The Internet began in 1969 as the ARPANET, a project funded by the Advanced
Research Projects Agency (ARPA) of the U.S. Department of Defense. One of the
original goals of the project was to create a network that would continue to
function even if major sections of the network failed or were attacked. The
ARPANET was designed to reroute network traffic automatically around problems in
connecting systems or in passing along the necessary information to keep the
network functioning. Thus, from the beginning, the Internet was designed to be
robust against denial-of-service attacks, which are described in a section below
on denial of service.
The ARPANET protocols (the rules of syntax that enable computers to
communicate on a network) were originally designed for openness and flexibility,
not for security. The ARPA researchers needed to share information easily, so
everyone needed to be an unrestricted "insider" on the network.
Although the approach was appropriate at the time, it is not one that lends
itself to today's commercial and government use.
As more locations with computers (known as sites in Internet parlance)
joined the ARPANET, the usefulness of the network grew. The ARPANET consisted
primarily of university and government computers, and the applications supported
on this network were simple: electronic mail (E-mail), electronic news groups,
and remote connection to other computers. By 1971, the Internet linked about two
dozen research and government sites, and researchers had begun to use it to
exchange information not directly related to the ARPANET itself. The network was
becoming an important tool for collaborative research.
During these years, researchers also played "practical jokes" on
each other using the ARPANET. These jokes usually involved joke messages,
annoying messages, and other minor security violations. Some of these are
described in Steven Levy's Hackers: Heroes of the Computer Revolution (2).
It was rare that a connection from a remote system was considered an attack,
however, because ARPANET users comprised a small group of people who generally
knew and trusted each other.
In 1986, the first well-publicized international security incident was
identified by Cliff Stoll, then of Lawrence Berkeley National Laboratory in
northern California. A simple accounting error in the computer records of
systems connected to the ARPANET led Stoll to uncover an international effort,
using the network, to connect to computers in the United States and copy
information from them. These U.S. computers were not only at universities, but
at military and government sites all over the country. When Stoll published his
experience in a 1989 book, The Cuckoo's Egg (3), he raised awareness that
the ARPANET could be used for destructive purposes.
In 1988, the ARPANET had its first automated network security incident,
usually referred to as "the Morris worm" (4). A student at Cornell
University (Ithaca, NY), Robert T. Morris, wrote a program that would connect to
another computer, find and use one of several vulnerabilities to copy itself to
that second computer, and begin to run the copy of itself at the new location.
Both the original code and the copy would then repeat these actions in an
infinite loop to other computers on the ARPANET. This "self-replicating
automated network attack tool" caused a geometric explosion of copies to be
started at computers all around the ARPANET. The worm used so many system
resources that the attacked computers could no longer function. As a result, 10%
of the U.S. computers connected to the ARPANET effectively stopped at about the
By that time, the ARPANET had grown to more than 88,000 computers and was the
primary means of communication among network security experts. With the ARPANET
effectively down, it was difficult to coordinate a response to the worm. Many
sites removed themselves from the ARPANET altogether, further hampering
communication and the transmission of the solution that would stop the worm.
The Morris worm prompted the Defense Advanced Research Projects Agency
(DARPA, the new name for ARPA) to fund a computer emergency response team,
now the CERT® Coordination Center, to give experts a central point
for coordinating responses to network emergencies. Other teams quickly sprang up
to address computer security incidents in specific organizations or geographic
regions. Within a year of their formation, these incident response teams created
an informal organization now known as the Forum of Incident Response and
Security Teams (FIRST). These teams and the FIRST organization exist to
coordinate responses to computer security incidents, assist sites in handling
attacks, and educate network users about computer security threats and
In 1989, the ARPANET officially became the Internet and moved from a
government research project to an operational network; by then it had grown to
more than 100,000 computers. Security problems continued, with both aggressive
and defensive technologies becoming more sophisticated. Among the major security
incidents (5) were the 1989 WANK/OILZ worm, an automated attack on VMS systems
attached to the Internet, and exploitation of vulnerabilities in widely
distributed programs such as the sendmail program, a complicated program
commonly found on UNIX-based systems for sending and receiving electronic mail.
In 1994, intruder tools were created to "sniff" packets from the
network easily, resulting in the widespread disclosure of user names and
password information. In 1995, the method that Internet computers use to name
and authenticate each other was exploited by a new set of attack tools that
allowed widespread Internet attacks on computers that have trust relationships
(see the section on exploitation of trust, below) with any other computer, even
one in the same room. Today the use of the World Wide Web and Web-related
programming languages create new opportunities for network attacks.
Although the Internet was originally conceived of and designed as a research
and education network, usage patterns have radically changed. The Internet has
become a home for private and commercial communication, and at this writing it
is still expanding into important areas of commerce, medicine, and public
service. Increased reliance on the Internet is expected over the next five
years, along with increased attention to its security.
Internet FAQ top