Corey Nachreiner, CTO at WatchGuard, looks back at hacks through history and how they have shaped the future of cyber-security.
For nearly four decades, cyber criminals have been exploiting our growing dependence on technology for fun, profit and power. At the beginning, the term hacker referred to young techies looking to build a reputation on the internet. But it has since become a more sinister term for data thieves, malicious online entrepreneurs and geopolitical operatives.
The threats and tactics that hackers use have evolved too: from small-time phishing scams to dangerous world-wide ransomware worms.
As a result, the security industry has been in game of cyber cat-and-mouse for the better part of half a century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by increasingly sophisticated threat actors.
Let’s take trip back in history to review some of the most notorious hacks in each era, why they mattered, and how the security industry responded.
A new threat (1970s)
At the dawn of the internet, when a small number of mainframes owned by government entities, universities and a few large corporations were connected on ARPAnet, malicious software involved simple programs that replicated games or cryptic messages to users. The Creeper worm was an early example created in 1971. Once a mainframe computer was infected with Creeper, it displayed a message daring the user to capture "the creeper". No damage was caused. Even so, "Reaper" was created to hunt and destroy Creeper, perhaps the first example of anti-malware software.
Early ransomware (1980s)
Synthwave music wasn’t the only thing to come out of the 1980s. While phone phreaks were busy trying to make free long-distance calls, biologist Joseph Popp was busy forging what would become the first widespread ransomware attack.
The AIDS Trojan was a simple hack that paved the way for modern-day ransomware. Dr Popp delivered his trojan using a 5.25-inch floppy disk, labelled as an AIDS information diskette, along with an end user licence agreement warning users that failure to pay the licensing fee to PC Cyborg Corporation would result in ‘adverse effects’. Dr Popp gave out 20,000 copies of his AIDS Trojan disks to attendees at a World Health Organisation AIDS conference.
Once the AIDS Trojan infected a victim’s computer, it would start counting the number of times the computer was rebooted. Once the boot count reached 90, the AIDS Trojan encrypted the filenames for all files on the system’s C: drive, rendering the computer useless. The trojan then presented a ransom note that instructed the victim to pay $189 by mail to the PC Cyborg Corporation’s post office box in Panama to ‘renew their license’.
The AIDS Trojan was eventually traced back to Dr Popp. He was arrested and extradited from Ohio to London on charges of blackmail for his creation, though he was later released after being deemed mentally unfit to stand trial. As for the AIDS Trojan, security professionals eventually discovered weaknesses, allowing them to create tools capable of reversing the Trojan’s damages.
Rise of the viruses (1990s)
As computers continued to gain sophistication and accessibility in the 1990s, so did hackers. These attackers were more technically sophisticated than their 1980s forebears. Their focus also shifted to more serious crimes like credit card theft, bank fraud and government hacking.
The 1990s saw a rise in computer viruses. These had been around since the mid 1980s but they entered the consciousness of the wider public in 1992 with the MichelAngelo worm. Then towards the end of the decade most prolific macro viruses ever appeared – the Melissa virus. Melissa appeared to its victims as a Microsoft Word document attached to an email. When the victim opened the Word document, an auto-run macro script would execute on the system. The macro would first infect the default Microsoft Word template, causing all other opened Word documents to become carriers of the virus. It would then email a copy of itself to the first 50 addresses in the victim’s Outlook address book.
Melissa was so effective at spreading that it forced Microsoft to temporarily block incoming email. It’s estimated that at its highest point, Melissa infected 20 percent of all computers, including those at many large businesses and even the US government.
A team of investigators including the FBI, eventually traced the Melissa virus back to its author, David Smith, who was arrested and accused of causing over $80 million in damages from his virus. He was sentenced to 10 years in prison, but served only 20 months in exchange for assisting the FBI in catching other virus and network worm creators.
