The History of Cybersecurity: A Dangerous Journey

Matt Lee, Senior Director of Security and Compliance at Pax8
the history of cybersecurity Pax8

The tech realm has changed a lot over the years, but what hasn’t changed is that it remains a dangerous place, full of nasty cyber threats and dirty deeds done dirt cheap. Throughout it all, developing a strong cybersecurity posture has been our best shield, but what that means has changed over the years and continues to do so in the face of developments like the cloud, AI and quantum computing. Come with me on a journey through the treacherous history of cybersecurity—and how it all relates to what’s happening today. I promise, it won’t be boring!

The So-Called “Good Old Days”

It might not surprise you that cybersecurity has been an issue as long as the first computers have been around, which debatably was the Atanasoff–Berry computer, or the ABC, developed in 1942. Though there were mechanical computers that could do simple calculations before that, the ABC was more akin to the computers that would follow. It was a big ol’ sucker at more than 700 pounds, could solve problems with up to 29 different variables and used binary digits to represent numbers and data.

What may surprise you is that cybersecurity incidents actually predate the first computer. The first “cyberattack” of sorts happened in France in 1834, when thieves stole financial market information by hacking the French Telegraph System. In 1940, hacking got political, as Rene Carmille, a French punch-card expert and military officer, offered his system to the Nazis and then hacked his own machines to disrupt their efforts—pretty badass, actually.

So, despite these early, pre-computer hacking incidents, computers weren’t built with cybersecurity in mind. In a way, you could think of cybersecurity as akin to the seat belt. We invented the combustion engine and the first car in the 1800s, but seat belts didn’t become widely used until the 1960s—and even then, I think a lot of us elder millennials and Gen-X’ers remember some not-so-kosher seatbelt situations in the ‘80s. It’s been a long road (so to speak) to getting to now, when most people wouldn’t dream of driving without a seat belt.

The Not-Quite-Foolproof Password

Passwords to the rescue? Not so fast.

Fast-forward to 1962 and researchers at MIT set up passwords to limit user time on its massive time-sharing computer called CTSS. Although this system was pioneering in a lot of ways, helping to develop concepts like email and instant messages, one user wasn’t happy with his time allotment and figured out a way to request a printout of all the passwords from the system using a punch card (there are those punch cards again!). So much for waiting your turn.

*Cough, Cough*—It’s Virus Time

Getting a computer virus seems like a rite of passage specific to modern times, but they’ve been around for a while. One of the first computer viruses showed up in 1969 at the University of Washington, where an unknown ne’er-do-well installed a program onto a computer that replicated itself until it brought the computer down. It came to be known as “RABBITS Virus” because, well, it was procreating like a rabbit.

Five years later, in 1974, we had the first denial-of-service attack from a 13-year-old, no less, a University of Illinois High School student who shut down the university’s PLATO terminals (an early distributed computer-based learning system) by writing a program that simultaneously accessed all terminals, causing them to crash.

The Birth of Cybercriminals—and Apple!

The 1970s saw some of our first cybercriminals and pranksters—some of whom have pretty big names. Starting in 1970, Kevin Mitnick became one of the most notorious cybercriminals of all time by penetrating highly guarded networks from the likes of Nokia and Motorola, using tactics like social engineering schemes that fooled insiders into handing over codes and passwords.

In 1971, Ray Tomlinson (the guy who basically invented email on the ARPANET system, the internet’s creakier forefather) sent the first ever computer worm, Creeper, over the primordial internet and email he helped develop. Creeper was invented by his colleague Bob Thomas and others and would create copies of itself, with each copy creating a message on recipient terminals that read, “I’m the creeper: Catch me if you can.” Creepy, indeed.

These guys weren’t the only jokesters back in the denim ‘n’ disco days. Two dudes named Steve Jobs and Steve Wozniak took the concept started by “phone phreaks,” or phone hackers who would try to replicate phone tones to break into phone calls, and tried to market the concept with a device Woz built called a blue box that made it easier to hack into phone systems. And now we have iPhones! What a wild world we live in.

The ’80s and ’90s

Once the 1980s rolled around, home computers began to become ubiquitous—increasing the playing field for budding threat actors.

One of the most notorious cyber incidents of the time came with the Morris Worm, created by graduate student Robert Morris at Cornell University in 1988. With the dubious distinction of being the first worm to cause major disruption on the internet, it was released from a computer at MIT in 1988 as an ostensibly harmless exercise but quickly did what worms do and became a denial-of-service attack, spreading to other computers faster than Morris anticipated. He became the first person convicted by a jury of violating the Computer Fraud and Abuse Act.

This decade also saw the unfortunately named AIDS Trojan, the first ever ransomware virus documented. It was released via floppy disk (Remember those? Don’t answer that if you’re too young.) in 1989 and was handed out in 20,000 infected disks to attendees of the World Health Organization’s AIDS conference (hence that name). It worked by counting the number of times a computer booted up and hid directories or encrypted or locked the names of files once that number reached 90. Users would have to send $189 to PC Cyborg Corporation at a P.O. box in Panama to get access again. Yes, this really happened.

More serious incidents ensued in the following decade, like Max Butler hacking U.S. government websites in 1998 and a 15-year-old named Jonathan James hitting the U.S. Department of Defense in 1999. But the biggies wouldn’t come ‘til the 2000s.

The ’00s and ’10s

The new millennium brought more ubiquitous internet access globally—and with that, it became all about extracting money from individuals and entities. This era kicked off with the ILOVEYOU virus in 2000—named one of the worst viruses in history, affecting millions of computers and costing companies billions. Worms really had a moment there; remember all those fun chain letters? Meanwhile, spyware, phishing and social engineering campaigns emerged and proliferated faster than you can say Napster.

In the 2010s, ransomware attacks such as CryptoLocker and WannaCry started targeting the big bucks. An infamous Sony breach exposed the records of more than 100 million customers, costing the company more than $171 million. Organizations across the board were hit, including eBay, Equifax, Anthem, Marriott and Chipotle—nothing is sacred in the cybersecurity world, not even burritos.

One of the most pernicious cybercrime services also emerged during this time: EMOTET, which first popped up as a banking Trojan in 2014. EMOTET acts like a skeleton key that opens doors to computers globally and sells that access to criminal groups to further exploit through illicit activities like data theft and ransomware. It works by distributing through seemingly innocent Word document attachments, tricking users into enabling macros and unknowingly installing malware on their computers—sneaky, sneaky. Unfortunately, EMOTET has more staying power than most “American Idol” winners and is still around to this day.

The “Nows”—AI, Bitcoin and Quantum Computing

By some metrics, the cybersecurity landscape has gotten better as our means to battle threats have improved. The share of cyberattacks hitting the banking and financial industry actually decreased slightly from 23% in 2020 to 18.2% in 2023.

That might be because everyone else is getting hit just as hard now. No longer the realm of enterprises only, cybersecurity attacks on small and medium-sized businesses (SMBs) are rising, with 46% of cyber events around the world affecting businesses with fewer than 1,000 employees. That’s in part because of the cloud, which has helped SMBs compete with enterprises in a digital sense while opening them to the same cyberattacks the big boys get hit with.

The emergence of cryptocurrencies like Bitcoin has also exacerbated the problem of ransomware. Previously, threat actors had to accept wire transfers to get cash. Now, with cryptocurrencies being (pseudo) anonymous, attackers can stay in the shadows more easily.

And let’s not forget about artificial intelligence (AI). With generative AI services like OpenAI’s ChatGPT and Google’s Gemini gaining momentum, a group of researchers has created generative AI worms—great! One worm, named Morris II (remember good ol’ Morris?), can attack a generative AI email assistant, steal data from emails and send spam messages.

AI isn’t our only worry. The coming quantum computing revolution (or apocalypse, depending on your world view) could really be a problem. That’s because the dramatically increased computing speeds these computers offer potentially render moot the kind of encryption we use to secure data with large, complex prime numbers.

So, what can we do? Developers are already working on quantum-resistant algorithms, with the first cryptographically relevant quantum computer (CRQC) predicted to arrive from 2030 to 2035. In the meantime, MSPs should work to get their clients up to date with current cybersecurity recommendations. Follow the CIS Controls. And we can help.

The Pax8 Marketplace is built with the industry-recommended CIS Controls in mind and features vetted cybersecurity solutions that can help SMBs withstand the threats of the current cybersecurity landscape. We also provide stellar cybersecurity training through Pax8 Academy, both in-person and on-demand, and help you with implementation and expertise through Pax8 Professional Services. Get up to speed now because, like so many things, the only constant in cybersecurity is change.

Explore cybersecurity solutions