Do you know what the Morris worm is?

In 1988 there was only a meager 60,000 computers connected to the internet. But this low number of the late 80s may have been for the best. On November 2nd, 1988, the Morris worm began to wreak havoc on around 6,000 of those 60,000 computers, each of which had been connected to ARPANET, the precursor of the internet. These 6,000 had been running Berkeley Unix, a specific operating system, and were all infected within 24 hours.  

The worm was developed by Robert Tappan Morris, not to be confused with his father Robert Morris who worked for the NSA as a chief scientist of the NSA’s National Computer Security Center. Robert Tappen Morris was a graduate student at Cornell studying computer science.  He created the worm and unleashed it onto the internet in 1988. At first, it was made up of harmless code and later Morris admits he had no interest in causing harm, he merely wanted to show how vulnerable these systems were. Morris made it appear as though the worm originated from a computer at MIT, but it was actually from his computer at Cornell. The Morris worm was made to do three things. First, it would ask each computer if it had already been infected with a copy of the code. If the computer responded “no”, it became infected. If it responded “yes”, the worm wouldn’t copy. However, he made a huge mistake when he altered the code to copy regardless of the answer after seven “Yes” responses. This came out to the worm copying itself about 14% of the time despite the answer provided by the computer. This meant that computers ended up being infected by the code several times. 

The effects of the worm consisted of slowness, stalling, and all-out computer failure. The worm itself didn’t actually damage or destroy any files but it caused massive delays in communication, affecting both military and university systems among others. The systems either had to be wiped completely or disconnected until the matter was resolved. Of course, the FBI immediately launched an investigation to find the source but before they were able to, Morris took action. Asking two of his friends to make calls for him, Morris shared a message that the program was meant to be harmless, he was sorry, and that this was a mistake, the worm was meant to be an exercise in security awareness. One friend made a call to The New York Times with this message but accidentally revealed Morris' identity by referring to him by his initials.  Morris had also sent an email to a Harvard friend with instructions on how to destroy the worm, but the email wasn’t received in time due to the delays caused by said worm.  

Computer experts worked tirelessly to find a fix, including professionals here at Purdue University. Other institutions working towards a fix included MIT and UC Berkeley. Early in the morning on November 3rd Keith Bostic of UC Berkely and Gene Spafford of Purdue University helped send out several patches for the worm. Spafford, Executive Director Emeritus at Purdue University, was among the first to analyze and write a detailed technical report on the worm that eventually led to its resolution via several patches recommended by Bostic.  

Robert Morris was eventually convicted of breaking federal law under the Computer Fraud and Abuse Act that had been established two years prior. The act outlawed “unauthorized access to protected computers” (fbi.gov). But Morris didn’t receive any prison time, instead he was sentenced to probation. He received a fine and was ordered to complete 400 hours of community service. 

So, what’s the result? Well, unfortunately, this attack was the inspiration for many others. On one hand it showed the world the importance of cybersecurity awareness but on the other it demonstrated what hackers are really capable of.