Infosec Timeline

December 1997 Information Security publishes first issue.

January 1998 Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers protesting the jailing of Kevin Mitnick.

February 1998 The Internet Software Consortium proposes the use of DNSSEC--domain-name system security extensions--to secure DNS servers.

March 1998 Timothy Lloyd is indicted for planting a logic bomb on the network of Omega Engineering. The logic bomb causes millions in damage.

April 1998 Researchers David Wagner and Ian Goldberg break the encryption mechanism that's supposed to prevent the cloning of digital cellphones.

June 1998 Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year.

July 1998 Using a single, customized PC, the Electronic Frontier Foundation and "Cypherpunk" John Gilmore break a 40-bit DES key in 56 hours.

August 1998 Secure Electronic Transaction (SET), the heir-apparent to SSL, suffers a major setback when three major online payment systems choose to continue using SSL.

September 1998 NIST narrows the list of Advanced Encryption Standard (AES) candidates to 15 finalists.

October 1998 Security and software vendors begin developing the Common Content Inspection (CCI) API, allowing border protection products to communicate with inspection products.

November 1998 Wang Global releases a laptop that doesn't emit electromagnetic signals, preventing spy equipment from intercepting and reading sensitive on-screen content.

December 1998 Information Security publishes its first annual Buyers' Guide, which lists more than 250 security vendors and 600 products.

January 1999 U.S. Rep. Steve Horn (R-Calif.) gives the federal government a failing grade for its effort to correct the Y2K problem.

February 1999 A U.K.-based crime investigation center begins building the world's largest database of ear impressions to catch criminals through ear prints. The ear would compete with other biometrics identifiers.

March 1999 The Melissa worm is released and quickly becomes the most costly malware outbreak to date.

April 1999 The U.S. Justice Department declines to prosecute former CIA Director John Deutch for keeping 31 secret files on his home computer after he left office in 1996.

May 1999 Linux FreeS/WAN is released, allowing PCs running the Linux OS to encrypt data as it's transferred across the Internet. The project was three years in the making.

June 1999 Raising the ante in biometrics, LCI Technology releases SMARTpen, which measures individual signature characteristics, encrypts data and transmits it via radio frequency.

July 1999 Information Security publishes its second annual Industry Survey, which finds a 92 percent increase in unauthorized access breaches over 1998.

August 1999 Micro viruses dominate (63 percent) the annual ICSA Labs "Virus Prevalence Survey." The most common vector of infection: e-mail attachments (56 percent).

September 1999 Mastiff Electronic Systems brings new meaning to "odor control" when it announces that it's working on an access control system that identifies users by their unique body odor.

October 1999 American Express introduces the "Blue" smart card, the industry's first chip-based credit card.

November 1999 Information Security publishes its second annual "Crystal Ball" issue, with columns by 21 industry leaders.

December 1999 Information Security publishes its 2nd annual Buyers' Guide, listing more than 250 security vendors and 650 security products and services.

December 1999 David L. Smith pleads guilty to creating and releasing the Melissa virus. It's one of the first times a person is prosecuted for writing a virus.

January 2000 A hacker attempts to extort $100,000 from online music retailer CD Universe, threatening to expose thousands of customers' credit card numbers.

February 2000 Canadian hacker MafiaBoy launches the first successful distributed denial-of-service (DDoS) attack, taking down several high-profile Web sites, including Amazon, CNN and Yahoo!.

March 2000 President Clinton says he doesn't use e-mail to communicate with his daughter, Chelsea, at college because he doesn't think the medium is secure.

April 2000 The Department of Justice unveils a portal that notes the government's position on Internet security and privacy issues, tracks prosecution of cybercriminals and provides guidelines for cybercrime investigations.

May 2000 The LoveLetter virus sweeps across the globe in hours, wreaking havoc on networks and causing millions in damage and lost productivity.

June 2000 President Clinton signs the "Electronic Signatures in Global and National Commerce" (E-Sign) into law, making digital signatures legally binding.

June 2000 The Honeynet Project, led by Lance Spitzner, launches, collecting hacking intelligence through a network of decoy servers.

July 2000 The SANS Institute releases its first "Top 10 Vulnerabilities" list, denoting the most prevalent problems exploited by hackers.

