At MIT, “hack” first came to mean fussing with machines. The minutes of an April, 1955, meeting of the Tech Model Railroad Club state that "Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing."[3]
1957
Joe "Joybubbles" Engressia, a blind seven-year-old boy with perfect pitch, discovered that whistling the fourth E above middle C (a frequency of 2600 Hz) would interfere with AT&T's automated telephone systems, thereby inadvertently opening the door for phreaking.
1960s
Various phreaking boxes are used to interact with automated telephone systems.
1963
The first ever reference to malicious hacking is 'telephone hackers' in MIT's student newspaper, The Tech of hackers tying up the lines with Harvard, configuring the PDP-1 to make free calls, war dialing and accumulating large phone bills.[4][5][6]
1965
William D. Mathews from MIT found a vulnerability in a CTSS running on an IBM 7094. The standard text editor on the system was designed to be used by one user at a time, working in one directory, and so created a temporary file with a constant name for all instantiations of the editor. The flaw was discovered when two system programmers were editing at the same time and the temporary files for the message-of-the day and the password file became swapped, causing the contents of the system CTSS password file to display to any user logging into the system.[7][8][9][10]
technical experts; skilled, often young, computer programmers, who almost whimsically probe the defenses of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized
The newspaper describes white hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated that "The Company realizes the benefit to NCSS and in fact encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".[14]
Ian Murphy aka Captain Zap, was the first cracker to be tried and convicted as a felon. Murphy broke into AT&T's computers in 1981 and changed the internal clocks that metered billing rates. People were getting late-night discount rates when they called at midday. Of course, the bargain-seekers who waited until midnight to call long distance were hit with high bills.[15]
1983
The 414s break into 60 computer systems at institutions ranging from the Los Alamos National Laboratory to Manhattan's Memorial Sloan-Kettering Cancer Center.[16] The incident appeared as the cover story of Newsweek with the title "Beware: Hackers at play".[17] As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
The group KILOBAUD is formed in February, kicking off a series of other hacker groups which form soon after.
The movie WarGames introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs.[citation needed]
The U.S. House of Representatives begins hearings on computer security hacking.[18]
Someone calling himself Lex Luthor founds the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best"—until one of the most talented members called Phiber Optik feuded with Legion of Doomer Erik Bloodaxe and got 'tossed out of the clubhouse'. Phiber's friends formed a rival group, the Masters of Deception.
The hacker magazine 2600 begins regular publication, right when TAP was putting out its final issue. The editor of 2600, "Emmanuel Goldstein" (whose real name is Eric Corley), takes his handle from the leader of the resistance in George Orwell's 1984. The publication provides tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores.
William Gibson's groundbreaking science fiction novel Neuromancer, about "Case", a futuristic computer hacker, is published. Considered the first major cyberpunk novel, it brought into hacker jargon such terms as "cyberspace", "the matrix", "simstim", and "ICE".
1985
KILOBAUD is re-organized into The P.H.I.R.M., and begins sysopping hundreds of BBSs throughout the United States, Canada, and Europe.
The FBI, Secret Service, Middlesex County NJ Prosecutor's Office and various local law enforcement agencies execute seven search warrants concurrently across New Jersey on July 12, 1985, seizing equipment from BBS operators and users alike for "complicity in computer theft",[20] under a newly passed, and yet untested criminal statute.[21] This is famously known as the Private Sector Bust,[22] or the 2600 BBS Seizure,[23] and implicated the Private Sector BBS sysop, Store Manager (also a BBS sysop), Beowulf, Red Barchetta, The Vampire, the NJ Hack Shack BBS sysop, and the Treasure Chest BBS sysop.
Arrest of a hacker who calls himself The Mentor. He published a now-famous treatise shortly after his arrest that came to be known as the Hacker's Manifesto in the e-zine Phrack. This still serves as the most famous piece of hacker literature and is frequently used to illustrate the mindset of hackers.
The Morris Worm. Graduate student Robert T. Morris, Jr. of Cornell University launches a worm on the government's ARPAnet (precursor to the Internet).[27][28] The worm spreads to 6,000 networked computers, clogging government and university systems. Robert Morris is dismissed from Cornell, sentenced to three years probation, and fined $10,000.[29]
The detection of AIDS (Trojan horse) is the first instance of a ransomware detection.
1990s
1990
Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the role-playing sourcebook GURPS Cyberpunk is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation, including the trial of Knight Lightning.
