Cybersecurity’s evolution: from the first computer virus to hacking at a national level

by Cristian Gal / 25 September

Cybersecurity is a major issue for every business with any kind of internet presence, and that’s pretty much every single one. Cybersecurity can affect everything from compliance and data safety to staffing budgets and much more.

Today, cybersecurity is top of mind for just about everyone. But when the internet’s first draft appeared a half-century ago, security wasn’t in the outline. The technical focus was how to make this new packet-based networking scheme work. Security did not occur to the close-knit crew of academic researchers who trusted each other; it was impossible at the time for anyone else to access the fledgling network.

With today’s pervasive use of the internet, a modern surge in cyberattacks and the benefit of hindsight, it’s easy to see how ignoring security was a massive flaw.

Looking back at security events, the relatively short history of cybersecurity reveals important milestones and lessons on where the industry is heading.

 

1971: The first computer virus is discovered

You might assume that computers had to be invented before the concept of the computer virus could exist, but in a certain sense, this isn’t quite right at all. It was mathematician John von Neumann who first conceptualized the idea with his paper released in 1949, in which he suggested the concept of a self-replicating automatic entity working within a computer.

It wasn’t until 1971 that the world would see a real computer virus. DEC PDP-10 computers working on the TENEX operating system started displaying messages saying “I’m the creeper, catch me if you can!”. At the time, users had no idea who or what it could be. Creeper was a worm, a type of computer virus that replicates itself and spreads to other systems; it was created by Bold, Beranek and Newman. While this virus was designed only to see if the concept was possible, it laid the groundwork for viruses to come.

A man named Ray Tomlinson (the same guy who invented email) saw this idea and liked it. He tinkered with the program and made it self-replicating – the first computer worm. Then he wrote another program – Reaper, the first antivirus software which would chase Creeper and delete it.

 

1983: The first patent for cybersecurity in the US

As computers and systems became more advanced, it was not long until technology experts around the world were looking for ways to patent aspects of computer systems. And it was in 1983 that the first patent related to cybersecurity was granted.

In September of that year, the Massachusetts Institute of Technology (MIT) was granted U.S. patent 4,405,829 for a cryptographic communications system. The patent introduced the RSA (Rivest-Shamir-Adleman) algorithm, which was one of the first public key cryptosystems. Interestingly, given that this was the very first patent, it is actually still quite relevant today, as cryptography forms a major part of cybersecurity strategies.

 

1993: The first DEF CON conference runs

This conference is well-known as the major cybersecurity technical conference, and a fixture in the calendar of professionals, ethical hackers, technology journalists, IT experts, and many more.

The conference first ran in June 1993. It was organized by Jeff Moss and attended by around 100 people. However, it wouldn’t stay that small for very long. Today, the conference is attended by over 20,000 cybersecurity professionals from around the world every year.

 

1995: SSL is created

There is a security protocol that we are often guilty of taking for granted. The Secure Sockets Layer (SSL) is an internet protocol that makes it safe and possible to do things that we think of as commonplace, such as buying items online securely.

After the first-ever web browser was released, the company Netscape began working on the SSL protocol. It was in February 1995 that Netscape launched SSL 2.0, which would become the key language for securely using the internet – the Hyper Text Transfer Protocol Secure (HTTPS). Today, when you see “HTTPS” in a website address, you know its communications with your browser are encrypted. This was perhaps the most important cybersecurity measure for many years.

 

2003: Anonymous is created

Perhaps the most famous hacking group in the word, Anonymous made a name for themselves by committing cyberattacks against targets that were considered to generally be bad. The group has no specific leader and is in fact a collection of a large number of users, which may contribute in big or small ways. Together, they exist as an anarchic, digitized global brain.

The group came to prominence in 2003 and has carried out many successful hacking attempts against organizations such as the Church of Scientology. Anonymous hackers are characterized by their wearing of Guy Fawkes masks and continues being linked to numerous high-profile incidents. Its main cause is protecting citizens’ privacy.

 

2010: Hacking uncovered at a national level

Google surprised the world in 2010, when it disclosed a security breach of its infrastructure in China – a project it named “Operation Aurora“. Before 2010, it had been very unusual for organizations to announce data breaches.

Google’s initial belief was that the attackers were attempting to gain access to the Gmail accounts of Chinese human rights activists. However, analysts discovered the true intent was identifying Chinese intelligence operatives in the U.S. who may have been on watch lists for American law enforcement agencies. The attacks also hit more than 50 companies in the internet, finance, technology, media and chemical sectors.

 

Today: Cybersecurity is more important than ever

It has never been more important for businesses to take cybersecurity seriously. It has the power now to affect just about everything from search engine optimization (SEO) to overall company budgets and spending needs.

Organizations must learn from the fast growth in the history of cybersecurity in order to make smart decisions for the future.

In recent years, massive breaches have hit name brands like Target, Anthem, Home Depot, Equifax, Yahoo, Marriott and more, compromising data for the companies and billions of consumers. In reaction, stringent regulations to protect citizen privacy like the EU General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act are raising the bar for compliance. And cyberspace has become a digital battleground for nation-states and hacktivists. To keep up, the cybersecurity industry is constantly innovating and using advanced machine learning and AI-driven approaches, for example, to analyze network behavior and prevent adversaries from winning. It’s an exciting time for the market, and looking back only helps us predict where it’s going.