Author: Jeslyn Guo
Before computers and the internet, cybersecurity did not exist. Prior to the 1970s, words that we hear so much about today such as hacking, ransomware, and viruses did not have meaning. Over the years, modern technology and cybercrime have caused these words to rise to the forefront of our attention. In this article, we’ll take a look at how cybersecurity came to be.
While the first digital computer was created in 1943, these machines were limited to small numbers of people for the first couple decades after their creation. Only a few people knew how to operate these machines which were very costly and rare. Computers were locked away in secure rooms and even software programmers had difficulty accessing them. At this time, hacking was not yet present in its modern form; the only form of “hacking” that did exist was when individuals attempted to gain access to these computers out of mere curiosity. “Hacking” did not involve computers, but rather individuals interested in exploring these unique systems without any financial or political motive.
In the late 1960s, school kids were invited to try out the new computers. Students worked to “hack” deeper into the computer systems which allowed the companies to make adjustments in their defensive measures. This practice is still present today, commonly referred to as ethical hacking. *link to ethical hacking article here
As computers started to become more popular, many companies began to invest in computers to store their data. As opposed to a physical lock and key which lost practicality as time went on, companies increasingly stored information behind passwords.
The creation of ARPANET (the Advances Research Projects Agency Network) marked the beginning of the internet. ARPANET was an early computer network and ushered in the start of cybersecurity in the form of a research project. Bob Thomas, an engineer at BBN Technologies, created the first computer virus, called Creeper. It could move across ARPANET’s network between computers and left a trace reading, “I’m a creeper, catch me if you can”.
This was a harmless virus, but it can be considered the first computer worm. The inventor of the email, Ray Tomlinson, wrote the Reaper program, which searched for and deleted Creeper, acting as the first antivirus software.
In this time, many discussions surrounding computer security began to emerge, particularly in academic papers. Early security systems were developed by the US Air Force and other organizations, as viruses and antiviruses began to evolve. In 1979, 16 year old Kevin Mitnick famously hacked into The Ark, the computer at the digital equipment corporations used for developing operating systems. He was arrested and jailed for this, and his hack marked the beginning of several cyberattacks that would happen over the next few decades. Today, he is the CEO of Mitnick Security Consulting LLC, a computer security consultancy.
During this decade, cyber threats grew and high profile attacks began to arise more frequently. Terms such as trojan horse and computer viruses were first introduced and commonly used. During the time of the Cold War (1947-1991), the threat of cyber espionage became a concern. Security was taken much more seriously as the government released materials to provide guidance on cybersecurity measures and practices.
1987 was a revolutionary year for cybersecurity. The Vienna virus, a malware virus which destroyed files on computers it infected, became well known not for its damage but rather for the fact that it was stopped. German computer researcher Bernd Robert Fix was able to neutralize this instance of an “in the wild” virus. Additionally, this year saw the birth of the commercial antivirus, although there are multiple claims for the creator of this product. Notable antiviruses released were the Ultimate Virus Killer (UVK), NOD antivirus, and VirusScan.
This was the beginning of various cybersecurity programs. Many antivirus companies were established in the late 1980s. During this time, early antivirus programs involved performing searches to detect unique virus code sequences by comparing instances against a database of virus “signatures”. However, these systems tended to produce false positives and took up a lot of power and reduced productivity.
The internet went public in the early 1990s, marking a shift in cybersecurity culture. New virus and malware programs exploded during this decade, and it became clear that cybersecurity had to be made readily available to the public. In the mid 1990s, the first email service was released to the public, a revolutionary step in communication. Nevertheless, this opened up a new entry point for viruses and cyberattacks.
In 1999, the Melissa virus grew exponentially. This virus could enter a user’s computer through a Word document and spread itself to the first 50 email addresses in Microsoft Outlook. It took about $80 million to fix and became known as one of the fastest spreading viruses.
As the world began to understand the urgency of fighting these computer viruses, antivirus security systems advanced and more companies entered the cybersecurity market.
More than ever, cybercriminals had a variety of devices and software vulnerabilities to exploit. As technology evolved, so did the threat that came with widespread innovation. In 2003, the Department of Homeland Security established the National Cyber Security Division in response to cyberattacks and the lack of an effective method to prevent them. This was the first U.S. Government force dedicated to cybersecurity and reflected the concerns at the time.
Smartphones became a significant cybersecurity concern. Not only were computers and software systems pathways for financial exploitation, but now the mini-computer presented a whole new set of challenges. In 2007, Apple launched the first iPhone and antiviruses for smartphones were urgently developed.
This time is widely known for the variety of high profile cybersecurity breaches that threatened not only national security, but the global network. Some notable examples are listed below.
- 2012: Saudi Hacker 0XOMAR published details of about 400,000 credit cards online.
- 2013: An infamous cybersecurity breach, former CIA employee Edward Snowden copied and leaked classified information from the National Security Agency (NSA). As a result, many countries around the world amped up their surveillance operations, as cyber-espionage increased overall.
- 2013-2014: Hackers broke into Yahoo, compromising accounts and the private information of 3 billion users. It cost the company $35 million, and Yahoo did not report this breach until 2016.
- 2014: Mt Gox, a bitcoin exchange based in Japan, was the largest bitcoin exchange network in the world. Hackers were able to take 850,000 bitcoins (~$6.3 billion today) and accounts were compromised within the system.
During this time, hackers realized that they could make huge profits not only by targeting people and consumers, but by directly targeting banks and especially large exchange platforms which had comparatively weaker security protections.
Various other attacks against well-known companies such as Facebook, Marriott, and Target also took place. Ransomware and malware attacks became common. However, as viruses developed, so did antiviruses and the cybersecurity measures taken to fight cybercriminals. Signature based programs were failing and instead software used big data analysis to detect malware by taking a more holistic view of users’ behaviors in order to detect threats.
The world of cybersecurity and technology is constantly evolving. We may only speculate what the future holds as society makes advancements in cutting-edge technology. We know from history that progress comes with its risks, and we understand the importance of protecting our cyberspace.