32 years ago, the first attack on the Internet happened. A cyber worm has infected around 6,000 computers within just 24 hours, in a time when approximately 60,000 were connected to the Internet. Robert Morris, the creator of the worm, unleashed the program from a computer at the Massachusetts Institute of Technology (MIT).
Computer worms can impressively propagate on their own, compared to viruses that need a software host in order to infect a device. The program infected the systems of several colleges and public and private research centers. These systems made up the early national electronic network, when the World Wide Web didn't exist yet.
Colleges and research centers that were affected included NASA, the Lawrence Livermore National Laboratory, Harvard, Princeton, Standford, and John Hopkins. A specific version of the Unix operating system was used in the computers of the mentioned victims, as mentioned by the FBI.
Damage Caused by the Worm
The Morris worm caused military and university functions to slow down, and emails were delayed for days. There were cases when the computers have been rendered inoperable. Some resorted to completely wiping their computers to get rid of the worm, while others didn't connect to the network for about a week.
It spread by exploiting vulnerabilities in Unix sendmail using a backdoor, through buffer overflow, and rsh/rexec, where it determines if it could operate. Systems with weak passwords were the most susceptible to the attack, since it had 900 passwords and could use the names of account holders to guess possible passwords.
It was similar to a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack, where it would overload a machine's resources until it won't be able to run. The worm verifies if the machine had already been infected, but regardless, it will still re-infect it one in seven times, according to Security Encyclopedia.
The US Government Accountability Office (GAO) estimated the damage that ranges from $100,000 to $10,000,000.
Read Also: 10 Things To Know About Computer Viruses
The Aftermath of the Morris Worm
Robert Morris was the first person to break the Computer Fraud and Abuse Act, which was passed two years before the attack. He was indicted in 1986 and was found guilty by a jury a year later. However, Morris wasn't sent to jail. Instead, he paid a fine, and was ordered to complete 400 hours of community service.
He tried to remain anonymous by using the MIT network to release the worm. However, the breadcrumbs that led to his arrest started when a friend made a call to The New York Times. It was on behalf of Morris himself since he felt guilty about what was meant to be a test, becoming dangerously uncontrollable. The same friend accidentally dropped his initials (RTM), leading The Times to uncover his identity.
The FBI conducted an investigation after the spread of the worm became public. The FBI interviewed Morris along with his associates and decrypted his computer files. This revealed a lot of incriminating evidence, and confirmed that Morris really was behind the attack.