By Kevin Poulsen
December 31, 2009
It was the decade of the mega-heist, when stolen credit card magstripe
tracks became the pork bellies of a new underground marketplace, Eastern
European hackers turned malware writing into an art, and a nasty new
crop of purpose-driven computer worms struck dread in the heart of
Now that the zero days are behind us, it's time to reflect on the most
ingenious, destructive or groundbreaking cybercrimes of the first 10
years of the new millennium.
2000 - MafiaBoy
Once upon a time, "distributed denial of service attacks" were just a
way for quarreling hackers to knock each other out of IRC. Then one day
in February 2000, a 15-year-old Canadian named Michael "MafiaBoy" Calce
experimentally programmed his botnet to hose down the highest traffic
websites he could find. CNN, Yahoo, Amazon, eBay, Dell and eTrade all
buckled under the deluge, leading to national headlines and an emergency
meeting of security experts at the White House.
Compared to modern DDoS attacks, MafiaBoy's was trivial. But his was the
cyberstrike that put the internet's security issues on a national stage,
and inaugurated an era where any pissed off script kiddy could take down
part of the web at will.
2002 - California Payroll Database Breach
On April 5, 2002, an unidentified hacker penetrated a California server
housing the state government's payroll database, gaining access to
names, Social Security numbers and salary information for 265,000 state
workers from the governor on down. The breach itself was small potatoes,
but when it emerged that the California Controller's Office had waited
two weeks to warn the victims, angry lawmakers reacted by passing the
nation's first breach disclosure law, SB1386.
The law requires hacked organizations to promptly warn potential
identity theft victims. Its passage pulled the rock off the string of
major corporate breaches that companies would have preferred to hush up.
Today, 45 states have enacted similar laws.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News