|Blog Conference About the Site Contact|
Perhaps the First Denial-of-Service Attack?
Recently I received an email from David Dennis, a former PLATO user from Illinois who over the years has shared with me numerous anecdotes. This one was one I'd not heard before, where he describes what he believes might have been the first instance of a "denial of service" (DoS) attack on a computer network.
If there is one thing I've learned over the years, never make an absolute claim of "first" when it comes to anything computer-related, because as soon as you do, someone somewhere will come out of the woodwork with proof of an even-earlier first. So, I eagerly await the onslaught of "no way, I saw a DOS attack years earlier!" comments. But in the meantime, here's a neat story from 1974.
Some quick explanation of terms before I quote the email. First, he's recalling an incident that took place at CERL, the Computer-based Education Research Laboratory, at the University of Illinois Urbana-Champaign. "TUTOR" is the name of the programming language on PLATO. "Author mode" refers to a level of system privileges on PLATO that all authors/developers had. "Went back over to uni" means he went back over to University High School, located across the street from CERL. (Old joke: Why did the Uni High student cross the road? To get to CERL.)
Okay, here goes. From David Dennis:
This is a classic example of how things typically go with software, only this is an example from 1974: release a system to the users, and they will find bugs and vulnerabilities the developers weren't aware of or assumed were harmless. Make changes, release a revised system, and so on. Over time, this is how the PLATO system became more robust and secure.
UPDATE 2/14/2010 -- Welcome, slashdot. Er, one moment while I put out the fire that you're causing with my web server. :-) Let me provide a little more detail on the TUTOR -ext- command, how it worked, etc. Here is the actual page from PLATO's online help system for the -ext- command:
The -ext- command was relatively new in 1974, indeed, it may have been brand-new. It was intended so that you could have your PLATO IV terminal connected to an external peripheral device and control that device using a serial connection. Note how the manual says "only 1 -ext- per second may be sent to another station." Heh, in those days, one per second might be enough!
UPDATE #2 - 2/14/2010 Below is the note on =announce=, the System Announcements notesfile, from 1/2/74, announcing that a change had ben made to the -ext- command (perhaps, not sure, due to the exploit above):