Ransomware, phishing, and viruses—oh, my.

This article is the first in TechHouse’s Human History of Cybersecurity series.

The first computer appeared in 1943, followed by the Internet in 1969. The future looked bright, but in 1981, a ninth grader–a ninth grader–planted the world’s first virus. And in 1988, the world’s first worm was released into the internet by Robert T. Morris.

He was the son of the late Robert Morris who coauthored UNIX and was the former chief scientist at the National Computer Security Center (a division of the NSA). After high school, the younger Morris attended Harvard, and while a graduate student at Cornell, he attempted to measure the internet’s size by penetrating several weaknesses in the computer network:

  1. A hole in SEND MAIL (transferred and received email),
  2. A hole in the “finger demon” program (allowed computer information sharing),
  3. The “trusted hosts” feature (enabled computer privilege sharing), (4) and a program that guessed passwords.


The experiment exploded.

A design flaw in his code quickly spread the worm onto 10% of all servers connected to the internet. Computers crashed or became “catatonic.”

The shocked graduate student raced to neutralize the worm, but the then-clogged Internet denied him access. The disaster infected 6000 university, research, and military systems and cost $200 to over $53,000 to remove the worm from each system.

Creative cybercrime has grown ever since. Cybersecurity Ventures now predicts that the annual cost of global cybercrime will increase to $6 trillion by 2021.


Did Morris do it on purpose?

Defenders such as Eric Allman— author of Sendmail the Unix program that Morris exploited—called him brilliant but felt sorry for him.

Robert Constable, Cornell computer science professor, called Morris a “serious, independent thinker, confident and self-assured” who “showed no sign of the kind of immaturity” needed to create the worm.

Regardless, he faced trial a year later. He told the court his motive was “to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects.”


Maybe not, but just in case…

Unfortunately, hackers still use that excuse today, and it didn’t help that he released the worm from MIT to disguise its real source, Cornell.

His university expelled him, and on July 26, 1989, under the new Title 18 Computer Fraud and Abuse Act, the court sentenced the young man to three years’ probation, 400 hours of community service, and a $10,050 fine.

After serving his sentence, Robert Tappan Morris finally made his father proud. He returned to Harvard and obtained his PhD. He later became a software engineer/entrepreneur, technical advisor, and professor at MIT where he still teaches today.


About the Author

Andrew Parker writes, recycles, and taxis. Recycling helps keep him in shape, as does cycling, stretching, and occasional jogging. His goal in the next few months is to start an art project, maybe a modern art sculpture.