Also of interest: Hacking and the World Cup
Botnets and worms (2000s)
While the dot-com bubble boomed and bust during the later 1990s to early 2000s, malicious hackers were capitalising on skyrocketing internet adoption.
Cyber criminals found ways to monetise their skill-sets through botnet armies (large numbers of computers that had been taken over and were remotely controlled by hackers). Click-jacking (tricking a Web user into clicking on something that looks safe and attractive but actually leads to a fraudulent site) also became popular.
Not every criminal was looking for money, however. The 2000s also saw the beginning of true state-sponsored hacking and the rise of the hacktivist organisations (politically motivated hackers) such as Anonymous.
Other hackers simply wanted to watch the world burn at the hands of their malware. One of the most prolific examples of this was the ILOVEYOU worm, which is estimated to have caused damage costing tens of billions of pounds to clean up.
The ILOVEYOU worm propagated as a Visual Basic script (.vbs file) attached to an email with the subject line “ILOVEYOU.” Microsoft’s default extension handling at the time hid the .vbs extension, making the malware file look like a simple text document. When the victim attempted to open the file, the malicious code was activated and began overwriting any images, mp3s and document files it could find. The worm replicated itself by sending a copy of the ILOVEYOU email to the first 500 contacts in the victim’s address book.
ILOVEYOU was so successful in spreading to new systems that it forced several government organisations, including the Pentagon and the CIA to completely shut down their email systems while they tried to clean them up.
In the aftermath of the ILOVEYOU Worm, Microsoft launched its Trustworthy Computing initiative, vowing to increase security in its products to prevent similar attacks.
Cyber espionage and warfare (2010s)
While the first cyber warfare attack probably happened in 2007, a DDoS attack against Estonia, cyber warfare came of age in 2010 with the Stuxnet worm, malware that caused Iran’s nuclear centrifuges to spin themselves apart.
Stuxnet was an incredibly sophisticated piece of malware that exploited zero-day flaws in Microsoft Windows and Siemens Step7 software to ultimately compromise Iranian Programmable Logic Controllers (PLCs). The final malware payload collected information on the targeted industrial systems and caused nearly a fifth of Iran’s nuclear centrifuges to spin fast enough to destroy themselves.
Stuxnet was the first malware to impact industrial control systems and make the jump from Windows to early IoT devices. Stuxnet opened the world’s eyes to the realities of geopolitical hacking and cyber warfare. In response to Stuxnet, Siemens released a removal tool and Microsoft issued stringent security updates.
A couple of years later Flame appeared on the scene, again targeting Iran as well as other middle eastern countries. Iran took revenge in 2012 with the Shamoon malware that targeted Saudi Arabia's Aramco. And then in 2014 Britain's GCHQ was implicated in the creation of Regin, built (at least according to some people) to spy on the UK's European allies.
Since then North Korea has been in the frame, blamed by many for the major cyber attack on Sony Pictures in 2014 and the more recent WannaCry attack in 2017. But the UK too is embracing cyber warfare and is "using offensive cyber routinely in the war against Daesh" (ISIS).
Also of interest: Korean hackers still active
Into the future
As we head towards the end of the decade, we can already see trends forming that are likely to stick around into the 2020s. Ransomware continues to grow aggressively each year and we’ve even see the introduction of ransomworms and IoT botnets becoming the norm, while hidden cryptocurrency miners are stealing our computer resources without our knowledge.
The next big hacking evolution is still unclear at this point, but tried and true information security best practices can help weather the storm. The advice hasn’t really changed over the last 40 years: keep your systems updated with the latest security patches; educate yourself on spotting phishing attempts and other social engineering attacks; and as always, stay up to date on the latest developments in the modern threat landscape so you don’t find yourself blindsided by what comes next.
WatchGuard provides enterprise-grade network security, secure Wi-Fi, and network intelligence products and services to more than 80,000 small to midsize customers from around the globe.
Image under licence from iStockphoto.co.uk, © olm26250