferred money to accounts across the world.
1997: AOHell - a freeware application allowing unskilled hackers to hack AOL.
1998: Cult of the Dead Cow hacking group released a Trojan horse program at Def Con, which allowed unauthorized remote access of Windows 95 and 98 machines.
Persian Gulf hackers started a string of break-ins to unclassified Pentagon computers and stole software programs - “the most organized and systematic attack on the US.” An Israeli teen was the ringleader behind the attacks and was arrested - later becoming a CTO at a computer consulting firm.
The Department of Defense established the Joint Task Force on Computer Network Defense to defend the department’s networks and systems “from intruders and other attacks.”
1999: Software security hackers hit a big year and companies started releasing a variety of anti-hacking products for home computers.
2000s: Biggest Denial of Service attacks occurred against eBay, Yahoo!, CNN.com, Amazon and others.
The ILOVEYOU worm or “Love Bug” was released and spread worldwide - created $5.5-8.7 billion in damages and cost $15 billion to remove.
2001: Domain Name System (DNS) attack corrupted Microsoft’s Web services and brought their pages down for two days, although hackers were found within hours.
2002: Department of Homeland Security was created and tasked in part with IT infrastructure (eventually creating a cybersecurity division).
2003: “Hacktivism” gained notoriety with Anonymous, an international hacking group known for a variety of cyber-attacks on government organizations.
2010: Iran nuclear facility infiltrated by ‘Stuxnet.’
2013: Snowden revealed NSA phone hacking program.
Syrian Election Army hacked the New York Times (NYT was also hacked several times between 2012 and 2013 in reaction to a story investigating the Chinese PM and family’s accumulation of wealth).
2014: Sony Pictures was hacked by North Korea following the release of the comedy movie “The Interview.”
2016: Russia hacking incidents occurred throughout the 2016 presidential campaign, including the hacking of the DNC’s system.
2017: Equifax was hacked, and the personal information of 147.7 million Americans was exposed.
2018: Russian hackers won remote access to a US power grid to familiarize themselves with the structure. This continues to be a target of hackers and points out significant weaknesses in the US power grid and its protection.
2019: Julian Assange, the founder of whistle-blowing site WikiLeaks, was arrested following his ousting from the Ecuadorian embassy in the UK and charged with “conspiracy to hack a government computer.”
In summary, cyber security attacks developed quickly in an era in the 1980’s and 1990’s when computer processing and the nature of cyber war we’re in, arguably, a form of infancy and still developing. With the significant advancements in computer processing, quantum computing and Artificial Intelligence, it’s not hard to think we may be in for another round of speed-of-light surprises when it comes to the on-going cyber war.