THE BIRTH OF INCIDENT RESPONSE - THE STORY OF THE FIRST INTERNET WORM BY MARC R. MENNINGER
Merc Manninger asks and answers - When was the first Internet worm launched? What did it do? What happened to the author? (Hint: he became a multi-millionaire) The answers will surprise you!
Robert Tappan Morris was the first person convicted by a jury under the Computer Fraud and Abuse Act of 1986. The story of the worm he created and what happened to him after it was released is a tale of mistakes, infamy, and ultimately the financial and professional success of its author.
Morris was a 23-year-old graduate student at Cornell University in 1988 when he wrote the first Internet worm in 99 lines of C code. According to him, his worm was an experiment to gain access to as many machines as possible. Morris designed the worm to detect the existence of other copies of itself on infected machines and not reinfect those machines. Although he didn't appear to create the worm to be malicious by destroying files or damaging systems, according to comments in his source code he did design it to "break-in" to systems and "steal" passwords. Morris' worm worked by exploiting holes in the debug mode of the Unix sendmail program and in the finger daemon fingerd.
On November 2, 1988, Morris released his worm from MIT to disguise the fact that the author was a Cornell student. Unfortunately for Morris, his worm had a bug and the part that was supposed to not reinfect machines that already harbored the worm didn't work. So systems quickly became infested with dozens of copies of the worm, each trying to break into accounts and replicate more worms. With no free processor cycles, infected systems soon crashed or became completely unresponsive. Rebooting infected systems didn't help. Killing the worm processes by hand was futile because they just kept multiplying. The only solution was to disconnect the systems from the Internet and try to figure out how the worm worked.
Programmers at the University of Berkeley, MIT, and Purdue were actively disassembling copies of the worm. Meanwhile, once he realized the worm was out of control, Morris enlisted the help of a friend at Harvard to stop the contagion. Within a day, the Berkeley and Purdue teams had developed and distributed procedures to slow down the spread of the worm. Also, Morris and his friend sent an anonymous message from Harvard describing how to kill the worm and patch vulnerable systems. Of course, few were able to get the information from either the universities or Morris because they were disconnected from the Internet.
Eventually the word got out and the systems came back online. Within a few days things were mostly back to normal. It is estimated that the Morris worm infected more than 6,000 computers, which in 1988 represented one-tenth of the Internet. Although none of the infected systems were actually damaged and no data was lost, the costs in system downtime and man-hours were estimated at $15 million. Victims of the worm included computers at NASA, some military facilities, several major universities, and medical research facilities.
Writing a buggy worm and releasing it was Morris' second mistake. His first mistake was talking about his worm for months before he released it. The police found him without much effort, especially after he was named in the New York Times as the author.
The fact that his worm had gained unauthorized access to computers of "federal interest" sealed his fate, and in 1990 he was convicted of violating the Computer Fraud and Abuse Act (Title 18). He was sentenced to three years probation, 400 hours of community service, a fine of $10,500, and the costs of his supervision. Ironically, Morris' father, Robert Morris Sr., was a computer security expert with the National Security Agency at the time.
As a direct result of the Morris worm, the CERT Coordination Center (CERT/CC) was established by the Defense Advanced Research Projects Agency (DARPA) in November 1988 to "prevent and respond to such incidents in the future". The CERT/CC is now a major reporting center for Internet security problems.
After the incident, Morris was suspended from Cornell for acting irresponsibly according to a university board of inquiry. Later, Morris would obtain his Ph.D. from Harvard University for his work on modeling and controlling networks with large numbers of competing connections.
In 1995, Morris co-founded a startup called Viaweb with fellow Harvard Ph.D. Paul Graham. Viaweb was a web-based program that allowed users to build stores online. Interestingly, they wrote their code primarily in Lisp, an artificial intelligence language most commonly used at universities. Viaweb was a success, and in 1998, ten years after Morris released his infamous worm, Viaweb was bought by Yahoo! for $49 million. You can still see the application Morris and Graham developed in action as Yahoo! Shopping.
Robert Morris is currently an assistant professor at MIT (apparently they forgave him for launching his worm from their network) and a member of their Laboratory of Computer Science in the Parallel and Distributed Operating Systems group. He teaches a course on Operating System Engineering and has published numerous papers on advanced concepts in computer networking.
_____________________________________________________
Marc R. Menninger is a Certified Information Systems Security Professional (CISSP) and is the founder and site administrator for the OpenCSOProject, a knowledge base for security professionals. To download security policies, articles and presentations, click here: Security Officer Forums.
FREE SCAN - NOADWARE!
Click The Link or Image Above For More Information And To Download The Software.
**************************************************
FREE WEBMASTER DOWNLOADS - CLICK HERE
- Affiliate Program Links Management Spreadsheet
- Autoresponder Management Spreadsheet
- Autoresponder Broadcasts Management Spreadsheet
**************************************************
SPYWARE DEFINITION LIST BY GREGG GRESHAM
The list of adware and spyware definitions runs very long. But these definitions listed below are some of the most common ones. This is a glossary of spyware facts and terms so you'll know what these malicious programs can do to your computer.
Adware
Adware components install along with a shareware or freeware download. The adware developer creates revenue advertisements usually through pop up windows. Most adware components are actually installed with consent from the user. The reason this happens is because most people never bother to read the end-user license agreement that comes with software.
Spyware
Spyware is often installed bundled with freeware or shareware, much like adware. Spyware gathers and transmits sensitive and personal information about the user's behavior to an unknown party. The data is collected without the user even knowing it happened. By the time you discover it, the damage has been done and the hacker is long gone.
Browser Hijackers
Browser hijackers are innocently installed as helpful browser toolbars. They can alter your browser settings and can change your default home page to point to another site.
Trojan Horse Programs
Trojan horse programs sneak into your system and run without you realizing it like spyware. Programmers use these programs for any number of malicious uses and none of them you would approve of. But one good thing is Trojan horse programs do not make copies of themselves.
Tracking cookies
Tracking cookies are files with small amounts of data like passwords and settings. Tracking cookies can provide a benefit to you especially if you revisit web sites. But in the wrong hands, cookies are used to track your Internet behavior. This is done without your knowledge or consent and provides marketers with private information about you.
Keyloggers
Keyloggers are programs that run silently in the background, recording all your keystrokes. Once the keystrokes are logged, they can be retrieved later by the hacker using a remote keyloggers program. The hacker can get your passwords, credit card numbers and any other personal information on your computer.
Malware
The definition of malware is any malicious software or program that will harm your computer. Computer viruses, worms and Trojans are all considered malware, but several other types of programs may also be included under the term.
Password Cracker
A password cracker is simply a program used to decrypt a password or password file. Security administrators use password crackers for legitimate use by using them to improve system security. But you can only imagine the dangers when a hacker gets a program like this.
There are many other spyware definitions including scumware, annoyanceware, parasites and the list continues to grow daily.
MASTER TRADER E-BOOK
BECOME A MASTER TRADER - TRADE IN
ANY STOCK MARKET INTERNATIONALLY!
EINSTEIN OF FINANCE BIOGRAPHY:
READ THE STORY OF THE MAN MANY CALL THE "EINSTEIN OF FINANCE" (EXTRACT FROM THE BIOGRAPHY)
