Hacking History: The Morris Worm and Robert T. Morris Jr.

Hacking History: Robert Tappan Morris Jr.

the Morris worm

Up to this point in our hacking history series, the figures have focused on decryption and then manual processes to intercept communications or gather information from other people’s systems. In this next installment of our series, the potential of hacking into networks and computers changes forever.

It’s 1988 and Cornell graduate student, and son of an N.S.A. cryptographer and computer scientist, Robert Tappan Morris, Jr. unleashes the first internet worm onto ARPANET (the packet switching, Department of Defense network, and the first network to implement the protocol suite TCP/IP).

the morris worm


Learn to dismantle worms and viruses through Basic Malware Analysis with the brand new course!


The Morris Worm

After unleashing the worm onto ARPANET, from an MIT computer, it is estimated that the worm infected 1,000- 6,000 computers (according to Legal Affairs). At that time, 6,000 was about 1/10th of all internet connected computers worldwide. If you’re interested in a walk-through of the worm’s system invasion, check out this virtual system invasion by Snow Plow.

A New York Times article, from the year of his indictment, gives some insight into how the Morris Worm got its name. The Morris part should be obvious, but the term “worm” is from a 1975 science-fiction novel called Shockwave Rider, which Morris was allegedly captivated by. “The book portrays a high-tech rebel who designs a program called a ”worm” to overthrow an authoritarian government that relies on a powerful computer network to stay in control. This is the origin of the term, now used to describe programs that can automatically copy themselves in computer networks to perform specific tasks.

Robert Tappan Morris, Jr. had created the worm in an attempt to get a measurement of how big the ARPANET was. He claimed that there was no malicious intent behind the worm’s creation, and this was believed because of his fast actions as soon as the infections got out of hand. The issue was a coding misstep. Morris had overlooked two factors:

  1. The software replicated at an erratic rate, far beyond the intentions of Robert T. Morris, Jr.
  2. The software did not check a system for previous downloads, before downloading itself onto a system.

This caused thousands of computers to slow down to such a speed, they were virtually unusable. Robert Tappan Morris, Jr. and his colleague attempted to contact system administrators around the nation with instructions on how to disarm the worm, but they’re efforts were too late. According to Legal Affairs:

“After an intense day-long flurry of collaborative sleuthing, itself facilitated by e-mail, network administrators around the world discovered what was going on and shared tips on killing the worm. They declared that, going forward, computer administrators challenged by a worm ought to promptly install patches, users ought to pick harder-to-guess passwords, and virus-writers ought to adhere to a code of ethics. Members of Congress asked for a report from the General Accounting Office, and the Department of Defense’s research-funding arm sponsored a national Computer Emergency Response Team to track and advise on computer security vulnerabilities.” 

The Computer Fraud and Abuse Act of 1986

From the New York Times:

”It does seem to me that the case vindicates the ability of the current law to deal adequately with new problems.” said David Johnson, a computer law specialist in Washington, D.C.

Robert Tappan Morris Jr. was the first hacker to be indicted under the Computer Fraud and Abuse Act of 1986. The trial was closely followed by technology, legal and social enthusiasts nationwide as a defining opportunity for the courts to send a strong warning message to anybody tampering with systems with or without malicious intent. To many people’s dismay, Robert T. Morris Jr. got off without a single day of jail time. He was given 400 hours of community service, three years of probation and a $10,000 fine.

Ongoing Discussion

Many saw this consequence as a slap on the wrist, and a missed opportunity to send a message to both hackers with malicious intent and those with potentially harmful curiosities. Those people were largely disappointed with the outcome of the trial. However, others saw the outcome as a positive, as Morris largely did the world a justice in proving just a few of the vast exploits that systems were vulnerable to, and putting more attention on the security side of system and network building.

Robert T Morris Jr. went on to get his doctorate from Harvard and is now teaching computer science at MIT.

The Mentor and The Hacker Manifesto


Learn about The Mentor and his Hacker’s Manifesto on the last installment of Hacking History, here! 


Become a Hacker! Start your FREE trial today!

certified security analyst training

CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.



Leave a Reply

Your email address will not be published. Required fields are marked *