US Defense Science Board Group Report on Computer Vulnerability was released. It was published by Rand for the Office of the Director of Defense Research and Engineering, Department of Defense. This report outlined security controls for computer systems.
West German hacker Markus Hess, recruited by the KGB as a US spy, attacks Lawrence Berkley National Labs with the intention of securing US military information. Hess was later discovered by Clifford Stoll, and Stoll's efforts to track and capture Hess were later outlined in the popular book the Cuckoo's Egg. This was one of the first incidents for awareness of cyber conflict problems.
The Computer Fraud and Abuse Act passed. This law introduced criminal code provisions that would become increasingly difficult to enforce in the face of swift technological change. Robert Morris was the first person convicted under this Act in 1990.
The Electronic Communications Privacy Act passed. This primarily prohibited unauthorized government access to wire, oral, and electronic communications; surveillance; electronic storage; wire taps; etc.
The Computer Security Act passed. This improved the security and privacy of Federal computer systems and established a “best practices” for computer security. This act was later repealed by the Federal Information Security Management Act
Morris Worm was released by Robert Tappan Morris. This incident unintentionally took down a considerable portion of the Internet. It was designed to infect as many machines as possible, and be difficult to track and stop. The Morris Worm is considered the first worms distributed via the Internet.
Dutch Hackers (teenagers from Holland) intruded into the networks of 34 US military installations during the lead up to the first Gulf War. Using fairly unsophisticated methods, the hackers were searching for information on missiles, nuclear weapons, and DESERT SHIELD.
The Air Force's 609th Information Warfare Squadron was established at Shaw Air Force Base. The 609th created the first INFOCON, now a defensive alert condition. This unit is considered to be the first combat cyber unit.
Strano Network implements first denial of service attack. The Strano Network is considered the first hacktivist group, and targeted ten agencies of the French government for its ongoing nuclear testing in the Pacific. It was the first mass participation of a virtual sit in and demonstrated the potential of cyber hacktivism.
Eligible Receiver (ER97) was a cyber "red team" exercise conducted by the US government. This exercise accelerated plans for a new organizational structure to respond to cyber incidents and implement DoD-wide defensive mechanisms.
1st Report to President’s Commission on Critical Infrastructure Protection was established. PCCIP was an interagency Presidential advisory commission by Executive Order 13010, made to create a strategy for protecting critical infrastructure.
SOLAR SUNRISE occurred. This was a series of attacks which targeted widespread DoD unclassified systems and demonstrated real world problems. It was an embarrassment to the US, because most of the problems were predicted in ER97 and it showed the difficulty of attributing cyber attacks.
MOONLIGHT MAZE is a still largely classified cyber espionage case coordinated by the JTF-CND and NIPC. It was a huge wake up call for the DoD, as there were hundreds of intrusions into computers at NASA, the Pentagon, other governmental agencies, universities, and research laboratories.
The Presidential Decision Directive 63 (PDD 63) was issued. It implemented many recommendations of the PCCIP report, and signaled recognition that America's military and economy were reliant on critical infrastructures and information systems.
Electronic Disturbance Theater (EDT) used FloodNet against Pentagon. EDT demonstrated an early form of hactivism through FloodNet, which had an automatic process of refreshing a webpage, and coordinated virtual sit ins in support of the Zapatistas in Mexico.
The Joint Task Force for Computer Network Defense (JTF-CND) was created. The JTF-CND was dedicated to defending the nation's cyber infrastructure, and was the first joint cyber war fighting organization.
The virus Melissa was discovered. Melissa was a mass-mailing macro virus which infected and shut down many email addresses. It caught the public's attention and highlighted the insecurity of cyberspace.
NATO DoS Attacks - NATO Web Server was unavailable as a result of denial or service attacks during the Kosovo War. Tied to NATO operation ALLIED FORCES, patriot hackers defaced US government websites (most prominently the US Navy’s website) and drew attention to the role networks play in conflicts. This later deemed the title of "Web War One."
During Operation Allied Force, US bombed the Belgrade Chinese Embassy. This lead to large Chinese patriot hacktivism on US DoD information systems and marked the emergence of the notorious Red Hackers Alliance.
