More from this creator
Other episodes by Kitty Cat.
More like this
If you liked this, try these.
Transcript
The full episode, in writing.
On October 27, 1980, ARPANET, the computer network that would become the foundation of the modern Internet, came to a complete halt because of an accidentally-propagated status-message virus. This early disruption showed how even experimental computer networks could be vulnerable to software problems, especially as the system's size and complexity grew, causing unexpected interactions between nodes.
Between 1982 and 1983, a group known as the 414s compromised dozens of high-profile computer systems, including those at Los Alamos National Laboratory, the Sloan-Kettering Cancer Center, and Security Pacific National Bank. The group, taking its name from the area code of Milwaukee, managed these break-ins by exploiting weak security protocols and default passwords, demonstrating the risks of insufficient user authentication and system oversight.
On February 15, 1985, Kevin Mitnick was arrested by the FBI. Mitnick was convicted of wire fraud and breaking into the computer systems of Fujitsu, Motorola, Nokia, and Sun Microsystems. He served five years in prison. His ability to manipulate people for access, a tactic known as social engineering, exposed the human vulnerabilities that accompany technical ones.
In 1988, Robert Tappan Morris, a 23-year-old graduate student at Cornell University, released the Morris worm. Designed as an experiment, the worm quickly replicated and infected machines globally, crashing thousands of computers. The worm exploited vulnerabilities in Unix sendmail, finger, and rsh, as well as weak passwords, showing how interconnected networks could allow a small piece of code to spiral out of control.
In 1990, the U.S. Secret Service launched Operation Sundevil, targeting computer crime and leading to the formation of the Electronic Frontier Foundation by Mitch Kapor. The EFF was set up to provide legal representation for computer users who faced prosecution, especially in cases involving questions about digital civil rights, marking a shift towards the legal and ethical battles that would define Internet conflict.
Phil Zimmermann released Pretty Good Privacy (PGP) in 1991, an encryption tool for secure communication. By 1993, Zimmermann faced a U.S. government investigation for allegedly exporting munitions without a license, since cryptographic software was classified as such. The investigation ended in 1996 with no charges, but the episode highlighted the tension between privacy advocates and government agencies over control of digital security technologies.
In 1994, a group dubbed the Phonemasters by the FBI hacked into networks belonging to MCI WorldCom, Sprint, AT&T, and Equifax. Their intrusion caused an estimated $1.85 million in business losses, illustrating how network breaches could translate directly into financial damage for large corporations.
Later in 1995, Vladimir Levin, operating from Russia, persuaded Citibank's computers to transfer $10 million from its customers’ accounts to his. He was arrested at Heathrow Airport. Although Citibank recovered most of the money, the breach involved exploiting weaknesses in the bank’s remote account access systems, and it became one of the largest computer crimes by dollar value at the time.
In 1996, Tim Lloyd planted a software time bomb at Omega Engineering, a New Jersey company. When triggered, the attack caused $12 million in damages and cost more than 80 employees their jobs. Lloyd was sentenced to 41 months in jail. He inserted the malicious code into the company’s file server, which automatically wiped critical data after his departure.
Also in 1996, the Communications Decency Act was signed into U.S. federal law as part of the Telecommunications Act of 1996. The law aimed to regulate indecent content but quickly faced backlash from website operators, who turned their pages black in protest. The decency provisions were overturned in 1997 in the Supreme Court case Reno v. American Civil Liberties Union, establishing legal precedent for free speech online.
The CIH computer virus, also known as "Chernobyl" and written by Chen Ing Hau of Taiwan, was found in the wild in September 1998. The virus could overwrite critical information on infected system drives and, in some cases, corrupt the system BIOS, rendering computer systems unbootable. This attack showed how malware could move beyond software, permanently damaging hardware and making recovery extremely difficult.
In March 1999, the Melissa virus marked a turning point for malware on the commercial Internet. The virus spread through email attachments, infecting computers and causing an estimated $400 million in damages. It automatically sent itself to the first 50 contacts in a user’s address book once opened, rapidly multiplying its reach and overwhelming email servers.
On February 7, 2000, Yahoo! was hit with a distributed denial-of-service (DDoS) attack, making the site nearly unreachable. In the following days, Buy.com, eBay, CNN, Amazon.com, ZDNet.com, E-Trade, and Excite were also attacked. The FBI estimated that these attacks caused $1.7 billion in lost business and other damages. Attackers coordinated massive floods of web traffic to overwhelm servers, exposing the vulnerability of even the most robust commercial websites.
