Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Was This the First Denial of Service Attack?

timothy posted more than 4 years ago | from the read-the-disclaimer-about-calling-first dept.

Security 166

An anonymous reader writes "Way back in 1974, Dave Dennis, then aged 13, decided to try out the -ext- TUTOR command on the PLATO system at the University of Illinois, and see if he could cause all the terminals of other users to go offline. It worked. And he never got caught. Of course, the powers that be eventually caught on and fixed the -ext- command so terminals by default didn't automatically receive -ext-'s sent from other locations."

cancel ×

166 comments

Sorry! There are no comments related to the filter you selected.

First denial post (-1)

Anonymous Coward | more than 4 years ago | (#31140316)

Frosty!

Short answer (5, Funny)

TinBromide (921574) | more than 4 years ago | (#31140318)

Yes

Actually ... (5, Funny)

Anonymous Coward | more than 4 years ago | (#31140896)

This [wordpress.com] type of denial of service was already quite common long before that.

Re:Short answer (0)

Anonymous Coward | more than 4 years ago | (#31141094)

Nah, I remember when I was a kid in 2700 BC, I threw a rock at a guy with an Abacus. It broke. I never got caught either.

Re:Shorter answer (4, Interesting)

A nonymous Coward (7548) | more than 4 years ago | (#31141330)

No

I will back that up with my own story of a weaker DoS. The year was one of 1970-72, I do not know which. UC Berkeley had two CDC 6400s, A was normal, B was used for an experimental time sharing system and thus had an optional-at-extra-cost instruction, Exchange Jump, which swapped context. I had been toying with a Fortran program and gotten tired of it, so decided to finish it off in a burst of glory. It began execution in some obscure subroutine instead of MAIN, never called MAIN, and as it ground away at its nominal task, it gradually modified an innocent instruction into an Exchange Jump. But sadly, once it finally had modified it to the Exchange Jump opcode, there was no context, just a pointer to 0, and it farked the entire machine.

Now I wasn't truly anti-social. I had in fact written on the card deck that it was only to be run on machine A, not B. Unbeknownst to me, that Exchange Jump instruction was also used by diagnostic programs, and the tech was too lazy to disable it after each visit, just left it enabled at all times, so my Fortran program crashed the machine.

It wasn't much of a DoS, I will admit. The OS, CALIDOSCOPE (Cal Improved Design On SCOPE (Supervisory Control Of Program Execution)), could only handle 6 batch jobs at once at most, so that's the worst it could do. But I did get called in to the admin's office, who sighed and gave me that "What are we going to do with you?" look. He knew I wasn't malicious, but he had to warn me to not do it again.

Seems fitting (5, Funny)

JorDan Clock (664877) | more than 4 years ago | (#31140320)

The first recorded denial of service was performed by a 13 year old, who was basically using a "script kiddie" technique? Well, color me surprised.

Re:Seems fitting (4, Interesting)

EdZ (755139) | more than 4 years ago | (#31140386)

I'm not sure how this could be described as a "script kiddie" technique. The only pre-written software he used (exploited) was the 'ext' command itself. Unless you're expecting all 'real' crackers to only exploit programs and/or operating systems they've written themselves?

Yes, yes, I know, Rule of Funny and all that. As a card-carrying pedant, it's a contractual obligation to bitch about this sort of thing.

Re:Seems fitting (3, Insightful)

Dachannien (617929) | more than 4 years ago | (#31140610)

As a card-carrying pedant

Did you make it yourself, or is someone issuing those?

Re:Seems fitting (5, Funny)

Cryacin (657549) | more than 4 years ago | (#31140760)

He made it himself. He wouldn't trust anyone else to get the spelling right.

Re:Seems fitting (1)

Cylix (55374) | more than 4 years ago | (#31140844)

The more important question is.... do they have a flag?

Re:Seems fitting (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31140900)

The more important question is.... do they have a flag?

Yes [wikipedia.org] .

Re:Seems fitting (1, Offtopic)

sys.stdout.write (1551563) | more than 4 years ago | (#31140470)

I think we should stop and give thanks to the author of the article for couching the story with "this is likely not the first DoS attack, but here's a neat story anyway."

It's so refreshing to see Internet writers not making outlandish, unverifiable claims about things like this.

So, props.

Re:Seems fitting (0, Flamebait)

SittingUnderBridge (1738626) | more than 4 years ago | (#31140482)

no your a towel bitch.

Re:Seems fitting (2, Insightful)

algormortis (1422619) | more than 4 years ago | (#31140874)

Surprised? How long have you been a /. member for? I've been a member for just a year and I already feel emasculated by all the kids who improve upon a technology before they stop wetting their beds.

