A Brief History of Cybercrime

Share :

Over the past decade, cybercrime has become a big business — a $1.5T industry with an entire ecosystem of criminal organizations run like legitimate organizations. Some even offer technical leadership, step-by-step instructions, and robust customer service via ransomware-as-a-service (RaaS), and the most brazen threat actors have even taken out pop-up ads selling their products. Factor in nation-state actors, individual hackers targeting specific organizations, and third-party hacks that hit multiple businesses at once, and you have a target-rich threat environment for IT and security teams to defend against.

Yet, while the cybercrime industry has exploded in the past ten years, the truth is that cybercrime is not a new kind of threat. In fact, it goes back not just a decades but centuries.

Technically, the first cyber attack happened in France well before the internet was even invented, in 1834. Attackers stole financial market information by accessing the French telegraph system. Still, cybercrime didn’t really find its footing until the late 20th century. Spurred on by the digital revolution, cybercriminals became early adopters of technology, using their head start and their smarts to engineer new, devious ways to part people and organizations from their data and dollars. From that moment on, cybercrime has grown exponentially, marked by an evolution of tactics, techniques, and procedures (TTPs) — all implemented for malicious gain.

Now, cybercrime has expanded into its own ecosystem, full of leak sites, “as-a-service” models, lucrative attack vectors such as business email compromise (BEC), and an expanding global footprint that costs organizations more and more every year.

If there was a cybercrime hall of infamy, its halls would be lined with the names and faces of these noted attacks and attackers whose “groundbreaking” work caught both the eye of federal investigators and the envy of fellow hackers.

History of Cybercrime


The modern history of cybercrime began when Allen Scherr launched a cyber attack against the MIT computer networks, stealing passwords from their database via punch card.


The first computer virus was created for research purposes by Bob Thomas at BBN technologies. Referred to as the Creeper Virus, the self-replicating program was detected on the ARPANET in 1971 and foretold the potential of future viruses to cause significant damage to computer systems.


Ian Murphy became the first person ever to be convicted for committing a cybercrime after successfully hacking into AT&T’s internal systems and changing their computers’ clocks, causing havoc.


The first major cyber attack on the internet came courtesy of Cornell grad student Robert Morris. The “Morris Worm” struck in the year before the World Wide Web debuted, back when the internet was primarily the domain of academic researchers. It infected computer systems at Stanford, Princeton, Johns Hopkins, NASA, Lawrence Livermore Labs, and UC Berkeley, among other institutions.


Ransomware made its first appearance. This first strain of ransomware — the AIDS Trojan — was easy to remove, rendering it ineffective. Unlike the ransomware of today, this one appeared on floppy disks, with the cybercriminal handing out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference.

Explore ransomware in-depth.


text of "the 1990s"

The 1990s: New Technology Brings New Crime 

The decade of the ‘90s gave rise to some of the greatest communication technologies and changes known to mankind, with the internet connecting people across different communication networks wherever they were, all over the world.

But it wasn’t all good news. Cybercrime grew in strength thanks to these advancements. Hackers and bad actors leveraged the fact that, as these new technologies were developed and built, trust and safety controls weren’t initially a major concern.

Cybersecurity was a term yet to be coined, let alone an active field, so creating groundbreaking applications for communications and business efficiency was the principal focus of these years. Nevertheless, an underground economy was slowly growing in strength, as viruses started to take hold.

AOL, the leading internet provider of the decade, unwittingly became an attack vector itself, as cybercriminals would steal user credentials, launch phishing attacks, and spam other AOL users through instant messenger or email.

Escalating rates of cybercrime signaled that attackers were enjoying fresh opportunities, and devising new means to gain unauthorized access to systems and manipulate data across the web.

Here’s some of the notable cybercrimes of this decade:


Datastream Cowboy and Kuji — a 16-year-old British schoolboy and his accomplice — used a “password sniffer” program to launch a series of attacks that crippled the Air Force’s Rome Laboratory, while stealing research data used as attack instructions for warplanes in battle.


Vladimir Levin was the first known hacker to attempt to rob a bank — and a very big bank at that. He hacked into Citibank’s network and conducted many fraudulent transactions. All told, he transferred more than 10 million dollars into various bank accounts worldwide.


Kevin Mitnick — one of history’s most notorious hackers — became the first person to penetrate large networks by manipulating people and using insiders to get the codes to access Motorola and Nokia, among others.


