Timeline of hacker history
Table of contents
1971 a Vietnam War veteran named John Draper discovers that the give-away whistle in Cap'n Crunch cereal boxes perfectly reproduces a 2600 hertz tone. Draper builds a "blue box" that, when used with the whistle and sounded into a phone receiver, allows phreaks to make free calls. Shortly afterwards, Esquire magazine publishes "Secrets of the Little Blue Box" with instructions for making a blue box, and wire fraud in the United States escalates.
Bulletin boards – with names such as Sherwood Forest and Catch-22 – become the venue of choice for phreaks and hackers to gossip, trade tips, and share secret phone numbers computer passwords and even credit card numbers.
1982 In Milwaukee a group of six teenagers hackers calling themselves the 414's (their area code) break into some 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Center before being arrested.
1984 Someone calling himself Lex Luthor founds the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best" — until one of the gang's brightest young acolytes, a kid named Phiber Optik, feuded with Legion of Doomer Erik Bloodaxe and got tossed out of the clubhouse. Phiber's friends formed a rival group, the Masters of Deception.
1984 The Comprehensive Crime Control Act gives the Secret Service jurisdiction over computer fraud.
1984 The hacker magazine 2600 begins regular publication, right when TAP was putting out its final issue. The editor of 2600, "Emmanuel Goldstein" (whose real name is Eric Corley), takes his handle from the leader of the resistance in George Orwell's 1984. The publication provide tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores.
1986 After more and more break-ins to government and corporate computers, Congress passes the Computer Fraud and Abuse Act, which makes it a crime to break into computer systems. The law, however, does not cover juveniles.
1988 The Morris Worm: Robert T. Morris, Jr. (RTM), a graduate student at Cornell University and son of a chief scientist at a division of the National Security Agency, launches a self-replicating worm on the government's ARPAnet (precursor to the Internet) to test its effect on UNIX systems. The worm gets out of hand and spreads to some 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10,000.
1988 Kevin Mitnick secretly monitors the e-mail of MCI Communications and Digital Equipment Corporation security officials. Kevin Mitnick is convicted of violating computer network of Digital Equipment Corporation and sentenced to a year in jail.
Kevin Poulsen — was indicted on phone-tampering charges. Kevin went on the run and avoided capture for 17 months.
1988 First National Bank of Chicago is the victim of $70-million computer theft.
1989 The Germans and the KGB: In the first cyberespionage case to make international headlines, hackers in West Germany (loosely affiliated with the Chaos Computer Club) are arrested for breaking into U.S. government and corporate computers and selling operating-system source code to the Soviet KGB. Three of them are turned in by two fellow hacker spies, and a fourth suspected hacker commits suicide when his possible role in the plan is publicized. Because the information stolen is not classified, the hackers are fined and sentenced to probation. In a separate incident,
1990 Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the role-playing sourcebook GURPS Cyberpunk is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation.
1990, LOD and MOD engaged in almost two years of online warfare — jamming phone lines, monitoring calls, trespassing in each other's private computers. Then the Feds cracked down. For Phiber and friends, that meant jail.
A woman who goes by the handle Natasha Grigori started out in the early starts running a bulletin-board system for software pirates. Now, at age “40-plus,” she’s the founder of antichildporn.org, a group of hackers who use their skills to track kiddie-porn distributors and pass the information on to law enforcement.
1991 resulted in jail sentences for four members of the Masters of Deception. Phiber Optik spent a year in federal prison.
1993 During radio station call-in contests, hacker-fugitive Kevin Poulsen and two friends rig the stations' phone systems to let only their calls through, and "win" two Porsches, vacation trips, and $20,000. Poulsen, already wanted for breaking into phone-company systems, serves five years in prison for computer and wire fraud.
1993 The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering is so popular it becomes an annual event.
1994, summer. Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
1995, February. Kevin Mitnick was arrested again. This time the FBI accused him of stealing 20,000 credit card numbers. Kevin Mitnick is incarcerated on charges of "wire fraud and illegal possession of computer files stolen from such companies as Motorola and Sun Microsystems" He is held in prison for four years without a trial
1995 Hackers deface federal web sites.
1996 The U.S. General Accounting Office reports that hackers attempted to break into Defense Department computer files some 250,000 times in 1995 alone. About 65 percent of the attempts were successful, according to the report.
1997 AOHell is released, a freeware application that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte mail bombs and their chat rooms disrupted with spam messages.
December 1997 Information Security publishes first issue.
January 1998 Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers claiming a "logic bomb" will go off if Mitnick is not released from prison.
1998 The hacking group CULT OF THE DEAD COW releases its Trojan horse program, Back Orifice at DEF CON. Once a user installs the Trojan horse on a machine running Windows 95 or Windows 98, the program allows unauthorized remote access of the machine.
1998 During heightened tensions in the Persian Gulf, hackers touch off a string of break-ins Solar Sunrise, a series of attacks targeting unclassified Pentagon computers and steal software programs, leads to the establishment of round-the-clock, online guard duty at major military computer sites. Then-U.S. Deputy Defense Secretary John Hamre calls it "the most organized and systematic attack" on U.S. military systems to date. An investigation points to two American teens. A 19-year-old Israeli hacker who calls himself The Analyzer (aka Ehud Tenebaum) is eventually identified as their ringleader and arrested. Tenebaum is later made chief technology officer of a computer consulting firm.
March 1998 Timothy Lloyd is indicted for planting a logic bomb on the network of Omega Engineering. The logic bomb causes millions in damage.
1998 Hackers alter The New York Times Web site, renaming it HFG (Hacking for Girlies). The hackers express anger at the arrest and imprisonment of Kevin Mitnick, the subject of the book "Takedown" co-authored by Times reporter John Markoff.
June 1998 Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year.
1999 Software Security Goes Mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.
1999 The Electronic Civil Disobedience project, an online political performance-art group, attacks the Pentagon calling it conceptual art. It said it was protesting U.S. support of the Mexican suppression of rebels in southern Mexico. Carmin Karasic, helped write FloodNet, the tool used by ECD to bombard its opponents with access requests in a symbolic, harmless version of the denial-of-service attacks that took down CNN and Yahoo.
1999 Classified computer systems at Kelly Air Force Base in San Antonio, Texas, come under attack from a number of locations around the world, but the attacks were detected and stopped by newly developed Defense Department systems.
1999 U.S. Information Agency Web site is hacked for the second time in six months. The hacker circumvented the agency's Internet security and damaged the hard drive, leaving behind the message "Crystal, I love you" and the signature "Zyklon."
1999 U.S. President Bill Clinton announces a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same.
1999 "Unidentified hackers seized control of a British military communication satellite and demanded money in return for control of the satellite
January 2000 A Russian cracker attempts to extort $100,000 from online music retailer CD Universe, threatening to expose thousands of customers' credit card numbers. Posting them on a website after the attempt to extort money from the company failed. Barry Schlossberg (AKA Lou Cipher) is successful at extoring 1.4M from CD Universe for "services rendered", in an attempt to "catch the russian hacker".
second week of February 2000 Canadian hacker MafiaBoy In the first and one of the biggest denial-of-service attacks to date, launches successful distributed denial-of-service (DDoS) attack taking down several high-profile Web sites, including Amazon, CNN and Yahoo!.
2000 Hackers break into Microsoft's corporate network and access source code for the latest versions of Microsoft Windows and Microsoft Office software. It is later released to several filesharing networks. The Register splashes with the immortal (and suppositional) headline: 'M$ hacked! Russian Mafia swipes WinME source'.
April 2000 The U.S. Department of Justice unveils a portal that notes the government's position on Internet security and privacy issues, tracks prosecution of cybercriminals and provides guidelines for cybercrime investigations.
May 2000, a new virus appeared that spread rapidly around the globe. The "I Love You" virus infected image and sound files and spread quickly by causing copies of itself to be sent to all individuals in an address book.
May 2000 The LoveLetter virus sweeps across the globe in hours, wreaking havoc on networks and causing millions in damage and lost productivity.
June 2000 The Honeynet Project, led by Lance Spitzner, launches, collecting hacking intelligence through a network of decoy servers.
July 2000 The SANS Institute releases its first "Top 10 Vulnerabilities" list, denoting the most prevalent problems exploited by hackers. Jennifer Grannick is an in-demand lawyer who explains hackers’ rights to them at conventions.
A 19-year-old Midwestern law student who calls herself ViXen900 is a member of the HNC hackers’ group and advises them on legal issues.
2001 Microsoft becomes the prominent victim of a new type of crack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's Web sites are corrupted. The hack is detected within a few hours, but prevents millions of users from reaching Microsoft Web pages for two days.
February 2001 A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.
March 2001 The L10n worm is discovered in the wild attacking older versions of BIND DNS.
April 2001 FBI agents trick two Russian crackers into coming to the U.S. and revealing how they were cracking U.S. banks.
May 2001 Spurred by elevated tensions in Sino-American diplomatic relations, U.S. and Chinese hackers engage in skirmishes of Web defacements that many dub "The Sixth Cyberwar".
May 2001 Crackers begin using "pulsing" zombies, a new DDoS method that has zombie machines send random pings to targets rather than flooding them, making it hard to stop attacks.
May 2001 AV experts identify Sadmind, a new cross-platform worm that uses compromised Sun Solaris boxes to attack Windows NT servers.
August 2001 Code Red, the first polymorphic worm, infects tens of thousands of machines.
September 2001 The World Trade Center and Pentagon terrorist attacks spark lawmakers to pass a barrage of anti terrorism laws many of which group Hackers as terrorists. and remove many long standing personal freedoms in the name of safety.
September 2001 Nimda, a new memory-only worm, wreaks havoc on the Internet, quickly eclipsing Code Red's infection rate and recovery cost.
November 2001 Microsoft and its allies vow to end "full disclosure" of security vulnerabilities by replacing it with "responsible" disclosure guidelines.
February 2002 As part of its Trustworthy Computing initiative, Microsoft shuts down all Windows development, sending more than 8,000 programmers to security training.
July 2002 An Information Security survey finds that most security practitioners favor full disclosure because it helps them defend against hacker exploits and puts pressure of software vendors to improve their products.
August 2002 Researcher Chris Paget publishes "shatter attacks," detailing how Windows' unauthenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be.
February 20, 2003 Ex-employee of Airport Transportation Company Arrested for Allegedly Hacking Into Computer, Destroying Data
March 13, 2003 Computer Cracker Ples Guilty to Computer Intrusion and Credit Card Fraud
April 18, 2003 Ex-employee of Airport Transportation Company Guilty of Hacking into Company's Computer
June 12, 2003 Computer Hacker Sentenced to One Year and One Day And Ordered to Pay More than $88,000 Restitution For Series of Computer Intrusions and Credit Card Fraud
June 12, 2003 Southern California Man Who Hijacked Al Jazeera Website Agrees to Plead Guilty to Federal Charges
July 1, 2003 Kazakhstan Hacker Sentenced to Four Years Prison for Breaking into Bloomberg Systems and Attempting Extortion
July 17, 2003 FBI Employee Arrested and Charged in Three Federal indictments
July 25, 2003 Russian Man Sentenced for Cracking into Computers in the United States
August 23, 2003 Jesus Oquendo "sil" of AntiOffline releases "BRAT" Border Router Attack Tool as part of "Theories in Denials of Service in an effort to make administrators aware of the possibility of a worm attack tool capable of breaking backbone routes on the Internet
September 10, 2003 Deputy Assistant Attorney General John G. Malcolm's Testimony before the United States House of Representatives Committee on Government Reform, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census
September 29, 2003 President of San Diego Computer Security Company Indicted in Conspiracy to Gain Unauthorized Access into Government Computers
October 6, 2003 Former Employee of Viewsonic Pleas Guilty to Hacking into Company's Computer, Destroying Data
November 5, 2003 Dallas, Texas FBI Employee Indicted for Public corruption
November 20, 2003 Three Men Indicted for Hacking into Lowe's Companies' Computers with Intent to Steal Credit Card Information
December 18, 2003 Milford Man pleas guilty to hacking
December 2004 Brian Salcedo sentenced to 9 years in prison for his involvement in hacking into the corporate systems of "Lowe's Home Improvement" and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however.