Cyberwar Timeline

Updated February 13, 2017 | Infoplease Staff

The roots of this increasingly menacing challenge facing nations and businesses

by Beth Rowen

A cyberattack is the deliberate breaching of an entity's computer system with the intent of stealing intellectual property or financial resources; disabling, wiping out, or manipulating a computer or network; or causing other damage or disruption to a computer-driven system. The threat of a cyberattack is a serious concern for governmental, military, and business leaders. In fact, President Obama has called such a threat, "one of the most serious economic and national security challenges we face as a nation."

Below is a timeline tracing the roots of this increasingly menacing challenge facing nations and businesses all over the world. As the timeline that follows illustrates, China appears to be the biggest aggressor when it comes to cyber attacks. This timeline covers cyberattacks on government and military computers; it does not include attacks on corporations or individuals. However, events are included if they were carried out by foreign governments or militant groups.




ARPA (Advanced Research Projects Agency) goes online and connects four major U.S. universities. Designed for research, education, and government organizations, it provides a communications network linking the country in the event that a military attack destroys conventional communications systems.



After learning that the Soviet Union planned to steal software from a Canadian company to control its Trans-Siberian Pipeline, the CIA alters the software to cause the pipeline to explode. It is considered the first cyberattack.


Over the course of 10 months beginning in August, Clifford Stoll, a physics researcher at the University of California at Berkeley, tracks down a hacker who had broken into computers at the Lawrence Berkeley National Laboratory, a U.S. Department of Energy facility, and other military computers in the U.S. He traced the hacker to Germany. It is the first such investigation.



An Internet worm temporarily shuts down about 10% of the world's Internet servers. It is the first occurrence of an Internet worm. Robert Tappan Morris, a student at Cornell University, released the worm. Morris is the first person tried and convicted under the computer fraud and abuse act.


March and April

Computers at the Rome Air Development Center at Griffiss Air Force Base in New York are attacked 150 times by anonymous hackers, who use a "sniffer" program to steal login credentials and sensitive information from the lab, which conducts research on artificial intelligence systems, radar guidance systems, and target detection and tracking systems. The hackers then use the login information to access the computers of other military and government facilities, including NASA's Goddard Space Flight Center and the Wright-Patterson Air Force Base.



The NSA conducts a test, known as Eligible Receiver, to assess the vulnerability of government and military computers to a cyberattack. The exercise reveals that systems throughout the country could be hacked and disrupted with relative ease using commercial computers and software.



Analysts with the Air Force Computer Emergency Response Team in San Antonio, Texas, notice intrusions into their computer networks from several academic institutions, including Harvard. The hackers, who turned out to be three teenagers, exploited a weakness in the network's operating system. The event is a wake-up call to the government and prompted President Bill Clinton to develop a cyber-security plan.


The Department of Defense establishes the Joint Task Force on Computer Network Defense to defend the department's networks and systems "from intruders and other attacks."



The worm named Code Red affects computer networks running a Microsoft operating system. Some websites, including the White House site, are disabled.


Anonymous, the group of hackers who refer to themselves as "Internet activists" and attack government, corporate, and religious websites, is organized. While the group avoids adhering to a strict philosophy, its members seem united in their opposition to censorship.


President George Bush announces the creation of a new office under the Department of Homeland Security, the National CyberSecurity Division, and lays out a National Strategy to Secure Cyberspace to protect the nation's computer and information systems from a cyberattack.


Hackers, believed by U.S. officials to be backed by the Chinese military, search to find vulnerable computers in the military's computer network and steal sensitive information. The attacks continued for about three years and were given the name Titan Rain by U.S. officials.



NASA begins to block emails with attachments prior to the launch of space shuttles to prevent hackers from sabotaging launch plans by gaining unauthorized access to the agency's computer network.



Estonia's government websites are hacked by distributed-denial-of-service-attacks and are compromised for 22 days. The hackers are believed to be backed by the Russian government. Targets include the president's office, Parliament, law enforcement officials, and Estonia's two biggest banks.


The email account of U.S. Secretary of Defense Robert Gates is hacked. Officials blame China's People's Liberation Army.


British government officials announce that hackers have breached the computers of the Foreign Office and other government agencies. The hackers are believed to be members of China's People's Liberation Army.



In the weeks before the war between Russia and Georgia, Georgia is hit by distributed-denial-of-service-attacks and many of the government's computer networks are disabled, including that of President Mikheil Saakashvili. Media and transportation companies are also affected. Georgian officials accused Russia of launching the attack.


Pentagon officials discover that a flash drive containing a covert program was inserted into a laptop at a base in the Middle East. The program collected data from a classified Department of Defense computer network and transferred it to computers overseas. Government officials say the hack was carried out by a foreign intelligence agency and called the intrusion, "most significant breach of US military computers ever."



Israel's government Internet sites are attacked during the conflict with Hamas in the Gaza Strip. Government computers are barraged with as many as 15 million junk emails per second, and the computers are temporarily paralyzed. Israel suspects Hamas financed the hack.


Canadian researchers at the Munk Center for International Studies at the University of Toronto, announce that hackers based in China had penetrated almost 1,300 computers in 103 countries, including those belonging to embassies, government offices, and the Dalai Lama, and stole documents and other information.


News reports say that Iraqi insurgents had hacked into live feeds being sent by U.S. drones to military officials on the ground.