Australian federal police tracking Realm members Phoenix, Electron and Nom are the first in the world to use a remote data intercept to gain evidence for a computer crime prosecution.[30]
The Computer Misuse Act 1990 is passed in the United Kingdom, criminalising any unauthorised access to computer systems.
1992
Release of the movie Sneakers, in which security experts are blackmailed into stealing a universal decoder for encryptionsystems.
One of the first ISPs MindVox opens to the public.
Publication of a hacking instruction manual for penetrating TRW credit reporting agency by Infinite Possibilities Society (IPS) gets Dr. Ripco, the sysop of Ripco BBS mentioned in the IPS manual, arrested by the United States Secret Service.[31]
1993
The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event.
Summer: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
Hackers adapt to emergence of the World Wide Web quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker web sites.
AOHell is released, a freewareapplication that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte email bombs and their chat rooms disrupted with spam messages.
The U.S. General Accounting Office reports that hackers attempted to break into Defense Department computer files some 250,000 times in 1995 alone. About 65 percent of the attempts were successful, according to the report.
The MP3 format gains popularity in the hacker world. Many hackers begin setting up sharing sites via FTP, Hotline, IRC and Usenet.
Cryptovirology is born with the invention of the cryptoviral extortion protocol that would later form the basis of modern ransomware.[34]
1997
A 15-year-old Croatian youth penetrates computers at a U.S. Air Force base in Guam.[35]
In response to the popularity of sharing MP3 music files online, the Recording Industry Association of America begins cracking down on file sharing.[37]
1998
January: Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers claiming a "logic bomb" will go off if computer hacker Kevin Mitnick is not released from prison.[38]
May 19: The seven members of the hacker think tank known as L0pht testify in front of the US congressional Government Affairs committee on "Weak Computer Security in Government".
June: Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year.[clarification needed]
Software security goes mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.
U.S. President Bill Clinton announces a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same.
January 7: The "Legion of the Underground" (LoU) declares "war" against the governments of Iraq and the People's Republic of China. An international coalition of hackers (including Cult of the Dead Cow, 2600's staff, Phrack's staff, L0pht, and the Chaos Computer Club) issued a joint statement ([5]) condemning the LoU's declaration of war. The LoU responded by withdrawing its declaration.
March: The Melissa worm is released and quickly becomes the most costly malware outbreak to date.
October: American Express introduces the "Blue" smart card, the industry's first chip-based credit card in the US.
November 17: A hacker interviewed by Hilly Rose during the radio show Coast to Coast AM (then hosted by Art Bell) exposes a plot by al-Qaeda to derail Amtrak trains. This results in all trains being forcibly stopped over Y2K as a safety measure.
May: The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an AMA Computer College student for his thesis.
September: Computer hacker Jonathan James became the first juvenile to serve jail time for hacking.
2001
Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's websites are corrupted.
February: A Dutch cracker releases the Anna Kournikovavirus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.
April: FBI agents trick two into coming to the U.S. and revealing how they were hacking U.S. banks.[42]
May: Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage.
June: The Bush administration files a bill to create the Department of Homeland Security, which, among other things, will be responsible for protecting the nation's critical ITinfrastructure.
August: Researcher Chris Paget publishes a paper describing "shatter attacks", detailing how Windows' unauthenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be. It is however largely derided as irrelevant as the vulnerabilities it described are caused by vulnerable applications (placing windows on the desktop with inappropriate privileges) rather than an inherent flaw within the Operating System.
July: North Korea claims to have trained 500 hackers who successfully crack South Korean, Japanese, and their allies' computer systems.[43]
2005
April 2: Rafael Núñez (aka RaFa), a notorious member of the hacking group World of Hell, is arrested following his arrival at Miami International Airport for breaking into the Defense Information Systems Agency computer system on June 2001.[44]
November 3: Jeanson James Ancheta, whom prosecutors say was a member of the "Botmaster Underground", a group of script kiddies mostly noted for their excessive use of bot attacks and propagating vast amounts of spam, was taken into custody after being lured to FBI offices in Los Angeles.[46]
2006
January: One of the few worms to take after the old form of malware, destruction of data rather than the accumulation of zombie networks to launch attacks from, is discovered. It had various names, including Kama Sutra (used by most media reports), Black Worm, Mywife, Blackmal, Nyxem version D, Kapser, KillAV, Grew and CME-24. The worm would spread through e-mail client address books, and would search for documents and fill them with garbage, instead of deleting them to confuse the user. It would also hit a web page counter when it took control, allowing the programmer who created it as well as the world to track the progress of the worm. It would replace documents with random garbage on the third of every month. It was hyped by the media but actually affected relatively few computers, and was not a real threat for most users.
