How a grad student trying to build the first botnet brought the Internet to its knees By Timothy B. Lee November 1, 2013
Robert Morris (Photo by Intel Free Press)
Here is a TOP 10 BOTNETS AND SCAMS running n 2017: https://goo.gl/5k9Zyn https://goo.gl/7bT1cv https://goo.gl/4xkpz7 https://goo.gl/42be5a https://goo.gl/n4HNKk https://goo.gl/NVzNB7 https://goo.gl/prg5Vr https://goo.gl/UaXLLS https://goo.gl/hUYSgf https://goo.gl/tBqp5W https://goo.gl/W77UkL
On November 3, 1988, 25 years ago this Sunday, people woke up to find the Internet had changed forever. The night before, someone had released a malevolent computer program on the fledgling computer network. By morning, thousands of computers had become clogged with numerous copies of a computer "worm," a program that spread from computer to computer much like a biological infection. It took days of effort by hundreds of systems administrators to clean up the mess, and the Internet community spent weeks analyzing what had happened and how to make sure it didn't happen again. A graduate student named Robert Morris was unmasked as the culprit behind the worm. A brilliant loner, he seemed to be motivated more by intellectual curiosity than malice. That didn't save him from becoming one of the first people prosecuted and convicted under an anti-hacking statute that Congress had passed a few years earlier. But the most significant effect of the worm was how it permanently changed the culture of the Internet. Before Morris unleashed his worm, the Internet was like a small town where people thought little of leaving their doors unlocked. Internet security was seen as a mostly theoretical problem, and software vendors treated security flaws as a low priority. The Switch newsletter The day's top stories on the world of tech. The Morris Worm destroyed that complacency. It forced software vendors to take security flaws in their products seriously. It invigorated the field of computer security, creating a demand for such experts in both academia and industry. Today, the Internet is infested with malware that
works a lot like the software Morris set out to build a quarter-century ago. And the community of Internet security professionals who fight these infections can trace the roots of their profession back to the events of November 1988. Morris has gone on to a brilliant career as an entrepreneur, computer scientist, and investor. And the man who prosecuted him, Mark Rasch, now says that he would support pardoning him. Wednesday: A late night phone call Andrew Sudduth was best known as a world-class rower. In 1984, he was part of an American team that won a silver medal in that summer's Olympic games. But he was also a talented computer hacker. In the fall of 1988, he worked on the technical staff of Harvard University's Aiken Computational Laboratory. Sudduth had gotten to know Robert Morris while Morris was an undergraduate at Harvard. Morris had graduated from Harvard and began graduate studies at Cornell University in fall 1988. Around 11 p.m. on Wednesday, Nov. 2, Sudduth was talking with Paul Graham, another Aiken Lab staffer and a friend of Morris, when Morris called. (The account that follows is drawn from Sudduth's testimony to a Cornell commission. Sudduth died in 2006, and Graham declined to be interviewed for this story.) Graham answered the phone. After the call, Graham reportedly told Sudduth that Morris had admitted releasing a worm that was then spreading across the Internet. Half an hour later, Morris called again. This time Sudduth answered the call, and Morris suggested steps that Harvard administrators could take to protect their computers from the worm. An increasingly panicked Morris called a third time, around 2:30 a.m. According to Sudduth, Morris "seemed preoccupied and appeared to believe that he had made a 'colossal' mistake." Morris asked Sudduth to post an anonymous message on his behalf apologizing for the incident and explaining how to update computers to immunize them against the worm's spread. Sudduth complied with Morris's request an hour later, posting an anonymous message on the Usenet bulletin board system at 3:34 a.m., Thursday, Nov 3. "There may be a virus loose on the Internet," the message said. "Here is the gist of a message I got: I'm sorry." The message then explained how to prevent the worm from spreading further. Unfortunately, Sudduth's message wasn't noticed until Saturday, long after it could do any good.
