Milestones

NOVEMBER 1991

First RSA^® Conference (then called “Cryptography, Standards & Public Policy”) held in Hotel Sofitel in Redwood City with 50 attendees: the “Conference” starts at 9:00 a.m. and ends at 3:00 p.m.

Key escrow debate brewing – U.S. government seeking repository for cryptographic keys
Concerns about DES vulnerabilities and possible replacements publicly debated (DSS or RSA/PKCS)

Second, now annual, RSA Conference held
First Fast Software Encryption Conference is held — this event helps drive the research activities on encryption algorithms that eventually led to the Advanced Encryption Standard
Cryptographic security/digital signatures for EDI debated
Skipjack algorithm is proposed for key escrow applications (but not published)
Traffic on the web expands at an annual rate of 341,634%
First edition of Bruce Schneier’s Applied Cryptography published

Netscape invents SSL
Clipper Chip announced by the White House
IBM, GE & NBC all hacked over Thanksgiving weekend by a group called “The Internet Liberation Front”

First RSA Conference Theme: Egyptian Scarab Seals
A leading U.S. bank hacked by Russian attackers transferring over $10 Million to separate accounts around the world using a laptop computer
Kevin Mitnick arrested in North Carolina
Hackers alter the web sites of U.S. Justice Department, CIA and the U.S. Air Force
Strict EU data protection and privacy laws enacted
First network vulnerability scanner developed (SATAN: Security Administration Tool for Analyzing Networks)
CERT: 171 vulnerabilities reported

RSA Conference Theme: WWII Navajo Code-Talkers
Second edition of Bruce Schneier’s Applied Cryptography published
A survey by Dan Farmer finds that 2/3 of “interesting” web sites such as banks, newspapers and government systems have serious security flaws
HIPAA enacted; requires healthcare organizations take extra steps to secure personal information
The General Accounting Office publishes a report on government-wide information security issues finding that security at most U.S. government agencies is poor
CERT: 345 vulnerabilities reported

RSA Conference Theme: Cher Ami, Carrier Pigeon
RSA Conference attracts 1,846 attendees
U.S. debate over the export of products containing strong encryption heats up with the SAFE Act

RSA Conference Theme: Ancient Greece/Fall of Troy
RSA Conference attracts 7,507 attendees
Hackers deemed terrorists under UK Law (Terrorism Act 2000)
FBI continues to hunt hackers with Carnivore tool
Love Bug virus cripples computer worldwide; Love Bug suspect apprehended and later released in the Philippines
Denial of Service attacks shut down Yahoo!, Buy.com, Amazon, eBay, and CNN
Palm.Liberty.A is discovered as the first known Trojan horse for Palm OS
U.S. relaxes encryption export policy
The Electronic Signature in Global & National Commerce Act passed
Teenage hacker Mafiaboy cripples leading Internet sites causing $1.7 Billion in damages
FBI apprehends teenage hacker Coolio, who hijacked and defaced leading web sites
CERT: 1,090 vulnerabilities reported

RSA Conference Theme: Mary, Queen of Scots
Growth in Internet fraud outpaces growth of the Internet
Multiple SNMP vulnerabilities are reported; according to CERT the products of more than 100 vendors may be at risk
CERT reports the users of IRC and IM are being tricked into downloading malicious software
Sarbanes Oxley Act passed
33% of ISPs say information security “not a priority”
CERT: 4,129 vulnerabilities reported

RSA Conference Theme: The Secrets of the Maya
MS Blaster and So Big viruses cause over $3.5 Billion in damages
California enacts the nation’s first breach notification law requiring companies to disclose if there have been any breaches of customers’ personal data
Microsoft offers $250,000 reward for culprits of MS Blaster and So Big
Japan passes Personal Information Protection Law
U.S. government passes CAN-SPAM Act to prevent the use of false header information in email
CERT: 3,784 vulnerabilities reported

RSA Conference Theme: Codes of Prohibition: Rumrunners and Elizabeth Friedman
RSA Conference attracts 14,605 attendees
The first MMS (multimedia messaging service) worm is discovered
The year is peppered with high profile announcementsof data disclosure breaches (ChoicePoint, Citigroup, Time Warner and Bank of America)
Trojan.PSPBrick is discovered – the first Trojan horse targeting Sony PlayStation Portable
California passes laws aimed at stopping phishing exploits
U.S. Real ID Act passed
CERT: 5,990 vulnerabilities reported

RSA Conference Theme: Leon Batista Alberti
RSA Conference attracts over 17,000 attendees
Storm botnet hits 1.6 million PCs, becomes the largest malware headache of the year and makes the most headlines
Connecticut teacher Julie Amero convicted of "risk of injury to a minor" due to spyware infected computers on campus
iPhone launches with much fanfare -- gets hacked
Deadline for PCI and HSPD-12 compliance
TJX breach reports theft of 45.6 million credit and debit cards; results in $41 million payout to banks
Insider at DuPont pleads guilty to stealing $400 million in trade secrets
TD Ameritrade database of 6.3 million customers hacked
Disgruntled ex-UBS PaineWebber employee convicted of a felony for a logic bomb planted in former employer's network
U.S. Department of Energy's Counterintelligence Directorate -- which is charged with protecting sensitive data and operations against espionage by foreign entities -- loses 20 computers that may contain classified data
Series of cyberattacks on various U.S. laboratories and institutions, cybercriminals have broken into computers at the Department of Energy's Oak Ridge National Laboratory (ORNL) and also reportedly targeted Los Alamos National Laboratory and Lawrence Livermore National Laboratory
Database analyst at Certegy Check Services steals financial data of 8.5 million customers -- later pleads guilty to federal fraud charges