Timeline of hacker history

This is a timeline of hacker history. Hacking and cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking.

Contents

1 1970s 2 1980s 3 1990s 4 2000s 4.1 2001 4.2 2002 4.3 2003 4.4 2004

1970s

• 1971 — a Vietnam War veteran named John Draper discovers that the give-away whistle in Cap'n Crunch cereal boxes perfectly reproduces a 2600 hertz tone. Draper builds a "blue box" that, when used with the whistle and sounded into a phone receiver, allows phreaks to make free calls. Shortly afterwards, Esquire magazine publishes "Secrets of the Little Blue Box" with instructions for making a blue box, and wire fraud in the United States escalates.
• 1972 — Abbie Hoffman helps found The Youth International Party Line newsletter. Hoffman's publishing partner, Al Bell, changed the YIPL newsletter's name to TAP, for Technical Assistance Program.
• 1972 — The InterNetworking Working Group is founded to govern the standards of the developing network. Vinton Cerf is the chairman and is known as a "Father of the Internet"
• 1973 — college kids Steve Wozniak and Steve Jobs, future founders of Apple Computer, launch a home industry Homebrew Computer Club making and selling blue boxes.
• 1978 — First report of teen-age boys being kicked off the telephone system for pranks.
• Bulletin boards - with names such as Sherwood Forest and Catch-22 - become the venue of choice for phreaks and hackers to gossip, trade tips, and share secret phone numbers computer passwords and even credit card numbers.
• Susan Thunder is one of the early "phone phreakers," part of Kevin Mitnick’s crew who break into phone lines.

1980s

• 1982 — In Milwaukee a group of six teenagers hackers calling themselves the 414's (their area code) break into some 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Center before being arrested.
• 1983 — Movie WarGames introduces the wider public to the phenomenon of hacking.
• 1983 — Secret Service gets jurisdiction over credit card and computer fraud.
• 1984
  • Someone calling himself Lex Luthor founds the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best" — until one of the gang's brightest young acolytes, a kid named Phiber Optik, feuded with Legion of Doomer Erik Bloodaxe and got tossed out of the clubhouse. Phiber's friends formed a rival group, the Masters of Deception.
  • Chaos Computer Club forms in Germany.
  • The Comprehensive Crime Control Act gives the Secret Service jurisdiction over computer fraud.
  • CULT OF THE DEAD COW forms in Lubbock, Texas and begins publishing its ezine.
  • The hacker magazine 2600 begins regular publication, right when TAP was putting out its final issue. The editor of 2600, "Emmanuel Goldstein" (whose real name is Eric Corley), takes his handle from the leader of the resistance in George Orwell's 1984. The publication provide tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores.
• 1985 — The online 'zine Phrack is established.
• 1986 — After more and more break-ins to government and corporate computers, Congress passes the Computer Fraud and Abuse Act, which makes it a crime to break into computer systems. The law, however, does not cover juveniles.
• 1987 — Decoder magazine begins in Italy.
• 1987 — The Computer Emergency Response Team (CERT) is created to address network security.
• 1988
  • The Morris Worm: Robert T. Morris, Jr. (RTM), a graduate student at Cornell University and son of a chief scientist at a division of the National Security Agency, launches a self-replicating worm on the government's ARPAnet (precursor to the Internet) to test its effect on UNIX systems. The worm gets out of hand and spreads to some 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10,000.
  • Kevin Mitnick secretly monitors the e-mail of MCI Communications and Digital Equipment Corporation security officials. Kevin Mitnick is convicted of violating computer network of Digital Equipment Corporation and sentenced to a year in jail.
  • Kevin Poulsen — was indicted on phone-tampering charges. Kevin went on the run and avoided capture for 17 months.
  • First National Bank of Chicago is the victim of $70-million computer theft.
• 1989
  • The Germans and the KGB: In the first cyberespionage case to make international headlines, hackers in West Germany (loosely affiliated with the Chaos Computer Club) are arrested for breaking into U.S. government and corporate computers and selling operating-system source code to the Soviet KGB. Three of them are turned in by two fellow hacker spies, and a fourth suspected hacker commits suicide when his possible role in the plan is publicized. Because the information stolen is not classified, the hackers are fined and sentenced to probation. In a separate incident,
  • Arrest of a hacker who calls himself The Mentor. He publishes a now-famous treatise that comes to be known as the Hacker's Manifesto.
  • Fry Guy is raided by law enforcement; police hunt for Legion of Doom hackers.
  • Jude Milhon (aka St Jude) and R. U. Sirius launch Mondo 2000, a major '90s tech-lifestyle magazine, in Berkeley, California.