Frist Post!! (5, Funny)

Anonymous Coward | more than 4 years ago | (#31140326)

And last post...

-ext- :D

Re:Frist Post!! (0)

Nadsat (652200) | more than 4 years ago | (#31140496)

Hey this isn't off topic. This is funny. Mod up!

DoS (0)

Anonymous Coward | more than 4 years ago | (#31140328)

Article was DoS so I didn't get First post

Re:DoS (1)

DavidRawling (864446) | more than 4 years ago | (#31141022)

Given you're AC, it seems likely, but ... you must be new here.

403 Forbidden (1, Funny)

Anonymous Coward | more than 4 years ago | (#31140332)

You don't have permission to access /blog/2010/02/perhaps-the-first-denial-of-service-attack.html on this server.

Re:403 Forbidden (0)

Anonymous Coward | more than 4 years ago | (#31140444)

Does that count as a DOS?

Re:403 Forbidden (2, Informative)

scdeimos (632778) | more than 4 years ago | (#31141042)

I'm sure you're attempting to be funny, but for those actually interested in reading TFA...

http://www.networkmirror.com/VB47vkBkoAUZdJvS/www.platohistory.org/blog/2010/02/perhaps-the-first-denial-of-service-attack.html

So they could receive commands!? (5, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#31140368)

So, let me get this right. You could more or less get a list of addresses, and they would accept commands without question if you just typed in the commands and the right address? Sounds like the worst security system ever.

Re:So they could receive commands!? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31140402)

So, let me get this right. You could more or less get a list of addresses, and they would accept commands without question if you just typed in the commands and the right address? Sounds like the worst security system ever.

Yeah, but this was 1974, when overly-trusting users used commands to do USEFUL things, rather than cause mischief (or shove adverts in front of you)!

Re:So they could receive commands!? (4, Funny)

girlintraining (1395911) | more than 4 years ago | (#31140456)

Yeah, but this was 1974, when overly-trusting users used commands to do USEFUL things, rather than cause mischief (or shove adverts in front of you)!

If you remember 1974, you weren't there, maaan!

Re:So they could receive commands!? (4, Funny)

93 Escort Wagon (326346) | more than 4 years ago | (#31140504)

If you remember 1974, you weren't there, maaan!

Don't believe everything you've seen on "That 70's Show".

Re:So they could receive commands!? (1)

gad_zuki! (70830) | more than 4 years ago | (#31140546)

I dont care if its 1974 ot 1794, human nature doesnt change. Put locks on your (virtual) doors.

Re:So they could receive commands!? (2, Insightful)

Ethanol-fueled (1125189) | more than 4 years ago | (#31140710)

From the summary:

And he never got caught.

If he did get caught he'd get a smirky, eye-rolling verbal warning instructing him to stay away from the terminal. Nowdays a kid would be taken into custody and charged with violating computer crime and terrorism laws.

FBI and/or DHS interrogations would follow, then he'd be forced to turn snitch and lure other kids(er, "marks") into "hacking" the system, to avoid a decade or more of federal prison.

Re:So they could receive commands!? (1)

mysidia (191772) | more than 4 years ago | (#31141384)

Perhaps they identified that someone had sent the -ext command, but as far as they could tell it was some accident or usage mistake?

Re:So they could receive commands!? (3, Informative)

PCM2 (4486) | more than 4 years ago | (#31140840)

I dont care if its 1974 ot 1794, human nature doesnt change. Put locks on your (virtual) doors.

Yeah, that seems like great advice now, but hindsight is always 20/20, as they say. As recently as the early 90s, most Unix systems didn't even use shadow passwords.

Admin Guy: "Yeah, so what could happen? Some college kid is going to buy a Unix server and set it up in his dorm room so he can run a brute force attack on /etc/passwd? I'd like to see that one!" LOLZ, snort snort...

Re:So they could receive commands!? (5, Insightful)

mysidia (191772) | more than 4 years ago | (#31141458)

They were crypted... why would you need to hide a strong password that was crypted? Shadow'ed passwords are an ugly hack.

Also, if you restrict "shadow" passwords so only root can see them, then suddenly every program that needs to perform authentication must be setuid root...... this is a security risk. In that era, possibly a much larger security risk than the risk of a strong password being cracked.

The problem wasn't failing to use shadow passwords. It was (1) UNIX users who set weak passwords, and (later), an (2) explosion in computing power, making it easier to attempt to crack the passwords.

Also, the reverse-engineering of the original DES-based crypt binaries allowed inefficiency that was intentionally contained in the algorithm to slow it down (making use for cracking improbable), to be removed, after years of study.

The DES-based crypt() algorithm was optimized into fast-crypt which was orders of magnitude faster, and actually made password cracking feasible. If a harder cryptographic algorithm would have been used -- then matters could be very different.

The latter bit they should have seen coming. The explosion in computing power was by no means a certain development, it wasn't an immediate issue at the time.

Re:So they could receive commands!? (1)

mysidia (191772) | more than 4 years ago | (#31141376)

The first large-scale denial of service attack was perhaps a military blockade

Or barbarians/robbers taking down mail couriers.

Since the beginning of human civilization, wherever there has been communications infrastructure or commerce, there have been people intercepting it for the purpose of denying service.

Exactly (3, Interesting)

NotQuiteReal (608241) | more than 4 years ago | (#31140866)

I don't think it was quite as early as 1974, but somewhere right around there, I remember going to the "math room" in Jr High, and being able to access a terminal to get to "the main frame". It was something that used fan-fold paper (not a CRT). You could write BASIC programs on it, I think. I kind of remember writing stuff as complicated as 2D grid based Star-Trek type programs (one step up from Hunt the Wumpus).

Anyhow, we did have a command that we could type in that would crash the system, which we did once in a while, just to cause mischief. I really don't recall if we discovered it, or it was given to us (a la script kiddie), but it eventually ended up being a program called "runme" or some such...

Anyhow, letting random people on a "public" terminal to the mainframe of the San Diego unified school district is probably a thing of the past.

The best security breach, by far, however was an attempt to save money by re-using the fan-fold computer paper. Man, there was some juicy stuff on the flip-side of that stuff - names, addresses and IQ rating of all your class mates, payroll runs, all sorts of entertainment!

Simpler Times. Get off my lawn!

Re:So they could receive commands!? (1, Interesting)

girlintraining (1395911) | more than 4 years ago | (#31140426)

Sounds like the worst security system ever.

*cough* Diebold. *cough*

Re:So they could receive commands!? (5, Funny)

pookemon (909195) | more than 4 years ago | (#31140466)

So I'm guessing you weren't around in 1974. It might also surprise you to learn that once upon a time there were no virus scanners or firewalls. I bet I just blew your mind with that one...

Re:So they could receive commands!? (1)

noidentity (188756) | more than 4 years ago | (#31140886)

So I'm guessing you weren't around in 1974. It might also surprise you to learn that once upon a time there were no virus scanners or firewalls.

They didn't have Windows for them to come in through.

Re:So they could receive commands!? (1)

Waffle Iron (339739) | more than 4 years ago | (#31141276)

Another thing about PLATO in particular, is that while it was very cool and ahead of its time, there was very little important secret information stored in it.

Most of the users used it to do mundane homework assignments. It also had some games, and facilities that resembled today's newsgroups, chat and rudimentary informational websites.

At least in the site I used, keeping the aging Control Data Cyber mainframes that hosted PLATO creaking along was probably a much bigger worry than any security threats. There was no shortage of hardware-related downtime.

Re:So they could receive commands!? (2, Interesting)

betterunixthanunix (980855) | more than 4 years ago | (#31140602)

You know, this was all way before my time, but back then, security was not a common concern on university computers. People working in a lab trusted each other; thus, those who used Unix (or a similar system) would leave their home directories world readable, and as another example, ITS had the ability to observe another user's keystrokes. Things changed in the 1980s as more students got computer access and as proprietary software became the norm.

There are still echoes of the trust that existed back then. For example, where I am now, anyone in the CS department can remotely access any computer system located in the department, and the permissions on home directories are 755 by default. The only firewall is on the gateway between the department the general campus network, but port 22 is open for any system so you can always ssh through the firewall. We are given root upon request on our assigned desktops. There are plenty of ways that I could subvert others in the department, I could even bring the entire department to its knees by running a simple fork bomb on every system we have, but I do not do any of that because I am not here to attack people or make their lives difficult.

Re:So they could receive commands!? (1)

antifoidulus (807088) | more than 4 years ago | (#31140698)

nd the permissions on home directories are 755 by default.

thats actually common on a lot of unixes(OS X for example), and not really as bad as you think it is. Essentially it just allows any users to get a list of files on the top level of the home directory, thats it. You cannot necessarily even read any files in the root of the home directory, just list their names and sizes. The really important thing is what their default umask is set to be. Any decently good paranoid cs student will set it to 0022 asap.