Eugene Spafford (Photo by Intel Free Press) Thursday: Cleaning up the mess Eugene Spafford woke up early that morning, made himself a cup of coffee and sat down at his home computer to check his e-mail. In 1988, most people had never even heard of the Internet or e-mail. But Spafford, an assistant professor of computer science at Purdue, was used to getting a steady stream of e-mails from friends and colleagues at research institutions across the country. So when he dialed into his workstation on the Purdue campus, he was surprised to discover that he hadn't received any e-mail since he logged on the night before. He tried to log into the mail server to figure out what the problem might be, but the server was too overloaded to respond. Spafford got dressed and drove to campus to investigate the problem. He discovered that "there were a lot of processes running in the background that shouldn't have been there" on the mail server. And he soon learned that the same mysterious malady had struck machines not only across Purdue's campus but also across the country. The professor quickly assembled a team of about eight people, who began analyzing the worm to figure out how to stop it. By the end of the day, they had mostly finished dissecting the
program to understand how it worked and had issued a recommendation on how to halt its spread. Similar efforts were underway at other universities. Some of the first people to notice the attack were students at the University of California, Berkeley. Because they were on the West Coast, it was early Wednesday evening when the worm began attacking their systems. A group of undergraduates returned from dinner to discover that an automated program had been repeatedly trying to log into a Berkeley computer. They alerted members of the Berkeley IT staff, some of whom worked late into the night to diagnose the problem. Coincidentally, the annual Berkeley Unix Workshop was scheduled to start on Thursday morning. The worm targeted machines running the Unix operating system, so some people skipped the formal conference proceedings and joined the worm-analysis effort. By the end of the day on Thursday, the Berkeley team also understood the program well enough to make recommendations on how to stop it. Then they ordered calzones for dinner and hunkered down for another all-nighter, as they prepared to take the worm apart bit by bit. The Berkeley hackers wanted to understand how the worm worked so they could verify that it hadn't done any permanent damage to the computers it had already infected and that it didn't have any more nasty surprises in store for computers that hadn't been cleaned up yet. By Friday afternoon, researchers had finished dissecting the worm, and they presented their findings at a closing session of the Unix workshop. Spafford emerged as a clearinghouse for information flowing among his own group, forensic teams at Berkeley, the Massachusetts Institute of Technology, the University of Utah and harried administrators across the country. By the end of the day, he had created a mailing list dedicated to the worm. He was also one of several people to write an in-depth analysis of the worm in the following weeks. Friday: "We don't have a medical school" The worm began to attract intense, and predictably clueless, media attention. For many reporters, the incident was the first time they had heard of either the Internet or malware. "There were some mainstream outlets with National Enquirer-type headlines of invasions of hackers or whatever," Spafford says. By Friday morning, there were so many reporters calling MIT about the worm that the school held a press conference. "The media was uniformly disappointed that the virus did nothing even remotely visual," recalled Mark Eichin and Jon Rochlis, two MIT researchers who helped to dissect the worm. "Several also seemed pained that we weren't moments away from World War III." "I got one call from a newspaper in Southern Indiana," Spafford says. "The reporter asked me, in all earnestness, 'Do our readers need to worry about catching this virus?'" "Gosh, I don't know," Spafford deadpanned in response. "We don't have a medical school. You ought to call the folks at Indiana University." But the press did fill in one important piece of the puzzle. On Saturday morning, the New York Times broke the news that Robert Morris Jr., a 23-year-old computer science graduate student at Cornell, had created the worm.
Morris, reported Times reporter John Markoff, was the "brilliant" son of Robert Morris Sr., "one of the Government's most respected computer security experts." The elder Morris told Markoff that the worm was "the work of a bored graduate student." A Cornell report would find that at Harvard, "Morris was the kind of student who was bright but bored by routine homework, and often devoted his main energies elsewhere. He apparently continued this pattern at Cornell," where he "seemed to prefer to work alone" and "spent many hours programming at the computer." His Cornell peers said Morris didn't develop many friends in the two months between his arrival on campus and the release of the worm. Of course, this combination of traits was hardly unusual among computer science graduate students.
A floppy disk at the Computer History Museum in Silicon Valley contains a copy of the Morris Worm's source code. (Photo by Intel Free Press) Anatomy of a worm A worm is a computer program that spreads from computer to computer by exploiting security vulnerabilities in target machines. Once released, it operates without human assistance or control, scanning the Internet for new hosts to infect, attacking them and then launching a new copy of the software on the new host. While experimental worms had been developed in the past, Morris's worm spread much further and faster than any previous worm. Forensic evidence would reveal that Morris started using Cornell computers to develop the worm around Oct. 15, 1988. The worm used several attacks to spread from computer to computer. One attack exploited a common Internet service known as "finger," which was installed on most Unix machines.
