Morris was a talented computer scientist who had graduated from
Harvard in June 1988. He had grown up immersed in computers thanks to
his father, who was an early innovator at Bell Labs. At Harvard, Morris
was known for his technological prowess, especially in Unix; he was also
known as a prankster. After being accepted into Cornell that August, he
began developing a program that could spread slowly and secretly across
the Internet. To cover his tracks, he released it by hacking into an
MIT computer from his Cornell terminal in Ithaca, New York.
the incident became public, the FBI launched an investigation. Agents
quickly confirmed that Morris was behind the attack and began
interviewing him and his associates and decrypting his computer files,
which yielded plenty of incriminating evidence.
But had Morris
broken federal law? Turns out, he had. In 1986, Congress had passed the
Computer Fraud and Abuse Act, outlawing unauthorized access to protected
computers. Prosecutors indicted Morris in 1989. The following year, a
jury found him guilty, making him the first person convicted under the
1986 law. Morris, however, was spared jail time, instead receiving a
fine, probation, and an order to complete 400 hours of community
The episode had a huge impact on a nation just coming to
grips with how important—and vulnerable—computers had become. The idea
of cybersecurity became something computer users began to take more
seriously. Just days after the attack, for example, the country’s first
computer emergency response team was created in Pittsburgh at the
direction of the Department of Defense. Developers also began creating
much-needed computer intrusion detection software.
At the same
time, the Morris Worm inspired a new generation of hackers and a wave of
Internet-driven assaults that continue to plague our digital systems to
this day. Whether accidental or not, the first Internet attack 30 years
ago was a wake-up call for the country and the cyber age to come.