Slashdot Mirror
'Morris Worm' Turns 25: Watch How TV Covered It Then
netbuzz writes "On Nov. 2, 1988, mainstream America learned for the first time that computers get viruses, too, as the now notorious "Morris worm" made front-page headlines after first making life miserable for IT professionals. A PBS television news report about the worm offers a telling look at how computer viruses were perceived (or not) at the time. 'Life in the modern world has a new anxiety today,' says the news anchor. 'Just as we've become totally dependent on our computers they're being stalked by saboteurs, saboteurs who create computer viruses.'"
It was more than a "warning". It turned into an multi-billion dollar industry.
How did we function in black and white?
"they're being stalked by saboteurs, saboteurs who create computer viruses."
We have an NSA with nothing better to do than fuck with the people of the world, who, mostly aren't doing anything wrong. Tell me why ANY of our spying agencies couldn't FIND the coders, worldwide, and eliminate the possibility of their ever writing malicious code again, with extreme prejudice. I pay good tax money to be protected within my borders, not fucked with by the help.
Let's send that fucking monkey in the White House a message. Everyone, stand up, go to your window @ noon and scream at the top of your lungs " Put our money back to work for us you fucking bastard, or YOU'RE FIRED!!!!!!"
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Don't forget, Bob Morris's dad was head of the NSA. Where do you think Bob learned that the ordinary system security is horrid? And where do you think Bob learned that, when you screw up and lives and careers are at stake, it's more important to go hiding the evidence that might lead back to you than to publish the mistake and help get the mistake controlled?
Must be nice to have a dad who can help keep the NSA from reporting anything for a *week* while the civilians reverse engineered the work and tracked it back, and who can help guide your career into a nice little computer lab at MIT where you can produce nothing useful for the rest of your life, but will be out of your dad's hair. (Look up Computer Architecture Group at MIT, and its complete lack of useful projects or meaningful work from Robert Tappan Morris). My dad would have beat me with a *stick* for this kind of stupidity.
I'm not so mad at him because he wrote the worm.: a technical error caused it spew far more copies than intended, it was supposed to only prove popr security. I'm mad at him because he acted like a kid who went went camping in a national park, set a fire where he wasn't supposed to, and *drove out of state to hide* instead of reporting the fire. The bastard cost me weeks of work in my own lab, cleaning up from his mess, and ruined chances to do vital medical experiments that I was involved in. Medical research labs live on a shoestring as it is, knocking us and our colleagues offline could and did ruin years of work. I was personally *lucky*, because of thorough backup policies and I knew what I was doing to recover, but a lot of labs suffered far worse. (I did a lot of helping out in the next month.)
The most important thing from that video is that explained computer viruses while Atari 2600 ET was on the screen. Some Atari 2600 users still believe that ET was the first console cartridge virus.
READY.
PRINT ""+-0
So what is new there ??
The Morris Worm was written by Cornell University student Robert T. Morris while in school. He is the son of former chief scientist of the NSA's National Computer Security Center, and inventor of the Unix password scheme, Robert Morris. The incident is discussed in part of this book:
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
I've enjoyed reading it more than once.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Wasn't the first virus the "I want cookies" virus? Or was that a worm? Or a trojan?
Man, 1988 had no idea.
Okay so I'm not THAT Morris, but I am an information systems security professional.
Lmao on the ET game as a representation of using tons of memory.
Date: Tue, 8 Nov 88 21:40:00 PST
From: ge...@fernwood.mpk.ca.us (the tty of Geoff Goodfellow)
Subject: NYT/Markoff: The Computer Jam -- How it came about
THE COMPUTER JAM: HOW IT CAME ABOUT
By JOHN MARKOFF
c.1988 N.Y. Times News Service, 8-Nov-88
Computer scientists who have studied the rogue program that crashed through
many of the nation's computer networks last week say the invader actually
represents a new type of helpful software designed for computer networks.
The same class of software could be used to harness computers spread aroun
the world and put them to work simultaneously.
It could also diagnose malfunctions in a network, execute large computations
on many machines at once and act as a speedy messenger.
