The origin of cybercrime can be traced back far before the invention of the internet, and has developed and evolved massively over the past 80 years. Long before the internet, big businesses and governments used computers for data storage and transfer to their local networks, and simple hacks and data theft weren’t uncommon. However, it wasn’t until the growth of the internet that cybersecurity became a key component of network safety – along with our increasing reliance on computers and wireless networks such as Wi-Fi and Bluetooth, as well as smart devices and those that comprise the ‘internet of things’. And as better defences have been developed, bigger cyber attacks have rocked the world – infiltrating industries as vast as ecommerce, travel and finance, as well as search engines, space stations and gaming institutions, meaning cyber security has had to respond and adapt at an alarming rate. Because its history is rich and interesting, and we feel it’s key that our clients understand its importance to reduce their cyber risks, ensure the right cyber security measures are in place and can back this up with the correct cyber insurance policy, we wanted to create a detailed blog on such a topic. And should you have any further questions, about any of our cyber security insurance policies, then our team will be only too happy to help. Simply call today on 0161 968 2030 to learn more.
Malicious Software, Intellectual Property & The Growth Of Cyber Crime
Prior to the 1940s, carrying out cyberattacks and making cyber threats was tough. Access to the huge electronic machines in existence was only granted to a select few, and they also weren’t networked. What’s more, only a few people knew how best to work them, so really – unless there was malicious intent directly from the user, cybercrime was pretty much non-existent. It was only when the first digital computer was created in 1943, that a more general understanding of this technology came into public knowledge, and the theory of computer viruses – by the computer pioneer John von Neumann – suggested that computer programs could reproduce (“The Theory of Self Reproducing Automata”). This theory was misused by cybercriminals to create self-replicating software, such as viruses.
Hacking however, became a phenomenon in the 1950s, when phone phreaking began. This is where hackers manipulated telephone signalling so that they could make free long-distance calls. This involved reverse engineering the tones utilised by phone companies to confuse and trick the routers. Unfortunately for the phone companies, there was no way of stopping this practice. The phreaks even became a community and included Apple’s Steve Wozniak and Steve Jobs.
The first known reference to malicious hacking occurred at the Massachusetts Institute of Technology’s student newspaper. By the mid-1960s, computers may still have been huge mainframes, but that didn’t stop those with access trying their luck. Most hackers were students who wanted to improve systems by boosting their efficiency and speed of operation, but it didn’t always work so well. However, this did lead the way for ethical hacking. In 1967, IBM invited school children to test out their new computer. By exploring various parts of the system, they got to learn the system’s language and figured out how to access deeper parts of the computer, with some deciding to ‘’bomb the system’’. This resulted in the creation and development of many defensive measures, as well as the security mindset that was essential for computer developers from then on out.
And so started cyber security in 1972 through a research project called ARPANET (The Advanced Research Projects Agency Network) – a predecessor of the internet. Researcher Bob Thomas established a computer program known as Creeper that could move across ARPANET’s network, leaving a breadcrumb trail in its wake. Ray Tomlinson – who invented email – then created the program – Reaper – which chased and removed Creeper. What made Reaper innovative was that it was the very first example of antivirus software, proving invaluable for future developments, and protection against cyber attacks.
Challenging vulnerabilities in emerging technologies became key as businesses and organisations became ever-more reliant on telephones to establish remote networks. Every single piece of connected hardware offered a new ‘entry point’ and therefore, needed to be secured. And as reliance on computers and networks increased, governments realised that security was of the utmost importance, and unauthorised access to data and systems could be detrimental. Early computer security research and development was carried out by ESD and ARPA as well as the U.S. Air Force to design a security kernel for the Honeywell Multics (HIS level 68) computer system. Both UCLA and the Stanford Research Institute carried out similar cyber security projects.
Still, cyber security threats continued – perhaps most famously in the 1970s – when 16 year old Kevin Mitnick hacked into The Ark – the computer at the Digital Equipment Corporation used for designing and developing operating systems, and he produced software copies. He may have been arrested and jailed, but the cyber attacks he carried out resulted in him setting up and running Mitnick Security Consulting – as he knows better than anyone how the minds of cyber hackers work.
The 1980’s, 1990’s and Network Attacks Evolve
Many high-profile cyber attacks took place in the 1980s, such as that of AT&T, the National CSS and the Los Alamos National Laboratory. Popular culture influenced service attacks too. For example, the film War Games, whereby a computer program corrupts missiles under the cover of a game, was released in 1983. The same year, the phrases, ‘Trojan Horse’ and ‘Computer Virus’ were first used.
When the Cold War started, cyber espionage was a real threat, with the US Department of Defense releasing the Trusted Computer System Evaluation Criteria that offered support on:
- The degree of trust that can be placed in software that contains classified or very sensitive information.
- The security measures manufacturers must incorporate into their products.
