Robert Morris

Robert Tappan Morris, Jr. was the man who killed the internet all the way back in 1988. Knowingly or unknowingly, he created the first major worm ever, supposedly to research the size of the internet. This made him the most hated person in the computer community, a title now owned by Alex Wuori.

The Experiment

In 1988, Robert Morris was a graduate student at Cornell University. As part of a Computer Science III project, he decided to make a program to check the size and growth of the budding internet. The result of his tinkering was a beautiful example of a program designed to kill everything it came in contact with. It utilized three basic functions to tear apart the BSD and Sun systems that made up much of the early internet:

• Sendmail - An exploit in the debugging mode of sendmail that allowed the header of sent mail messages to run code in the body. Sendmail had been full of holes since its original inception as "delivermail" on the ARPANET, but its flexibility made up for its flaws. Besides, who gave a shit about security in 1988? Nobody, that's who.
• Finger - An evolution of the old who system, finger and its associate name are used to find out information about the system/system administrators of the network you're on. Morris's program performed the 1988 version of a "Crapflood" by fingering the system so many times it's buffer would overrun and the system would respond by pretty much allowing the intruder to do whatever it wanted.
• Remote Shell, or RSH - RSH was a method that administrators used to execute shell commands on systems across the network without having to be at the specific terminal. While this made being a system operator that much easier, it was probably not a great idea in the long run thanks to its exploitability.

Also built in was a failsafe to keep the program from going totally insane: a screen that would pop up on the infected terminal asking if it had been infected already. This would prevent systems from being infected multiple times and would keep the count of computers with the virus accurate for Morris.

Morris's invention was the first non-theoretical/practical application of a worm. While there might have been worms before then, Morris's was the first to truly wreak havoc upon the internet and is thus usually recognized as the first true one.

GOGOGO

There are a few reasons to doubt Morris's story about his release of the worm as a research project.

1. Morris released the worm at MIT despite going to school at Cornell to cover up the origin of the program.
2. Morris's dad worked for the NSA, and the worm might have been a derivative of something young Morris stole from him.
3. Morris put a security workaround in the failsafe screen: the virus would replicate regardless of whether or not you pressed "yes" for "my system was infected" to avoid administrators from removing the worm in one easy step. 14% of the time "Yes" was chosen, the worm would replicate instead of quitting.

Morris released the worm at 6:00 PM EST. By midnight it had spread across the internet and was systematically choking out networks like an enraged Canadian. The normal methods of communication between administrators was totally cut off as the worm shut down networks and spread across mailing lists. Morris by this time was either shitting a brick or laughing his ass off.

The Aftermath

After a day of frenzied research users had found ways to stem the tide. The worm had infected several thousand computers: estimates run to 6,000 systems, or about 10% of the internet at the time. Millions of dollars of damage were done and inflation of the figures by embarrassed security wonks helped increase damage estimates.

Morris was outed by several sources, including famed anti-hacker newspaper The New York Times. Eventually the man caught up with Morris and prosecuted him under the new Computer Fraud and Abuse Act (incidentally now a part of the Patriot Act). Morris caught a light sentence of three years of probation, 400 hours of community service, and a fine of $10,050.

Later, Morris would become rich by selling Yahoo the infrastructure for their Yahoo! Stores feature for about $50M US - a feature he developed with Paul Graham of Viaweb. He holds a degree from Harvard and now teaches at MIT, which is where he released his worm to the internet. He was also the network administrator for the Ig Nobel Awards.

Links

• Rotten Library's take on Robert Morris
• The epic text on The Worm

See Also

• Hacker
• Virus

Robert Morris is part of a series on Security Faggots

1337 h4x0rz Captain Crunch • Cult of the Dead Cow • David L. Smith • Gary McKinnon • GOBBLES • HD Moore • Jeff Moss • Kevin Mitnick • Lance M. Havok • Robert Morris • Theo de Raadt • weev • Woz Try-Hards 2cash • AnonOps • Brian Salcedo • Fearnor • Fry Guy • Gadi Evron • g00ns • Hack This Site • Hacking Team • hann • Joanna Rutkowska • John Field • Joseph Camp • Lizard Squad • LulzSec • Mark Zuckerberg • MarshviperX • Masters of Deception • Michael Lynn • Krashed • Raven • r000t • Ryan • Steve Gibson • th3j35t3r • The Regime • Sabu • Zeekill Related Shit Avira • Ciscogate • Cloudflare • Conficker • CyberDefender • Defcon • The Gibson • The Great Em/b/assy Security Leak of 2007 • Heartbleed • I GOT NORTON! • Is Your Son a Computer Hacker? • Operation Sundevil • PIFTS.exe • Social engineering • Stylometry • SubSeven • Zone-H

Robert Morris is part of a series on Softwarez Visit the Softwarez Portal for complete coverage.

Robert Morris is part of a series on Web 1.0

[BACK TO THE FUTUREANCIENT HISTORY]  Old Memes  • Celebs, h4x0rz, and Phreaks  • Technologies  • Fun and Games  • Events  • Death of Web1.0 Click topics to expand All Your Base Are Belong To Us • The Anarchist Cookbook • Artycat • Ate my balls • Bonsai Kitten • Bonzi Buddy • Church of the SubGenius • Dancing Baby • Don't copy that floppy • DMOZ • Emotion Eric • Endcat • The Gibson • Goatse • Goddess Bunny • Fat Chicks in Party Hats • Guy Macon's original post • HA! HA! Guy • Hai2u • Hampster Dance • Hello My Future Girlfriend • Homestar Runner • Icy Hot Stuntaz • Jesus With You Always • Lemon Party • Maddox • I kiss you! • Max Headroom • Meatspin • Mullet • Ninja • NO U • Old Meme • Raping Little Suzy • Penisbird • STFU • Subservient Chicken • Tubcat • Tubgirl • WebTV • Zerg Rush B1FF • Bill Gates • Captain Crunch • Church of the SubGenius • Cult of the Dead Cow • David L. Smith • Doug Winger • Fry Guy • Goddess Bunny • IKissYou.org • Jai Maharaj • Jeff Moss • Kelly Martin • Kevin Mitnick • Maddox • Mahir Çağrı • Masters of Deception • Mikevirus • Nicholas Morency • Phreak • Robert Morris • Schattie • Starcade • Steve Jobs • Tom Galloway • Woz ALL CAPS • AOL • AOL Instant Messenger • ANSI Bomb • ASCII • Ascii art • Back Orifice • Bearshare • Bell • Blue box • Citadel • Dialup • Followup • Geoshities • The Gibson • Gopher protocol • Hotline • ICQ • IRC • ISCABBS • Kazaa • Leet • Limewire • Napster • Open Diary • P2P • Spam • Sock puppet • Telnet • Usenet • Yahoo! alt.fan.karl-malden.nose • alt.religion.scientology • alt.syntax.tactical • alt.tasteless • Chat Palace • Dark Age of Camelot • Diablo 2 • EverQuest • Furcadia • Homestar Runner • Hotornot • Jesus is Hitler • Joe cartoon • Rogue • Rotten.com • Starcraft • Stile Project • Totse • Ultima Online Eternal September • Flame Wars • Meow Wars • Adequacy trollings • Operation Sundevil • Y2K Ebaumsworld • Futaba Channel • MySpace • Newgrounds • Something Awful • Text Files • TOW • YouTube