Another attack took advantage of the fact that many users chose easy-to-guess passwords, such as their username spelled backwards or a common term from the dictionary. The worm obtained a computer's password file, which contained encrypted copies of every user's password. It then systematically guessed passwords using a dictionary of common words. If it discovered a user's password, it attempted to use that user's credentials to access other servers where that same user had an account. On Oct. 20, Morris made the 300-mile trek to visit friends at Harvard, staying for two days. Upon his return, Morris added code to exploit a third security vulnerability. The code targeted a flaw in "sendmail," a ubiquitous utility that, as its name suggests, was used to send e-mail. It seems likely that Morris learned about this vulnerability during his Harvard trip. Graham, the Harvard friend Morris would call the night he released the worm, e-mailed Morris on Oct. 26 to ask, "any news on the brilliant project?" An early version of the worm recovered from an automatic backup of Morris's Cornell files included extensive comments describing Morris's vision for the project. Those comments suggest that Morris had even more ambitious goals than he eventually achieved. Morris didn't just want to create a worm that would silently replicate itself across the Internet. He hoped to build what we would now call a botnet: a network of thousands of computers coordinating with one another and available to carry out further instructions at the direction of their master. The worm, he wrote in comments on an early version of the worm, will need to "decide what to break into next" and will need "methods of breaking into other systems." He also wanted "some way for ME to send out commands, protected by an encoded password." Morris wanted to avoid infecting the same machine multiple times, which could slow infected machines down and draw unwanted attention. But the most obvious way to do that — have an infected machine publicly signal its infected status to other copies of the worm — could itself aid efforts to detect and eradicate the worm. To solve this dilemma, Morris thought he would need to build a "global database" of infected computers. However, he admitted, doing that could prove "really hard." By the time he released the worm two weeks later, he had only made small steps toward implementing these ideas. He never created a command-and-control system that would have allowed him to send instructions to infected machines. The worms did have code designed to send a homing beacon to a particular computer at Berkeley, which could have been part of a planned command-and-control system. But, thanks to a programming error, even that subroutine didn't work. Morris did implement a mechanism designed to prevent multiple copies of the worm from running on the same computer. If two worms found themselves on the same machine, they would flip a virtual coin, and then the losing copy of the worm would commit electronic seppuku. But Morris modified this scheme in a way that made it ineffective. One time out of seven, selected at random, the losing worm would make itself immortal rather than committing suicide. "This was probably done to defeat any attempt to put a fake worm process on the TCP port to kill existing worms," Spafford wrote in his worm postmortem. But the move also undermined the original purpose of the self-destruct scheme: preventing multiple worms from infecting the same computer. As a result, on the morning of Nov. 3 the population of worms grew exponentially until computers' resources were exhausted from running so many copies.
Morris also took numerous precautions to make it more difficult to detect and remove copies of the worm. For example, as soon as a worm infected a new machine, it would encrypt the files it used to carry out the infection and remove references to them from the file system. It would also periodically kill and respawn itself so that it wouldn't show up in lists of long-running processes. Morris, Spafford concluded, "may have been a moderately experienced Unix programmer, but he was by no means the 'Unix wizard' many have been claiming." Creating the worm required considerable effort, and a non-trivial amount of skill. Yet Morris made a number of rookie mistakes. "The worm could have been much more virulent had the author been more experienced or less rushed in his coding," Spafford wrote.
(Photo by Terry Ross) The Internet loses its innocence Morris's worm rocked the young Internet, which had fewer than 100,000 computers on it at the time. "It was largely a North American network," Spafford says. "The majority of people had some tie to computation for their jobs. I wouldn't say that we trusted each other, but there was more a community sense of caring for the stability and appropriate use of the computing systems." Network administrators in 1988 took few precautions against online attacks. "There was no such thing as a firewall back then," Spafford says. "You didn't have people who were vandals or anarchists or criminals as much. There were many public servers because universities shared a lot of their data and resources." Shock over the worm provided a boost to Spafford's field of computer security. Before the worm, "I had no funding agency or academic interest in security mechanisms or the kind of things that I
was interested in doing," Spafford says. Afterward, "work began on a number of different security programs. Intrusion detection and malware detection both kind of took off." It would be another decade before the Internet was attacked by new malware infections serious enough to again attract widespread public attention. And by then, the network had changed radically. It had millions of users, rather than thousands, and the average technical sophistication of these users was much lower. Unlike the Morris worm, the most significant malware outbreaks of the dot-com era -- including "Melissa," "ILOVEYOU" and "SirCam" -- worked by tricking gullible users into clicking on executable files sent to them as e-mail attachments. Once activated by a user, these programs sent copies of themselves to people in the victim's Outlook address book. But starting in 2001, the Internet saw a rash of potent malware infections that, like Morris's creation (and unlike most of the Outlook-based malware) could spread from computer to computer without human assistance. The Code Red worm exploited vulnerabilities in Microsoft's IIS Web server. Other high-profile worms included Slammer and Blaster, both of which appeared online in 2003. In the last decade, malware authors have finally achieved something like Morris's original, unrealized vision of using a worm to create a vast network of computers operating under the control of the malware's author. Consider the Conficker worm, which first appeared online in 2008 and has infected millions of Windows computers. Despite Microsoft's best efforts to eradicate it, the worm is still active today, its spread aided by the use of old, pirated copies of Windows in the developing world. Conficker doesn't just mindlessly copy itself across the Internet. Once it infects a computer, it opens a channel to the worm's creator and awaits further instructions. Such a network of zombie computers, known as a "botnet," has become an important part of the Internet's underground economy. Today, there are many such botnets available for rental. Unscrupulous individuals use them to send spam e-mail messages, overwhelm Web sites with traffic, or perform other nefarious tasks. Morris stands trial As far as we can tell, Morris has never spoken to the press about the incident that made him famous. True to form, he didn't respond to our requests for an interview. But there's a broad consensus that that he didn't have the kind of malicious intentions that many modern worm authors do. His primary motive appears to have been intellectual curiosity, not a desire for profit or destruction. Morris could have had his worm destroy files or steal secrets on the machines it infected, but it did nothing of the sort. But this apparent lack of ill intent didn't save Morris from prosecution under the Computer Fraud and Abuse Act, which Congress passed in 1986. The attorney who prosecuted the case, Mark Rasch, says he and his colleagues at the Department of Justice carefully considered whether to charge Morris with a felony or a misdemeanor. "We didn't believe that Morris intended to cause harm or damage," Rasch says. In his view, Morris was "motivated mainly by curiosity and by a desire to show that he could do it." On the other hand, the Justice Department worried that "if the government treated this as a misdemeanor, a trivial offense, that others would go out and do it," Rasch said. "You had conduct that was planned, premeditated, that was deliberate, over periods of months, that
caused massive disruption and expense to a wide number of different individuals." That required a response, the government believed. So Morris was charged with a single felony count. Rasch says Morris could have been charged with a separate felony for each of the thousands of computers the worm infected. But the lawyer and his colleagues believed that would be overkill. "I don't believe that you over-prosecute someone to send a message," Rasch says. "I don't believe in the head-on-a-stake theory of prosecution." But others viewed even a single felony count as excessive. Spafford, for example, believes that Morris's actions warranted some punishment, but he says "the felony prosecution was probably too extreme." There was plenty of evidence that Morris had created the worm. Backup tapes at Cornell showed that someone had used Morris's account to develop the worm in the weeks before it was released. And Rasch says he called both Sudduth and Graham to testify against their friend. Morris didn't try to deny being the worm's author. "He came in and testified: 'I did it, and I'm sorry,'" Rasch says. When it came time for the government to cross-examine Morris, Rasch turned to one of his colleagues and quipped, "Should I prove he didn't do it or he's not sorry?" In 1990, Morris was convicted by a jury. Sentencing guidelines recommended 15 to 21 months in prison. Instead, Judge Howard Munson sentenced Morris to serve three years of probation, to do 400 hours of community service and to pay a $10,000 fine. Morris's lawyers tried to convince the courts that Morris's conduct didn't fall within the definition of the crime he was charged with. The CFAA made it a felony to intentionally gain unauthorized access to a "federal interest computer" and to cause damage as a result. Morris's legal team argued that the statute required the government to prove that both the access and the damage were intentional. The judge rejected that argument, holding that the government needed only to show that Morris intended to gain unauthorized access, not that he intended to cause harm. Morris's arguments were rejected by an appeals court in 1991.
Paul Graham (Photo by Gabor Cselle) Pardon Robert Morris? By all accounts, Robert Morris has conducted himself admirably in the quarter-century since he created the worm. In 1995, Morris joined his friend Paul Graham as a co-founder of Viaweb, one of the first e-commerce startups. According to Graham, Morris "was so publicity averse after the Worm that he didn't want his name on" Viaweb's site, so he was listed under the pseudonym "John McArtyem." Viaweb was sold to Yahoo for $49 million in 1998. Morris then returned to graduate school, earning a doctorate from Harvard in 1999. He joined the faculty of MIT, conducting research on computer networks and getting tenure in 2006. In 2005, Graham and Morris teamed up to found Y Combinator, a "startup accelerator" that has become legendary in Silicon Valley. Morris has "never tried to gain any notoriety or credit" for his work on the worm, Spafford says. "He has not tried to make any money or work in this area. His behavior has been consistent in supporting his defense: that it was an accident and he felt badly about it. I think it's very much to his credit that that has been his behavior ever since." Rasch agrees. "I would not object if Robert Morris was granted a pardon," he says. "I would represent him if he wanted. He was not a bad person. I don't see any reason he should have to wear this as a mark of shame for the rest of his life." 32
Comments ● Share on FacebookShare ● Share on TwitterTweet ● Share via Email The Post Recommends
Here’s what you need to know about the diversity visa lottery program
President Trump, others, call for an end to the 27-year-old visa program that brought Sayfullo Saipov to the United States. 6 hours ago
‘I’m the victim here’: Corey Feldman defends himself in contentious ‘Today’ interviews
The 1980s child star discussed his campaign to raise $10 million to reveal the names of alleged Hollywood pedophiles. 2 days ago
JFK’s last birthday: Gifts, champagne and wandering hands on the presidential yacht
The party aboard the Sequoia included dinner, dancing and the president's pursuit of a legendary Washington journalist's wife. May 26
PAID PROMOTED STORIES
● What Causes Psoriatic Arthritis? Yahoo! Search
● Here's What Dental Implants Should Cost In Los Angeles Dental Implants In Sponsored Ads
● Los Angeles, California: This Brilliant, New Company Is Disrupting a $200 Billion Industry EverQuote
● Celebrity Halloween Costumes That Might Even Be a Little Too Striking TVGuide.com
● The Most Important Map of America You Will Ever See (See Map) Banyan Hill Publishing
● PhD Millionaire Warns: "Get Out Of Cash Now" The Crux Recommended by Discussion Policy 32 Comments The comment section on this story is now closed. All comment sections close after 14 days. For more on how we manage comments and other feedback, please see our discussion and submission guidelines ● All Comments ○ Newest First ● Pause live updates truthoutandunder 11/5/2013 12:50 PM PST You didn't even bother to mentioned that he was the son of the then director of the NSA? How does that slip by you? You clearly haven't done your research, or you're continuing to keep mum about the sealed testimony in this case. There was no justice served then, and I doubt a pardon would matter now. Is his coddled existence of being VC funder not good enough for him now for some reason? Get a real career, you are not a real journalist. LikeShare Robert Eckman 11/7/2013 11:12 AM PST What does his father being director of the NSA have to do with the story? Sure, considering our current NSA scandals, it's ironic, but that's not relevant to the story. This isn't a story about the
NSA snooping or hacking in 1988; this is a story about an individual who worked on a self created project that blew up in his face and changed how we view computer security. You imply that there was more going on in this case, that the NSA must have something to do with it, but if that testimony is sealed, then it's not available. I think Tim Lee did a great job on this. I studied this incident a long time ago, and I think this was researched well, I am impressed that he reached out and interviewed individuals that were willing to contribute. Unless you have some real facts to present (and not just unfounded accusations or unsubstantiated paranoia rants), then I would shy away from attacking a reputable writer. This is a forum for discussion, not for bullying. Like 2 computeruser 11/3/2013 8:33 AM PST Christmas Tree EXEC was the first widely disruptive computer worm, which paralysed several international computer networks in December 1987. Morris seems to be the first person to be caught. LikeShare 2 IndianaGreen 11/2/2013 8:14 AM PDT A key question we must always ask ourselves is not whether we can do something, but whether we should. Robert Morris was motivated by the same intellectual curiosity our atomic scientists at Los Alamos had. Whether it was a computer worm or an atomic bomb, it wasn't so much if it was possible to create such a thing, but whether they should create it. Scientists currently working on autonomous killer robots should ask themselves the same question. LikeShare 1 