University of Toronto researchers report that hackers broke into India's Defense Ministry and stole classified information about the country's national security system. The report, which points the finger at China, also says that the computers of embassies throughout the world had been compromised.


Security experts discover Stuxnet, the world's first military-grade cyber weapon that can destroy pipelines and cause explosions at power plants and factories, as well as manipulate machinery. It is the first worm that corrupts industrial equipment and is also the first worm to include a PCL (programmable logic controller), software designed to hide its existence and progress. In August, security software company Symantec states that 60% of the computers infected with Stuxnet are in Iran.


The Pentagon declares cyberspace the "new domain of warfare."


Iranian president Mahmoud Ahmadinejad acknowledges that the Stuxnet worm destroyed about 1,000 of the country's 6,0000 centrifuges at its nuclear facility in Natanz. Israel and the U.S. are believed to be behind the attack in an attempt to slow Iran's progress toward obtaining nuclear weapons.


Anonymous attacks several businesses seen as "enemies" of WikiLeaks. The action was in response to the arrest of WikiLeaks founder, Julian Assange. In 2010, WikiLeaks provided several news organizations with hundreds of thousands of secret government and military documents about the wars in Iraq and Afghanistan, as well as cables that gave a behind-the-scenes look at American diplomacy from the perspective of high-level officials.



Officials at the International Monetary Fund report that in the previous months it had been hit by "a very major breach" of its computer systems. The FBI announced evidence linking the Chinese government to the attack.


Malware, named Mahdi after the Messiah in Islam, infiltrates about 800 computers of government officials, embassy employees, and other businesspeople in Iran, Israel, Afghanistan, the United Arab Emirates, and South Africa. The malware was embedded in email attachments and users who opened the documents were susceptible to having their emails and instant messages read by hackers.



Flame, malware that attacks computers using Microsoft Windows, is discovered. Its development is believed to have been state-sponsored. A report, released by Budapest University's CrySyS Lab, states that "arguably, it is the most complex malware ever found." Flame is capable of recording Skype conversations, audio, keyboard activity, network traffic and screenshots. It is spread over a local network or USB stick. Flame also has a kill command, wiping out all traces of it from the computer.


The U.S. Department of Homeland Security announces that spear fishers have penetrated the computer systems of U.S. gas pipeline systems.


Hackers, who say they are Islamic and call themselves the Cutting Sword of Justice, infiltrate the computer networks of Saudi Aramaco, a Saudi Arabian oil company, and wipe out the hard drives of about 30,000 computers. Hackers left their calling card on each affected computer, displaying an image of an American flag on fire.


Nine banks in the U.S., including the Bank of America, Wells Fargo, and JP Morgan Chase, were hit by a distributed-denial-of-service attack that denied customers access to the banks' websites for several days. The Islamic hacktivist group Izz ad-Din Al-Qassam Cyber Fighters (also called the Al-Qassam Brigades) takes responsibility for the attack. The group is linked to the military wing of Hamas.


U.S. Secretary of Defense Leon Panetta warns that the U.S. must protect itself against a "cyber Pearl Harbor."


The New York Times is hacked several times between late 2012 and early 2013 after publishing an article that investigated how members of former Prime Minister Wen Jiabao's family benefitted financially from state contracts. The hacking included gaining access to the paper's computer systems and acquiring employee's passwords. A day after The New York Times reported the incident, the Wall Street Journal reveals in a statement that hackers had infiltrated it, too, "for the apparent purpose of monitoring the newspaper's China coverage."


August 27

The New York Times website is shut down for about 20 hours after being hacked, allegedly by the Syrian Electronic Army, a group of hackers who back Syrian president Bashar al-Assad. The attackers accessed the site through Melbourne IT, the vendor that registers domain names.



The U.S. the Justice Department unsealed an indictment of five members of Unit 61398 of the Chinese PeopleĆ¢??s Liberation Army, charging them with hacking into the computer networks of Westinghouse Electric, U.S. Steel Corp., and other companies. Shanghai-based Unit 61398 is the cyber division of China's national army. The move is considered largely symbolic since there is little chance the men will surrender.


American officials announced that Chinese hackers had breached the computer network of the Office of Personnel Management in March. They said they believe the hackers were targeting employees applying for top security clearances.


The computer networks of Sony Pictures were hacked, with personal medical information about employees, financial information, emails, and thousands of other documents lifted and made public. The U.S. suspected North Korea was behind the breech in retaliation for the upcoming release by Sony of an outlandish comedy, called The Interview, about a CIA plot to assassinate North Korean leader Kim Jong-un. In December, employees of Sony received threatening messages on their computers warning that "the world will be full of fear" if the film is released. "Remember the 11th of September 2001," a message said. Sony decided to cancel the release of the film. On Dec. 19, the FBI formally accused North Korea of launching the attack, saying it had significant evidence linking the government to the breech.



U.S. officials announced that Russian hackers gained access to White House and State Department emails in 2014. The emails were unclassified, but likely contained sensitive information. The hackers penetrated the email archives of White House and State Dept. officials who correspond with President Barack Obama.


The White House said that the Social Security numbers and other personal identifying information of some 4 million current and former government employees had been breached. The breach occurred in late 2014. The data was accessed from the computers of the Office of Personnel Management. The government said it believes that the hack originated in China.

Related Links

See also: