In the beginning, there were no viruses or spyware. In fact, the general concept of cybersecurity and cybersecurity risk management was essentially non-existent.The first computers couldn't do much and there was no internet to connect devices from one side of the world to the other. This meant that cybersecurity was essentially non-existent until the 1970s when personal computer technology rounded a corner.

Creeper and Reaper

The first "virus" was written by Bob Thomas, an engineer for BBN Technologies, in the 1970s. You might be wondering how it was possible for an engineer to create a worm capable of moving from computer to computer before computers throughout the world could connect to each other. The answer is ARPANET, which was the original packet-switched computer network and the predecessor to the internet as we know it today. ARPANET was the first network that allowed users to remotely connect to another computer.

While BobThomas's "creeper" worm was the first worm, it wasn't much of a cybersecurity threat. This worm would simply transmit from computer to computer, displaying a message that read, "I'm the creeper; catch me if you can!" on infected machines.

In response to the creeper worm, Ray Tomlinson (the creator of email) wrote a similar program with enhanced capabilities. This program would copy itself as it moved through the network from device to device, deleting the creeper worm as it went. This worm was known as the "reaper."

While these weren't real threats, they helped engineers understand the potential threats associated with these networks and laid the foundation for modern cybersecurity risk management.

The Morris Worm

It wasn't until 1988 that the first malicious worm was developed and unleashed on the world. While the creeper and reaper worms were primarily experimental and designed as a sort of prank between colleagues, the Morris Worm was the first denial-of-service (DoS) attack. These attacks are capable of shutting down computers or even entire networks.

The Morris Worm is said to have infected about 6,000 computers, which would have been equal to about 10% of all internet-connected devices at the time. This virus could even affect the same device more than once, slowing devices down until they eventually crash completely.

As a result of creating this worm, Robert Morris was tried and convicted for the first felony conviction under the Computer Fraud and Abuse Act. Regional networks were shutdown so the virus could be removed from computers without risking reinfection. This landmark case made the general public more aware of cybersecurity risks and led to the creation of vulnerability risk assessment protocols.

In Part 2 we reveal how the World Wide Web, made public in 1993, made possible a level of connectivity that was never before possible—and the surge of computer viruses that came along for the ride.