Max Butler, a security consultant for the FBI among others, hacked into U.S. government websites under false pretenses. The U.S Air Force alerted officials to his misdeeds, and he received an 18-month sentence. Later, for another illicit foray, he was sentenced to 13 years, a record for a hacker.


Computer viruses were relatively unknown by the general public until the Melissa Virus struck in March 1999. A document uploaded online and promising access to adult videos, the virus would take over individual’s Microsoft Word applications, then jump to their Microsoft Outlook , and self-propagate by sending itself to various email accounts. It caused an estimated $80 million in damages and was one of the first major viruses that expanded beyond AOL.


Text of cybercrime the 2000s.

The New Millennium: Cybercrime Ramps Up 

The first decade of the new millennium saw more sophisticated attacks and an abundance of advanced persistent threat actors (APTs), most of which were sponsored by nation-states. The evolution of cybercrime meant new viruses and worms, which caused significant damage to critical sectors of the global, digital economy.

By decade’s end, cybersecurity was a concern to computer users everywhere, but especially to government agencies and large corporations who had the most at stake.

Here’s the most notable cybercrimes of the decade:


A 15-year-old hacker named Michael Calse — who went by the online handle “Mafiaboy” — launched a series of distributed denial of service (DDoS) attacks on some of the largest commercial websites in the world, sites like Amazon, Yahoo, CNN, and eBay. The attack brought the sites down for hours in some cases and cost these businesses untold millions.


Another major phishing attack occurred with the ILOVEYOU virus. Sometimes called the LOVEBUG or Love Letter virus, this worm infected over 10 million endpoints across the world. It spread as a spam email, accidentally opened by users, which allowed the worm to gain access to the entire operating system due to a flaw in Windows. It’s estimated that this single attack, which originated with an amateur hacker in the Philippines, caused billions in damages around the globe.


A security breach at a U.S. retailer led to the data leak of 1.4 million HSBC Bank MasterCard users.


The first ransomware strain to use advanced RSA encryption, named Archievus, appears. RSA encryption, or public-key encryption, is now the default for most ransomware attacks.


In one of the largest breaches ever, Heartland Payment systems were attacked using a combination of SQL injection, password sniffers, and malware, compromising the data of 134 million users.


Text of cybercrime the 2010s.

2010s: An Explosion of Cyber Attacks

2010-2020 saw an explosion in cybercrime, turning what was once a cottage industry into a big, global business. Attackers developed new malicious programs and techniques, which increased both the cybercrime rate and the number of attacks per day. Trillions of dollars were lost.

The decade also saw the rise of ransomware, as digital currencies like Bitcoin, the digitizing of organizations, and the proliferation of mobile devices, new operating systems, and the dark web, gave threat actors new avenues and resources for attacks.

Cybercrime wasn’t the only industry that saw huge growth. Organizations began employing more cybersecurity professionals to counter the risk of cyber threats as the sense of assumed digital security dissipated. And, due to the demand for constant data security, a new field emerged known as ethical hacking, whose sole purpose is to discover vulnerabilities prior to malicious exploitation.

The evolution and increased sophistication of different types of cyber threats and how they’re leveraged in attacks puts organizations in precarious positions when it comes to defending against them.

Here are the most damaging attacks from the previous decade:


The Stuxnet worm — called the world’s first “digital weapon” — attacked nuclear plants in Iran, sabotaging the country’s uranium enrichment facilities.


The Zeus Trojan virus was distributed around the world via email in an attack targeting financial services organizations. The 100-plus-person crime ring, based largely in the U.S., managed to steal more than $70 million from American banks.


In a notorious nation-state attack, Operation Aurora was launched by Chinese military hackers on more than 20 leading technology companies. The public was first made aware of the attacks when Google notified the public that its intellectual property had been seized in the attack.


Sony Corporation announced In April that, over the course of a few days, hackers stole information from 77 million users of its PlayStation Network. This included gamers’ usernames and passwords, their birthdates, answers to security questions, and more. It took 23 days to recover the system and remediate the threat.


In perhaps the largest high-profile data leak of all time, whistleblower Edward Snowden revealed sensitive information stolen from several foreign governments with spyware software as part of the National Security Agency’s PRISM surveillance program.


Over 110 million Target customers had their credit card records stolen in a phishing attack. The scheme involved a malware-laden email to the company’s HVAC subcontractor, allowing the cybercriminals to gain access credentials to the data.


