Typical early hackers were curious about the new technology of networks and computers and wanted to see just how far they could push their capabilities. Hacking has changed quite a bit since then. For example, in the 1970s, before the widespread availability of the personal computer, hacking was mostly confined to mainframes that were common in corporate and university environments. When personal computers (PCs) became widely available in the 1980s, every user had a copy of an operating system. Hackers soon realized that a hack that worked on one PC would work on nearly every other PC as well. Although the first Internet worm in November 1988 exploited a weakness in the UNIX sendmail command, worm and virus writers moved their attention to the world of PCs, where most infections occur today.

As hackers’ skills and creativity evolved, so did their attacks. The first web browser, Mosaic, was introduced in 1993. By 1995, hackers were defacing websites. Some of the earliest hacks were quite funny, if not somewhat offensive or vulgar. By May 2001, websites were hacked at such a rate that the group that documented them gave up trying to keep track (see http://attrition.org/mirror/attrition/).

By the turn of the century, hacks started to progress from pranks to malicious activity. DoS attacks took out companies’ Internet access, affecting stock prices and causing financial damage. As websites began to process more credit card transactions, their back-end databases became prime targets for attacks. As computer crime laws came into being, the bragging rights for hacking a website became less attractive—sure, a hacker could show off to friends, but that didn’t produce a financial return. With online commerce, skills started going to the highest bidder, with crime rings, organized crime, and nations with hostile interests utilizing the Internet as an attack route.

Numerous products emerged in the 1990s and early 2000s—antivirus, firewalls, IDSs, and remote access controls—each designed to counter an increasing number of new and diverse threats. As technology, hackers, and countermeasures improved and evolved, so did the types of attacks and strategies that initially spawned them. Attackers started introducing new threats in the form of worms, spam, spyware, adware, and rootkits. These attacks went beyond harassing and irritating the public; they also caused widespread disruptions by attacking the technologies that society increasingly depended on.

Hackers also started to realize that it was possible to use their skills to generate money in all sorts of interesting ways. For example, attackers used techniques to redirect web browsers to specific pages that generate revenue for themselves. Spammers send out thousands upon thousands of email messages that advertise a product or service. Because sending out bulk email costs mere pennies, it takes only a small number of purchasers to make a nice profit.

Over the past few years, the hacking community has adopted a new team ethic or work style. In the past, it was normal for a “lone wolf” type to engage in hacking activities. Over the past few years, a new pattern of a collective or group effort has emerged. Attackers found that working together can provide greater results than one individual carrying out an attack. Such teams increase their effectiveness not only by sheer numbers, diversity, or complementary skills but also by adding clear leadership structures. Also of concern is the trend in which groups of hackers receive financing from nefarious or resourceful sources, such as criminal organizations, terrorists, or even foreign governments. The proliferation of and increasing dependence on technology has proved it to be an irresistible target for criminals.

As stated earlier, hacking is by no means a new phenomenon; it has existed in one form or another since the 1960s. It is only for a portion of the time since then that hacking has been viewed as a crime and a situation that must be addressed.

Although the media commonly cover successful cybersecurity attacks, for every news item or story that makes it into the public consciousness, many more never do. For every hacking incident that is made public, only a small portion of perpetrators are caught, and an even smaller number get prosecuted for cybercrime. In any case, hacking is indeed a crime, and those engaging in such activities can be prosecuted under any number of laws. The volume, frequency, and seriousness of attacks have increased and will continue to do so as technology and techniques evolve.