1990s

• A woman who goes by the handle Natasha Grigori started out in the early starts running a bulletin-board system for software pirates. Now, at age “40-plus,” she’s the founder of antichildporn.org, a group of hackers who use their skills to track kiddie-porn distributors and pass the information on to law enforcement.
• 1990 — Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the role-playing sourcebook GURPS Cyberpunk is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation.
• 1990 — LOD and MOD engaged in almost two years of online warfare — jamming phone lines, monitoring calls, trespassing in each other's private computers. Then the Feds cracked down. For Phiber and friends, that meant jail.
• 1991
  • Rumors circulate about the "Michelangelo" virus, expected to crash computers on March 6, 1992, the artist's 517th birthday. Doomsday passes without incident.
  • Kevin Poulsen is captured and indicted for stealing military documents.
  • resulted in jail sentences for four members of the Masters of Deception. Phiber Optik spent a year in federal prison.
• 1992 — Release of the movie Sneakers, in which security experts are blackmailed into stealing a universal decoder for encryption systems.
• 1992 — Hackers break into GAFB, NASA and KARI
• 1993
  • During radio station call-in contests, hacker-fugitive Kevin Poulsen and two friends rig the stations' phone systems to let only their calls through, and "win" two Porsches, vacation trips, and $20,000. Poulsen, already wanted for breaking into phone-company systems, serves five years in prison for computer and wire fraud.
  • Texas A&M University professor receives death threats because a hacker used his computer to send 20,000 racist e-mails.
  • The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering is so popular it becomes an annual event.
• 1994 summer — Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
• 1994 — Hackers adapt to emergence of the World Wide Web quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.
• 1995
  • February: Kevin Mitnick was arrested again. This time the FBI accused him of stealing 20,000 credit card numbers. Kevin Mitnick is incarcerated on charges of "wire fraud and illegal possession of computer files stolen from such companies as Motorola and Sun Microsystems" He is held in prison for four years without a trial
  • The movies The Net and Hackers are released.
  • United States Department of Defense computers sustained 250,000 attacks by hackers
  • Hackers deface federal web sites.
  • AOL gives its users access to USENET, precipitating Eternal September.
• 1996
  • Kevin Poulsen is cleared of the military hacking charges and released. He starts a career as a freelance journalist.
  • Hackers alter Web sites of the United States Department of Justice (August), the CIA (October), and the U.S. Air Force (December).
  • Canadian hacker group, Brotherhood, breaks into the Canadian Broadcasting Corporation.
  • The U.S. General Accounting Office reports that hackers attempted to break into Defense Department computer files some 250,000 times in 1995 alone. About 65 percent of the attempts were successful, according to the report.
• 1997
  • AOHell is released, a freeware application that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte mail bombs and their chat rooms disrupted with spam messages.
  • A 15-year-old Croatian youth penetrates computers at a U.S. Air Force base in Guam.
  • December: Information Security publishes first issue.
  • Hackers get into Microsoft's Windows NT operating system.
• 1998
  • January: Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers claiming a "logic bomb" will go off if Mitnick is not released from prison.
  • January: Anti-hacker runs during Super Bowl XXXII
  • The hacking group CULT OF THE DEAD COW releases its Trojan horse program, Back Orifice at DEF CON. Once a user installs the Trojan horse on a machine running Windows 95 or Windows 98, the program allows unauthorized remote access of the machine.
  • February: The Internet Software Consortium proposes the use of DNSSEC--domain-name system security extensions--to secure DNS servers.
  • During heightened tensions in the Persian Gulf, hackers touch off a string of break-ins Solar Sunrise, a series of attacks targeting unclassified Pentagon computers and steal software programs, leads to the establishment of round-the-clock, online guard duty at major military computer sites. Then-U.S. Deputy Defense Secretary John Hamre calls it "the most organized and systematic attack" on U.S. military systems to date. An investigation points to two American teens. A 19-year-old Israeli hacker who calls himself The Analyzer (aka Ehud Tenebaum) is eventually identified as their ringleader and arrested. Tenebaum is later made chief technology officer of a computer consulting firm.
  • March: Timothy Lloyd is indicted for planting a logic bomb on the network of Omega Engineering. The logic bomb causes millions in damage.
  • Hackers alter The New York Times Web site, renaming it HFG (Hacking for Girlies). The hackers express anger at the arrest and imprisonment of Kevin Mitnick, the subject of the book "Takedown" co-authored by Times reporter John Markoff.
  • Two hackers are sentenced to death by a court in China for breaking into a bank computer network and stealing 260,000 yuan ($31,400).
  • June: Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year.
  • July: Hackers break into United Nations Children Fund Web site threathening "holocaust"
  • October: "U.S. Attorney General Janet Reno announces National Infrastructure Protection Center"
  • December: L0pht testifies to the senate that it could shut down nationwide access to the Internet in less than 30 minutes.
• 1999
  • Software Security Goes Mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.
  • The Electronic Civil Disobedience project, an online political performance-art group, attacks the Pentagon calling it conceptual art. It said it was protesting U.S. support of the Mexican suppression of rebels in southern Mexico. Carmin Karasic, helped write FloodNet, the tool used by ECD to bombard its opponents with access requests in a symbolic, harmless version of the denial-of-service attacks that took down CNN and Yahoo.
  • Classified computer systems at Kelly Air Force Base in San Antonio, Texas, come under attack from a number of locations around the world, but the attacks were detected and stopped by newly developed Defense Department systems.
  • U.S. Information Agency Web site is hacked for the second time in six months. The hacker circumvented the agency's Internet security and damaged the hard drive, leaving behind the message "Crystal, I love you" and the signature "Zyklon."
  • Rep. Curt Weldon, R-Pennsylvania, says Defense Department computers are under a "coordinated, organized" attack from hackers. "You can basically say we are at war," he said.
  • U.S. President Bill Clinton announces a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same.
  • Kevin Mitnick, detained since 1995 on charges of computer fraud, signs plea agreement.
  • March: The Melissa worm is released and quickly becomes the most costly malware outbreak to date.
  • April: The U.S. Justice Department declines to prosecute former CIA Director John Deutch for keeping 31 secret files on his home computer after he left office in 1996.
  • October: American Express introduces the "Blue" smart card, the industry's first chip-based credit card in the US.
  • "Unidentified hackers seized control of a British military communication satellite and demanded money in return for control of the satellite
  • December: David L. Smith pleads guilty to creating and releasing the Melissa virus. It's one of the first times a person is prosecuted for writing a virus.