September 2000 Information Security's third annual Industry Survey finds the number of companies spending more than $1 million on infosecurity climbed 92 percent in a year.

September 2000 RSA Security's patent of the RSA public-key algorithm, which the company owned since 1983, expires.

October 2000 The U.S. Department of Commerce selects Rijndeal, a symmetric algorithm developed by Belgian researchers, as the new Advanced Encryption Standard (AES).

November 2000 Information Security publishes its third annual Crystal Ball issue.

December 2000 Information Security publishes its fourth annual Buyers' Guide, listing 900 products and 400 vendors.

January 2001 The Orange Book, a piece of the Department of Defense's Rainbow Series and attempt at a universal security standard, is officially phased out in favor of the Common Criteria.

February 2001 PGP creator Phil Zimmermann leaves Network Associates and launches the OpenPGP Consortium.

February 2001 A Dutch hacker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.

March 2001 FBI agent Robert P. Hanssen is charged with using his computer skills and FBI access to spy for the Russians.

March 2001 The L10n worm is discovered in the wild attacking older versions of BIND DNS.

April 2001 FBI agents trick two Russian hackers into coming to the U.S. and revealing how they were cracking U.S. banks.

May 2001 Spurred by elevated Sino-American diplomatic tensions, U.S. and Chinese hackers engage in skirmishes of Web defacements that many dub "The Sixth Cyberwar."

May 2001 Hackers begin using "pulsing" zombies, a new DDoS method that has zombie machines send random pings to targets rather than flooding them, making it hard to stop attacks.

May 2001 AV experts identify Sadmind, a new cross-platform worm that uses compromised Sun Solaris boxes to attack Windows NT servers.

June 2001 The U.S. Department of Commerce approves the Federal Information Processing Standard (FIPS) 140-2 cryptography performance benchmark.

July 2001 Russian programmer Dmitry Sklyarov is arrested at the annual Def Con hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA).

August 2001 Code Red, the first polymorphic worm, infects tens of thousands of machines, causing billions in damage and becoming the fastest-spreading and costliest malware to date.

September 2001 The World Trade Center and Pentagon terrorist attacks spark heightened awareness of physical and IT security.

September 2001 Nimda, a new memory-only worm, wreaks havoc on the Internet, quickly eclipsing Code Red's infection rate and recovery cost.

October 2001 Information Security publishes its fourth annual Industry Survey, finding nearly a third of responding companies froze infosec spending because of the economic slowdown.

October 2001 President Bush appoints Richard Clarke his special advisor on cyberspace security.

November 2001 Information Security publishes its fourth annual Crystal Ball issue.

November 2001 Microsoft and its allies vow to end "full disclosure" of security vulnerabilities by replacing it with "responsible" disclosure guidelines.

November 2001 The European Union adopts the controversial cybercrime treaty, which makes the possession and use of hacking tools illegal.

December 2001 Information Security publishes its fifth annual Buyers' Guide, listing more than 450 vendors and 1,250 security products and services.

January 2002 Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign.

February 2002 As part of its Trustworthy Computing initiative, Microsoft shuts down all Windows development, sending more than 8,000 programmers to security training.

April 2002 The U.S. Army initiates the "Mannheim Project," an effort to better consolidate and secure the military's IT assets from cyberwarfare.

May 2002 Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage.

June 2002 The Bush administration files a bill to create the Department of Homeland Security, which, among other things, will be responsible for protecting the nation's critical IT infrastructure.

July 2002 An Information Security survey finds that most security practitioners favor full disclosure because it helps them defend against hacker exploits and puts pressure of software vendors to improve their products.

August 2002 Researcher Chris Paget publishes "shatter attacks," detailing how Windows' unauthenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be.

September 2002 Information Security publishes its fifth annual Industry Survey, which finds that most organizations don't handle security incidents according to a predefined response plan.

September 2002 The White House's Office of Homeland Security releases a draft of the "National Strategy to Secure Cyberspace," which many criticize as being too weak.

October 2002 The International Information Systems Security Certification Consortium--(ISC)2--confers its 10,000th CISSP certification.

November 2002 Information Security publishes its 5th Anniversary Issue.