MODULE IN CRIM.

ELECTIVE 2 (Cybercrime)
Prepared By: Ms. Kenneth S. Diodos, MSCRIM (CAR)
∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞∞

MODULE 3
(First Prelim - 3rd Week)

Dateline of Cybercrime from past to present

1834 — French Telegraph System — a pair of thieves hack the French Telegraph System and steal financial
market information, effectively conducting the world’s first cyber-attack.
1870 — Switchboard Hack — a teenager hired as a switchboard operator is able to disconnect and redirect calls
and use the line for personal usage. 
1878 — Early Telephone Calls — Two years after Alexander Graham Bell invents the telephone, the Bell
Telephone Company kicks a group of teenage boys off the telephone system in New York for repeatedly and
intentionally misdirecting and disconnecting customer calls.
1903 — Wireless Telegraphy — During John Ambrose Fleming’s first public demonstration of Marconi’s
“secure” wireless telegraphy technology, Nevil Maskelyne disrupts it by sending insulting Morse code
messages discrediting the invention.
1939 — Military Codebreaking — Alan Turing and Gordon Welchman develop BOMBE, an electro-
mechanical machine, during WWII while working as codebreakers at Bletchley Park. It helps to break the
German Enigma codes.
1940 — First Ethical Hacker — Rene Carmille, a member of the Resistance in Nazi-occupied France and a
punch-card computer expert who owns the machines that the Vichy government of France uses to process
information, finds out that the Nazis are using punch-card machines to process and track down Jews, volunteers
to let them use his, and then hacks them to thwart their plan. 
1955 — Phone Hacker — David Condon whistles his “Davy Crockett Cat” and “Canary Bird Call Flute” into
his phone, testing a theory on how phone systems work. The system recognizes the secret code, assumes he is
an employee, and connects him to a long-distance operator. She connects him to any phone number he requests
for free.
1957 — Joybubbles — Joe Engressia (Joybubbles), a blind, 7-year-old boy with perfect pitch, hears a high-
pitched tone on a phone line and begins whistling along to it at a frequency of 2600Hz, enabling him to
communicate with phone lines and become the U.S.’s first phone hacker or “phone phreak.”
1962 — Allan Scherr — MIT sets up the first computer passwords, for student privacy and time limits. Student
Allan Scherr makes a punch card to trick the computer into printing off all passwords and uses them to log in as
other people after his time runs out. He also shares passwords with his friends, leading to the first computer
“troll.” They hack into their teacher’s account and leave messages making fun of him.
1969 — RABBITS Virus — an anonymous person installs a program on a computer at the University of
Washington Computer Center. The inconspicuous program makes copies of itself (breeding like a rabbit) until
the computer overloads and stops working. It is thought to be the first computer virus. 
1970-1995 — Kevin Mitnick — Beginning in 1970, Kevin Mitnick penetrates some of the most highly-guarded
networks in the world, including Nokia and Motorola, using elaborate social engineering schemes, tricking
insiders into handing over codes and passwords, and using the codes to access internal computer systems. He
becomes the most-wanted cybercriminal of the time. 
1971 — Steve Wozniak and Steve Jobs — When Steve Wozniak reads an article about Joybubbles and other
phone phreaks, he becomes acquainted with John “Captain Crunch” Draper and learns how to hack into phone
systems. He builds a blue box designed to hack into phone systems, even pretending to be Henry Kissinger and
prank-calling the Pope. He starts mass-producing the device with friend Steve Jobs and selling it to classmates. 
1973 – Embezzlement — A teller at a local New York bank uses a computer to embezzle over $2 million
dollars.
1981 – Cybercrime Conviction — Ian Murphy, aka “Captain Zap,” hacks into the AT&T network and changes
the internal clock to charge off-hour rates at peak times. The first person convicted of a cybercrime, and the
inspiration for the movie “Sneakers,” he does 1,000 hours of community service and 2.5 years of probation.
1982 — The Logic Bomb — The CIA blows up a Siberian Gas pipeline without the use of a bomb or a missile
by inserting a code into the network and the computer system in control of the gas pipeline. The code was
embedded into equipment purchased by the Soviet Union from a company in Canada. 
1984 — US Secret Service — the U.S. Comprehensive Crime Control Act gives Secret Service jurisdiction over
computer fraud.
1988 — The Morris Worm — Robert Morris creates what would be known as the first worm on the Internet.
The worm is released from a computer at MIT to suggest that the creator is a student there. The potentially
harmless exercise quickly became a vicious denial of service attack when a bug in the worm’s spreading
mechanism leads to computers being infected and re-infected at a rate much faster than he anticipates. 
