[ Please post follow-ups to COFF ] Ron, Thanks for the history, enjoyed very much. Quite relevant to Early Unix, intertwined with VAxen, IP stack from UCB, NSF-net & fakery. The earliest documented Trojan, Unix or not, would be Ken’s login/cc hack in his “Reflections on Trust” paper. It was 1986 when Clifford Stoll tracked a KGB recruit who broke into MILNET, then the first “honeynet” by Stoll. <https://en.wikipedia.org/wiki/Clifford_Stoll#Career> <https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)> 1986 was also the first known PC virus according to Kaspersky. <https://www.kaspersky.com.au/resource-center/threats/a-brief-history-of-computer-viruses-and-what-the-future-holds? “Brain (boot) , the first PC virus, began infecting 5.2" floppy disks in 1986.” 2nd November 1988, the Morris worm escaped from a lab, & overloaded the Internet for a week. Causing CERT to be formed in November 1988 in response. <https://en.wikipedia.org/wiki/CERT_Coordination_Center> The SANS Institute was formed the next year, 1989, creating structured training & security materials. <https://en.wikipedia.org/wiki/SANS_Institute> This structured, co-ordinated response, led by technical folk, not NatSec/ Intelligence/ Criminal investigation bodies, created CVE’s, Common Vulnerabilities and Exposures, as a way to identify & name unique attacks & vectors, track them and make vendors aware, forcing publicity & responses. <https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures> <https://cve.mitre.org> The Internet eventually became a significant theatre of Crime & Espionage, Commercial & National Security. Mandiant was formed in 2004 to identify, track and find sources of APT’s, Advanced Persistent Threats. In 2010, they described APT’s tracked in their “M-trends” newsletter. in Feb 2013, Mandiant publicly described “APT1” and the military unit & location they believed ran it. <https://en.wikipedia.org/wiki/Mandiant> <https://en.wikipedia.org/wiki/Advanced_persistent_threat> <https://www.lawfareblog.com/mandiant-report-apt1> <https://www.mandiant.com/resources/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units> ============= ============= For future reference, Kremvax lives! [ datestamp in email header ] iMac1:steve$ host kremvax.demos.su kremvax.demos.su has address 194.87.0.20 kremvax.demos.su mail is handled by 100 relay2.demos.su. kremvax.demos.su mail is handled by 50 relay1.demos.su. iMac1:steve$ ping -c2 kremvax.demos.su PING kremvax.demos.su (194.87.0.20): 56 data bytes 64 bytes from 194.87.0.20: icmp_seq=0 ttl=46 time=336.127 ms 64 bytes from 194.87.0.20: icmp_seq=1 ttl=46 time=335.823 ms --- kremvax.demos.su ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 335.823/335.975/336.127/0.152 ms ============= -- Steve Jenkin, IT Systems and Design 0412 786 915 (+61 412 786 915) PO Box 38, Kippax ACT 2615, AUSTRALIA mailto:sjenkin@canb.auug.org.au http://members.tip.net.au/~sjenkin