Recently I received an email from David Dennis, a former PLATO user from Illinois who over the years has shared with me numerous anecdotes. This one was one I'd not heard before, where he describes what he believes might have been the first instance of a "denial of service" (DoS) attack on a computer network.

If there is one thing I've learned over the years, never make an absolute claim of "first" when it comes to anything computer-related, because as soon as you do, someone somewhere will come out of the woodwork with proof of an even-earlier first. So, I eagerly await the onslaught of "no way, I saw a DOS attack years earlier!" comments. But in the meantime, here's a neat story from 1974.

Some quick explanation of terms before I quote the email. First, he's recalling an incident that took place at CERL, the Computer-based Education Research Laboratory, at the University of Illinois Urbana-Champaign. "TUTOR" is the name of the programming language on PLATO. "Author mode" refers to a level of system privileges on PLATO that all authors/developers had. "Went back over to uni" means he went back over to University High School, located across the street from CERL. (Old joke: Why did the Uni High student cross the road? To get to CERL.)

Okay, here goes. From David Dennis:

As far as I know, I'm the first person to have created a DoS of a room full of PLATO terminals deliberately. Systems people could of course kick anyone out they wanted, and "operator wars" had existed for years, but those tended to be consensual attacks on each other. What I did was I heard about a new command called the "external" command in TUTOR, or 'ext'. Specifically, one of the music kids was saying how if you didn't have a device attached, an ext command would cause your terminal to lock up and have to be powered off. Remember that powering off was discouraged, due to always-concern over flaky power to the plasma panels.

The other piece of this was they had rolled out the external command for everyone in the fall of 1974, after it having been only in use by the Music project. This meant that every user account on PLATO was set to defalt "can accept ext commands." Default on.

If you recognize default enabled from any firewall work you'll immediately recognize the trouble...

Anyway, I heard this and immediately thought of how a room full of annoying users could be locked up at once. My little 13 year old brain wanted to see a room full of users all be locked up at once.

So, I wrote a little program that sent exts to everyone within a range of site numbers, waited til I was over at CERL one morning, and let er rip.

It worked as advertised, 31 users all had to power off at once, great mayhem in the classroom, site monitors notified. No logging of course, I was never detected. Quietly left the room, went back over to uni.

Accessed the site displays I knew of from author mode, and looked up other sites around town or the country, and tried sending them some ext's too. Was delighted to see mass posting on notesfiles about a locking out they were experiencing.

Soon some systems guys figured it out, probably a combination of common sense and maybe looking in some sort of logs, though I was never prosecuted or even approached, so I have to think to this day it was undetected. A few weeks later the ext command was withdrawn from 'open all' and a while after that was redeployed, this time with the default set to OFF. As it should have been all along. :)

So was there ever a DoS on a networked system prior to 1974 ? Im sure there had to be, but at least for the moment I'm claiming it !

This is a classic example of how things typically go with software, only this is an example from 1974: release a system to the users, and they will find bugs and vulnerabilities the developers weren't aware of or assumed were harmless. Make changes, release a revised system, and so on. Over time, this is how the PLATO system became more robust and secure.

UPDATE 2/14/2010 -- Welcome, slashdot. Er, one moment while I put out the fire that you're causing with my web server. :-) Let me provide a little more detail on the TUTOR -ext- command, how it worked, etc. Here is the actual page from PLATO's online help system for the -ext- command:

The -ext- command was relatively new in 1974, indeed, it may have been brand-new. It was intended so that you could have your PLATO IV terminal connected to an external peripheral device and control that device using a serial connection. Note how the manual says "only 1 -ext- per second may be sent to another station." Heh, in those days, one per second might be enough!

UPDATE #2 - 2/14/2010 Below is the note on =announce=, the System Announcements notesfile, from 1/2/74, announcing that a change had ben made to the -ext- command (perhaps, not sure, due to the exploit above):

-ext-         Note 1

1/2/74         12:32 am CST         andersen / s

The two argument -ext- command (ext data,station) now checks if the other station wishes to recieve -ext- commands... as with the talk option an author may specify that he wishes to recieve -ext-'s from anyone, from his course only, or not at all..

The -ext- command returns the system variable *error* = -1 if the data was sent or = 0 if not

The one-argument -ext- command is not affected