1988-1991 — Kevin Poulsen — In 1988, an unpaid bill on a storage locker leads to the discovery of blank birth
certificates, false IDs, and a photo of hacker Kevin Poulsen, aka “Dark Dante,” breaking into a telephone
company trailer. The subject of a nationwide manhunt, he continues hacking, including rigging the phone lines
of a Los Angeles radio station to guarantee he is the correct caller in a giveaway contest. He is captured in 1991.
1989 — Trojan Horse Software — A diskette claiming to be a database of AIDS information is mailed to
thousands of AIDS researchers and subscribers to a UK computer magazine. It contains a Trojan (after the
Trojan Horse of Greek mythology), or destructive program masquerading as a benign application. 
1994 — Datastream Cowboy and Kuji — Administrators at the Rome Air Development Center, a U.S. Air
Force research facility, discover a password “sniffer” has been installed onto their network, compromising more
than 100 user accounts. Investigators determined that two hackers, known as Datastream Cowboy and Kuji, are
behind the attack.
1995 — Vladmir Levin — Russian software engineer Vladimir Levin hacks into Citibank’s New York IT
system from his apartment in Saint Petersburg and authorizes a series of fraudulent transactions, eventually
wiring an estimated $10 million to accounts worldwide. 
1998-2007 — Max Butler — Max Butler hacks U.S. government websites in 1998 and is sentenced to 18
months in prison in 2001. After being released in 2003, he uses WiFi to commit attacks, program malware and
steal credit card information. In 2007, he is arrested and eventually pleads guilty to wire fraud, stealing millions
of credit card numbers and around $86 million of fraudulent purchases.
1999 — NASA and Defense Department Hack — Jonathan James, 15, manages to penetrate U.S. Department
of Defense division computers and install a backdoor on its servers, allowing him to intercept thousands of
internal emails from different government organizations, including ones containing usernames and passwords
for various military computers. Using the info, he steals a piece of NASA software. Systems are shut down for
three weeks.
1999 — The Melissa Virus — A virus infects Microsoft Word documents, automatically disseminating itself as
an attachment via email. It mails out to the first 50 names listed in an infected computer’s Outlook email
address box. The creator, David Smith, says he didn’t intend for the virus, which caused $80 million in
damages, to harm computers. He is arrested and sentenced to 20 months in prison.
2000 — Lou Cipher — Barry Schlossberg, aka Lou Cipher, successfully extorts $1.4 million from CD Universe
for services rendered in attempting to catch the Russian hacker.
2000 — Mafiaboy — 15-year-old Michael Calce, aka MafiaBoy, a Canadian high school student, unleashes a
DDoS attack on several high-profile commercial websites including Amazon, CNN, eBay and Yahoo! An
industry expert estimates the attacks resulted in $1.2 billion dollars in damages.
2002 – Internet Attack — by targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack
assaults the entire Internet for an hour. Most users are unaffected.
2003 — Operation CyberSweep — The U.S. Justice Department announces more than 70 indictments and 125
convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation
CyberSweep. 
2003-2008 — Albert Gonzalez — Albert Gonzales is arrested in 2003 for being part of ShadowCrew, a group
that stole and then sold card numbers online, and works with authorities in exchange for his freedom. Gonzales
is later involved in a string of hacking crimes, again stealing credit and debit card details, from around 2006
until he is arresting in 2008. He stole millions of dollars, targeted companies including TJX, Heartland Payment
Systems and Citibank.
2004 — Lowe’s — Brian Salcedo is sentenced to 9 years for hacking into Lowe’s home improvement stores
and attempting to steal customer credit card information. 
2004 — ChoicePoint — A 41-year-old Nigerian citizen compromises customer data of ChoicePoint, but the
company only informs 35,000 people of the breach. Media scrutiny eventually leads the consumer data broker,
which has since been purchased by LexisNexis, to reveal another 128,000 people had information
compromised. 
2005 — PhoneBusters — PhoneBusters reports 11K+ identity theft complaints in Canada, and total losses of
$8.5M, making this the fastest growing form of consumer fraud in North America. 
2005 — Polo Ralph Lauren/HSBC – HSBC Bank sends letters to more than 180,000 credit card customers,
warning that their card information may have been stolen during a security breach at a U.S. retailer (Polo Ralph
Lauren). A DSW data breach also exposes transaction information from 1.4 million credit cards.
2006 — TJX — A cybercriminal gang steals 45 million credit and debit card numbers from TJX, a
Massachusetts-based retailing company, and uses a number of the stolen cards to fund an electronic shopping
spree at Wal-Mart. While initial estimates of damages came up to around $25 million, later reports add up the
total cost of damages to over $250 million.
2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install
spyware on Heartland’s data systems. A federal grand jury indicts Albert Gonzalez and two Russian
accomplices in 2009. Gonzalez, alleged to have masterminded the international operation that stole the credit
and debit cards, is later sentenced to 20 years in federal prison. 
