Certified Information Security ConsultANTS

 Clients & Projects Our Team Links & Stuff  News  Contact Us

A BRief history of Cybercrime

These pages list the major events in the use of computers and computer networks to comit criminal acts, starting in the 1970's to the present day. This list was put together as part of our course Introduction to Computer Crime Studies  (FSCT7220) presented at BCIT. The list is not meant to be comprehensive, but it is meant to be representative. If you notice any errors or serious omissions, please contact us.  

Continued from Section 2 - 1991 - 2000...

Section 3 - 2001 - 2005

  • Microsoft falls victim of a new type of attack against domain name servers, corrupting the DNS paths taking users to Microsoft's Web sites. This is a Denial of Service (DoS) attack. The hack is detected within hours, but prevents millions of users from reaching Microsoft Web pages for two days.
  • The L10n worm is discovered in the wild attacking older versions of BIND DNS.
  • Dutch cracker releases Anna Kournikova virus, initiating wave of viruses tempting users to open infected attachments by promising a sexy picture of the Russian tennis star (Feb).
  • FBI agent Robert Hanssen is charged with using his computer skills and FBI access to spy for Russia (Mar).
  • Code Red, the first polymorphic worm, infects tens of thousands of machines (Aug).
  • Spurred by rising tensions in Chinese-American relations, US and Chinese hackers engage Web defacement skirmishes. (May)
  • Antivirus experts identify Sadmind, a new cross-platform worm that uses compromised Sun Solaris boxes to attack Windows NT servers. (May)
  • Russian programmer Dmitry Sklyarov is arrested at the annual Defcon hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA). (Jul)
  • The Nimda memory-only worm wreaks havoc on the Internet, eclipsing Code Red's infection rate and recovery costs. (Sept)
  • Napster shuts down after legal challenges from the recording industry and Metallica.
  • The 9/11 World Trade Center and Pentagon terrorist attacks spark lawmakers to pass a barrage of anti terrorism laws (incl. the Patriot Act), many of which group Hackers with terrorists, and remove many long standing personal freedoms in the name of safety.
  • Microsoft and its allies vow to end "full disclosure" of security vulnerabilities by replacing it with "responsible" disclosure guidelines.
  • EU publishes report on its investigation of the ECHELON system, purportedly used by the US, UK, Canada, Australia and NZ to spy on radio, telephone and Internet communications. Meant for military and defense use, there is suspicion it is being used to invade personal privacy and for commercial spying.
  • EU adopts a controversial cybercrime treaty which makes the possession and use of hacking tools illegal (Nov)
  • Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign (trustworthy computing) (Jan)
  • An Information Security survey finds that most security practitioners favor full disclosure since it helps them defend against hacker exploits and puts pressure of software vendors to improve their products.
  • Roger Duronio, UBS PaineWebber sys-admin, plants a logic bomb which costs $3M+ in losses/repairs (Mar)
  • The Klez.H worm becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage (May).
  • Shadowcrew's Web site appears, with forums for information on trafficking in personal information (Aug)
  • SQL Slammer, targeting MS SQL Server, becomes fastest spreading worm in history (Jan).       
  • U.S. convicts Kazakhstan cracker of breaking into Bloomberg L.P.'s computers and attempting extortion (Feb).
  • Former employee of Viewsonic arrested, charged with hacking into company's computer and destroying data. (Feb)
  • MS Blaster worm and variants (Welchia) released, arrests follow (Aug).
  • A worm disables critical safety systems at a nuclear power plant in Ohio (Aug).
  • RIAA (Recording Industry Association of America) sues 261 people for distributing MP3s over P2P networks (Sep).
  • U.S. Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep. (Nov)
  • Microsoft offers $250K each for information leading to the arrest and conviction of those responsible for unleashing the MSBlast.A worm and Sobig virus (Nov)
  • Two men hack into wireless network at Lowe's store in Michigan and steal credit card information (Nov).
  • Brian Salcedo sentenced to 9 years for  hacking into Lowe's home improvement stores and attempting to steal customer credit card information. Prosecutors said three men tapped into the wireless network of a Lowe's store and used that connection to enter the chain's central computer system in NC, installing a program to capture credit card information.
  • Multiple variants of MyDoom worm released to launch DoS attacks against SCO and Microsoft. Netsky, Sasser, Bagel, Sober follow (Feb).
  • Secret Service seizes control of the Shadowcrew Web site and arrests 28 people in 8 states and 6 countries. They are charged with conspiracy to defraud the US. Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing documents the Secret Service had e-mailed to an agent. (Operation Firewall, Oct)
  • CERT stops tracking number of security incidents.
  • US CAN-SPAM act passed to prosecute spammers. Jeremy Jaynes & Jessica DeGroot first to be convicted under CAN-SPAM act (Jaynes sentenced to 9 years). (Nov)
  • Netcraft survey estimates more than 60M web sites online. 
  • Paris Hilton’s T-Mobile phone is hacked, and photos and celebrity private phone numbers posted on Web (Feb).
  • Choicepoint acknowledges that thieves posing as legitimate businessmen accessed 145K consumer records, including credit reports and Social Security Numbers. (Feb)
  • Bank of America has 1.2M names and Social Security numbers stolen (Feb).
  • Juju Jiang sentenced to 27 months for installing keyloggers at Kinkos locations in NY; used confidential information to access individual bank accounts (Feb)
  • FBI's e-mail system is hacked (Feb)
  • Lexis Nexis announces hackers have stolen private information on 32K people, including Social Service Numbers (SSN’s) and passwords (Mar)
  • Undisclosed application security issue on Cisco's site forces global password reset (Mar)
  • DSW/Retail Ventures – 100,000 accounts hacked; Boston College – 120,000 accounts hacked (Mar)
  • BJ’s Wholesale Club – information on 40K credit cards stolen from outsourcer IBM (Mar).
  • Keystroke loggers are used in heist at Sumitomo Mitsui Bank in London almost nets thieves £220M  (Mar)
  • Lexis-Nexis – another 280,000 account passwords compromised (Apr).
  • Polo Ralph Lauren/HSBC – 108,000 accounts hacked; DSW/Retail Ventures – 1.3M more accounts hacked (Apr) 
  • Wachovia/Bank of America/PNC Financial Group/ Commerce Bancorp – insiders hack 670K+ accounts (Hackensack) (Apr)
  • The Samy worm at MySpace makes everybody Samy’s friend (Apr)
  • Tel Aviv Magistrate's Court remanded several people from some of Israel's leading commercial companies and private investigators suspected of commissioning and carrying out industrial espionage against their competitors, which was carried out by planting Trojan horse software in their competitors' computers. (Apr)
  • CardSystems admits hackers planted virus and accessed 14M credit card numbers (potentially 40M); company folds (Jun)
  • Boston College - 120K accounts hacked (Mar); Tufts University – 106K accounts hacked (Mar); University of Hawaii – insider compromises 150K accounts (Jun); University of Connecticut – 72K accounts hacked (Jun); University of Southern California – 270K accounts hacked (Jul);  University of Utah – 100K accounts hacked (Aug).
  • Allan Carlson convicted of computer and identity fraud, sentenced to 48 months; spoofed e-mails complaining about poor performance of Philadelphia Phillies (Jul) 
  • Canada's 'Prince of Pot', Marc Emery, is arrested on a US indictment charging him with selling millions of dollars worth of marijuana seeds over the Internet to customers throughout the US (Jul)
  • US Air Force – 33,300 accounts hacked (Aug)
  • Zotob worm attacks Windows 2000 computers (Aug)
  • Microsoft wins $7M settlement against Spam king Scott Richter, plus promise to stop  future spamming (Aug)
  • Insufficient authorization on Verizon's MyAccount feature allows users to view each other’s information (Aug).
  • 3,800 customer credit-card numbers stolen in attack on Guidance Software web site (Nov)
  • Janus Mutual Fund uses predictable identifier to authenticate its share holders, enabling them to vote for others (Dec).
  • Breaches at Sam’s Club, OfficeMax and an unnamed ATM network result in an increase of debit card fraud.
  • Chinese cyber-espionage ring code-named ‘Titan Rain’ hacks into US military bases, defense contractors and aerospace companies.
  • Equifax and TransUnion, Canada’s main credit bureaux, receive an average of 1,600 calls / month regarding  the theft of financial or credit information.
  • Information warehousing companies (Choicepoint, Lexis Nexis, CardSystems, Equifax, TransUnion) are popular targets since they possess volumes of information on private individuals.
  • PhoneBusters reports 11K+ Identity Theft complaints in Canada, and total losses of $8.5M, making this the fastest growing form of consumer fraud in North America.

Continues in Section 4 - 2006 -...

Over 20 years of service excellence - 1998-2020


WaveFront Consulting Group
E-mail: [email protected]

Copyright © WaveFront Consulting Group 2006-2020