The World's First Cyber Crime: The Morris Worm [KERNEL PANIC]

(techno music) – [Lacey] The computer was designed to make life easier Complicated tasks could be accomplished more efficiently Information could be shared more quickly It was a step toward a brighter future, one that had endless possibilities Many early developers believed that the computer was a first step toward a kind of utopia (reporters shouting) – You do have control and complete control over this information? – Well, Senator, this is how the service works – When he goes on Twitter and he starts bringing in my in-laws, my parents, my wife, what does he think is gonna happen? – Well, WikiLeaks will continue People will be astonished at these revelations, the fact that confidential, private data has been collected (bat tapping) – [Lacey] But underneath the foundation of that utopia were cracks – A man’s voice announced that North Korea had launched three intercontinental ballistic missiles and it was coming out of our Nest camera – This privacy problem and propaganda problem is too big for Facebook to fix and then we’ve got a real problem – [Lacey] Cracks that grew and grew until finally the foundation (hooves clomping) could no longer hold The perfect world of computers fell apart (whistle blowing) The cause of this change? A new kind of program A productivity tool built to move from computer to computer, a computer worm Inadvertently, the worm exposed inherent vulnerabilities in computer networks (button clicking) (fan whirring) (static flickering) To understand we have to return to the beginning – The computer environment in the ’70s was really in a state of transition We were raised on large mainframe computers from typically IBM with punch cards for the programs You fed it in and it was batch mode You waited for your printout – The only networking for most people was to take the floppy disk out and walk over and put it in another machine, what they used to call sneaker data – You’re working on something at MIT and you want to collaborate with someone in California, you have to take all of your punch cards or your tape or whatever and physically move it – The real problem that we found was that the communications was inadequate – Computer networks were not only needed but were valuable and they are gradually coming into fruition – [Lacey] In the 1970s, computers were learning to talk to each other The new interconnectivity meant that a computer was no longer just the sum of its parts, that it could work in concert with other machines across the world sharing their resources and distributing their workload – As soon as the network began working we really had a nationwide resource complex – [Lacey] Programmers everywhere experimented with the new networks Some of the most innovative work was done at Xerox’s Palo Alto research and development facility called PARC – [John S.] What was built at Xerox PARC was a really the whole notion of individual machines tied together with a high-speed network Almost every problem was a new problem – Good morning – Good morning – Good morning, Mr. Horace – [Announcer] You come into your office, grab a cup of coffee– – Morning, Fred – [Announcer] And a Xerox machine presents your morning mail on a screen – What’s the mail this morning? (keys typing) – [John S.] I think we knew we were at a point where there was a change in paradigm in the model of computing – [Announcer] This is an experimental office system It’s in use now at the Xerox research center in Palo Alto, California (keys typing) Soon Xerox systems like this will help you manage your most precious resource, information – That point there was already a rich science fiction literature warning us of what this world would look like – [Marc] Was a book in 1975, The Shockwave Rider He made a big deal out of worms and phages and how they would spread and take over the system – A worm is a word that was used to describe computer programs that move from one machine to another, computer programs that were designed to span machine boundaries – I should be clear one thing A virus is a program that when you run it, it makes a copy of itself somehow Worm doesn’t require you to run it A worm takes care of its own replication which, it’s a little more alarming – We did a particular amount of work in this area in the late 1970s at Xerox – Xerox PARC of course had done these experiments with programs that could propel themselves through the first experimental computer networks – [Announcer] What’s needed is not a new system but a new concept, a way to take the office as it is

and make it something it has never been, an interactive network This is the ethernet cable – I was actually doing work on measuring the performance of an ethernet So we had an ethernet with 100 machines and we wanted to load up programs to be on the ethernet and see what the performance would be So we sat down and said, “Well, we’re gonna design something different “We’re gonna find a way to go out through the network “We’re gonna find and get ahold of other machines “We will download, reach into them, download programs, “turn around and have them be on the network “and when we’re done, collect back the data “from the distributed computation.” Well, we had our first mistake one night when we had left the worm running to do a test And we came back the next morning and many of the machines in the building were dead What we think happened, we don’t know for sure, is that somewhere along the way the code got corrupted so it was crashing but a piece of the worm was hidden in some office but we don’t know where they are You don’t know whose machine you grab So they came in and you would boot the machine and it would start to boot up and it would get seized by the worm And the worm would crash and they’d lose their machine So they’d push the boot button It would boot up again It would start again The worm would grab it and crash the machine Oh, that wasn’t quite what we intended That sort of went awry And we picked up the name worm which came from the book, Shockwave Rider And by the way, it’s a wonderful piece of fiction The worm has run rampant and we can’t stop it and it’s the biggest thing that’s ever been let loose We quote some of the stuff in the paper (techno music) We didn’t quite fully anticipate that that might become real I must confess, I did not have enough imagination to see that there were people, that people might be arrested for this (techno music) (techno music) – [John M.] All through the 1980s stuff was starting to happen – [Marc] It was the personal computer revolution – My cousins put me in front of a Commodore 64 and yeah, I was basically hooked from that point – This cool thing we were into, suddenly it’s starting to trickle out to the rest of the public – 20 goto 10 might have been my first programming – So I think Matt is a little toddler now He’s got his best years far head of it and I don’t think we’ve seen anything yet – It was kind of the era of experimentation It was us just gathered around like lone computer and two computers at school just kind of plucking away (spaceship firing) (video game beeping) (video game beeping) (motor whirring) – Isn’t it amazing? – [Marc] People’s understanding of computers then was really very abstract for a lot of people – They’ve been so, they’re some kind of magic, mysterious, (bomb exploding) it’ll-do-everything kind of machine – [Marc] But they knew that big things depended on them, banking and security and nuclear weapons – [George Bush] Let us turn to the very strengths in technology that spawned our great industrial base – [John M.] There was the dark side of the force There were these big military companies (woman yelling) – Failure! (bomb exploding) (audience clapping) – [John M.] Then there was the light side of the force We have these kids playing with microprocessors and it was just more fun – Artist, and I think hardware should be free (audience laughing and clapping) – [Jeffrey] It was a very tight-knit group It was a strong community (keys typing) – For sort of middle-class kids who were growing up in the suburbs and they’re sort of bright science and math students, you know, the idea that you could be upstairs in your parents’ bedroom and basically be inside a machine half a world away is really quite a remarkable thing They were there because it was the most interesting thing around – [Neil] But there were events that were becoming problematic (electronics clicking) – [Interviewer] Are you afraid of espionage or sabotage? – We’re afraid of both We were also aware that subversive groups are funds The funds are in electronic databanks – You left the office when you’re done That was security at that time Turn it off when you’re done and lock the office door From my point of view people probably should have been worrying – We remember that the world of tomorrow is not going to be like the past and the networks we move into are going to be threatened by the KGB, the CIA, Sears Roebuck, so it’s up to the entire public to defend itself, to look to the extension of freedom of privacy,

freedom of information, freedom of association and all the things that have made America great in this strange, new, and dark network world – [Neil] The more connected we became the more vulnerable we were to threats that could travel the world overnight (techno music) – [Fahmida] There was weird log messages showing up in their sendmail log that computers slow down – [Lacey] On Wednesday, November 2, 1988, Internet-connected computers began to fail across the country – Once it’s launched it kind of goes on and on University, the military, defense, they were all suddenly saying wait a minute I can’t check my email because my computer can’t do anything else – There was alarm because we didn’t know what was going on There was some concern that this might be some kind of a military attack on the United States – And it just got to the point where administrators were like we have to shut down these computer At NASA, they had to physically unplug every computer – [Spencer] Surviving on soft drinks and junk food they battled the virus through the night of November 2 and into the next day – It was sort of a bunker mentality in that you were sitting here and very much felt like you were under attack To some degree we were kind of scared because we didn’t know In the next five minutes it could suddenly turn nasty and start removing users’ files – The Internet had just been created the previous year and so nobody really knew what it was – [Lacey] By the weekend the worst of it had passed – [Fahmida] Berkeley was able to release a patch within 24 hours – [Lacey] But people were scared – [Fahmida] The GAO had estimates of anywhere between $100,000 to a million dollars in damages – It’s possible, maybe even probable that we’ll see another attack reasonably soon, maybe now. (laughs) – The day after the worm was first reported somebody called the New York Times and said they knew the worm’s author and they wanted to know what kind of trouble he was in I had no idea because nobody had been convicted so I had no answer for him And then he made a mistake He referred to the author as RTM I knew about finger which was a directory program and back came the name Robert Tappan Morris Then I was sitting there puzzling over what to do It was three o’clock My deadline was coming up and a source I’d called the day before called me back calling from National Security Agency And we had this back and forth and I began to realize that he knew a lot more about what had happened than I knew Finally I said, “I think the author “was Robert Tappan Morris,” and he said, “You’re correct.” And I was about to get off the phone and I stopped and I said, “It’s kind of strange “Your name and his name are the same.” He said, “That’s not much strange “That’s my son.” Robert was a member of this insular, elite computer community His dad was a cryptographer and a mathematician who built the Unix operating system which would have this great impact on the world I mean if you use an iPhone today you’re still using the Unix operating system Robert grew up inside that world He was given access to these machines at a young age and became fascinated with them – The Morris worm, named after Robert Morris, was a project Robert Morris designed this worm to find out just how big their budding network was – He said later that he did not intend it to actually be a problem It was meant to be more investigatory and I believe to figure out the size of the network – [Fahmida] The worm would first look for other computer And then once it found a user it knew a bunch of random password and it would just try to see hey, can I use this to try to log in? And once it logged in it would then use sendmail to kind of copy itself – [Marc] Designed to reproduce itself automatically on each machine – [Neil] It didn’t require any user interaction – It was a program that would have moved from computer to computer and network and just lived Nobody would have noticed it – [Marc] If he had just had it stop every time the computer said yes, there’s already a copy – Unfortunately, Robert was too smart for his own good and he’d spent too much time with his father and he was gaming out how someone who was thinking about securing a computer would defeat his worm – [Neil] He could set it up so that a computer that already had been affected would set a flag and it wouldn’t infect that one again But if he did that people could interfere with him by proactively sending a flag on all their computers – [Marc] So he put in some sort of automatic mechanism that it would copy itself in any case every n number of times – And so the question was what’s n?