ILOVEYOU worm was distributed. Generated in the Philippines, ILOVEYOU attacked millions of computers internationally - posing as a love letter to the receiver. It cost billions of dollars in damages worldwide and is one of the world's most wide spread computer related disasters.
Joint Task Force for Global Network Operations (JTF-GNO) was created. This was a subordinate command of USSTRATCOM that was dedicated to directing the operation and defense of the Global Information Grid in support of the DoD’s military and business operations.
JTF-CND became the Joint Task Force for Computer Network Operations (JTF-CNO). The JTF-CNO was dedicated to defending the nation's cyber infrastructure and harming the adversary's and achieved full operational capacity. This was operated under USSTRATCOM.
The computer worm NIMDA was released. As a file infector, NIMDA is the Internet's most widespread worm in the shortest amount of time. This worm highlighted the insecurity of cyberspace.
The Department of Homeland Security is formed merging a number of cyber organizations into a single department. DHS was created in response to the stove piping of domestic security agencies and functions highlighted by the 9/11 attacks.
HSPD-7 was signed by George W. Bush. This established the United States' policy for identifying and prioritizing protection for critical infrastructure, with different sectors covered by varying government organizations.
HSPD-12 was issued by George W Bush to improve government standards for secure ID. It established a government-wide standard for secure and reliable forms of identification.
Estonia Cyber Attacks - The Estonian Internet was subjugated for three weeks to DDoS attacks, website defacements, DNS server attacks, mass email, and comment spam during a time of heated diplomatic exchanges with Russia. As a result, Estonia lost services for government, communication, and banking. Data packets in the attacks were traced back to IP addresses in Russia.
Georgia Cyber Attacks –During South Ossetia War, many of Georgia’s websites were hacked and a coordinated cyber assault on critical national websites. While technically less sophisticated, the Russian hackers defaced Georgian websites for Russian propaganda purposes. These attacks were used to both influence the public's perceptions and steal and accumulate military and political intelligence from Georgian's networks.
Conficker was reported to Microsoft for the first time. The worm infected at least five million computers, but had no clear criminal purpose. The private sector Conficker Working Group was the first truly successful collaboration effort, and created the first all hands on deck crisis for defenders worldwide.
Ghostnet was announced in report by Information Warfare Monitor after 10 month investigation. Ghostnet attackers compromised NATO SHAPE headquarters, embassies, foreign ministers, the office of the Dali Lama, etc. in over 100 countries through Trojan horse malware - allowing attackers to gain complete control of computers.
The Secretary of Defense directed USSTRATCOM to establish Cyber Command. USSTRATCOM is one of nine Unified Combatant Commands and is charged with space operations, information operations, missile defense, global command and control, intelligence, surveillance, and reconnaissance. USCYBERCOM is one of its primary operational units.
Citibank Hacks - Wall Street Journal reveals that Citibank was hacked and with potentially tens of millions of losses. Purely financially motivated, Vladimir Levin was able to siphoned the money before being caught and extradited to the US. Citibank then became the first company to create a CISO to oversee the security of its networks.
Operation Aurora - Google publicly discloses the Aurora attacks against them and other private sector corporations by Chinese origin. The attacks targeted dozens of tech, security, and contractor companies in order to gain access and modify source code.
Stuxnet was discovered by VirusBlokAda, an anti-virus company based in Belarus. To date, Stuxnet is the most sophisticated piece of malware software ever found, and represented a quantum leap in complexitiy and audacity in cyber conflict. The Stuxnet worm was targeted towards Iran's uranium enrichment program at the Natanz nuclear facility.
RSA Secure ID Hacks - RSA disclosed that its Secure ID has been hacked. RSA specializes in cryptography and security, and helps defend many government agencies. Hackers gained access to the Secure ID tockens that let millions of government and private sector employees connect remotely to their computers.
FLAME Virus was reported by Iran CERT. The FLAME virus operated undiscovered for more than two years before it was found and revealed. Being extremely large and diverse, FLAME steals documents, takes screen shots from computers, records audio, and even accesses remote Bluetooth devices connected to computers to send and receive information.
We'd love to hear from you. Please send questions or feedback to the below email addresses.
Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.
We can be contacted by email at: hello@tiki-toki.com.
You can also follow us on twitter at twitter.com/tiki_toki.
If you are having any problems with Tiki-Toki, please contact us as at: help@tiki-toki.com
Close