Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.
For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.
As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.
Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.
The Era of Trojans (1980s)
Synthwave music wasn’t the only thing to come out of the 1980s. While “phone phreaks” were busy trying to make free long-distance calls, biologist Joseph Popp was busy forging what would become the first widespread ransomware attack.
The AIDS Trojan was a simple hack that paved the way for modern-day ransomware. Dr. Popp delivered his trojan using a 5.25-inch floppy disk, labeled as an AIDS information diskette, along with a EULA warning users that failure to pay a licensing fee to the PC Cyborg Corporation would result in “adverse effects.” Dr. Popp gave out 20,000 copies of his AIDS Trojan disks to attendees of a World Health Organization AIDS conference.
Once the AIDS Trojan infected a victim’s computer, it would start counting the number of times the computer was rebooted. Once the boot count reached 90, the AIDS Trojan encrypted the filenames for all files on the system’s C: drive, rendering the computer useless. The trojan then presented a ransom note that instructed the victim to pay $189 by mail to the PC Cyborg Corporation’s post office box in Panama to “renew their license.”
The AIDS Trojan was eventually traced back to Dr. Popp, who was promptly arrested and extradited from Ohio to London on charges of blackmail for his creation, though he was later released after being deemed mentally unfit to stand trial.
As for the AIDS Trojan, security professionals eventually discovered weaknesses, allowing them to create tools capable of reversing the trojan’s damages.
The Era of Viruses (1990s)
As computers continued to gain sophistication and accessibility in the ‘90s, so did hackers. These attackers were more technically sophisticated and criminally motivated than their 1980s forebears. Their focus also shifted away from general playfulness and exploration to more serious crimes like credit card theft, bank fraud, and government hacking.
The ‘90s also saw a rise in computer viruses, including one of the most prolific macro viruses ever – the Melissa virus. The Melissa virus arrived to its victims as a Microsoft Word document attached to an email. When the victim opened the Word document, an auto-run macro script would execute on the system. The macro would first infect the default Microsoft Word template, causing all other opened Word documents to become carriers of the virus, and then email a copy of itself to the first fifty addresses in the victim’s Outlook address book.
Melissa was so effective at spreading that it forced Microsoft to temporarily block incoming email. Its estimated that at its highest point, Melissa infected 20 percent of all computers, including those at many large business and even the United States government.
A team of investigators including the FBI, the New Jersey State Police, and several private companies and individuals ultimately traced the Melissa virus back to its author, David Smith. Smith was arrested and accused of causing over $80 million in damages from his virus. He was sentenced to 10 years in prison, serving only 20 months of them in exchange for assisting the FBI catch other virus and network worm creators.
The Era of Worms (2000s)
While the dot-com bubble boomed and busted, malicious hackers were capitalizing on skyrocketing internet adoption to earn both fame and fortune. Cyber criminals found ways to monetize their skillsets through botnet armies and clickjacking. The 2000s also saw the beginning of true state-sponsored hacking and the rise of the hacktivist organization Anonymous.
Not every criminal was looking for money however, some simply wanted to watch the world burn at the hands of their malware. One of the most prolific examples of this was the ILOVEYOU worm, which is estimated to have caused damages and cleanup costs in the range of tens of billions of dollars.
The ILOVEYOU Worm propagated as a Visual Basic script (.vbs file) attached to an email with the subject line “ILOVEYOU.” Microsoft’s default extension handling at the time hid the .vbs extension, making the file look like a simple text document. When the victim attempted to open the “text” file, the script executed and began overwriting any images, mp3s and document files it could find. The worm replicated itself by sending a copy of the ILOVEYOU email to the first 500 contacts in the victim’s address book.
ILOVEYOU was so successful in spreading to new systems that it forced several government organizations, including The Pentagon, CIA, and the British Parliament, to completely shut down their email systems while they tried to clean up.
In the aftermath of the ILOVEYOU Worm, Microsoft launched its Trustworthy Computing initiative, vowing to increase security in its products to prevent similar attacks.
The Era of Cyber Espionage and Warfare (2010s)
We aren’t quite finished yet with the 2010s, but in recent years, we’ve seen endless data breaches and nation-state attacks turn hacking into a mainstream news topic. Perhaps the most notorious nation state attack came right at the turn of the decade when the Stuxnet worm caused Iran’s nuclear centrifuges to spin themselves apart.
The Stuxnet worm was an incredibly sophisticated piece of malware that exploited zero-day flaws in Microsoft Windows and Siemens Step7 software to ultimately compromise Iranian Programmable Logic Controllers (PLCs). The final malware payload collected information on the targeted industrial systems and caused nearly a fifth of Iran’s nuclear centrifuges to spin fast enough to destroy themselves.
Stuxnet was the first malware to impact industrial control systems and make the jump from Windows to early IoT devices. Stuxnet opened the world’s eyes to the realities of geopolitical hacking and cyber warfare. In response to Stuxnet, Siemens released a removal tool and Microsoft issued stringent security updates.
We still have a few years left before the end of the decade, but we can already see trends forming that are likely to stick around. Ransomware continues to grow aggressively each year and we’ve even see the introduction of “ransomworms,” IoT botnets are becoming the norm, and hidden cryptocurrency miners are stealing our computer resources without our knowledge.
The next big hacking evolution is still unclear at this point, but tried and true information security best practices can help you weather the storm. Keep your systems updated with the latest security patches. Educate yourself on spotting phishing attempts and other social engineering attacks. And as always, stay up to date on the latest developments in the modern threat landscape so you don’t find yourself blindsided by what comes next.