On May 5, 2000, the ILOVEYOU computer worm attacked tens of millions of Windows-based PCs. Spreading via email with the subject line "ILOVEYOU" and a malicious attachment, the worm caused between $5.5 and $8.7 billion in damages worldwide and an estimated $15 billion in removal costs. Originating in the Philippines, it exploited users' curiosity and lack of awareness about email attachments.
In October 2002, unidentified hackers launched a massive attack against the 13 root domain servers of the Internet. The aim was to take down the domain name resolution service, which translates human-readable domain names into IP addresses. Although the attack did not succeed in disrupting global Internet functionality, it highlighted the central role these servers play in Internet stability and the risks posed by concentrated infrastructure.
In June 2006, Swedish police raided The Pirate Bay, a BitTorrent tracker website, for allegedly violating copyright law. The site, which facilitated file sharing, was accused of enabling the unauthorized distribution of copyrighted material. Despite the raid, The Pirate Bay continued to operate, shifting its servers abroad, and the incident became a focal point in the global debate over digital piracy and copyright enforcement.
On May 17, 2007, Estonia recovered from a massive denial-of-service attack that targeted its government, banking, and media websites. The attacks followed a controversy over the relocation of a Soviet-era war memorial in Tallinn. Attackers used botnets to flood Estonian websites with traffic, disrupting critical online services and prompting the country to strengthen its cyber defense strategies.
In April 2009, the Conficker worm infiltrated millions of PCs worldwide, including government-level top-security computer networks. The worm exploited vulnerabilities in Windows operating systems to create a botnet capable of being remotely controlled. Conficker’s rapid spread and resilience in the face of countermeasures made it one of the most notorious pieces of malware of its era.
In June 2010, the Stuxnet worm was discovered by the Belarusian security firm VirusBlokAda. Stuxnet was designed to sabotage Iran’s nuclear facilities by targeting industrial control systems. Unlike previous worms, Stuxnet’s payload was crafted to compromise specific SCADA systems, demonstrating the potential for digital attacks to cause physical damage to critical infrastructure.
On April 17, 2011, an external intrusion sent the PlayStation Network offline and compromised personally identifying information of 77 million accounts. This incident ranks among the five largest data breaches ever. Attackers gained access to data such as names, addresses, and possibly credit card details, raising concerns over online privacy and corporate responsibility in data protection.
In August 2012, malware called Shamoon, deployed by the Cutting Sword of Justice group, crippled Saudi Aramco’s business operations for months. Shamoon destroyed over 35,000 computers, wiping data and rendering systems inoperable. The attack was retaliatory, following suspicions of Iranian involvement after the Stuxnet event, and highlighted the escalation of cyber warfare targeting national infrastructure.
On February 7, 2014, the bitcoin exchange Mt. Gox filed for bankruptcy after $460 million in bitcoin was stolen by hackers, along with another $27.4 million missing from its bank accounts. Weaknesses in Mt. Gox’s security systems enabled attackers to siphon funds undetected, undermining confidence in cryptocurrency exchanges and sparking calls for regulation.
In June 2015, the records of 21.5 million people were stolen from the United States Office of Personnel Management. The data included social security numbers, addresses, fingerprints, and clearance information, affecting employees and applicants to the U.S. government. Reports linked the breach to China, and the scope of sensitive personal data exposed made it one of the most significant cyber espionage incidents in history.
On May 12, 2017, the WannaCry ransomware attack infected more than 230,000 computers in over 150 countries. WannaCry leveraged a Windows vulnerability leaked from the National Security Agency’s toolset, encrypting victims’ files and demanding payment in bitcoin. The attack shut down hospital systems, transportation networks, and businesses around the world within hours, and was stopped only when a cybersecurity researcher inadvertently triggered its kill switch.
In September and October 2021, Anonymous obtained and released over 400 gigabytes of data from the domain registrar Epik, including customer data, domain purchase records, and payment history. The hackers claimed to have accessed a decade’s worth of data, exposing poorly encrypted passwords and other sensitive information stored in plaintext, revealing how mismanagement of data security can lead to extensive breaches affecting millions.
On May 1, 2024, the Internet Archive suffered a series of distributed denial-of-service attacks, making its services unavailable for hours at a time over several days. These attacks disrupted access to millions of digital records, books, and websites, demonstrating the ongoing vulnerability of critical knowledge repositories to targeted disruptions.
In October 2024, the Internet Archive suffered another series of hacks and DDoS attacks, shutting down the website for over a day and compromising over 31 million passwords. The attackers successfully breached user data on a massive scale, underlining the evolving sophistication and impact of modern Internet conflicts.