The first DoS attack was launched in 1974 by a 13-year-old called David Dennis who attended high school across the street from the Computer-Based Education Research Laboratory (CERL) at the University of Illinois Urbana-Champaign. Dennis realized he could lock out a whole room full of users with knowledge he had gleaned about a new command that could be run on CERL’s PLATO terminals. He went across the street, tested his program and succeeded in making 31 users have to shut down.
Chat rooms in the 1990s and early 2000s were one of the first real areas in which hackers started to perform “king of the hill” DoS attacks in order to be the only user in a non-registered chat channel and gain administrative privileges. Internet Relay Chat (IRC) channels became routes for attackers to launch anonymous DoS attacks, anonymous since hackers routinely changed their IP address for use in a chat channel. A hacker had to secretly install malevolent code on a server, then the compromised server would be forced to join an IRC channel using a special password.
1996 bought one of the first high profile DDoS attacks: New York City ISP panix.com was hit with a 72 Kbps SYN flood attack targeting mail, news, web servers, and name servers. 150 SYN packets per second were sent and spoofed IP addresses were used so the addresses couldn’t be traced and legitimate customers couldn’t get through. Ironically, the attack was launched following Panix installing a system for blocking junk bulk e-mail to its users and cybersecurity experts believed it to be a protest of its attempt at email blocking. The site could also have been a target as it focused on privacy law and First Amendment issues.
In 1999, one of the first well-documented large-scale DDoS attacks happened with the release of Trinoo or Trin00, which was deployed in a minimum of 227 systems to flood a single University of Minnesota computer, which was shutdown for over two days.
In 2000, Michael Demon Calce, a 16 year-old Canadian high school student, aka Mafiaboy, launched attacks against Yahoo! (the web’s top search engine then), Amazon, Dell, E*TRADE, eBay, and CNN among other websites. These attacks resulted in Mafiaboy being sent to juvenile detention and USD $1.2 billion in global economic damages.
In a 2011 interview with CNN and subsequent book, Mafiaboy: A Portrait of the Hacker as a Young Man, Calce claimed he had launched the attacks unwittingly; that he had downloaded a security tool and input known addresses, but didn’t realize he ran it. When he got back from school, his computer had crashed. He restarted it, unaware of what had happened during the day. He said when he overheard the news and the companies mentioned which he had input earlier in the day, he started to understand what had happened. “My attacks of 2000 were illegal, reckless and, in many ways, simply stupid,” Calce writes. “At the time, I didn’t realize the consequences of what I was doing.”
He added that hackers at that time were more motivated by curiosity than by crime or economics as many hackers are today.
“I could have launched those attacks and tried to make money off of it,” said the former Mafiaboy, now a Montreal, Canada-based Internet security consultant. “I was more (about) running tests. Everyone at that point in time was running tests and seeing what they could do and what they could infiltrate.”