1988

Morris Worm

Robert Tappan Morris (b. 1965)

On the morning of Thursday, November 3, 1988, researchers and system administrators all over the internet arrived at work to find their computers mysteriously sluggish, even nonresponsive. People couldn’t log in. Systems would be rebooted, be functional for a few minutes, and then slow down again to a crawl. Technologists soon realized the problem: their systems were under attack, over the internet, by a piece of software that probed for vulnerabilities and, finding them, copied itself to the system and set about attacking others. The program was called a worm, taking its name from the tapeworm of John Brunner’s novel The Shockwave Rider.

The worm was the creation of a 23-year-old Cornell University graduate student, Robert Tappan Morris—a computer whiz kid whose father just happened to be chief scientist of the National Security Agency’s National Computer Security Center.

Although Brunner had hypothesized about network worms in the 1970s, and computer viruses had existed in the wild since 1982, nobody had ever seen something like this in real life. The worm had four different ways of breaking into computers, and once it was in, it tried to crack passwords and find other vulnerable machines to attack. The worm even had code that could detect if it was already running on a machine so that it wouldn’t reinfect the system. This code was flawed, however, and the worm reinfected the infected systems many times over. The result was that many copies of the worm ended up running on the vulnerable systems, causing them to slow to a drag.

The attack was front-page news, and it was the first time that many people in the United States had even heard of the internet. A study by the US General Accountability Office concluded that 6,000 of the 60,000 computers on the internet at the time had been infected; it took most sites two days to completely eradicate the running program.

It’s widely believed that Morris released the worm as an experiment—and to show internet system administrators that security needed to be taken more seriously. Because of the worm, many institutions (including the US government) created computer security emergency response teams (CERTs). As for Morris, after serving 400 hours of community service and paying a fine, he eventually received his PhD from Harvard and became a professor at MIT, where he was awarded tenure in 2006.

SEE ALSO The Shockwave Rider (1975), NSFNET (1985)

A computer worm is a malware program that replicates itself and spreads to other computers, often hiding in parts of the computer’s operating system that are not visible to the user.