2008 – The Church of Scientology — a hacker group known as Anonymous targets the Church of Scientology
website. The DDoS attack is part of a political activist movement against the church called “Project
Chanology.” In one week, the Scientology website is hit with 500 DDoS attacks. 
2010 — The Stuxnet Worm — A malicious computer virus called the world’s first digital weapon is able to
target control systems used to monitor industrial facilities. It is discovered in nuclear power plants in Iran,
where it knocks out approximately one-fifth of the enrichment centrifuges used in the country’s nuclear
program.
2010 — Zeus Trojan Virus — An Eastern European cybercrime ring steals $70 million from U.S. banks using
the Zeus Trojan virus to crack open bank accounts and divert money to Eastern Europe. Dozens of individuals
are charged. 
2011 — Sony Pictures — A hack of Sony’s data storage exposes the records of over 100 million customers
using their PlayStation’s online services. Hackers gain access to all the credit card information of users. The
breach costs Sony more than $171 million.
2011 — Epsilon — A cyberattack on Epsilon, which provides email-handling and marketing services to clients
including Best Buy and JPMorgan Chase, results in the compromise of millions of email addresses.
2011 — RSA SAFETY — Sophisticated hackers steal information about RSA’s SecurID authentication tokens,
used by millions of people, including government and bank employees. This puts customers relying on them to
secure their networks at risk.
2011 — ESTsoft — Hackers expose the personal information of 35 million South Koreans. Attackers with
Chinese IP addresses accomplish this by uploading malware to a server used to update ESTsoft’s ALZip
compression application and steal the names, user IDs, hashed passwords, birthdates, genders, telephone
numbers, and street and email addresses contained in a database connected to the same network. 
2011-2012 — LulzSec — Lulz Security, or LulzSec, a break-off group from hacking collective Anonymous,
attacks Fox.com and then targets more than 250 public and private entities, including an attack on Sony’s
PlayStation Network. They then publicize their hacks though Twitter to embarrass website owners and make
fun of insufficient security measures.
2009-2013 — Roman Seleznev — Roman Seleznev hacks into more than 500 businesses and 3,700 financial
institutions in the U.S., stealing card details and selling them online, making tens of millions of dollars. He is
eventually caught and convicted for 38 charges, including hacking and wire fraud. 
2013-2015 — Global Bank Hack — a group of Russian-based hackers gains access to secure information from
more than 100 institutions around the world. The hackers use malware to infiltrate banks’ computer systems and
gather personal data, stealing £650 million from global banks.
2013 — Credit Card Fraud Spree — In the biggest cybercrime case filed in U.S. history, Federal prosecutors
charge 5 men responsible for a hacking and credit card fraud spree that cost companies more $300 million.
2014-2018 — Marriott International — a breach occurs on systems supporting Starwood hotel brands beginning
in 2014. Attackers remain in the system after Marriott acquires Starwood in 2016 and aren’t discovered until
September 2018. The thieves steal data on approximately 500 million customers. Marriott announces it in late
2018. 
2014 — eBay — A cyber-attack exposes names, addresses, dates of birth, and encrypted passwords of all of
eBay’s 145 million users.  
2014 — CryptoWall — CryptoWall ransomware, the predecessor of CryptoDefense, is heavily distributed,
producing an estimated revenue of $325 million. 
2014 — JPMorgan — Hackers hijack one of JPMorgan Chase’s servers and steal data about millions of bank
accounts, which they use in fraud schemes yielding close to $100 million.
2015 — Anthem — Anthem reports theft of personal information on up to 78.8 million current and former
customers.
2015 — LockerPin — LockerPin resets the pin code on Android phones and demands $500 from victims to
unlock the device.
2015 — Prepaid Debit Cards — A worldwide gang of criminals steals a total of $45 million in a matter of hours
by hacking a database of prepaid debit cards and then draining cash machines around the globe.
2016 — DNC Email Leaks — Democratic National Committee emails are leaked to and published by
WikiLeaks prior to the 2016 U.S. presidential election.
2017 — Equifax — Equifax, one of the largest U.S. credit bureaus, is hacked, exposing 143 million user
accounts. The sensitive leaked data includes Social Security numbers, birth dates, addresses, driver’s license
numbers, and some credit card numbers.
2017 — Chipotle — An Eastern European criminal gang that is targeting restaurants uses phishing to steal
credit card information of millions of Chipotle customers. 
2017 — WannaCry — WannaCry, the first known example of ransom ware operating via a worm (viral
software that replicates and distributes itself), targets a vulnerability in older versions of Windows OS. Within
days, tens of thousands of businesses and organizations across 150 countries are locked out of their own
systems by WannaCry’s encryption. The attackers demand $300 per computer to unlock the code.
2019 — Facebook — 74 Facebook groups devoted to the sale of stolen credit card data, identity info, spam lists,
hacking tools, and other cybercrime commodities are uncovered.