May: Jeanson James Ancheta receives a 57-month prison sentence,[47] and is ordered to pay damages amounting to $15,000.00 to the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, for damage done due to DDoS attacks and hacking. Ancheta also had to forfeit his gains to the government, which include $60,000 in cash, a BMW, and computer equipment.[47]
May: The largest defacement in Web History as of that time is performed by the Turkish hacker iSKORPiTX who successfully hacked 21,549 websites in one shot.[48]
July: Robert Moore and Edwin Pena featured on America's Most Wanted with Kevin Mitnick presenting their case commit the first VoIP crime ever seen in the USA. Robert Moore served 2 years in federal prison with a $152,000.00 restitution while Edwin Pena was sentenced to 10 years and a $1 million restitution.
September: Viodentia releases FairUse4WM tool which would remove DRM information off Windows Media Audio (WMA) files downloaded from music services such as Yahoo! Unlimited, Napster, Rhapsody Music and Urge.
2007
May 17: Estonia recovers from massive denial-of-service attack[49]
August 11: United Nations website hacked by Turkish Hacker Kerem125.[53]
2008
January 17: Project Chanology; Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including The Pentagon. They operated from an apartment on a Chinese Island.[54]
March 14: Trend Micro website successfully hacked by Turkish hacker Janizary (aka Utku).[55]
2009
April 4: Conficker worm infiltrated millions of PCs worldwide including many government-level top-security computer networks.[56]
January 12: Operation Aurora Google publicly reveals[57] that it has been on the receiving end of a "highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google"
June: Stuxnet The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of SCADA systems. It slowly became clear that it was a cyber attack on Iran's nuclear facilities - with most experts believing that Israel[58] was behind it - perhaps with US help.
December 3: The first Malware Conference, MALCON took place in India. Founded by Rajshekhar Murthy, malware coders are invited to showcase their skills at this annual event supported by the Government of India. An advanced malware for Symbian OS is released by hacker A0drul3z.
April 9: Bank of America website got hacked by a Turkish hacker named JeOPaRDY. An estimated 85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank officials say no personal customer bank information is available on that web-page. Investigations are being conducted by the FBI to trace down the incriminated hacker.[59]
April 17: An "external intrusion" sends the PlayStation Network offline, and compromises personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest data breaches ever.[60]
Computer hacker sl1nk releases information of his penetration in the servers of the Department of Defense (DoD), Pentagon, NASA, NSA, US Military, Department of the Navy, Space and Naval Warfare System Command and other UK/US government websites.[61]
September: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.[62]
October 16: The YouTube channel of Sesame Street was hacked, streaming pornographic content for about 22 minutes.[63]
November 1: The main phone and Internet networks of the Palestinian territories sustained a hacker attack from multiple locations worldwide.[64]
November 7: The forums for Valve's Steam service were hacked. Redirects for a hacking website, Fkn0wned, appeared on the Steam users' forums, offering "hacking tutorials and tools, porn, free giveaways and much more."[65]
December 14: Five members of the Norwegian hacker group Noria was arrested, allegedly suspected for hacking into the email account of the militant extremist Anders Behring Breivik (who perpetrated the 2011 attacks in the country).[66]
2012
A Saudi hacker, 0XOMAR, published over 400,000 credit cards online,[67] and threatened Israel to release 1 million credit cards in the future. In response to that incident, an Israeli hacker published over 200 Saudi's credit cards online.[68][69]
January 7: "Team Appunity", a group of Norwegian hackers, got arrested for breaking into and publishing the user database of Norway's largest prostitution website.[70]
February 3: Marriott was hacked by a New Age ideologist, Attila Nemeth who was resisting against the New World Order where he said that corporations are allegedly controlling the world. As a response Marriott reported him to the United States Secret Service.[71]
February 8: Foxconn is hacked by a hacker group, "Swagg Security", releasing a massive amount of data including email and server logins, and even more alarming - bank account credentials of large companies like Apple and Microsoft. Swagg Security stages the attack just as a Foxconn protest ignites against terrible working conditions in southern China.[72]
May 24: WHMCS is hacked by UGNazi, they claim that the reason for this is because of the illegal sites that are using their software.
May 31: MyBB is hacked by newly founded hacker group, UGNazi, the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software.