Even with this strong security focus, hacker Marcus Hess managed to use an internet gateway in Berkeley, California to break into the ARPANET. He managed to hack approximately 400 military computers – including Pentagon mainframes – with the intention of selling sensitive information to the KGB. This prompted the birth of cyber security in 1987, with the following inventions:
- Andreas Lüning and Kai Figge released their first antivirus product for the Atari ST – along with the Ultimate Virus Killer (UVK).
- In Czechoslovakia, the first version of the NOD antivirus was released.
- In the United States, John McAfee created McAfee (then part of Intel Security), and released VirusScan.
By 1988, many antivirus businesses had been established across the globe, including Avast, which today has a team of more than 1,700 team members worldwide and prevents 1.5 billion attacks every single month. 1988 also presented the first online forum dedicated to antivirus security – Virus-L – found on the Usenet network. This decade also saw the establishment of the antivirus press: UK-based Sophos-sponsored Virus Bulletin and Dr. Solomon’s Virus Fax International. The end of the 1980s saw further cyber security products appear, such as F-Prot, ThunderBYTE, and Norman Virus Control.
The 1990s proved a fascinating time for cyber attacks, networks attacks and cyber security for various reasons, such as:
- The Computer Misuse Act was passed in the UK, making cybercrime illegal.
- In 1991, Norton Antivirus was released by Symantec, the European Institute for Antivirus Research was established, and the first self-claimed antivirus was published on the internet by F-secure.
Early antivirus was signature-based, cross-referencing binaries on a system with a database of virus ‘signatures’. Unfortunately, early antivirus software presented many false positives and utilised much computational power – slowing computer productivity and efficiency. And as further antivirus scanners entered the market, cybercriminals were fighting back and in 1992, the first anti-antivirus program appeared.
By 1996, viruses used new methods – such as stealth capability, polymorphism, and ‘macro viruses’, creating new challenges for antivirus products and vendors who had to create and develop new virus detection and removal functionality. New virus and malware events increased as the decade progressed from tens of thousands early in the decade growing to 5 million every year by 2007. By the mid-90s, it was also pretty evident that cybersecurity had to be mass-produced to protect and secure the general public.
Beyond this, and towards the end of the decade, email was advancing, opening up a new entry point for viruses. In 1999, the Melissa virus was detected. This entered a user’s computer via a Word document and then emailed copies of itself to the first 50 email addresses in Microsoft Outlook. It still remains one of the fastest spreading viruses to this day.
The 2000s, 2010s and The Future Of Cyber Security:
As the internet proliferated into homes and offices around the world, cybercriminals had far more devices and software to exploit for their own gains. In 2001, a new computer infection technique occurred, which involved malware and viruses being downloaded simply by visiting infected websites that appeared normal. Instant messaging systems and services also got attached, with worms that mirrored chat functions and stealing people’s private information. Zero-day attacks – which makes use of ‘holes’ in security measures for new software and applications, made antivirus software less helpful – as you couldn’t check code against current attack signatures unless the virus already existed.
However, help was on its way. In 2001, ClamAV was launched, the first open-source antivirus engine. That same year, Avast launched free antivirus software, providing a security solution to everyone. In 2007, Panda Security integrated cloud technology with threat intelligence to produce their antivirus protection product. McAfee Labs did the same in 2008, building cloud-based anti-malware functionality into VirusScan.
What’s more, OS security started to take hold, which is cybersecurity built into operating systems, and includes frequent OS patch updates, antivirus engines and software updates, firewalls, and account protection. With the advent of smartphones, antivirus software was also created for both Android and Windows mobile.
Still, this didn’t always stop network attacks, breaches and other hacks that cost in the millions to fix:
- In 2011, hackers stole the personal information and financial details for 77 million PlayStation Network users.
- A 2014 cyber attack on eBay resulted in approximately 145 million users’ login credentials being stolen.
- In 2018, an Under Armour data breach affected 150 million users of their mobile app.
Cyber security has had to respond in kind, using innovative approaches to detect and destroy any cyber threats. This tends to involve:
- Multi-factor authentication.
- Threat intelligence and automatic updates.
- Real-time protection
- Sandboxing – testing suspicious files and URLs in isolated environments.
- Back-ups and continuous monitoring.
- Firewalls which protect against SQL injection attacks and cross-site-scripting (XSS).
The history of cybercrime and cybersecurity has taught us that as each has gotten stronger, so has the other, and there is a continuous battle to keep individuals, businesses and even governments safe and secure against malicious attacks. One thing is certain however, having protection in place is a must, as a cyber attack can cause financial and reputational damage and be hard to come back from. Beyond cybersecurity products and antivirus software, a cyber insurance policy from The Insurance Octopus can help ensure you’re covered, and can offer protection for business interruption, cyber breaches and hacker damage. For your bespoke cyber insurance quote, please click here, or call our dedicated team today.