Anti-security

An Event to Revere Not Fear: The Morris Worm Unleashed on the Internet in 1988

In November 1988, computer science graduate student Robert Tappan Morris released the first “internet worm” into the wild from a Unix computer at Cornell University. The worm replicated itself across what was at the time a comparatively small network of computers, mostly at academic and government organizations. Why did Morris do this? Most likely, he did it for the lulz—for his own enjoyment—long before such a concept existed. If you watch this news video and its interviews with MIT geeks and hackers, you can sense the palpable enthusiasm and excitement around this event: for them, it was not an event to fear, but one to revere. Morris had found a secret room in a dungeon, filled with treasures, and lived to tell the tale.

On the other hand, not everyone revered the hack: Morris was also the first person to be tried, convicted, and sentenced under the now infamous Computer Fraud and Abuse Act of 1986, 18 U.S.C. Section 1030(a)(5)(A)—receiving three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision. And DARPA—that crazy government agency that takes credit for inventing the galactic network in the first place—responded to the event by creating one of the first institutions for monitoring computer and network vulnerabilities: the Computer Emergency Response Team (CERT). All told, the Morris Worm was an event of remarkable significance for hacking and computer security alike—both for what makes hackers revered, and what makes hackers feared.

Of course, there is also the very curious fact that when Robert Morris released the worm, the director of the National Security Agency of the United States was none other than Robert Morris Sr.

(Breathing). “I… am your father…”

Back to Anti-security