Robert Tappan Morris – The Morris Worm

Born: November 8, 1965, Massachusetts

Robert Tappan Morris is the son of Robert and Anne Morris and was raised in Long Hill Township, New Jersey. His father was a famous mathematican and computer scientist, who both worked at Bell Labs and later on became the chief scientist of the NSA’s National Computer Security Center.

Falling not far from the tree, it’s said that young Morris enjoyed “cracking passwords” at his tony Morristown, NJ high school, the Delbarton School. Far from just a stereotypical “computer nerd” Morris also enjoyed playing hockey, skiing and was also “voracious” reader.

Morris eventually attended Harvard and then went to Cornell for graduate studies.

Morris in recent years

On November 2, 1988, Morris, in his first year at Cornell, released the world’s first worm onto the internet. The worm used aspects of the Unix Sendmail program to replicate itself and Morris later stated the goal was not malicious but to show that he could use Unix programs like Sendmail to propagate worms. Later on at his trial he would say that his motive had been “to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects.” No different from the stated motives of many hackers today.

Although the worm was sent from Cornell where Morris was a student, he disguised it to make it look like it was coming from MIT. [Editor’s Note: Morris has always maintained that his cause was just and not meant to be malicious. The fact that he tried to disguise the worm’s departure location makes this part of his story seem a bit shaky. Still a friend of Morris at the time describe him not as a “dark-side hacker” but as a “curious guy” who accidentally opened Pandora’s Box.]

Unfortunately there was a flaw in the 99 line piece of code and it soon made its way on to 10% of the servers on the internet as it rapidly duplicated itself. It immediately began causing computers to become “catatonic” or crash. Remember this was before the web so 10% meant roughly 6,000 systems. The basics of that flaw were that the worm was designed to evade systems defenses by making the worm replicate itself every 7th time regardless of how the systems it encountered responded back to the worm. This was set as a way to gain entry to systems that were seen to be sending false notice that the system was already installed. This proved devastating! The flaw in Morris’s code as well as more details about the Worm are very nicely described here.

Not unlike the surprise that came to the authors of later worms, the Anna Kournikova Virus  and the Melissa Virus, Morris was shocked at the level of destruction the worm caused and he quickly tried to slow it’s progress by sending out instructions to defang the worm. Unfortunately because traffic was so clogged from the worm itself, his help messages couldn’t make it through.

By the end of the worm’s path of destruction it had infected more than 6,000 systems across university, research and military organizations. It cost upwards of $50k to rid some systems of the virus.

Morris was indicted on July 26, 1989, and was found guilty under the infamous Title 18, Computer Fraud and Abuse Act. He was sentenced to 3 years probation, community service and fined roughly $10,000.

In later life Morris obtained his Ph.D. from Harvard, became a software engineer/entrepreneur, technical advisor and taught as a professor at MIT.

Interesting Facts:

  • There was great debate by officials over whether they could prove that Morris intended to cripple the internet, so it took many months from them to finally charge him.
  • Eric Allman, the author of Sendmail the Unix program that Morris exploited refers to Morris as “brilliant” and “feels sorry for him” because of his “screw up.”
  • His father played a “key role” in the government’s “digital assaults” that preceded the first U.S. invasion of Saddam Hussein’s Iraq.

Sources Used For This Article:

 

 

 

 

 

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *