1998: Intruders infiltrate and take control of more than 500 military, government and private sector computer systems. The incidents -- dubbed "Solar Sunrise" after the well-known vulnerabilities in computers run on the Sun Solaris operating system -- were thought to have originated from operatives in Iraq. Investigators later learn that two California teenagers were behind the attacks. The experience gives the Defense Department its first taste of what hostile adversaries with greater skills and resources would be able to do to the nation's command and control center, particularly if used in tandem with physical attacks.
1999: The infamous "Melissa" virus infects thousands of computers with alarming speed, causing an estimated $80 million in damage and prompting record sales of anti-virus products. The virus starts a program that sends copies of itself to the first 50 names listed in the recipient's Outlook e-mail address book. It also infects Microsoft Word documents on the user's hard drive, and mails them out through Outlook to the same 50 recipients.
Cyber-Attacks by Al Qaeda Feared (The Washington Post, Jun 27, 2002)
White House Pushing Cybersecurity Insurance (washingtonpost.com, Jun 27, 2002)
Related Documents and Resources On The Web (washingtonpost.com, May 16, 2003)
Timeline: The U.S. Government and Cybersecurity (washingtonpost.com, May 16, 2003)
Key Players in U.S. Government's Cybersecurity Efforts (washingtonpost.com, May 16, 2003)
2000: The "I Love You" virus infects millions of computers virtually overnight, using a method similar to the Melissa virus. The virus also sends passwords and usernames stored on infected computers back to the virus's author. Authorities trace the virus to a young Filipino computer student who goes free because the Philippines has no laws against hacking and spreading computer viruses. This spurs the creation of the European Union's global Cybercrime Treaty.
2000: Yahoo, eBay, Amazon, Datek and dozens of other high-profile Web sites are knocked offline for up to several hours following a series of so-called "distributed denial-of-service attacks." Investigators later discover that the DDOS attacks -- in which a target system is disabled by a flood of traffic from hundreds of computers simultaneously -- were orchestrated when the hackers co-opted powerful computers at the University of California-Santa Barbara.
2001: The "Anna Kournikova" virus, promising digital pictures of the young tennis star, mails itself to every person listed in the victim's Microsoft Outlook address book. This relatively benign virus frightens computer security analysts, who believe it was written using a software "toolkit" that allows even the most inexperienced programmer to create a computer virus.
2001: The Code Red worm infects tens of thousands of systems running Microsoft Windows NT and Windows 2000 server software, causing an estimated $2 billion in damages. The worm is programmed to use the power of all infected machines against the White House Web site at a predetermined date. In an ad hoc partnership with virus hunters and technology companies, the White House deciphers the virus's code and blocks traffic as the worm begins its attack.
2001: Debuting just days after the Sept. 11 attacks, the "Nimda" virus infects hundreds of thousands of computers around the world. The virus is considered one of the most sophisticated, with up to five methods of infecting systems and replicating itself.
2001: Melissa virus author David L. Smith, 33, is sentenced to 20 months in federal prison.
2002: The "Klez" worm -- a bug that sends copies of itself to all of the e-mail addresses in the victim's Microsoft Outlook directory -- begins its march across the Web. The worm overwrites files and creates hidden copies of the originals. The worm also attempts to disable some common anti-virus products and has a payload that fills files with all zeroes. Variants of the Klez worm remain the most active on the Internet.
2002: A denial-of-service attack hits all 13 of the "root" servers that provide the primary roadmap for almost all Internet communications. Internet users experience no slowdowns or outages because of safeguards built into the Internet's architecture. But the attack -- called the largest ever -- raises questions about the security of the core Internet infrastructure.
2003: The "Slammer" worm infects hundreds of thousands of computers in less than three hours. The worm ever wreaks havoc on businesses worldwide, knocking cash machines offline and delaying airline flights. It holds the ranking as the fastest-spreading computer worm ever.
2004: The "MyDoom" worm becomes the fastest-spreading e-mail worm as it causes headaches -- but very little damage -- almost a year to the day after Slammer ran rampant in late January 2003. MyDoom uses "social engineering," or low-tech psychological tricks, to persuade people to open the e-mail attachment that contains the virus. It claims to be a notification that an e-mail message sent earlier has failed, and prompts the user to open the attachment to see what the message text originally said. Many people fall for it.