The Morris Worm, the First Indictment under the CFAA and Wake Up Call of a New Age

On November 2, 1988, Robert Tappan Morris, the son of a famous Bell Labs cryptographer, released and graduate student at Cornell University, released what became known as the “Morris worm” through Massachusetts Institute of Technology (MIT).  Morris stated that his intent was “to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects [he] had discovered.”  The worm would slow down computer operations to the point of being unusable.

Morris had remarkable success as within twenty-four hours the worm had disabled approximately ten percent of the computers connected to the internet for as long as 72 hours, including computers belonging to universities including UC-Berkley, Harvard, Johns Hopkins, MIT, Princeton, and Stanford, as well as Lawrence Livermore National Laboratory.NASA and the Pentagon among many others, and stayed infected for almost 72 hours.  The Government Accountability Office put the cost of the damage as between $100,000 to $10 million.

On this day in 1989, Morris became the first person indicted under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.  He was convicted and sentenced to three years of probation plus 400 hours of community and a $10,050 fine.  Morris’ conviction was upheld on appeal.  U.S. v Morris, 928 F.2d 504 (1991).

As the FBI explains:

The episode had a huge impact on a nation just coming to grips with how important—and vulnerable—computers had become. The idea of cybersecurity became something computer users began to take more seriously. Just days after the attack, for example, the country’s first computer emergency response team was created in Pittsburgh at the direction of the Department of Defense. Developers also began creating much-needed computer intrusion detection software.

At the same time, the Morris Worm inspired a new generation of hackers and a wave of Internet-driven assaults that continue to plague our digital systems to this day. Whether accidental or not, the first Internet attack 30 years ago was a wake-up call for the country and the cyber age to come.

As for Morris, he went on to get Ph.D. in Philosophy and Applied Sciences from Harvard. Ironically, he joined the MIT faculty in 1999 and is now a tenured professor in Electrical Engineering and Computer Science.

In 1995, Morris co-founded Viaweb, a startup that made software for building online stores that Yahoo! purchased for $49 million and rebranded as Yahoo! Store.   A decade later he co-founded Y Combinator which has launched over 2,000 companies having a combined valuation of over $155 billion, including Airbnb, Automation, DoorDash, Dropbox, Instacart, Stripe, and Twitch.

Featured Photos credit: Go Card USA, Museum of Science – Morris Internet Worm(CC BY-SA 2.0); Trevor Blackwell, Robert Tappan Morris (CC BY-SA 3.0).

One thought on “The Morris Worm, the First Indictment under the CFAA and Wake Up Call of a New Age

  1. Pingback: CFAA Gets a Much-Needed Trim With Recent SCOTUS Ruling - Abacode

Comments are closed.