A researcher discovered that Finnish telecommunications Nokia was essentially conducting man-in-the-middle attacks on its smart phone users by sending HTTPs traffic through its servers and decrypting data. The company said it did so to help compress data and keep rates and charges reduced.


CryptoLocker, the first ransomware to be spread by botnet and social engineering, shows both threat actors and the cybersecurity world how easily ransomware could spread and take over a system.


In a now infamous and often referenced data breach, the information of 38 million Adobe users, including credit card information for three million of them, was leaked online. In an interview, Adobe’s CSO said a move to the cloud made Adobe vulnerable to threat actors.


Celebgate occurs, as nude and intimate photos of celebrities are taken from hacked iCloud accounts and leaked online. This hack placed new attention on password hygiene and mobile device security.


The first strains of SamSam ransomware appeared, which by 2018 had earned its creator nearly $6 million USD. Among its highest-profile “hostage-taking” strikes were the City of Atlanta and the Colorado Department of Transportation.


A successful spear phishing attack against high-value Defense Department targets with customized emails led to a data breach of information for 4,000 military and civilian personnel who worked for the Joint Chiefs of Staff. The attack forced the Pentagon to shut down its email system.


A cybercrime group known as Impact Team leaks the internal database of Ashley Madison, a dating site frequented by those looking to have an extramarital affair. The group initially held the data for ransom, demanding the site be shut down, and after Ashley Madison resisted, the database was released. The breach brought to light the importance of data security, specifically around user data, as the site had archived and kept the personal information of past users, including credit card information and legal names.


TeleCrypt ransomware appeared and targeted gamers, who downloaded it while playing games online. Luckily, a free decrypt tool was quickly created by researchers at Malwarebytes.


Petya becomes the first ransomware variant to overwrite the master-boot record and encrypt the master file table within a system, locking victims out of the entire hard drive faster.


The Austrian Aerospace firm, FACC AG, was defrauded of 50 million Euros in a spear- phishing scheme that tricked a finance employee to transfer the money into bank accounts controlled by the cybercriminals. As a result, the company’s CEO was fired.


Perhaps the most insidious of all ransomware strains, WannaCry, managed to affect more than 200,000 Windows computers in 150 countries. It was especially dangerous — and deadly — as the U.K.’s National Health Service Hospitals were among the most devastated. It is widely assumed hackers in North Korea were behind the attack.


Just a month later, piggybacking on the success of WannaCry was NotPetya, an updated version of the earlier ransomware strain. It took out organizations from shipping giant Maersk to multinational pharmaceutical manufacturer Merck.


A Lithuanian cybercriminal posed as an Asian manufacturer to deceive Google and Facebook employees into wiring over $100 million to untraceable offshore bank accounts. The attack occurred two years before his capture. For their part, Google claimed to have recouped the funds it had lost.


In the biggest DDoS inundation to date, GitHub — a popular developer platform — experienced traffic of 1.3 terabytes per second, which halted all operations on its server. GitHub had security measures in place, far more than most organizations, but was simply overwhelmed by the sheer size of the attack.


Perhaps the most noteworthy of all crypto jacking attacks in this decade was Coinhive, a popular cryptocurrency mining service that, for a time, was considered by leading security firms as the top malicious threat to web users. Its computer code could be used on hacked websites to steal the processing power of that site’s visitors’ devices. For 15 long months, cybercriminals used the malicious program to infect millions of devices.


Capital One fell victim to one of the largest data breaches in banking history when over 100 million credit card applications were accessed and thousands of Social Security and bank account numbers were taken. Capital One spent around $150M mitigating damages.


Cybercrime 2020 to present

2020 to Today: Billions of Dollars Lost

If the 2010s were the decade where cybercrime was finding its footing, the 2020s have seen the ecosystem sophisticate in new ways.
There have been two colliding forces this decade: One is an overall rise in cybercrime driven by technological advances as well as socioeconomic forces particularly in Eastern Europe and Asia, and the other is the rapid digitization of organizations who are turning to the cloud, individual endpoints, and global expansion, but are doing so faster than their cybersecurity measures can keep up.

The results?

It’s clear that cybercrime has evolved rapidly, and while advances in cybersecurity continue to happen, it’s a constant battle between overworked, understaffed security departments and threat actors.

The top attacks of recent years show just how nefarious and damaging cybercrime has become.


Neiman Marcus notified 4.6 million customers that a hacker had compromised online accounts in May 2020, gaining access to personal data such as usernames and passwords, customer names, contact information, credit card numbers, as well as expiration dates and virtual card numbers.


Russian cyber attacks on U.S. governmental institutions have been on the rise and, in one of the most catastrophic data breaches during all of 2020, foreign intelligence operatives took advantage of a compromised SolarWinds program and invaded an estimated 18,000 private and government-affiliated networks. These data breaches granted attackers access to an abundance of identifiable information, including financial information, source code, passwords, and usernames.


In early May, a suspected Russian hacking group took Colonial Pipeline offline for more than three days in an attack that made ransomware a household word. As Colonial provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel, this was a major blow. Gas prices spiked across the country, some gas stations ran out of fuel, over-the-road deliveries were delayed, and there were even reports of gasoline hoarding.


The infamous REvil collective hit Florida-based software provider Kaseya with a ransomware attack, demanding $70 million in bitcoin. This attack impacted businesses across five continents — including shutting down public schools in New Zealand, closing a major grocery chain in Sweden, and disrupting operations for hundreds of businesses across the U.S.


2021 closed out with the revelation of a zero-day threat that created massive waves in the cybersecurity industry, when security researchers published a proof-of-concept critical exploit for a remote code execution (RCE) vulnerability in Log4j, a Java logging library used in a significant number of internet applications.

In the weeks following, businesses worldwide worked frantically to identify and mitigate the impact of the exploit, while security pros and experts released patches and scanning tools, and guided organizations on how to best protect themselves from attack.


In one of the more frightening displays of cybercriminals’ willingness to endanger the lives and livelihoods of strangers, the agency that administers Social Security for Costa Rica was shut down by a late May ransomware attack, an attack which spread to other offices in the country and caused a state of emergency.


A mid-September hack yielded a striking amount of material from a titan of the gaming industry. The hotly anticipated release of Rockstar Games’ Grand Theft Auto 6 was thrown into disarray when a hacker known as “teapotuberhacker” breached Rockstar’s internal Slack channel and purloined 90 videos of work-in-progress gameplay. But this hacker wasn’t done.

In an extremely similar Slack attack, teapotuberhacker lived up to their screen name on September 14 when they, well, hacked Uber. The international ride-share company was breached even more deeply than Rockstar, with the hacker gaining “pretty much full access to Uber,” including email systems, internal communications, cloud storage, and code repositories.


Popular genetic testing and sharing site 23andMe fell victim to a credential stuffing attack which exposed the personally identifiable data (PII) of 6.9 million users. The initial data leak on the dark web showed threat actors offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased.


Sony found themselves breached again, this time by ransomware gang Rhysida, who attacked their subsidiary, Insomniac Games. The ransomware group, after asking for an initial ransom of $2 million USD, released 1.3 million files onto the dark web. This data included both in development materials for upcoming games and employee information.


LockBit, a highly active ransomware group, was able to breach health insurance group MCNA dental, exfiltrating 700GB of data and holding it for a $10 million USD ransom. LockBit ultimately published the exfiltrated data on the dark web, which contained PII for 8.9 million individuals


Social engineering was behind this breach of MGM Resorts systems, which cost the casino giant $100 million in lost bookings plus $10 million due to breach clean up. Ransomware gang Scattered Spider was behind the attack.

Learn more about the top breaches of 2023.

The Future of Cybercrime

From viruses on floppy disks to highly organized ransomware gangs evading law enforcement and stealing millions of dollars, cybercrime has come a long way.

The same advanced technology used for cybersecurity — including machine-learning and AI tools — are employed by today’s cybercriminals, too. So, staying one step ahead of them is an ongoing challenge.

While we don’t know what the future holds, some trends of 2023 and 2024, including the continued rise of business email compromise (BEC) — which accounted for 29.7% of the total incidents investigated by Arctic Wolf® Incident Response in 2023 — the takedown of ransomware-as-a-service (RaaS) gangs like LockBit , and the explosion of vulnerabilities and identity attacks shows that the cybercrime landscape is in for more volatility.

Learn more about how ransomware has come to dominate the cybercrime landscape.
Explore the current threat landscape in-depth with the Arctic Wolf Labs 2024 Threat Report.


Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter