At the beginning of the 1970s, the internet was only a concept, an aspiration that IT specialists couldn’t imagine just yet. Back then, when their highly developed software quickly crashed, these engineers and mathematicians related to these crash as instabilities or inconsistencies. When these occurred, they just examined the code, hardened it and rebooted the program. It could take months for them to find and fix the “inconsistencies,” and within those lapses of time when they were working to fix the problem, life would go on without the IT system.
Little did they know back then about the competition that was about to start and the thousands of nightmare-ish hours that later engineers would need to spend fixing these issues in the code that could mean the difference between a big disaster or a partial setback. The start of cybersecurity was about to happen.
I’m the creeper, catch me if you can!
Throughout the 1970s, the forerunner of the Internet was a network called ARPANET. Arpanet run in a somewhat close and safe testing lab made up with a group of a few American universities. It helped mainly for distributing information among high profile people working for those institutions. Arpanet was obsolete and slow, sometimes bringing more problems than solutions.
One day, due to planned maintenance, the network was shut down entirely. What was going to follow next was unexpected. When they switched it back on, a message was displayed on their DEC PDP-10 computers screens saying: “I’m the creeper, catch me if you can!” A software named the Creeper was delivering a message that replicated itself within the network, infecting all other computers. It also deleted all past info and stopped the systems. The creeper became widely famous, as the very first computer virus ever. Its creator, was an engineer named Bob Thomas that decided to create “an experimental self-duplicating program that was intended not to inflict damage on, but to illustrate a mobile application.” Now, Bob Thomas is most generally known as the father of the computer Virus.
To resolve this disorder, IT engineers had to develop innovative software that would be able to target a particular program and remove it from the computer. This witnessed the birth of “Reaper,” a computer tool coded that became the first antivirus program ever developed.
After then, a kind of competition started between programmers and hackers that continues. Programmers work on spotting vulnerabilities in a system and fixing them beforehand, whereas hackers desire to exploit vulnerabilities and create further damage.
The Morris Worm
The size and potential destructibility of viruses touched new heights when the internet finally took off in the late 80s, growing entirely widespread with more and more institutions interconnected — healthcare, public administrations, governments, banks, Telco, home users, etc.
Another engineer, Robert Tappan Morris decided to measure how deep was the web, by delivering across the internet his last invention: a worm-like software. This was an exceptional software, as it was the very first worm virus ever invented, called The Morris Worm. It worked in the following way: when it would find a crucial error in the computer system, it morphed into a virus which replicated quickly and began infecting other computers resulting in a denial of service. Robert Morris defended himself saying that he intended no harm at all, with “his invention.” Indeed, Morris not only created the very first worm ever, but he also found a new type of security breach: the DoS attack.
A DoS attack, or a denial-of-service attack, floods systems, servers or networks, with traffic to consume resources and bandwidth. As a consequence, the system is unable to fulfill received requests. Attackers can also use various compromised devices to start this attack, which is now more common amongst hackers and is named distributed-denial-of-service (DDoS) attack.
Vulnerabilities and opened back-doors in computing can come in various sizes and shapes, even in systems tough to crack. A great case of this occurred in 1995, when LA-based Kevin Poulsen, one of the greatest black hat hackers of all times, hacked Los Angeles phone system in a bid to win a Ferrari on a radio contest. Poulsen established his success as he took control of the phone network and completely blocked incoming calls to the radio station’s number. This was one of the first times that an individual operating solo could harm and interrupt an entire network.
The Rise of Phishing
Around the mid-1990s, what we now name phishing, saw the sunlight for the very first time. In 1994, Windows was already a popular OS used by personal computers sitting on a desk, in almost all home in the US. Microsoft Windows OS was a blossoming business worth billions of dollars. The competition was intense among online providers, but America Online (AOL) was surely on the lead, with most users connected to the web and other online services through AOL servers.
Hackers recognized the opportunity here, and a 17-year-old student of Pittsburgh, PA, known online as “Da Chronic” developed an application widely used by hackers called AOHell to simplify cracking, by using the extended AOL network. The toolkit included a new DLL for the AOL client, a credit card number generator, email bomber, IM bomber, Punter, and a basic set of guidance.
More alarming, the program introduced a function for stealing the passwords of America Online users. It grew a successful toolkit for hackers in the mid-90s, and its software was sophisticated enough to hide itself in the computer applications while “working” on the background by stealing data randomly. The first version of the program was released in 1994 by hackers known as The Rizzer.
Other cases of virus attacks which have done substantial damage to businesses, users, and even governments, are the Melissa virus in 1999 or the Solar Sunrise in 1998. Since then, hackers have been improving their tactics in inventive and stunning ways, featuring even more complicated methods to break into security systems. More importantly, they always seem to be one step ahead of their counterparts. In fact, a new level of complexity in terms of attacks, and also danger was reached in the early 2000s, when the whole internet was attacked.
The significant cybersecurity breach ever to happen though was in 2017 with WannaCry, although that is a story to be told in another time.
AI / Blockchain Attacks?
Now (and even more in the future) numerous businesses, governments, and consumers in all corners of the world rely on interconnected digital systems, so any attack on those systems is increasingly critical.
On the other hand, new technologies such as blockchain and AI, have been growing at an incredible pace. Cybersecurity, an ever-evolving field in continuous need of modern and reliable solutions, is also increasing Intelligent solutions testing with the recent technologies of blockchain and AI. These promise to add extra tiers of security to the complicated digital systems that structure everything in our lives right now.
The other side of the story is that cybercriminals will also build fully autonomous AI based attacks. The competition that began with the invention of the internet will only continue.