The Badge Archive

Cybersecurity Timeline

Fulfills Step 3 of GSUSA Ambassador Cybersecurity Basics badge requirements.

Info Needed for the badge requirements: Think about the balance between protecting individual privacy and ensuring collective safety. Consider how decisions impact trust and security. First are the types of hackers: White Hat, The good guys, fixing problems legally. Gray Hat, They break rules but try to help. Black Hat, The bad guys, causing harm or stealing. Then reflect on what happens when security weaknesses are discovered. Should the information be kept secret, shared publicly, or reported to the organization for improvement? Consider different perspectives like: Government, Wants safety and crime prevention. Companies, Want to protect users’ trust. Hackers and Public, Opinions vary depending on the situation. Realize that decisions have consequences. Will the choice help or harm individuals and organizations?

Items Needed

  • Paper or poster board (for physical timelines) OR access to timeline creation tools (e.g., Canva, PowerPoint, or Google Slides).
  • Markers, pens, or computer access for writing and designing.
  • List of cybersecurity events to include (examples provided below).

Instructions

  1. Provide scouts with the list of cybersecurity events. Have them arrange the events in chronological order, starting with early examples like the Morris Worm and moving to current trends like AI threats. Scouts can create the timeline physically on paper/poster board or digitally using design tools.
  2. For each event, write down what happened and why it was significant (e.g., highlighting impacts on privacy, security, or public trust). Keep descriptions brief but informative.
  3. Discuss as a group or in pairs how the decisions made during each event affected privacy, security, or public trust. Encourage scouts to think critically about whether those decisions were beneficial or harmful.
  4. Ask scouts to reflect on what they might have done differently if they were the decision-makers at the time. Let them explain their reasoning briefly.
  5. Scouts should include:
    • Early Days: The Morris Worm (1988), Melissa Virus (1999).
    • Key Breaches: T.J. Maxx (2004), Sony Pictures Hack (2014), Target Data Breach (2013).
    • Current Trends: SolarWinds Hack (2020), AI and Deepfake Concerns (2023).

Cybersecurity Events for a Timeline

  1. 1971 – The Creeper Virus:
    The first computer virus, created as an experiment, spreads across ARPANET, marking the beginning of cybersecurity challenges.
  2. 1986 – The Computer Fraud and Abuse Act (CFAA):
    This U.S. law is enacted to address hacking and unauthorized access to computer systems.
  3. 1988 – The Morris Worm:
    The first widely recognized computer worm spreads across the internet, highlighting the need for network security.
  4. 1998 – Solar Sunrise Attack:
    A group of teenagers exploits vulnerabilities in U.S. military systems, highlighting the risks of cyberattacks on critical infrastructure.
  5. 1999 – Melissa Virus:
    This email-based virus infects thousands of computers, causing widespread disruptions and showing how easily malware can spread.
  6. 2000 – The ILOVEYOU Virus:
    A destructive email worm infects millions of computers worldwide, causing billions of dollars in damages.
  7. 2004 – Data Breach at T.J. Maxx:
    Hackers steal millions of credit card numbers, demonstrating vulnerabilities in retail systems.
  8. 2007 – Estonia Cyberattacks:
    A series of coordinated attacks target Estonia’s government, banks, and media, marking one of the first major instances of cyber warfare.
  9. 2010 – Stuxnet Malware:
    A highly sophisticated malware attack targets Iran’s nuclear program, marking the first instance of cyber warfare.
  10. 2010 – Operation Aurora:
    A sophisticated cyberattack targets Google and other companies, allegedly originating from China.
  11. 2011 – Sony PlayStation Network Hack:
    Hackers breach Sony’s network, exposing the personal data of 77 million users.
  12. 2012 – Shamoon Malware:
    A destructive malware attack targets Saudi Aramco, wiping data from 30,000 computers.
  13. 2013 – Target Data Breach:
    Hackers steal credit card information from over 40 million customers, emphasizing vulnerabilities in retail systems.
  14. 2013 – Adobe Data Breach:
    Hackers steal data from over 150 million user accounts, revealing the risks of cloud-based data storage.
  15. 2014 – Sony Pictures Hack:
    Cybercriminals leak private emails and data, allegedly in retaliation for a controversial movie release.
  16. 2014 – Heartbleed Vulnerability:
    A major flaw in OpenSSL encryption software exposes sensitive data across millions of websites.
  17. 2015 – Ukraine Power Grid Attack:
    A cyberattack causes widespread power outages in Ukraine, demonstrating the dangers of cyberattacks on critical infrastructure.
  18. 2016 – Panama Papers Leak:
    A massive data breach exposes confidential financial records, sparking global investigations.
  19. 2016 – DDoS Attack on Dyn:
    A botnet attack causes major internet outages across the U.S., exposing vulnerabilities in Internet of Things (IoT) devices.
  20. 2017 – WannaCry Ransomware:
    A global ransomware attack encrypts data on hundreds of thousands of computers, demanding payment to unlock files.
  21. 2017 – Equifax Data Breach:
    Hackers steal sensitive information from 147 million people, including Social Security numbers and credit card details.
  22. 2018 – Cambridge Analytica Scandal:
    Facebook user data is harvested and misused for political purposes, sparking debates about online privacy and data protection.
  23. 2018 – Marriott Data Breach:
    A breach exposes the personal data of 500 million hotel guests, one of the largest data breaches in history.
  24. 2019 – Capital One Data Breach:
    A hacker accesses the personal data of over 100 million customers, including credit scores and Social Security numbers.
  25. 2020 – Twitter Bitcoin Scam:
    High-profile Twitter accounts are hacked to promote a cryptocurrency scam, raising concerns about social media security.
  26. 2020 – SolarWinds Hack:
    Hackers infiltrate U.S. government systems and large corporations by compromising software updates.
  27. 2021 – Colonial Pipeline Ransomware Attack:
    A ransomware attack shuts down a major fuel pipeline in the U.S., demonstrating the dangers of cyberattacks on critical infrastructure.
  28. 2021 – Log4j Vulnerability:
    A critical flaw in widely used software puts millions of systems at risk, leading to a global scramble to patch the issue.
  29. 2022 – Lapsus$ Hacking Group Attacks:
    This group targets major companies like Microsoft, Nvidia, and Samsung, stealing sensitive data.
  30. 2023 – MOVEit Data Breach:
    A vulnerability in the MOVEit file transfer software leads to the exposure of sensitive data from numerous organizations.
  31. 2023 – Artificial Intelligence and Deepfake Concerns:
    The rise of AI-powered cybersecurity threats, including deepfake scams and AI-enhanced hacking tools, raises ethical and security challenges.
Tia Kennard