stevelaudig 11/1/2013 5:39 PM PDT "On the other hand, the Justice Department worried that "if the government treated this as a misdemeanor, a trivial offense, that others would go out and do it," Rasch said. "You had conduct that was planned, premeditated, that was deliberate, over periods of months, that caused massive disruption and expense to a wide number of different individuals." That required a response, the government believed." Unethical to consider any matters outside the conduct to charge the conduct. The government officials involved knew and believed it was an accident and for other reasons connected with "governing" not justice made it a felony. Deeply offensive, yet typical. And all the while the same government did/does/will do nothing against large institutions, calling it the "Department of Justice" is false labelling. LikeShare 1
-C4PIO11/1/2013 4:52 PM PDT Good article, but no need for a pardon. He knew what he was doing when he opened Pandora's Box. LikeShare 2 truthoutandunder 11/5/2013 12:52 PM PST His father was the head of the NSA at the time, this whole thing could have been a false flag operation. But we'll never know. Particularly not with drivel like this being shoveled down purportedly reputable news sources. Educate yourself, this author isn't going to do it for you, but perhaps real old hackers may: http://cm.bell-labs.com/who/dmr/crypt.html Like SoFedUp14 11/1/2013 2:48 PM PDT Great article. LikeShare 2 abrooklynite 11/1/2013 2:04 PM PDT White college kid causes, untold economic damage, a short prison sentence is still too much, give him community service and probation. 'Oh he was young and didn't know any better, he was just experimenting.' Black kid with a bag of weed, "lock him up!" On his permanent record forever. Don't pardon him. LikeShare 3 Soudesuka 11/1/2013 2:20 PM PDT "White college kid causes, untold economic damage, a short prison sentence is still too much, give him community service and probation. 'Oh he was young and didn't know any better, he was just experimenting.' Black kid with a bag of weed, "lock him up!" On his permanent record forever." So one overzealous prosecution shouldn't be overturned because overzealous prosecutions happen elsewhere? Like 1 SoFedUp14 11/1/2013 2:48 PM PDT
White banker causes untold economic damage, let's give him a bonus. Like 7 The Mystery Machine 11/3/2013 2:59 PM PST He also initiated a programming movement that prevented an untold amount of economic damage. Sure his method wasn't the correct way, but it showed how damaging insecure code can be. Like 2 View More Replies Coach_1 11/1/2013 1:47 PM PDT My firewall reports that I get about 100,000 unauthorized attempts per week to access my computer and it is turned off all night. When I turn on my computer it is basically useless for about 10 minutes while it goes through a bunch of code to protect me from malware. I have the latest version of Adobe Reader on my computer as I expect every other Windows based computer in the world has and at least once a day I get a request to update the Adobe Reader. Obviously some malware is attempting to piggy-back onto a non-Adobe version of the software in order to take over my computer. What a mess we've created. LikeShare SoloOwl 11/1/2013 5:33 PM PDT I don't have Adobe Reader nor do I install it on anybody else's machine (unless they have severe vision problems -- Adobe has good assistive tech). Try Foxit Reader instead. It has a smaller footprint, and needs fewer updates. It works nicely. If it is really true that any piece of software updates itself daily, either you missed a crucial update (or an update was not properly recorded in the software's data) or you are indeed infected. I would uninstall the software, including all preferences, and clean the Registry. Wait two weeks or so. If it still wants to update itself, you are almost certainly infected. Save all your emails, bookmarks, music, videos, photos, and other documents to an external drive. Reinstall Windows, making sure to delete all partitions and re-create them when Windows Setup asks. Reinstall your software; use filehippo.com as a safe source. Copy back your documents as needed or all at once. "What a mess we created." How true. If you had to deal with customers who return their infected computers for repairs, you would feel the pain. Like Richard88 11/1/2013 1:45 PM PDT
Notice this: pseudonym "John McArtyem." If you pronounce "Artyem" it turns out to be Ar-Ty-em = RTM = Robert T. Morris. Clever. LikeShare 5 InfoSecGeek 11/4/2013 1:56 PM PST RTM is actually an accepted acronym as well as his initials. Although it is more commonly expressed using the variant RTFM. Read the manual. Like 1 USAconcerned 11/1/2013 12:25 PM PDT Beware of downloading programs such as Windows Explorer, there are sites in India masquerading as this and other downloads...I know from recent nightmare experience with off site advertising taking over Windows explorer 9 that I had downloaded, it was not from Microsoft...no one could get rid of it, not Microsoft, Norton or Geek squad techs...the program is still somewhere in my computer.. I use Google...even downloaded