Immagine

The history of the Morris Worm attack: how it happened and what damage it caused to PCs connected to the Internet

The floppy disk containing the Morris Worm, at the Computer History Museum.

The evening of November 2, 1988an unprecedented event shook the Internet. A malicious program, known as Morris Wormsquickly spread through thousands of computers around the world, crashing systems and dramatically slowing digital communications. It was one of the first worms distributed via the Internet and the first to lead to a conviction for computer hacking in the US. In just 24 hours, approximately 6,000 of the 60,000 devices connected to the Internet were affected. This worm was not designed to destroy data, but its effects were devastating: critical slowdowns, system crashes, and interruptions to critical services, with damages estimated between hundreds of thousands and millions of dollars.

He was behind this attack Robert Tappan Morrisa young student of the Cornell University that, to conduct an experiment, exploited vulnerabilities in Unix systems. Although its initial target was harmless, a programming error transformed the worm into an out-of-control threat. This episode marked a turning point in the history of cybersecurity, leading to the creation of the first cybersecurity emergency response team and inspiring both improvements in system protection and a wave of future cyberattacks.

How the Morris Worm attack began and what its consequences were

It all started with Morris’s intention to better understand the connections between computers on the Interneta network still in its infancy and far from being the world Wide Web that we know today. To prevent the program from being traced back to him, Morris launched it from a computer in the MIT (Massachusetts Institute of Technology). One of the defining characteristics of a worm is the ability to self-replicate without the need for host software. Morris exploited common vulnerabilities in Unix systems, including a bug in the finger service (which was used to identify users on the Internet) and one flaw in the email systemto propagate the software.

Morris’s intention was for the worm to replicate in a limited way, but his code contained a critical flaw: the worm continued to infect an already compromised device, causing overloads that slowed down or completely blocked systems. This behavior led to crashes of many of the infected machinesan unexpected problem that quickly escalated the situation. The most prestigious universities, research centers and government agencies in the United States were hit: among them were Harvard, Stanford, PrincetonThe Lawrence Livermore National Laboratory and even the NASA!

Many system administrators were forced to disconnect their computers from the Internet for days, while others opted for it complete wipe of their systems to remove the worm. Military and academic operations were severely slowed, and even email – a critical tool even at the time – was delayed for days.

At the same time, we were trying to identify the person responsible. At first, as soon as he realized the damage he had inadvertently caused, Morris contacted two of his friends explaining what had happened. With the help of one of them, Andrew Sudduthalso attempted to anonymously spread a message containing an apology and instructions for removing the exploiting worm Usenet (a worldwide network of interconnected servers born in the 1980s in the USA). Ironically, few received the message in time, as the Internet had by then been extensively damaged by the worm.

Morris’s other friend, however, contacted by telephone John Markoffa journalist of the prestigious The New York Timessaying that he knew who had created the program and specifying that his intent was to carry out an experiment that, at least on paper, should have been harmless. In subsequent conversations with the journalist, Morris’s friend, when talking about him, referred to a certain RTM (the initials of the Morris Worm’s father’s full name). This was enough to allow the journalist to trace the culprit of the attack: the brilliant 23-year-old student, who graduated in computer science from Harvard, whose identity corresponded to the name of Robert Tappan Morris.

Image
Robert Tappan Morris.

The author of the Morris Worm is sentenced for computer piracy

Once identified as author of the Morris Wormthe young hacker was indicted under the Computer Fraud and Abuse Act of 1986, a law designed specifically to prevent unauthorized access to computer systems. The sentence (which you can still consult on this page) was issued in 1991. Morris was the first US citizen to be convicted under this legislation, receiving 3 years probationone fined $10,050 And 400 hours of social services.

The Morris Worm attack, in addition to having consequences for its author, also produced some important effects for the entire IT sector, giving a decisive impulse to the development of digital security. In fact, following the attack, the first one was established CERT (Computer Emergency Response Team) to manage any future similar emergencies and more advanced technologies were born to detect computer intrusions. The episode in fact served as a wake-up call demonstrating how vulnerable computer systems can be, ushering in an era in which cyber security would become a global priority.