Re:So they could receive commands!? (1)

DavidRawling (864446) | more than 4 years ago | (#31141062)

Actually, I'd expect a paranoid CS student would be setting the umask [wikipedia.org] to 0077. If you're that paranoid ... do you really want other group members (students) reading your code? (Ah, the days when the student server was Hardy and the Staff one Laurel ... 500 CS students compiling at the same time on a <60MHz SuperSPARC I was NOT FUN, and those of us who tutored used the staff server instead. Same spec, 3x as fast!)

And since you can't get a umask right, you can hand in your geek card on the way out the door, you imposter you!

Re:So they could receive commands!? (1)

LordLucless (582312) | more than 4 years ago | (#31140792)

And the fact that you need to SSH in with your own credentials mean that if you were stupid enough to do something of the sort, they'd haul your ass over the coals.

If you're dealing with people in positions of trust, logging is often the right balance between security and trust. It doesn't stop them from doing the things they need to, but the knowledge that their fingerprints will give them away will (generally) stop them from doing anything to violate that trust.

Re:So they could receive commands!? (0)

Anonymous Coward | more than 4 years ago | (#31141182)

have a look at this RFC http://tools.ietf.org/html/rfc602

Says it all really, nothing changes much...

Re:So they could receive commands!? (0)

Anonymous Coward | more than 4 years ago | (#31141158)

You should read the book "Hackers" by Stephen(?) Levy. It has a large portion of it devoted to explaining how security of any type is/was against the hacker ethic, since it limited access to a machine... might be an interesting read for you.

Re:So they could receive commands!? (2, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#31141222)

Computer security was poor back in the day. Since computers were expensive, scarce things that were generally not connected to others, it wasn't a big deal. You knew everyone who had access, if someone caused trouble they'd get in trouble. Even once the Internet, or rather ARPANET back then got started, security was extremely lax. If you look at some of the low numbered ports you'll discover they ware things like "chargen" which just sends a random string of characters out. You can see how this would be a bad idea currently, but it could be a useful tool to make sure a system and link were working.

As with most things, people learn from experience. As computers become more common and networks larger, security got better by necessity. Things got broken in to, so the problems were fixed. Go with that for a couple decades and we now have systems with multiple privilege levels, hardware enforced memory access limits, virus scanners, firewalls, etc, etc.

A good deal of security in the world is born out of necessity and experience. Bad things happen, so security is designed to stop them from happening.

Earlier DoS (-1, Redundant)

gringer (252588) | more than 4 years ago | (#31140370)

I'd like to be able to claim an earlier Denial of Service, but unfortunately that was a tiny bit before my cells started dividing. 1974 would mean I'd be about -8 at the time.

Re:Earlier DoS (0)

cryoman23 (1646557) | more than 4 years ago | (#31140392)

lol ya its hard to be first at something before you were born... me i would have been about -21...

Re:Earlier DoS (3, Informative)

Jello B. (950817) | more than 4 years ago | (#31140544)

If you were trying to get attention for being a young person on Slashdot, you didn't have to tell us how young you are. Your punctuation is enough.

Re:Earlier DoS (0)

Guillermito (187510) | more than 4 years ago | (#31140416)

Ever heard about reinarnation?

Re:Earlier DoS (1)

Fluffeh (1273756) | more than 4 years ago | (#31140452)

Ever heard about reinarnation?

Is that there you are inarnated? No, never heard of that, can you explain it in a little more detail?

Re:Earlier DoS (1)

DavidRawling (864446) | more than 4 years ago | (#31141072)

No no - you get inarnated again ...

Moderate this .... (-1, Troll)

SittingUnderBridge (1738626) | more than 4 years ago | (#31140396)

Go Fuck yourself douche bag.

boring troll (0)

Anonymous Coward | more than 4 years ago | (#31140644)

you've overplayed your hand... enjoy your life of posting at -1 two times a day.

Re:boring troll (0, Troll)

SittingUnderBridge (1738626) | more than 4 years ago | (#31140694)

and you fuck your mom

Was it a DoS exactly? (1)

Al Dimond (792444) | more than 4 years ago | (#31140442)

I always think of DoS meaning flooding a system with requests, causing all resources to be used, thus nobody can get service.

It seems like this guy just found a "Halt and Catch Fire" instruction and an overly trusting security policy. Which may have been a first something, but not really a DoS, right? Or am I missing something?

Re:Was it a DoS exactly? (2, Informative)

XanC (644172) | more than 4 years ago | (#31140486)

A DoS, generally, is anything that prevents a computer (or I suppose anything) from performing its functions. It's anything that "denies" "service".