How many, how often should I come? And Robert just picked the wrong number – One time in seven it would ignore the flag He thought yeah, that should do it But it turned out that wasn’t nearly enough to keep it from flooding the network with these copies – 15 different copies of the exact same program trying to do the same thing and simply put the computer just ran out of memory – If he’d picked 7,000 or seven million no one would have ever noticed It was absolutely The Sorcerer’s Apprentice – They apparently got surprised at how quickly it spread I’m not surprised that worms can spread very quickly Computers are very fast – I think some of the surprise was how big the Internet had gotten Wow, there are machines connected to the Internet everywhere – [John M.] Because Robert Tappan Morris’s father, Robert Morris, was the chief scientist of the National Security it made a much better story (techno music) – [Lacey] On July 26, 1989, Robert Tappan Morris was indicted for accessing computers without permission – Robert Morris, Jr., the Cornell graduate student suspected of causing last week’s massive computer virus across the country made a brief appearance outside his parents’ Maryland home today Accompanied by his father, one of the country’s top computer security experts, the 23-year-old Morris did not admit responsibility for creating the virus Instead, he was deeply upset about the incident He said the whole episode has been– – [Neil] They really stood together as a family There are these great pictures of the family going to the courthouse with their son who’s dressed up in a coat and tie with long hair But his dad looked like a total, you know, you would have seen him in North Beach in the ’50s is what his dad looked like He looked like a beatnik – [Marc] The government arrested and tried and convicted Morris for the damage – [Neil] He was not sentenced to jail but he served community service and he paid a fine The Morris worm introduced America to the power both for bad and for good of computer networking – [Lacey] Today the original floppy disks of the Morris worm are on exhibit at the Computer History Museum in Mountian View, California – The reason that we remember the Morris worm and we have picture of Morris downstairs in the networking gallery along with a copy of The Shockwave Rider, it was the first one to actually get out there, do real damage to something that was not just within a company like at the PARC In the public imagination this showed that there is this vulnerability These systems really are weak and that scared people – People became less naive and idealistic about the Internet The Morris worm helped people grow up a little bit – So the legacy of the Morris worm is actually fantastic It brought attention to the need for cybersecurity It legitimized groups that were already saying hey, hey, we need to protect this network – In a sense it kind of created the cybersecurity industry in its modern form – [Fahmida] The Computer Emergency Response Team I mean that’s a direct result of what happened with the Morris worm – But at the same time the legacy of the worm is lessons that we didn’t learn I mean the outlines of everything that we’re worrying about today were right there in 1988 – We had no sense that there were any particular dangers lurking out there and I think we may have lost that a little bit – When we were at Xerox 40 years ago or more going on 50 years the notion of high-performance workstations, graphical user interfaces, editors, mail, I think we saw that pretty well We had the imagination to know that there ought to be some great things you could do with this underlying technology I don’t think I fantasized at the time how they could be abused and misused – The originators just, they couldn’t imagine that somebody would misuse this wonderful thing They were very trusting – They had a goal, and that goal was to share information really quickly They knew there weren’t gonna be a lot of people on that network so it didn’t matter And they knew that everyone’s going to be an expert and that there were going to be controls put into who could access it at the time The network that they built does make sense for that But if we were to rebuild it and we were able to use our modern understanding of technology and information sharing we could build in more safeguards – The ARPANET was built as a research network The Internet was originally built as a research network with Pentagon funding as well They were both designed not for the commercial world they came to support And you could argue that if you’d built security in at the beginning it never would have had the commercial success it had – [Max] We continue to see the same kind of attack vector broadly used today

It’s absolutely a precursor of what was to come – Malware coding is business now They can steal your credit card number and sell it They can put ransomware on your system Cut out the middleman Give me money right now or your files are gone – Every computer is connected to every other computer in the world And oh, by the way, they’re connected to all the banks and every secret in the world and there’s no penalty for attacking them You were just asking for what’s emerged I left the computer security beat largely because I did not see any positive direction It got worse every year and in 2012 or 2013 I walked away and of course then it became a nation-state issue after I left We did not see that these networks go in both directions, that they’re two-way streets and that it would be instrumental in undermining democracies all over the world as a technology We missed that but it should have been obvious to us and so shame on people like me who read lots of science fiction and knew how dark the cyberpunk world was – [Lacey] The Morris worm was the first crack in the foundation upon which the digital utopia was built The developers of the computer sought to create an easier world Instead, they built a vastly more complicated one (ominous music)