Morris Worm: It’s not really those years and years ago, computer worms/viruses were not even a concept in the mind of a programmer in 1988 to be quite precise. The internet, a veritable network of 100,000 linked computers, was then in its infancy and only a minor fraction of what we see today. Yet Robert Tappan Morris, a 23-year-old Harvard graduate anticipates its possibilities.
Morris was an aspiring innovator in the field and attending graduate school at Cornell. In the fall of 1988, he was hard at work on an experiment to determine if he could compile a program that would spread from one computer to another on its own.
By the next morning after releasing the program, the effects of Morris’s project were experienced by internet users across the country, spreading far faster than even he had anticipated. It required months to clean up the damage and before it was all over, Morris was standing in front of a federal jury (On account of computer fraud and abuse act). But his experiment led to the beginnings of security regulations and laws that permeate the internet today.
Morris Worm: Fraud And Abuse Act
When Morris launched his worm, hacking wasn’t yet on the radar for most people, but the U.S. judicial system was ready to address it. In the year 1984, provisions were included in the Comprehensive Crime Control Act that covered protections for computers and computer networks. However, as the internet began to evolve, it became necessary to undergo that a step further. In 1986, Congress passed the Computer Fraud and Abuse Act, which extended the law to also cover hacking.
Despite his efforts to disguise the release of the worm, it was eventually traced back to servers at Cornell and Morris. Although Cornell suspended him in 1989, it underwent eight months for a federal jury to indict him under the Computer Fraud and Abuse Act . He wasn’t put behind bars, though. His sentence included a $10,050 fine, 400 hours of community service and probation for three years. He has gone on to an impressive career as an entrepreneur, computer scientist, investor, and MIT Professor.
About The Morris Worm
Although Morris insisted his intentions weren’t malicious, the Morris Worm, as it would later become known, caused plenty of damage during its brief time in cyberspace. The worm was different from a virus in that it was a standalone program that could self-replicate and propagate through networks. A virus requires an active host program or a compromised operating system to operate.
It’s critical to note that the worm didn’t cause mass destruction. Its effect was merely to slow computers down. However, the “damage” came in the form of lost time for the numerous systems administrators who had to work for hours to clean up the mess.
The Morris Worm exclusively targeted Unix operating systems, but it consists of multiple vectors that allowed it to spread beyond that initial limitation. While the worm didn’t wipe out information or destroy operating systems, it did slow things down so severely that emails were delayed for days and revenue as a consequence.
Morris designed the worm to operate several modes of attacks to spread from computer to computer. One attack exploited a conventional Internet service identified as the “name/finger protocol,” which was installed on most Unix machines and used for supplying information about other users of the network.
Another targeted easy-to-guess password. Once the worm obtained a computer’s password file, it could then access the encrypted copies of every user’s password. Next it systematically guessed the passwords by comparing encrypted versions and mapping them to a dictionary of conventional words.
If it was successful at hacking in, it continued to use the user’s password and ID to access other servers where that same user had an account.
A third exploit targets a security vulnerability in “sendmail,” a common utility that was used to send email.
Morris had programmed the worm to duplicate itself at every seventh instance of a “yes” response to get around computers that said they already had the worm installed. However, the seven-to-one ratio wasn’t high enough to slow the program’s reproduction. These self-duplications led the worm to spread much faster than Morris could have ever envisioned, infecting thousands of computers at universities, research centers and military installations. The U.S. General Accounting Office estimated that between $100,000 and $10 million was lost due to the internet inaccessibility that resulted from the attack.
Morris Worm: The Lasting Repercussions
Accordingly, why wasn’t Morris more heavily punished? After all, today hackers can face serious jail time under the similar law (computer fraud and abuse act). Even those within the technology industry were divided over whether Morris deserved the five years behind bars that was being predicted at the time. Morris’s argument that he was conducting an experiment, not intending harm, seemed to extend a long way with his defenders.
There’s on top of that the fact that as soon as he identifies how quickly his worm was replicating, Morris engaged in efforts to mitigate damages. Working with a friend from Harvard, he communicated a message with instructions on how to dismantle the worm. The network was too congested, though, which prevented the message from getting through.
The unwitting result of Morris’s experiment was, it served as a wake-up call for the internet community. One expert compared the internet at the time to a small, friendly clubhouse where everyone believed in each other. The Morris Worm made it clear that individuals with criminal intent could have access to that clubhouse, so it was time to install some locks.
Morris Worm: Foreshadowing A Foreseeable Future
The report from The Washington Post stated that when a preliminary version of that similar worm retrieved from that of an automated recovery of Cornell databases from Morris contained comprehensive annotations illustrating Morris’s perception for the venture. It is believed those comments may suggest that Morris decided on ambitious goals beyond what he achieved.
His vision was not the worm that ensued, a program that silently and efficiently replicated itself across the Internet. It was more along the lines of what we presently know as a botnet: a massive network of hundreds of thousands of computers and devices communicating with one another and controlled by bot herders to take down sites or launch other denial of service attacks.
Morris was ineffectual to create a command-and-control center, which would have enabled him to coordinate the infected machines. In accordance with The Washington Post‘s interpretation:
“In order to prevent multiple versions of the worm/virus from running on the very same system, Morris instituted a strategy. When two worms were all on the same system, a virtual coin would therefore be tossed, and afterward the worm’s missing replica would execute digital seppuku.”
“However, this strategy was amended by Morris on or around a way that would make it counterproductive. Once out of seven, randomly assigned, the failing worm would then become invincible then rather than suicidal.”
The programming error which led to a failure of the worms to self-destruct resulted in, the worms growing exponentially and exhausting the computer’s resources.
Morris’s legacy serves as an example of how far the internet has come since its earliest days. In the present circumstances, experts like Morris are invited to experiment with various systems in white hat hacking, underscoring the need to test the resilience of systems and uncover unknown and potential threats.