Explorer 10...and get this my wife got a call asking her if I was still having problems with Windows and why I was not using it...caller had a thick Indian accent,.also Norton and other anti virus and malwear protection programs that come with new computers are in my opinion virus and malewear themselves and cannot be gotten rid of... LikeShare Soudesuka 11/1/2013 2:32 PM PDT "Beware of downloading programs such as Windows Explorer" You should never download Windows Explorer, since it's installed by default on your computer. I think you're talking about Internet Explorer? If so, the only way that updates is through Windows Update, so yeah, don't ever download that either. "no one could get rid of it, not Microsoft, Norton or Geek squad techs...the program is still somewhere in my computer" NO NO NO. You need to FORMAT AND REINSTALL your machine, it's the only way to be sure. Back up your personal data (not applications, just documents and photos and such), then reinstall Windows from scratch. Like 1 Soudesuka 11/4/2013 7:13 AM PST "When you first activate Windows you are directed to a site where you choose your own browser. It would not surprise me if the bad guys spoofed that site. "
It would surprise me very much, because the bad guys would have to compromise either the default OEM Windows install image or the Internet's DNS system, neither of which is a simple task. Like 1 InfoSecGeek 11/4/2013 2:03 PM PST Gotta wonder if those are bootlegged copies of Windows. If so compromising the install image might not be that challenging a task. If nothing else it seems it would be simple to do an install, hack away on the resulting system, and then rebuild an install kit using whatever modified components one wanted to include (if necessary use IDA Pro or Olly Debug to hack the installer and emasculate whatever security or other features are necessary). Not a simple task but well within the range of many many third world hackers, almost down to the script kiddy level these days. Like caps_nats_skins_fan 11/1/2013 12:11 PM PDT A pardon? He personally caused the waste of millions of taxpayers dollars at national labs to implement cleanup and prevention. He should have been charged based on the number of machines he infected and the amount ot time and money to clean them up. He got off easy because of daddy. LikeShare 1 brucekorb 11/1/2013 2:52 PM PDT OTOH, he gave a wakeup call before truely malevolent worms came along. Not nice. He got his punishment. I wouldn't say he got off easy. Like 3 truthoutandunder 11/5/2013 12:54 PM PST Yes, he did. His dad was the head of the NSA. Had this been any one else, he would be behind bars; pay attention to Operation Sundevil? Like Wiggan 11/1/2013 11:22 AM PDT Interesting piece. It is sad how Morris is in the museum, and those who cleaned up the mess he made are not. Wonder if any security software companies release viruses to drum up business... LikeShare 2 rlj611
11/1/2013 10:56 AM PDT Nice article but it still amazes me how we trivialize certain crimes. What he did was wrong and he should have been punished I don't care how 'bored' he was. We were all for 3 strikes and it didn’t matter what the 1st, 2nd or 3rd strike was – we wanted to teach society a lesson. Well that didn’t work anymore than the death penalty or life sentences – people are going to do what they want to do. White collar criminals are seen as not as 'criminal' or 'didn't intend harm' but they are criminals - they break the law and let's stop pretending it's different. LikeShare 4 InfoSecGeek 11/4/2013 2:09 PM PST let's stop pretending all crimes are the same. beating and killing people is not the same as white collar crime. Ruining individuals financially is not the same as infecting their computer with a worm (although if the latter is a means to the former end it becomes part of the same severity, but if it's just used to spam herbal vaigra ads that's not the same). so don't get confused. it's either three strikes or it's not, make up your mind. Like 1 fgoodwin 11/1/2013 10:28 AM PDT Maybe the punishment for Morris didn't suit the crime. But I think it's obvious from the number of people who currently write malware that current punishments serve as no deterrent. Given the virulence of some of the malware that's out there, I wish the punishment was much more severe. LikeShare 1 cheesechoker 11/2/2013 12:32 PM PDT Either current punishments are not harsh enough, as you say, or… deterrence simply does not work. When you consider that computer crimes can carry decades-long sentences, even for minor "unauthorized entry" type offences, or even (ugh) copyright violations, it should be clear that the punishments are more than adequate. They just don't have the intended effect. Like mcope 11/1/2013 10:10 AM PDT Nice account. It amazes me how long ago everything occurred! One interesting footnote: I believe there's a story of an investigator who received an anonymous call a former roommate of Morris'. The roommate slipped up and called Morris by his initials "RTM." It didn't take long for the investigator to search the Harvard student directory and come up with Robert Tappan Morris.