Re:Was it a DoS exactly? (3, Insightful)

nedlohs (1335013) | more than 4 years ago | (#31140492)

"Denial of Service". It's the damn name.

One way is to flood the system, but there are plenty of other ways. The one mentioned for example.

Re:Was it a DoS exactly? (0)

Anonymous Coward | more than 4 years ago | (#31141326)

"Denial of Service". It's the damn name.

One way is to flood the system, but there are plenty of other ways. The one mentioned for example.

Ok I need to clear this up.

The idea of a DOS attack is that you prevent users from being able to access a specific resource, by consuming all of that resource yourself, or by consuming all of another resource which that user needs to get to the target resource.

Simply sending a reboot command, or a single command that causes the machine to hang, isn't a DOS. The end result (the user not being able to access the resource) is the same, but the method differs. And when we're talking about attack types, we don't lump them under the end result but the method used to achieve it.

The only way that you can argue that this was a DOS attack is from a meat-space perspective. i.e. he did not DOS the machines in the lab, he DOS'd the users by "consuming" all the terminals. And if you use that logic, simply having a bunch of people stand in the doorway to the lab would be a DOS. But that logic doesn't apply, because we use the term DOS to refer to electronic, not physical, attacks.

Re:Was it a DoS exactly? (0, Redundant)

Wyzard (110714) | more than 4 years ago | (#31140498)

DoS is any attack that deliberately prevents people from being able to use the system, without actually damaging the system. Flooding the system with service requests is just one way of doing that. Sending commands to hang everyone's terminal is another.

Re:Was it a DoS exactly? (4, Insightful)

Fallon (33975) | more than 4 years ago | (#31140506)

What does DoS stand for? Denial of Service. Getting everybody kicked off the system certainly sounds like denying them access to that computer service to me. Just because a DoS is usually performed by a network flood of some kind doesn't mean that's the only way to do it. Heck an idiot tripping over the power cord to the server is technically a DoS if people loose access.

Re:Was it a DoS exactly? (1)

xous (1009057) | more than 4 years ago | (#31140516)

Hi,

DoS stands for 'Denial of Service' so anything that can cause a system to fail to respond to legitimate requests.

Re:Was it a DoS exactly? (1)

Al Dimond (792444) | more than 4 years ago | (#31141418)

But usually a DoS is about preventing the server from responding to a request from any client. It sounds like he hacked the clients... all of them. I'm sure it was fun, but is that a DoS? A client with better security would not have been affected.

Re:Was it a DoS exactly? (0)

Anonymous Coward | more than 4 years ago | (#31140558)

The way I understand it, the machines were 'locked' waiting to talk to an external device (which wasn't available). Subsequent requests couldn't be serviced, so I'd say technically yes.

Re:Was it a DoS exactly? (0)

Anonymous Coward | more than 4 years ago | (#31140560)

In 1973 I wrote a small program that opened a file with a random file name, wrote "MUNCH" and then closed the file. In an infinite loop. Which ran until the operator saw a job asking for disk space that was no longer there. They killed the job, but by that time it was too late. Since all jobs at that time on that system ran in a common user space (i.e., there were no usernames), getting the disk space back was ... tedious.

By the time they figured out what had happened and went to find the person who had submitted the job I had already retrieved and vanished the job deck.

Not a network DoS (the mainframe didn't even have a network at that time) but a DoS nevertheless I'd say.

Yes, the system was pretty wild west then. It got better. So, I hope, did I.

Denial of Service was happening a long time prior (5, Interesting)

cvd6262 (180823) | more than 4 years ago | (#31140598)

Back in the 19th Century (in the US anyway), mail *recipients* paid postage to get their mail from the local general store. Political figures and others who might have a negative following would receive scores of blank letters and have to pay for them. The objective was to either crowd out the legitimate communications or bankrupt the recipient. Traditionally, one could place an ad in the local paper explaining that he or she would no longer receive letters at the store, which would free them from their obligation.

Re:Denial of Service was happening a long time pri (1)

Cryacin (657549) | more than 4 years ago | (#31140842)

I have the feeling that back in the 19th Century (in the US anyway) people like that would be having an abrupt and Frank discussion with Mr. Colt. Especially in the wild west. ;)

Re:Denial of Service was happening a long time pri (1)

phantomfive (622387) | more than 4 years ago | (#31140972)

Another similar trick I heard was to order a lot of large, cheap things in boxes and send them to a competitor, thus jamming up their supply line (they had all this stuff stuck on the unloading area and no place to put it). I'm not sure how often this was done, but someone must have done it.

Re:Was it a DoS exactly? (0)

Anonymous Coward | more than 4 years ago | (#31140798)

Floods are merely the crudest form of DoS. Often it's a logic attack on buggy firmware (ATH0 modem bug), buggy OS internals (Ping of Death), or application-level bugs.

One of many ways... (3, Interesting)

mikael (484) | more than 4 years ago | (#31140474)

It used to be possible to crash early Sun servers (or at least the terminal server attached to the server by trying to copy data from a virtual terminal (cat /dev/ttyp0) or something similar.

One university department tried to get around the user quotas on commercial UNIX licenses by creating a single user account for an entire class. Hilarity ensued as students working on real-time projects would accidently kill each others processess.

Re:One of many ways... (0)

Anonymous Coward | more than 4 years ago | (#31140948)

Old sunos had hosts.equiv set to allow anyone to rsh to the box as root. Old as in up until at least 4.1.3, which was well into the modern internet era..

Re:One of many ways... (1)

precariousgray (1663153) | more than 4 years ago | (#31141292)

You forgot a close-parenthesis. For shame!

This reminds me.. (0)

Anonymous Coward | more than 4 years ago | (#31140478)

of when my friends and I installed Descent and Doom in the computer lab at the local community college to play deathmatches. This was during finals week, and we were on DOS/windows 3.1 machines and I believe that this was pre-TCP/IP on that particular network. The game would bomb out after about 15 minutes of playing or so, and the computers would lock up, so we'd have to reboot everything and get back into the game. After about 2 hours of playing and yet another network crash, someone knocked on the door of the room we were in and asked us if we were having network problems, too. Apparently we were bringing down THE ENTIRE BUILDING every time we started playing. There were people literally in tears in the hallway because they lost their papers they were working on.

We just kind of shut down our computers and casually walked out without drawing any undue attention to ourselves.

Re:This reminds me.. (0, Troll)

biryokumaru (822262) | more than 4 years ago | (#31140530)

Serves them right for waiting until finals to work on their term papers. Those slackers.

Re:This reminds me.. (1)

dr00p (56154) | more than 4 years ago | (#31140604)

aaaahhhh ... IPX networks on shared coax cable.
The pleasure of coax:It was enough to disconnect one cable and the full network would come down :)

Seems unlikely that would be the first (2, Interesting)

Demonoid-Penguin (1669014) | more than 4 years ago | (#31140606)

2 minutes searching shows - October 29, 1969

First packets sent by Charley Kline at UCLA as he tried logging into SRI. The first attempt resulted in the system crashing as the letter G of LOGIN was entered.

I'd bet that part of the initial DARPA deployment testing involved deliberate attempts to jam the network

Just saying....

Hardly the first DOS (0)

Anonymous Coward | more than 4 years ago | (#31140608)

In the late 60's it was routine for students learning COBOL to play with the "DISPLAY UPON CONSOLE" directive and flood the operator's console with messages. The operator would have to manually acknowledge each and everyone. This then create a denial of service attack in as much as the operator couldn't respond to other requests. Was really annoying for operators and other users.

Probably not the first (3, Interesting)

chelberg (1712998) | more than 4 years ago | (#31140718)

In high school in 1974 our district (8 schools) used an HP access timesharing system. It ran the BASIC language. I was able to write a very short program that would cause the system to crash. Having discovered this bug in the system, I was able to bring down the entire district's computers at will. I had discovered this capability while exploring a new feature of BASIC. Fortunately for them, I was ethical and informed my teacher who at first didn't believe the exploit until I demonstrated it in front of her. We then contacted HP, gave them the code, and they came up with a patch within a couple of months. I'm not sure if anyone at HP can confirm this at this point.

I am sure that there are probably earlier exploits as well.

And as a side note, I was also a PLATO author in 1975 and greatly enjoyed working on that system.

Re:Probably not the first (1)

techno-vampire (666512) | more than 4 years ago | (#31141140)

In high school in 1974 our district (8 schools) used an HP access timesharing system. It ran the BASIC language.

I suspect that by modern standards it would be more accurate to say that it walkedBASIC.

OR set the desktop theme to black on black (1)

Gothmolly (148874) | more than 4 years ago | (#31140732)

Worked on DECstations. The GUI preferences were global.

A Possibly earlier one... and a funny story. (5, Interesting)

DougReed (102865) | more than 4 years ago | (#31140756)

The earliest one I know of was by the smartest man I ever knew (and the strangest). He was my mentor. In the IBM 360 days this guy used to write code .. COMPLEX code in binary on the roller bars on the front of the console because he was too lazy to logon. He made IBM's code more efficient by eliminating all modularization. It was more efficient to just have one big super efficient kernel, so he redesigned their system, and got something like 140% efficiency out of the hardware (40% greater than theoretical possibility) by IBM's own benchmarks, and found a security hole in their code in the process .. as he put it "bit enough to drive an 18 wheeler through", which he reported to them. They told him it was his hacking, he broke something ... NOT OUR CODE!!! IBM CODE CAN'T BE BROKEN!!! So he went to their 'demo center' and fed in a deck of punch cards.

On the IBM Selectric console in the IBM demo center, it printed.

"May I please have a cookie?"

The operator ignored it.

8 hours later during shift turnover It printed

"I never got my cookie"

The two operators looked at it, shrugged, and ignored it. The dayshift operator went home.

4 hours later the console printed.

"You're not a very nice operator either, I never did get my cookie"

The operator thought the guys upstairs were fooling around and ignored it.

2 hours later.

"WHERE IS MY COOKIE!"

hummm...

1 hour later.

"Dammit give me a cookie!"

30 minutes.

"I WANT A COOKIE!"

15 minutes ... 7.5 minutes ... eventually we get to 32 cookies this second .. 64 cookies this second ... 128 cookies this second.

An IBM Selectric typewriter which is the main console for a 360/65 cannot print even the word cookie in a second, much less a whole sentence, and certainly not 128 of them! There was ONE way to crash a 360/65 .. Fill up the console buffer. The system considered console messages to be important, and if the system couldn't print all of them, it halted.

Reboot ... excuse me... Mainframe terminology here... "IPL" the system. First console message:

"You know, I never DIID get my cookie!" .. and the process starts over.

Finally IBM called my mentor...

um... did you submit a job to the demo center?

Yes, but don't worry, it was just a simple 'unprivileged' process, and as you said, your security is flawless, so I am sure there is no danger. :-)

Sir, I think we are prepared to acknowledge that there MAY BE a security hole in our system somewhere. It seems that your job never finished and yet it does not seem to exist in the system anywhere. Our experts tell us we have to re-install the operating system to fix it. Do you have any alternative suggestions?

Just one... Go get the best operator you have and put him on the console and call me back.

Yes sir... .. an hour later

Sir, this is king super operator, they just called me back in to work to assist you in solving our issue.

OK ... now listen carefully. I am only going to say this once. Type carefully, and don't screw this up .. are you ready?

Yes sir.

Good type this ... "c" "o" "o" "k" "i" "e" ... now press "Enter"

Console prints . "Thank you that was good", and the job ends.

After that IBM never ever questioned it if my mentor reported a problem with IBM software ever again.

The Original DOS predates this by centuries (4, Funny)

dmomo (256005) | more than 4 years ago | (#31140762)

Denial of Service is just about as old as marriage.

Re:The Original DOS predates this by centuries (0)

Anonymous Coward | more than 4 years ago | (#31141192)

Denial of Service is just about as old as marriage.

There are clearly too many single people here.

200,000 years too late (1, Funny)

Anonymous Coward | more than 4 years ago | (#31140786)

The first denial of service happened 200,000 years ago when the first woman invented the headache.

Fun with terminals (1)

marciot (598356) | more than 4 years ago | (#31140806)

Back in my high school's UNIX system I used to like piping binary files to people terminals. It worked pretty well as a DoS and made a loud racket with the all the BEL characters.

Cntl-S could also be used to halt people's sessions, and "+++" would screw with people on dial up sessions.

The good ol' days.

Re:Fun with terminals (0)

Anonymous Coward | more than 4 years ago | (#31141244)

In the 1980s, old SunOS (and maybe BSD, too) supported an ioctl that allowed root to insert text into another user's tty *input* buffer. There's a ghost in the computer!! Loads of fun!

Sad to be 50 and accomplished nothing. (1)

gavron (1300111) | more than 4 years ago | (#31140852)

Yes, of course. 13 years old kids in 1974 got access to UI computer systems without paying for timeshare.
Our hero, managed to take a whole room of "terminals" offline with one existing command.

And now [queue evil music] 36 years later, having done nothing of note ever, he now seeks his hard-earned fame.

First ever DoS... or 49 year old sociopath longing for publicity... or just a liar. You decide. I already have.

E

Re:Sad to be 50 and accomplished nothing. (1)

Main Gauche (881147) | more than 4 years ago | (#31141050)

Yes, of course. 13 years old kids in 1974 got access to UI computer systems without paying for timeshare.

Yeah, there's no way UI would show some kid favoritism [wikipedia.org] .

