On 2nd November 1988, a 23-year-old student, Robert Morris, at MIT screwed up a lot and ended up changing up the internet forever. He wrote 99 lines of the program and launched it on the ARPANET. It was the early foundation of the internet. He did not know that he had just unleashed the Internet’s first self-replicating and self-propagating worm, called ‘the Morris Worm’.
However, even after the 30 years of criminal trial, the story is still unclear that why he released the worm online. Morris said that it was a harmless nerdy exploit to check the size of the internet. Since he didn’t release the worm from his own college which is Cornell University and instead did it from MIT, this also raised questions about his intentions. An official report on the incident by Cornell University from 1989 states, “Speculation has centred on motivations as diverse as revenge, pure intellectual curiosity, and a desire to impress someone.”
No matter what the motives Morris had, he made a serious blunder. With his simple programming, the worm he created was far too quick, too obvious and too aggressive. The program installed itself into the computers by asking them if they already have a copy of the program running. If the answer was a no, the worm installed itself on the computer. Morris didn’t want to infect the same machine many times so that this program can reach a maximum number of systems before drawing attention to itself. If a computer answered with a ‘yes’, the program duplicates itself and installs another copy on the system, every 1 in 7 times.
However, Morris’ ‘1 in 7 safeguards’ proved itself to be ineffective. The program spread quicker than even Morris anticipated it to be. Computers all over the world were installing hundreds of copies of the program and it was happening in an endless loop. The program eventually overwhelmed the machines with unnecessary processing. Within a day, an estimated 10% of the world’s computers with internet connection were down. The computers in MIT were the first to take the hit and the hardest hit indeed. The worm spread throughout the US and reached as far as Europe and Australia and crashed computers there too. A time when there were only 60,000 computers available, this crash was costing a lot. The estimate of the damage was starting with $100,000 and was going upwards to reach tens of millions.
The rumour spread that it was the work of a Russian hacker. The media at that time also kept spreading the same false news also because Morris’s father was at a senior post in the computer security arm of the National Security Agency (NSA). When the news got leaked, Morris was arrested on the charges of Computer Fraud and Abuse Act. He pleaded ‘not guilty’ to the charges, however, the jury sentenced him to three years of probation, 400 hours of community service and a fine of $10,500.
After his sentencing in 1990, The New York Times wrote, “It did scare the wits out a lot of people who run computer systems.” By the end of November 1988, DARPA put forward funding for the Computer Emergency Response Team, which was put in direct response to the Morris Worm. From that day onwards, the perception about internet changed from a network of wires to a network of ungoverned alleys which was filled with open doors and untrusted people.
In 1989, the Cornell Commission Report stated, “This was not a simple act of trespass analogous to wandering through someone’s unlocked house without permission but with no intent to cause damage. A more apt analogy would be the driving of a golf cart on a rainy day through most houses in a neighbourhood.”
Currently, Morris is working as a professor in the computer technology department at MIT.