The ROBERT MORRIS WORM has the dubious distinction of being one of the first computer viruses to ever infiltrate the Internet. The brainchild of a Robert Tappan Morris, its namesake, who was a Cornell graduate student when he first designed it in 1988, began as a vanity project to detect system defects and measure the efficiency by which the worm could spread. It ended up infecting a whopping 10% of the Internet. This was way above what he had anticipated.
Needless to say, his creation caused major disruptions and outages at the time. But if any good came of the Robert Morris Worm and its unintended denial-of-service, it was alarming the Internet community (then in its infancy and closed to the public) to the need of elaborate security measures. In fact, the launching of the CERT Coordination Center, which was tasked to deal with Internet security threats, is often attributed to it.
Mr. Morris, himself, became the first developer to stand trial and receive a conviction under the newly instituted Computer Fraud and Abuse Act of 1986, 18 U.S.C Section 1030(a)(5)(A). He received a sentence of three years of probation, 400 hours of community service and a hefty $10,500 fine. Considering the damage his worm caused—estimated to be up to 10 million dollars—some might say he got off easy.
Others, however, have expressed some ambivalence about his actual guilt and culpability. For one, the Robert Morris worm didn’t cause any real harm beyond impacting the performance of those computers that were infected by it. They were slowed down excessively due to unnecessary processing but were not destroyed. There was also speculation about whether Mr. Morris wanted to release the worm, and whether the release went horribly wrong because it was premature.
Nonetheless, it wound up being a seminal event that shook up the Internet community and forced it to take stock of its security options. Prior to its release, it is believed that the folks at DARPA didn’t give much thought to the idea of public network security. The Robert Morris worm whipped them into shape as it did with other software vendors who were informed to fix the security flaws in their own products.
Between the release of the Robert Morris worm and the end of the last century, there has scarcely been any cyber attack that has approached its level of sophistication—not even during the dawn of the dot com era. Post 2001, however, the Internet is awash with all manner of virulent malware, and the fact that there is full-fledged security paraphernalia in place to deal with it is an outcome of the shakeup induced in 1988.
Mr. Morris has since redeemed himself as a computer scientist and entrepreneur of considerable standing. But his reputation and legend undoubtedly stems from the incident in his past. There remains considerable admiration and support for this one-time graduate student who once stalled a nascent Internet community. Even still, his efforts are a far cry from the breed of vicious cyber criminals who try to weaken the integrity of the Internet today.