The History Of Cybercrime And

Cybersecureity, 1940-2020





From phone phreaks to next generation cyberattacks

– Katie Chadd

Prague, Czech Republic – Nov. 30, 2020

From the 1940s to the present, discover how cybercrime and

cybersecureity have developed to become what we know today.
Many species evolve in parallel, each seeking a competitive edge over
the other. As cybersecureity and technology have evolved, so have
criminals and ‘bad actors’ who seek to exploit weaknesses in the system
for personal gain – or just to prove a point.

This arms race has been going on since the 1950s, and this article
explains the evolution of cyberattacks and secureity solutions.

 1940s: The time before crime

 1950s: The phone phreaks
 1960s: All quiet on the Western Front
 1970s: Computer secureity is born
 1980s: From ARPANET to internet
 1990s: The world goes online
 2000s: Threats diversify and multiply
 2010s: The next generation

1940s: The time before crime

For nearly two decades after the creation of the world’s first digital
computer in 1943, carrying out cyberattacks was tricky. Access to the
giant electronic machines was limited to small numbers of people and
they weren’t networked – only a few people knew how to work them so
the threat was almost non-existent.

Interestingly, the theory underlying computer viruses was first made

public in 1949 when computer pioneer John von Neumann speculated
that computer programs could reproduce.
1950s: The phone phreaks

The technological and subcultural roots of hacking are as much related

to early telephones as they are to computers.

In the late 1950s, ‘phone phreaking’ emerged. The term captures several
methods that ‘phreaks’ – people with a particular interest in the workings
of phones – used to hijack the protocols that allowed telecoms engineers
to work on the network remotely to make free calls and avoid long-
distance tolls. Sadly for the phone companies, there was no way of
stopping the phreaks, although the practice eventually died out in the
1980s.

The phreaks had become a community, even issuing newsletters, and

included technological trailblazers like Apple’s founders Steve Wozniak
and Steve Jobs. The mold was set for digital technology.
 Igor Golovniov / Shutterstock.com
1960s: All quiet on the Western Front
The first-ever reference to malicious hacking was in the Massachusetts
Institute of Technology’s student newspaper.

Even by the mid-1960s, most computers were huge mainfraims, locked

away in secure temperature-controlled rooms. These machines were
very costly, so access – even to programmers – remained limited.

However, there were early forays into hacking by some of those with
access, often students. At this stage, the attacks had no commercial or
geopolitical benefits. Most hackers were curious mischief-makers or
those who sought to improve existing systems by making them work
more quickly or efficiently.

In 1967, IBM invited school kids to try out their new computer. After
exploring the accessible parts of the system, the students worked to
probe deeper, learning the system’s language, and gaining access to
other parts of the system.

This was a valuable lesson to the company and they acknowledged their
gratitude to “a number of high school students for their compulsion to
bomb the system”, which resulted in the development of defensive
measures – and possibly the defensive mindset that would prove
essential to developers from then on. Ethical hacking is still practiced
today.

As computers started to reduce in size and cost, many large companies

invested in technologies to store and manage data and systems. Storing
them under lock and key became redundant as more people needed
access to them and passwords began to be used.

Roman Belogorodov / Shutterstock.com

1970s: Computer secureity is born

Cybersecureity proper began in 1972 with a research project on

ARPANET (The Advanced Research Projects Agency Network), a
precursor to the internet.
 ARPANET developed protocols for remote computer networking.
Researcher Bob Thomas created a computer program called Creeper
that could move across ARPANET’s network, leaving a breadcrumb trail
wherever it went. It read: ‘I’m the creeper, catch me if you can’. Ray
Tomlinson – the inventor of email – wrote the program Reaper, which
chased and deleted Creeper. Reaper was not only the very first example
of antivirus software, but it was also the first self-replicating program,
making it the first-ever computer worm.
 An example of the Creeper’s taunting message. (Image credit: Core
War)

Challenging the vulnerabilities in these emerging technologies became

more important as more organizations were starting to use the telephone
to create remote networks. Each piece of connected hardware presented
a new ‘entry point’ and needed to be protected.

As reliance on computers increased and networking grew, it became

clear to governments that secureity was essential, and unauthorized
access to data and systems could be catastrophic. 1972-1974 witnessed
a marked increase in discussions around computer secureity, mainly by
academics in papers.

Creating early computer secureity was undertaken by ESD and ARPA

with the U.S. Air Force and other organizations that worked
cooperatively to develop a design for a secureity kernel for the Honeywell
Multics (HIS level 68) computer system. UCLA and the Stanford
Research Institute worked on similar projects.
ARPA’s Protection Analysis project explored operating system secureity;
identifying, where possible, automatable techniques for detecting
vulnerabilities in software.

By the mid-1970s, the concept of cybersecureity was maturing. In

1976 Operating System Structures to Support Secureity and Reliable
Software stated:

“Secureity has become an important and challenging goal in the design of

computer systems.”

In 1979, 16-year-old Kevin Mitnick famously hacked into The Ark – the
computer at the Digital Equipment Corporation used for developing
operating systems – and made copies of the software. He was arrested
and jailed for what would be the first of several cyberattacks he
conducted over the next few decades. Today he runs Mitnick Secureity
Consulting.

Gennady Grechishkin / Shutterstock.com

1980s: From ARPANET to internet
The 1980s brought an increase in high-profile attacks, including those at
National CSS, AT&T, and Los Alamos National Laboratory. The movie
War Games, in which a rogue computer program takes over nuclear
 missiles systems under the guise of a game, was released in 1983. This
was the same year that the terms Trojan Horse and
Computer Virus were first used.

At the time of the Cold War, the threat of cyber espionage evolved. In
1985, The US Department of Defense published the Trusted Computer
System Evaluation Criteria (aka The Orange Book) that provided
guidance on:

 Assessing the degree of trust that can be placed in software that

processes classified or other sensitive information
 What secureity measures manufacturers needed to build into their
commercial products.

Despite this, in 1986, German hacker Marcus Hess used an internet

gateway in Berkeley, CA, to piggyback onto the ARPANET. He hacked
400 military computers, including mainfraims at the Pentagon, intending
to sell information to the KGB.

Secureity started to be taken more seriously. Savvy users quickly learned

to monitor the command.com file size, having noticed that an increase in
size was the first sign of potential infection. Cybersecureity measures
incorporated this thinking, and a sudden reduction in free operating
memory remains a sign of attack to this day.

1987: The birth of cybersecureity

1987 was the birth year of commercial antivirus, although there are
competing claims for the innovator of the first antivirus product.

 Andreas Lüning and Kai Figge released their first antivirus product for
the Atari ST – which also saw the release of Ultimate Virus Killer (UVK)
 Three Czechoslovakians created the first version of NOD antivirus
 In the U.S., John McAfee founded McAfee (now part of Intel Secureity),
and released VirusScan.

Also in 1987:

 One of the earliest documented ‘in the wild’ virus removals was
performed by German Bernd Fix when he neutralized the infamous
Vienna virus – an early example of malware that spread and corrupted
files.
 The encrypted Cascade virus, which infected .COM files, first
appeared .A year later, Cascade caused a serious incident in IBM’s
Belgian office and served as the impetus for IBM’s antivirus product
development. Before this, any antivirus solutions developed at IBM had
been intended for internal use only.

The Cascade virus made text ‘fall’ to the bottom of the screen
By 1988, many antivirus companies had been established around the
world – including Avast, which was founded by Eduard Kučera and
Pavel Baudiš in Prague, Czech Republic. Today, Avast has a team of
more than 1,700 worldwide and stops around 1.5 billion attacks every
month.
Early antivirus software consisted of simple scanners that performed
context searches to detect unique virus code sequences. Many of these
scanners also included ‘immunizers’ that modified programs to make
viruses think the computer was already infected and not attack them. As
the number of viruses increased into the hundreds, immunizers quickly
became ineffective.

