On Nov. 2, 1988, I was working at NASA's Goddard Space Flight Center in the data communications branch. Everything was fine. Then, our internet servers running SunOS and VAX/BSD Unix slowed to a stop. It was a bad day.
We didn't know it yet, but we were fighting the Morris Internet Worm. Before the patch was out, 24 hours later, 10 percent of the internet was down, and the rest of the network had slowed to a crawl. We were not only facing the first major worm attack, we were seeing the first distributed denial-of-service (DDoS) attack.
Unlike the hundreds of thousands of hackers that would follow, Robert Tappan Morris, then a graduate student at Cornell, wasn't trying to "attack" the internet's computers. He thought his little experiment would spread far more slowly and not cause any real problems. He was wrong.
Well, that's what he said afterward. I'm also not at all certain that that was the case.
Consider, the Morris worm had three attack vectors: sendmail, fingerd, and rsh/rexec. It also used one of the now-classic attack methods: Stack overflow in its attack.
It was also one of the first attack programs to use what we'd call a dictionary attack with its list of popular passwords. The passwords and other strings hid in the Worm's binary by XORing, a simple encryption method.
Morris also tried to hide his tracks. He started the worm from a MIT computer. It hid its files by unlinking them after trying to infect as many other servers as possible.
Even without a malicious payload, the Worm did serious damage. Infected systems quickly did nothing but trying to spread the worm, thus slowing them down to a crawl. Some, most of them running SunOS, a Unix variant and the ancestor of Solaris, crashed under the load.
Also: Why hiring more cybersecurity pros may not lead to better security TechRepublic
In the meantime, Morris, who included code to keep the worm from spreading too fast, had realized he was no longer in control. Morris called a friend -- who subsequently said Morris "seemed preoccupied and appeared to believe that he had made a 'colossal' mistake.'"
He had indeed. Thanks to efforts led by Eugene "Spaf" Spafford, then an assistant professor of computer science at Purdue University and current editor-in-chief of Computers and Security, the Worm was conquered.
Before the Worm was finished, it successfully attacked about 6,000 of the 1988 internet's 60,000 servers. In the aftermath, DARPA created the first CERT/CC (Computer Emergency Response Team/Coordination Center) at Carnegie Mellon University to deal with future security attacks.
But the Worm's biggest legacy to date was that it started a wave after wave of computer and internet attacks. If Robert Morris hadn't done it, someone else would have. But, regardless, today we live in a world where a day doesn't go by without a serious attack.
These are 2018's biggest hacks, leaks, and data breaches
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
- Hackers are increasingly destroying logs to hide attacks
- How to defend against the internet's doomsday of DDoS attacks
- Cyber security: We need a better plan to deter hacker attacks says US