Re:Sad to be 50 and accomplished nothing. (0)

Anonymous Coward | more than 4 years ago | (#31141108)

I guess if it happens in 2005-2009 it might have happened in 1974. It's unlikely there are any of the same people still there 3 decades later!

You could get away with a lot of stuff back then.. (2, Interesting)

Space cowboy (13680) | more than 4 years ago | (#31140858)

See This journal entry [slashdot.org] I posted a while back... These days, at least in the US, I'd probably be up on federal wiretap charges or something. Back then, it was serious enough that they'd threaten to throw me out of college, but I never got any sense of there being jail-time involved...

Simon

Barn Door Still Open (1)

wa2flq (313837) | more than 4 years ago | (#31140910)

Those were the days.... email, group notes, bloggs, instant messaging, p0rn, multiuser space and dungeon games, 512x512 graphics, decent keyboards

The security on the -ext- command was user settable for Authors.

Always fun to find someone who had toggled it to world "write" and to start up the microfich slide projector in their Plato Terminals unexpectedly. Even more fun if the slide projector still had a good supply of compressed air to rattle the terminal and flash the projector at the same time.

See cyber1.org

Oh, come one. If anyone is ever the first .... (1)

roland_mai (852416) | more than 4 years ago | (#31140918)

I once (well okay twice) used the "net send /domain" command to just creep everyone in my college of 1,500. The funny thing is that, I don't think the admins would have figured out it was me because they didn't track MAC addresses at the time. Was I the first? PS: probably not!

Pffft (0)

Anonymous Coward | more than 4 years ago | (#31140922)

Try the time Lagadha glued up a merchant's abacus

The old systems probably have a lot of "Firsts". (1)

GrpA (691294) | more than 4 years ago | (#31140946)

Well if that was the first DOS, then I'll claim the first "Slashdotted" on a PLATO system. In 1987 after the local admins cut off all access to chat ( due to abuse of the system by people sitting next to each other using "chat" ) I wrote a tutor script that caused a timeout error every second.

The result was to flush the keyboard buffer to common memory. Then the other terminals read the common memory and updated their display - Kind of like early IRC. Because this was written at the lowest security level, the admins couldn't block it. They deleted the original, but all the other authors had the code by then. It wasn't very efficient code, but they managed to keep it alive despite the best attempts of the admin to get rid of it.

After the application consumed 99% or more of all recorded resource use for three months running (making all other resource access slow) I got my ass kicked off the system and they decommissioned that installation of PLATO (CALS).

Funny thing is I went back three years later in 1990 and managed to convince them to give me an unrestricted dial-in port for Internet access. My first! Several months later, they came to me and said "You're taking up all of our spare resources... You remind us of this guy who wrote a chat program on the old PLATO system several years back."

I never did own up to it at the time since no one knew my surname at the time ( That's another story entirely ). Although I did buy them another terminal server to make up for it.

GrpA

No way . . . (0)

Anonymous Coward | more than 4 years ago | (#31140968)

Not likely. The 1st person who stuck a "latice card" into thier 80 column punch card set at a shared IBM manframe would get 1st DOS attack (dubious-infamous) honors, an event which surely occured before 1968 when I 1st heard of theses "all columns punched cards would cause both mechanical card reader and mainframe system errors.

Yes. It Was. Obviously. (1)

drfreak (303147) | more than 4 years ago | (#31141048)

Enough Said.

Searching for prior art ? (1)

wadey (215252) | more than 4 years ago | (#31141058)

... in support of a US software patent ?

First DOS attack would predate computers. (2, Interesting)

Kenja (541830) | more than 4 years ago | (#31141112)

Taking out telegraph lines, signal towers, killing messengers. DoS attacks have existed as long as people have tried to communicate over distances. Even man in the middle attacks, intercepting and replacing semaphore messages etc.

Re:First DOS attack would predate computers. (1)

Casandro (751346) | more than 4 years ago | (#31141322)

Absolutely. there probably were some earlier purely logic based attacks on phone systems.

For example in Germany you could for a long time just call somebody and not hang up. Only the originating party could stop a phone call, so the other party did have their phone disabled. Some taxi companies used that to play foul on their competitors.

Today (0)

Anonymous Coward | more than 4 years ago | (#31141132)

Now the kid is 49 and they don't even give him job interviews anymore.

Didn't get caught? (1)

Psychotic_Wrath (693928) | more than 4 years ago | (#31141174)

If he never got caught how do we know who it is?

Ok maybe i should RTFA, but c'mon this is slashdot..

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>