2000s

• January — A Russian cracker attempts to extort $100,000 from online music retailer CD Universe, threatening to expose thousands of customers' credit card numbers. Posting them on a website after the attempt to extort money from the company failed. Barry Schlossberg (AKA Lou Cipher) is successful at extoring 1.4M from CD Universe for "services rendered", in an attempt to "catch the russian hacker".
• Second week of February — Canadian hacker MafiaBoy In the first and one of the biggest denial-of-service attacks to date, launches successful distributed denial-of-service (DDoS) attack taking down several high-profile Web sites, including Amazon, CNN and Yahoo!.
• Activists in Pakistan and the Middle East deface Web sites belonging to the Indian and Israeli governments to protest oppression in Kashmir and Palestine.
• Hackers break into Microsoft's corporate network and access source code for the latest versions of Microsoft Windows and Microsoft Office software. It is later released to several filesharing networks. The Register splashes with the immortal (and suppositional) headline: 'M$ hacked! Russian Mafia swipes WinME source'.
• The following sites were attacked by hackers using distributed denial of service: Yahoo, eBay, CNN.com, Amazon.com, Buy.com, ZDNet, E*Trade, and Datek
• March — President Clinton says he doesn't use e-mail to communicate with his daughter, Chelsea Clinton, at college because he doesn't think the medium is secure.
• April — The U.S. Department of Justice unveils a portal that notes the government's position on Internet security and privacy issues, tracks prosecution of cybercriminals and provides guidelines for cybercrime investigations.
• May — a new virus appeared that spread rapidly around the globe. The "I Love You" virus infected image and sound files and spread quickly by causing copies of itself to be sent to all individuals in an address book.
• May — The LoveLetter virus sweeps across the globe in hours, wreaking havoc on networks and causing millions in damage and lost productivity.
• June — President Clinton signs the "Electronic Signatures in Global and National Commerce" (E-Sign) into law, making digital signatures legally binding.
• June — The Honeynet Project, led by Lance Spitzner, launches, collecting hacking intelligence through a network of decoy servers.
• July — The SANS Institute releases its first "Top 10 Vulnerabilities" list, denoting the most prevalent problems exploited by hackers.

Jennifer Grannick is an in-demand lawyer who explains hackers’ rights to them at conventions.

• A 19-year-old Midwestern law student who calls herself ViXen900 is a member of the HNC hackers’ group and advises them on legal issues.
• Kevin Mitnick is released from prison

2001

• Microsoft becomes the prominent victim of a new type of crack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's Web sites are corrupted. The hack is detected within a few hours, but prevents millions of users from reaching Microsoft Web pages for two days.
• February — A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.
• March — FBI agent Robert P. Hanssen is charged with using his computer skills and FBI access to spy for the Russians.
• March — The L10n worm is discovered in the wild attacking older versions of BIND DNS.
• April — FBI agents trick two Russian crackers into coming to the U.S. and revealing how they were cracking U.S. banks.
• May
  • Spurred by elevated tensions in Sino-American diplomatic relations, U.S. and Chinese hackers engage in skirmishes of Web defacements that many dub "The Sixth Cyberwar".
  • Crackers begin using "pulsing" zombies, a new DDoS method that has zombie machines send random pings to targets rather than flooding them, making it hard to stop attacks.
  • AV experts identify Sadmind, a new cross-platform worm that uses compromised Sun Solaris boxes to attack Windows NT servers.
• July — Russian programmer Dmitry Sklyarov is arrested at the annual Def Con hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA).
• August — Code Red, the first polymorphic worm, infects tens of thousands of machines.
• September — The World Trade Center and Pentagon terrorist attacks spark lawmakers to pass a barrage of anti terrorism laws many of which group Hackers as terrorists. and remove many long standing personal freedoms in the name of safety.
• September — Nimda, a new memory-only worm, wreaks havoc on the Internet, quickly eclipsing Code Red's infection rate and recovery cost.
• November — Microsoft and its allies vow to end "full disclosure" of security vulnerabilities by replacing it with "responsible" disclosure guidelines.
• November — The European Union adopts the controversial cybercrime treaty, which makes the possession and use of hacking tools illegal.

l/skl

2002

• January — Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign.
• February — As part of its Trustworthy Computing initiative, Microsoft shuts down all Windows development, sending more than 8,000 programmers to security training.
• April — The U.S. Army initiates the "Mannheim Project," an effort to better consolidate and secure the military's IT assets from cyberwarfare.
• May — Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage.
• June — The Bush administration files a bill to create the Department of Homeland Security, which, among other things, will be responsible for protecting the nation's critical IT infrastructure.
• July — An Information Security survey finds that most security practitioners favor full disclosure because it helps them defend against hacker exploits and puts pressure of software vendors to improve their products.
• August — Researcher Chris Paget publishes "shatter attacks," detailing how Windows' unauthenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be.
• September — The White House's Office of Homeland Security releases a draft of the "National Strategy to Secure Cyberspace," which many criticize as being too weak.
• October — The International Information Systems Security Certification Consortium--(ISC)2--confers its 10,000th CISSP certification.

2003

• January 23 — Pittsburgh, Pennsylvania Man Convicted of Hacking a Judge's Personal E-Mail Account
• February 6 — Former Employee of Viewsonic Arrested on Charges of Hacking into Company's Computer, Destroying Data
• February 13 — Ohio Man Attacked NASA Computer System Shutting Down Email Server
• February 20 — Ex-employee of Airport Transportation Company Arrested for Allegedly Hacking Into Computer, Destroying Data
• February 26 — U.S. Convicts Kazakhstan Cracker of Breaking into Bloomberg L.P.'s Computers and Attempting Extortion
• February 26 — Former Employee of American Eagle Outfitters Indicted on Charges of Password Trafficking and Computer Damage
• February 28 — Los Angeles, California Man Sentenced to Prison for Role in International Computer Hacking and Internet Fraud Scheme
• March 10 — California Woman Convicted for Unauthorized Computer Access to Customer Account Information in Credit Union Fraud Prosecution
• March 13 — Computer Cracker Ples Guilty to Computer Intrusion and Credit Card Fraud
• March 13 — St. Joseph, Missouri Man Pleas Guilty in District's First Computer Cracking Conviction
• March 14 — Student Charged with Unauthorized Access to University of Texas Computer System
• April 2 — San Jose, California Man Indicted for Theft of Trade Secrets and Computer Fraud
• April 18 — Ex-employee of Airport Transportation Company Guilty of Hacking into Company's Computer
• May 12 — Three Californians Indicted in Conspiracy to Commit Bank fraud and Identity Theft
• June 12 — Computer Hacker Sentenced to One Year and One Day And Ordered to Pay More than $88,000 Restitution For Series of Computer Intrusions and Credit Card Fraud
• June 12 — Southern California Man Who Hijacked Al Jazeera Website Agrees to Plead Guilty to Federal Charges
• July 1 — Kazakhstan Hacker Sentenced to Four Years Prison for Breaking into Bloomberg Systems and Attempting Extortion
• July 11 — Queens, New York Man Pleads to Federal Charges of Computer Damage, Access Device Fraud and Software Piracy
• July 17 — FBI Employee Arrested and Charged in Three Federal indictments
• July 25 — Russian Man Sentenced for Cracking into Computers in the United States
• August 23 — Jesus Oquendo "sil" of AntiOffline releases "BRAT (http://www.infiltrated.net/brat.c)" Border Router Attack Tool as part of "Theories in Denials of Service in an effort to make administrators aware of the possibility of a worm attack tool capable of breaking backbone routes on the Internet
• August 25 — Former Computer Technician in Douglasville, Georgia Arrested for Hacking into Government Computer Systems in Southern California
• August 29 — Minneapolis, Minnesota 18 year old Arrested for Developing and Releasing B Variant of Blaster Computer Worm
• September 9 — U.S. Charges Cracker with Illegally Accessing New York Times Computer Network
• September 10 — Deputy Assistant Attorney General John G. Malcolm's Testimony before the United States House of Representatives Committee on Government Reform, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census
• September 26 — Juvenile Arrested for Releasing Variant of Blaster Computer Worm That Attacked Microsoft
• September 29 — President of San Diego Computer Security Company Indicted in Conspiracy to Gain Unauthorized Access into Government Computers
• October 6 — Former Employee of Viewsonic Pleas Guilty to Hacking into Company's Computer, Destroying Data
• October 7 — Disgruntled Philadelphia Phillies Fan Charged with Hacking into Computers Triggering spam E-mail Attacks
• November 5 — Dallas, Texas FBI Employee Indicted for Public corruption
• November 20 — Three Men Indicted for Hacking into Lowe's Companies' Computers with Intent to Steal Credit Card Information
• November 20 — Two Alleged Computer Hackers Charged in Los Angeles as Part of Nationwide 'Operation Cyber Sweep'
• December 5 — Former Hellmann Logistics Computer Programmer Sentenced for Unauthorized Computer Intrusion
• December 18 — Milford Man pleas guilty to hacking

2004

• December — Brian Salcedo sentenced to 9 years in prison for his involvement in hacking into the corporate systems of Lowe's home improvement stores and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however.