But it is this same capability that caused thousands of computers in
universities, military installations and corporate research centers to stall
and shut down the Defense Department's Arpanet system when an illicit version
of the program began interacting in an unexpected way.
``It is a very powerful tool for solving problems,'' said John F. Shoch, a
computer expert who has studied the programs. ``Like most tools it can be
misued, and I think we have an example here of someone who misused and abused
the tool.''
The program, written as a ``clever hack'' by Robert Tappan Morris, a
23-year-old Cornell University computer science graduate student, was
originally meant to be harmless. It was supposed to copy itself from computer
to computer via Arpanet and merely hide itself in the computers. The purpose?
Simply to prove that it could be done.
But by a quirk, the program instead reproduced itself so frequently that the
computers on the network quickly became jammed.
Interviews with computer scientists who studied the network shutdown and
with friends of Morris have disclosed the manner in which the events unfolded.
The program was introduced last Wednesday evening at a computer in the
artificial intelligence laboratory at the Massachusetts Institute of
Technology. Morris was seated at his terminal at Cornell in Ithaca, N.Y., but
he signed onto the machine at MIT. Both his terminal and the MIT machine were
attached to Arpanet, a computer network that connects research centers,
universities and military bases.
Using a feature of Arpanet, called Sendmail, to exchange messages among
computer users, he inserted his rogue program. It immediately exploited a
loophole in Sendmail at several computers on Arpanet.
Typically, Sendmail is used to transfer electronic messages from machine to
machine throughout the network, placing the messages in personal files.
However, the programmer who originally wrote Sendmail three years ago had
left a secret ``backdoor'' in the program to make it easier for his work. It
permitted any program written in the computer language known as C to be mailed
like any other message.
So instead of a program being sent only to someone's personal files, it
could also be sent to a computer's internal control programs, which would start
the new program. Only a small group of computer experts _ among them Morris _
knew of the backdoor.
As they dissected Morris's program later, computer experts found that it
elegantly exploited the Sendmail backdoor in several ways, copying itself from
computer to computer and tapping two additional security provisions to enter
new computers.
The invader first began its journey as a program written in the C language.
But it also included two ``object'' or ``binary'' files -- programs that could
be run directly on Sun Microsystems machines or Digital Equipment VAX computers
Have you compiled your kernel today??
Is that where Geico got the idea for their cavemen?
Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
It didn't affect me directly because I was working on System V Unix and we weren't directly connected to ARPANet.
I remember thinking, "Gee, someone actually *made* one of those?"
The idea had already popped up in some 70s sci-fi stories, and I remember in the late 70s pranking was already fairly common on timesharing systems. As soon as people began to share systems pranksters began to fool around with them, creating "fork bombs" and "chain jobs". It was annoying for sysadmins, but I think it wasn't malicious. The people who did this stuff were fascinated with the edge cases, the things a system could be made to do that it wasn't designed to do; and, let's just say they weren't necessarily the most attuned to the needs and desires of others.
Since the idea of network-vectored malware had cropped up shortly after the idea of a networked world became commonplace (this was still sci-fi stuff in the 70s), people had been talking about the real possibility of such a thing in the 80s; there were even some academic papers on the notion. But our forward thinking was more focused on the positive things that networked computers would do. In the end I think most of us fell short on both ends. Most of us underestimated just how useful and ubiquitous networking would become, at least in our lifetimes. And although we knew network-vectored malware was a theoretical possibility, we had no idea what a major feature of the networked world it would become -- at least in our lifetimes.
in retrospect, the Morris Worm wasn't so remarkable. We'd already seen pranksters on timesharing systems. I called them "doorknob twisters"; people whose curiosity and distractability meant they couldn't walk down a corridor without taking a peek behind the closed doors. Often these were the best people; Ken Thompson even described putting hidden hacks the C compiler in his Turing Award speech. And people had been talking about the possibility for network worms, albeit in sci-fi terms. Again in retrospect, something like the Morris Worm was bound to happen, probably within the next two or three years.
The Morris Worm is remarkable because it was our introduction to the unpredictability inherent in the scale of the network world. Just a tiny miscalculation was enough to turn an intellectual curiosity into a widespread disaster.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Thanks for posting that synopsis of what happened. I'd not seen it before!
For further reading, I highly recommend: A Tour of the Worm by Donn Seeley, Department of Computer Science, University of Utah. The Chronology section reads like something out of a crime thriller and ably recounts what was observed, when, where, and the steps taken to identify, isolate, and repair affected systems. From the introduction:
November 3, 1988 is already coming to be known as Black Thursday. System administrators around the country came to work on that day and discovered that their networks of computers were laboring under a huge load. If they were able to log in and generate a system status listing, they saw what appeared to be dozens or hundreds of "shell" (command interpreter) processes. If they tried to kill the processes, they found that new processes appeared faster than they could kill them. Rebooting the computer seemed to have no effect--within minutes after starting up again, the machine was overloaded by these mysterious processes.
To put this in context: Windows 2.1 was released on May 27, 1988; current PCs ran on 80386 processors (originally released in 1985) as the 80486 was not released until 1989 and the first (stable) systems started appearing in 1990. IIRC, mainstream desktop PCs ran at 20-25MHz and had 1-2MB of RAM.
I was working at Pr1me at the time and witnessed some of the upheaval first-hand. Fortunately for us, our systems were not infected, but they were impacted by the initial disconnecting of our systems from the net as a precaution. When it was learned that our systems were safe from infection, things were still slow as the net recovered from the tremendous load the infected systems placed on it.
But I didn't know about the worm. I think the more interesting story is what they did afterwards. From worm, to grad school, to viaweb, to yahoo store, to y-combinator. Someone should write that story :)
I'm in Arizona - we don't deal with that shit.
The Morris Worm was enabled by a default exit-to-the-shell password that the original developers accidentally left in sendmail. This was an open secret for a long time before Morris exploited it. You see when they compiled it, they accidentally left in the debug directive leaving the password in the released version.
I read a great article on RTM called "Shockwave Rider" or something like that. It was called that because RTM Sr. used the book "Shockwave Rider" to explain to his son how what he did was right in a certain way of looking at it, but wrong in every other way of looking at it. Can't remember what magazine the article was in. It was a good article to read back in the early 90's.
We still have a lot of mechanical devices hooked up to the internet, today. Some might say more every day. I say "mechanical devices" in reference to phones, because the exchange hubs used rotating disks (implementing their own optimized form of binary counting) to connect calls.
Considering we've had one major blackout in the United States due to a power station being online to the internet and left vulnerable, I'd say this is a very relevant topic today.
When I was taking a college course on transformers, the instructor used to come to class bragging about the work he did (his other job) for Siemens, designing and building transformers. He was a real egotist. He'd not only brag to students, but he wasn't very in touch with theory either, as I found out. Coming from electronics 101, you tend to want to ask some questions about electronics theory to your other instructors, stuff that they should by all means be well acquainted with. Well, this guy didn't know. So he'd get pissed, and when he got pissed, he would literally say, "oh yeah, well can you do this" and start writing out schematics for transformers according to code on the blackboard, and then take a calculator and figure out how many turns of what gauge wire was needed to fit the demand according to code. Yaba yaba yaba. A very insecure individual. So I not only wasn't surprised when I read in the newspaper that semester that Siemens transformers that had some kind of internet-capable component were found 100% irreversibly vulnerable to attack over the internet through a backdoor that presumably some disgruntled, insecure "mage" installed before leaving the company -- I also wasn't very surprised at all when that jackass had jack shit to say when I mentioned the story to him except stare at his shoes awhile and get on with the next lesson in rotating transformers (to use the Tesla coined phrase, which that instructor hated so damn much whenever I said it.)
Anyways, it's always going to be relevant. That hookworm was elegant and though not thoroughly thought through, it did show the potential for electronic disaster in the form of less than a handful of barely discernible on's and off's.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
I think is was NPR All Things Considered that explained how the Morris Worm worked with a radio play. Does anyone know where to find a recording.
It was both funny and reasonably accurate considering it was intended to explain to a mostly non technical audience of NPR the idea of a buffer overflow.
I remember it well.
After that Martin Gardener article in Scientific American, everyone coded up iterative fractals on their computers and consumed a large fraction of the worlds computing resources. About the same time period too.