What started as a simple test by a university student ended up becoming the first virus on the internet and caused millions in losses.
More than 30 years ago, an emblematic case marked the history of the internet: it was the day when “worldwide” computer network almost died for the first time, in the famous Morris Worm Case. It was 1988, and what we know today as the web was mostly called ARPANET.
Consisting of about 60,000 connected computersthe internet at the time was slow and used almost exclusively by government agents, military personnel and university researchers. Without a commercial firewall, security was minimal and based on the trust that no scientist would purposely ruin things. That, however, was about to change.
The birth of the Morris Worm
On November 2, 1988, computers at the Massachusetts Institute of Technology (MIT), RAND, and NASA began mysteriously crashing. Who is responsible? Robert Tappan Morrisa student at Cornell University, aged 23 at the time.
As he himself said, the intention was to “measure the size of the internet”: the created program should travel to all possible machines and return a ping back to the destination.
Of the worm type, the program had three attack vectors: in the first, sendmail, a debug mode was explored in the email system at the time. In the second, called finger, a buffer overflow flaw in the protocol responsible for identifying users was exploited. Finally, the third step was based on guessing common passwords, such as those that included the username or simple numerical sequences.
The problem with the code is that Morris programmed the worm to copy itself even if the computer was already infected, making it difficult to eradicatereplicating in 1 every 7 loops. This made the program very aggressive, infecting the same machine hundreds of times and ending up consuming all of its processing.
The success of the infection
Unintentionally, the Morris Worm ended up denying the service (DoS) of affected computers: it is estimated that 10% of the entire internet, around 6000 machines, were rendered unusable by the accidental malware. To prevent the spread of the program, the only solution was physically disconnect internet cablesisolating entire universities.
The problem was so big that it generated first television news about malware computer, with the first footage of the lines of code appearing on home TVs. The term “virus” entered the news vocabulary (even though it was, in fact, a worm).
Morris, frightened by the size of the problem, asked a friend to publish a anonymous apology and a solution on the Usenet forum, but the congestion caused by the incident did not allow the message to reach. Ironically, the student was the son of Robert Morris Sr., chief scientist at the United States National Security Agency (NSA). Knowing the situation, he asked his son to confess his authorship of the worm.
The legacy of the Morris Worm
Robert Tappan Morris was eventually put on trial and became the first person to be convicted under the Computer Fraud and Abuse Act of 1986: because he confessed, his sentence was reduced to 3 years probation and 400 hours of community service, with a fine of $10,050. He was never arrested.
The incident also led to the creation of the CERT/CC (Computer Emergency Response Team) by DARPA at Carnegie Mellon University, a response to the chaos and lack of coordination in solving the problem. Software developers began to also focus on the security of your codesand not just in functionality.
The incident is estimated to have caused losses of up to 10 million dollars, but ended up serving as a warning to developers before the internet became critical for banks and hospitals. Robert T. Morris ended up becoming a professor at MIT and co-founded Y Combinator, one of the largest startup accelerators in the world.
