Once the worm obtained a computer’s password file it could then access the encrypted copies of every user’s password. One attack exploited a common Internet service known as the “name/finger protocol,” which was installed on most Unix machines and used for supplying information about other users of the network.Īnother targeted easy-to-guess passwords. Morris designed the worm to use several modes of attacks to spread from computer to computer. While the worm didn’t wipe out information or destroy operating systems, it did slow things down so severely that emails were delayed for days and revenue as a consequence. The Morris Worm specifically targeted Unix operating systems, but it had multiple vectors that allowed it to spread beyond that initial limitation. However, the “damage” came in the form of lost time for the many systems administrators who had to work for hours to clean up the mess. Its effect was merely to slow computers down. It’s important to note that the worm didn’t cause mass destruction. A virus requires an active host program or a compromised operating system to run. The worm was different from a virus in that it was a standalone program that could self-replicate and propagate through networks.
About the wormĪlthough Morris insisted his intentions weren’t malicious, the Morris Worm, as it would later become known, caused plenty of damage during its brief time in cyberspace. He has gone on to an impressive career as an entrepreneur, computer scientist, investor, and MIT professor. His sentence included a $10,050 fine, 400 hours of community service, and probation for three years. Although Cornell suspended him in 1989, it took eight months for a federal jury to indict him under the Computer Fraud and Abuse Act. In 1986, Congress passed the Computer Fraud and Abuse Act, which extended the law to also cover hacking.ĭespite his efforts to disguise the release of the worm, it was eventually traced back to servers at Cornell and Morris. However, as the internet began to evolve, it became necessary to take that a step further. In 1984, provisions were added to the Comprehensive Crime Control Act that covered protections for computers and computer networks. When Morris launched his worm, hacking wasn’t yet on the radar for most people, but the U.S. But his experiment led to the beginnings of security regulations and laws that permeate the internet today. It took months to clean up the damage and before it was all over, Morris was standing in front of a federal jury. In the fall of 1988, he was hard at work on an experiment to determine if he could create a program that would spread from one computer to another on its own.īy the next morning after releasing the program, the effects of Morris’s project were felt by internet users across the country, spreading far faster than even he had anticipated. Morris was an aspiring innovator in the field and attending graduate school at Cornell. Yet Robert Tappan Morris, a 23-year-old Harvard graduate saw its possibilities. The internet, a veritable network of 100,000 linked computers, was then in its infancy and only a tiny fraction of what we see today. Not so long ago, in 1988 to be exact, computer worms weren’t even a thought in a programmer’s mind.