June 5: The social networking website LinkedIn has been hacked and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion.
August 15: The most valuable company in the world Saudi Aramco is crippled by a cyber warfare attack for months by malware called Shamoon. Considered the biggest hack in history in terms of cost and destructiveness . Carried out by an Iranian attacker group called Cutting Sword of Justice[73]. Iranian hackers retaliated against Stuxnet by releasing Shamoon. The malware destroyed over 35,000 Saudi Aramco computers, affecting business operations for months.
December 17: Computer hacker sl1nk announced that he has hacked a total of 9 countries' SCADA systems. The proof includes 6 countries: France, Norway, Russia, Spain, Sweden and the United States.[74]
2013
The social networking website Tumblr is attacked by hackers. Consequently, 65,469,298 unique emails and passwords were leaked from Tumblr. The data breach's legitimacy is confirmed by computer security researcher Troy Hunt.[75]
2014
February 7: The bitcoin exchange Mt.Gox filed for bankruptcy after $460million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4million went missing from its bank accounts.[76]
October: The White House computer system was hacked.[77] It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems."[78]
November 24: In response to the release of the film The Interview, the servers of Sony Pictures are hacked by a hacker group calling itself "Guardian of Peace".
November 28: The website of the Philippine telecommunications company Globe Telecom was hacked in response to the poor internet service they are distributing.[79]
2015
June: the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security-clearance-related information, are stolen from the United States Office of Personnel Management.[80] Most of the victims are employees of the United States government and unsuccessful applicants to it. The Wall Street Journal and the Washington Post report that government sources believe the hacker is the government of China.[81][82]
February: The 2016 Bangladesh Bank heist attempted to take US$951 million from Bangladesh Bank, and succeeded in getting $101 million - although some of this was later recovered.
September: Hacker Ardit Ferizi is sentenced to 20 years in prison after being arrested for hacking U.S. servers and passing the leaked information to members of ISIL terrorist group back in 2015.[83]
October: The 2016 Dyn cyberattack is being conducted with a botnet consisting of IOTs infected with Mirai by the hacktivist groups SpainSquad, Anonymous, and New World Hackers, reportedly in retaliation for Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange at their embassy in London, where he has been granted asylum.[84]
April: A hacker group calling itself "The Dark Overlord" posted unreleased episodes of Orange Is the New Black TV series online after they failed to extort online entertainment company Netflix.[85]
May: WannaCry ransomware attack started on Friday, 12 May 2017,[86] and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.[87]
May: 25,000 digital photos and ID scans relating to patients of the Grozio Chirurgija cosmetic surgery clinic in Lithuania were obtained and published without consent by an unknown group demanding ransoms.[88][89][90] Thousands of clients from more than 60 countries were affected.[88] The breach turned attention to weaknesses in Lithuania's information security.[88]
^"Archived copy"(PDF). Archived from the original(PDF) on 2016-03-14. Retrieved 2017-01-04. ((cite web)): Unknown parameter |deadurl= ignored (|url-status= suggested) (help)CS1 maint: archived copy as title (link)
^"Archived copy". Archived from the original on 2013-04-15. Retrieved 2010-10-08. ((cite web)): Unknown parameter |deadurl= ignored (|url-status= suggested) (help)CS1 maint: archived copy as title (link)
^"Archived copy". Archived from the original on 2012-04-26. Retrieved 2011-10-26. ((cite web)): Unknown parameter |deadurl= ignored (|url-status= suggested) (help)CS1 maint: archived copy as title (link)
^'Hacking' into Prestel is not a Forgery Act offence" (Law Report), The Times, 21 July 1987.
^Stoll, Cliff (1989). The cuckoo's egg. New York: Doubleday. ISBN0-370-31433-6.
^Burger, R.: "Computer viruses - a high tech disease", Abacus/Data Becker GmbH (1988), ISBN1-55755-043-3
^Spafford, E.H.: "The Internet Worm Program: An Analysis", Purdue Technical Report CSD-TR-823 (undated)
^Eichin, M.W. and Rochlis, J.A.: "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", MIT(1989)
^"Archived copy". Archived from the original on 2016-03-04. Retrieved 2015-06-15. ((cite web)): Unknown parameter |deadurl= ignored (|url-status= suggested) (help)CS1 maint: archived copy as title (link)
^Evan Perez; Shimon Prokupecz (8 April 2015). "How the U.S. thinks Russians hacked the White House". CNN. Retrieved 17 December 2016. Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.