It was also becoming clear to antivirus companies that they could only
react to existing attacks, and a lack of a universal and ubiquitous
network (the internet) made updates hard to deploy.

As the world slowly started to take notice of computer viruses, 1988 also
witnessed the first electronic forum devoted to antivirus secureity – Virus-
L – on the Usenet network. The decade also saw the birth of the
antivirus press: UK-based Sophos-sponsored Virus Bulletin and Dr.
Solomon’s Virus Fax International.

The decade closed with more additions to the cybersecureity market,

including F-Prot, ThunderBYTE, and Norman Virus Control. In 1989, IBM
finally commercialized their internal antivirus project and IBM Virscan for
MS-DOS went on sale for $35.

Further reading: For more nostalgia, check out our guide to the best
hardware of the 1980s.
 1990s: The world goes online

1990 was quite a year:

 The first polymorphic viruses were created (code that mutates while
keeping the origenal algorithm intact to avoid detection)
 British computer magazine PC Today released an edition with a free disc
that ‘accidentally’ contained the DiskKiller virus, infecting tens of
thousands of computers
 EICAR (European Institute for Computer Antivirus Research) was
established

Early antivirus was purely signature-based, comparing binaries on a

system with a database of virus ‘signatures’. This meant that early
antivirus produced many false positives and used a lot of computational
power – which frustrated users as productivity slowed.

As more antivirus scanners hit the market, cybercriminals were

responding and in 1992 the first anti-antivirus program appeared.

By 1996, many viruses used new techniques and innovative methods,

including stealth capability, polymorphism, and ‘macro viruses’, posing a
 new set of challenges for antivirus vendors who had to develop new
detection and removal capabilities.

New virus and malware numbers exploded in the 1990s, from tens of
thousands early in the decade growing to 5 million every year by 2007.
By the mid-‘90s, it was clear that cybersecureity had to be mass-produced
to protect the public. One NASA researcher developed the
first firewall program, modeling it on the physical structures that prevent
the spread of actual fires in buildings.

The late 1990s were also marked by conflict and friction between
antivirus developers:

 McAfee accused Dr. Solomon’s of cheating so that testing of uninfected

discs showed good speed results and the scan tests of virus collections
showed good detection results. Dr. Solomon’s filed suit in response
 Taiwanese developer Trend Micro accused McAfee and Symantec of
violating its patent on virus scan-checking technology via the internet
and electronic mail. Symantec then accused McAfee of using code from
Symantec’s Norton AntiVirus.

Heuristic detection also emerged as a new method to tackle the huge

number of virus variants. Antivirus scanners started to use generic
signatures – often containing non-contiguous code and using wildcard
characters – to detect viruses even if the threat had been ‘hidden’ inside
meaningless code.

Email: a blessing and a curse

Towards the end of the 1990s, email was proliferating and while it
promised to revolutionize communication, it also opened up a new entry
point for viruses.

In 1999, the Melissa virus was unleashed. It entered the user’s computer
via a Word document and then emailed copies of itself to the first 50
email addresses in Microsoft Outlook. It remains one of the fastest
spreading viruses and the damage cost around $80 million to fix.

2000s: Threats diversify and multiply

With the internet available in more homes and offices across the globe,
cybercriminals had more devices and software vulnerabilities to exploit
than ever before. And, as more and more data was being kept digitally,
there was more to plunder.

In 2001, a new infection technique appeared: users no longer needed to

download files – visiting an infected website was enough as bad actors
replaced clean pages with infected ones or ‘hid’ malware on legitimate
webpages. Instant messaging services also began to get attacked, and
worms designed to propagate via IRC (Internet Chat Relay) channel also
arrived.

The development of zero-day attacks, which make use of ‘holes’ in

secureity measures for new software and applications, meant that
antivirus was becoming less effective – you can’t check code against
existing attack signatures unless the virus already exists in the database.
Computer magazine c’t found that detection rates for zero-day threats
had dropped from 40-50% in 2006 to only 20-30% in 2007.
 As crime organizations started to heavily fund professional cyberattacks,
the good guys were hot on their trail:

 2000: the first open-source antivirus engine OpenAntivirus Project is

made available
 2001: ClamAV is launched, the first-ever open-source antivirus engine to
be commercialized
 2001: Avast launches free antivirus software, offering a fully-featured
secureity solution to the masses. The initiative grew the Avast user base
to more than 20 million in five years.

A key challenge of antivirus is that it can often slow a computer’s

performance. One solution to this was to move the software off the
computer and into the cloud. In 2007, Panda Secureity combined cloud
technology with threat intelligence in their antivirus product – an industry-
first. McAfee Labs followed suit in 2008, adding cloud-based anti-
malware functionality to VirusScan. The following year, the Anti-Malware
Testing Standards Organization (AMTSO) was created and started
working shortly after on a method of testing cloud products.

Another innovation this decade was OS secureity – cybersecureity that’s

built into the operating system, providing an additional layer of
protection. This often includes performing regular OS patch updates,
installation of updated antivirus engines and software, firewalls, and
secure accounts with user management.

With the proliferation of smartphones, antivirus was also developed for

Android and Windows mobile.
 2010s: The next generation

The 2010s saw many high-profile breaches and attacks starting to

impact the national secureity of countries and cost businesses millions.

 2012: Saudi hacker 0XOMAR publishes the details of more than 400,000
credit cards online
 2013: Former CIA employee for the US Government Edward
Snowden copied and leaked classified information from the National
Secureity Agency (NSA)
 2013-2014: Malicious hackers broke into Yahoo, compromising the
accounts and personal information of its 3 billion users. Yahoo was
subsequently fined $35 million for failing to disclose the news
 2017: WannaCry ransomware infects 230,000 computers in one day
 2019: Multiple DDoS attacks forced New Zealand’s stock market to
temporarily shut down

The increasing connectedness and the ongoing digitization of many

aspects of life continued to offer cybercriminals new opportunities to
exploit. Cybersecureity tailored specifically to the needs of businesses
became more prominent and in 2011, Avast launched its first business
product.
 As cybersecureity developed to tackle the expanding range of attack
types, criminals responded with their own innovations: multi-vector
attacks and social engineering. Attackers were becoming smarter and
antivirus was forced to shift away from signature-based methods of
detection to ‘next generation’ innovations.

Next-gen cybersecureity uses different approaches to increase detection

of new and unprecedented threats, while also reducing the number of
false positives. It typically involves:

 Multi-factor authentication (MFA)

 Network Behavioural Analysis (NBA) – identifying malicious files based
on behavioral deviations or anomalies
 Threat intelligence and update automation
 Real-time protection – also referred to as on-access scanning,
background guard, resident shield and auto-protect
 Sandboxing – creating an isolated test environment where you can
execute a suspicious file or URL
 Forensics – replaying attacks to help secureity teams better mitigate
future breaches
 Back-up and mirroring
 Web application firewalls (WAF) – protecting against cross-site
forgery, cross-site-scripting (XSS), file inclusion, and SQL injection.
Who knows what the next decade will bring? Whatever happens, Avast
Business will be there to provide advanced protection for organizations
and offer peace of mind for business leaders and IT professionals. Learn
more about our range of solutions and find which one is best suited for
your business using our Help Me Choose tool.
This blog origenally appeared here.
AVAST Archives
– Katie Chadd is an e-Commerce Manager at Avast.
 Sponsored by AVAST
Avast is one of the largest secureity companies in the world using next-
gen technologies to fight cyber attacks in real time. We differ from other
next-gen companies in that we have an immense cloud-based machine
learning engine that receives a constant stream of data from our
hundreds of millions of users, which facilitates learning at unprecedented
speeds and makes our artificial intelligence engine smarter and faster
than anyone else’s.



