2 minute read

RELIC: The Morris Worm

Words by Jose Alvarez

Cybersecurity is of utmost importance today. Simple things such as having a strong password can help protect against this, but people have used passwords such as birthdays, names of pets, and kids (in fact, some people even use the password “password”). Giant corporations have fallen victim to data leaks and compromised systems as well, despite spending lots of money hiring the best in the cybersecurity industry as well as paying money for various anti-virus programs. If a system is breached, it can have long-lasting damage to the companies that they happen to and cost millions of dollars in damage.

One of the most famous movies that highlights the need for cybersecurity is the 1983 film WarGames, which stars Matthew Broderick and Ally Sheedy. Broderick’s character inadvertently accesses a military supercomputer. Believing it to a computer game, it actually sets off the plot of the movie, which is preventing World War III.

The Morris Worm, which was one of the world’s first computer viruses, was created by Robert Tappan Morris, a graduate student at Cornell University. He launched the worm on November 2, 1988 from the systems of the Massachusetts Institute of Technology (MIT), one of the world’s most prestigious technology universities. The Internet ran in Morris’ family. He was the son of Robert Morris, who was coined as the “Father of the Internet.” The elder Morris was working for the National Security Administration (NSA) and also worked at Bell Labs and was one of the key contributors to the Unix programming language.

The Morris Worm was not written to cause actual damage, but rather to highlight the flaws in computer security. Morris was considered what we would call today a “white hat” hacker, or a hacker who hacks computer systems to point out their vulnerabilities. A “black hat” hacker hacks computer systems out of malice.

While describing the worm in full detail could take up more space than we have here, one of the critical errors in spreading the worm was its spreading mechanism. It caused denial of service attacks that infected many computers. Morris wrote the code to copy itself, even if the worm was already on the computer. It was estimated that the worm caused USD 10 million in damage, or around USD 21.7 million when adjusting for inflation.

Morris was charged with violating the Computer Fraud and Abuse Act of 1986. In the 1991 case United States v. Morris, Morris was found guilty of spreading the worm, receiving three years of probation, 400 hours of community service, and USD 10,050 in fines and the costs of his supervision. Morris was also the first person convicted of violating this act.

After Morris’s conviction, he went right back to work in the technology sector, receiving a Ph.D. from Harvard in 1999. He co-founded Viaweb in 1995, one of the first web-based applications, with fellow computer scientist Paul Graham. Morris and Graham also started the funding firm Y Combinator in 2005, which helps fund startup companies (Airbnb, Reddit, and Dropbox are among the companies funded through Y Combinator). Morris also became a tenured professor at MIT in 2006. So if you’re interested in cybersecurity, a good starting point would be to look at the Morris worm.

This article is from: