rotten > Library > Biographies > Hackers > Robert Morris

Robert T. Morris, Jr.

Robert T. Morris, Jr. was a graduate student at the Computer Science department of Cornell University, but nobody cares about that. All they care about was that he created the "Morris Worm", a program that applied a crowbar to the shins of the Internet way back in 1988, when the Internet had a chance to be something other than a popup-choked, moron-laden porno pipe.

A worm is a self-replicating piece of code that uses security lapses to travel from machine to machine, placing copies of itself everywhere and then using those newly compromised machines as bases to attack further systems. Worms existed in theory and may have even existed before November of 1988, but it was Morris' creation of his worm (and release of it into the MIT computer system) that defined him (and it) as the canonical examples.

Unfortunately, history is already glossing over the Worm's methods and approach to propagating itself, when not a little amount of education can be taken from them. Let's go into that.

One of the problems with domesticated herds is that the animals are interbred and (used to be) fed the remains of its fallen comrades. This meant that there was an overriding, uniform sameness about the animals that make certain diseases go absolutely insane with delight. If, by what passes for luck in the disease world, you hit on something that fells an animal and makes it pass you on, you'll go through a domesticated herd like a lawnmower; they'll fall like dominoes.

Well, regardless of how it'll be presented in decades to come, the Internet of 1988 wasn't the wide-variety of machines it was thought to be. And the Worm took advantage of this to attack various expected services that many machines had. Specifically, it attacked RSH, FINGER, and SENDMAIL.

  • Sendmail is a service that provides and transfers electronic mail. It's very popular. It also has had an amazing history of back doors, bugs, and problems since inception. The worm had one of these bugs under its sleeve, saying, basically, "Please let me use you like the bitch that you are, Mr. Sendmail." to which Sendmail would say "That sounds like a legitimate request.".
  • Finger is a method to tell people about yourself from a remote machine; think of a webpage or weblog but it's 1988 and you haven't travelled forward in time to hear about these things and make millions. Problem is, there was a way to "finger" the machine with too many characters, causing it to say "Geez, that's so many characters, I better let you run whatever code you want to on the machine." and this is what it did.
  • RSH is an old method to make it easier to use two machines as if you had the same access on both, forgoing the usual issues of security and safety. It has since fallen out of favor for some reason, but back then, the worm knew about it and tried a ton of passwords, including a copy of the dictionary, to get itself in. RSH would say "Wow, looks like after 10,000 tries, you finally got your password remembered! Come in, old friend."

With this selection of tools under its belt, the software started to propogate itself across the Internet, going from machine to machine, breaking through the security and making copies of itself. Within a short time, the entire internet was choked with this bastard, barely able to function. Then again, to hear of the bandwidth availability of the Internet in 1988, you'd probably be amazed that the thing wasn't choked all the time.

According to legend, Morris had intended for his program to work very slowly, and to "report back the size of the Internet", for whatever reason. Unfortunately, a bug in the program caused it to start working as absolutely fast as it could, which made it start choking everything it came into contact with. All over the country, very fat people with beards labored to find ways to block the worm, and they were able to slow it down, and ultimately stop it. A lot of heavily-piled "cost estimates" rose out of the damage the worm had caused. Most of these costs represented the time of people who were being paid to keep the machines secure, to actually make them secure.

Morris was dragged into court, where his case made a ton of press. He was convicted of the Computer Fraud and Abuse Act, and sentenced to three years of probation, 400 hours of community service, and a fine of $10,400. He appealed the case and lost. Morris now shows up occasionally at various functions, and most humorously was the network administrator for the Ig Nobel awards, an award ceremony run by a scientific parody paper.

Some conspiracy theorists have noted that the story of Robert Morris wouldn't be complete without mentioning his father, Robert Morris, who at the time of the release of the Morris Worm was the Chief Scientist of the NSA. He had a habit of bringing home neat shit for his son to play with (like one of the original Enigma Code machines), so perhaps his son got his hands on a fledging NSA project? Maybe. Sure gives you something to mull over coffee while your system is down from the newest attacks crippling the net. Morris' spirit lives on! (As does Morris, now a teacher at MIT).

Pornopolis   |   Rotten   |   Faces of Death   |   Famous Nudes