Although several computer infections have been scripted over the years, few people have ever faced the legal repercussions for creating them. Robert Tappan Morris, however, is a different story, as he was the first to be convicted by jury under the 1986 Computer Fraud and Abuse Act. There has been much speculation about the worm‘s intent and what actually happed to Morris after it was released. Here it the story as we know it:
From Cornell to Court
In 1988, Robert Morris was a 23 years old graduate student at Cornell University. He wrote the first internet worm in 99 lines of the C language. According to Morris, the program was simply an experiment to enable a single machine to access as many computers as possible. The worm was designed to detect existing copies of itself on infected computers, not to reinfect them. Although the program wasn’t specifically written to destroy files or damage a system, Morris stated that is was designed to break into a system and thieve passwords.
Robert Morris released the worm on November 2, 1988. It was distributed from MIT to disguise the fact that he was a student at Cornell University. Unfortunately, the worm contained a bug, and the part of it that was intended not to reinfect a machine harboring the worm did not function properly. As a result, many systems because infected with numerous copies of the worm, each attempting to break into sensitive accounts and propagate more programs. The infected systems soon crashed or became totally inoperable. Restarting the machines did nothing, and terminating the worm process was useless, as they simply continued to propagate. The only solution was to disconnect the computer from the internet.
Stopping the Infection
Realizing that his program was out of control, Morris got help from a friend at Harvard to stop the infection. Within a day, teams from Purdue and Berkeley created and distributed procedures to slow down the worm’s rate of infection. It’s reported that Morris and his unnamed friend sent an anonymous message describing how the worm could be killed and how to patch vulnerable machines.
What Happened to Morris?
Scripting the dysfunctional program was a huge mistake for Morris. His biggest mistake was speaking about the worm months before it was released. It’s said that authorities found him with relative ease, all made possible by the fact that he was listed in the New York Times as the creator. Since the worm was able to gain access to computers of federal interest, Robert Morris was convicted for violating the Computer Fraud and Abuse Act in 1990. A judge sentenced him to three years of probation, 400 hours of community service, a fine of $10,500 and additional costs of his supervision.
Morris was suspended from Cornell following the incident. He would later obtain a Ph.D from Harvard University. In 1995, Morris co-founded a web-based application named Viaweb with a fellow Harvard graduate. Viaweb was an instant success, and in 1998, it was purchased by Yahoo for a reported $49 million dollars.
Morris currently works at MIT as a professor and a member of the school’s Laboratory of Computer Science in the Parallel and Distributed Operating systems group. He instructs a class on Operating System Engineering and has published numerous concepts in computer networking technology.