There was more to the 1980s than neon green leg warmers and Madonna. Although it was the decade that saw the rise of the break dance move known as the Worm, it was a different worm that earned its place in cyber history. On November 2, 1988, Cornell University graduate student Robert T. Morris, Jr. released what became known as the Morris Worm—the first computer worm that spread via the Internet (or ARPAnet, as it was then known). Known as The Great Worm, the Morris Worm shows what can happen when curiosity meets technology.
Reaching more than 2,000 computers within 15 hours, the Morris Worm slowed network-connected government and university computers until they were unusable. Although Morris claimed he wrote the worm simply to discover how large the nascent Internet had become, the havoc caused by the worm resulted in immense time, effort, psychological, and monetary harm. Systems had to be disconnected from the network to decontaminate and ensure they weren’t going to continue to infect other systems. At the time, this process often meant computers were down for as long as 2 days.
The U.S. Government Accountability Office estimated the cost of damage between $100,000 and $10,000,000. As a result, Morris became the first person convicted for a felony under the 1986 Computer Fraud and Abuse Act. He was dismissed from Cornell, sentenced to 3 years of probation and 400 hours of community service, and ordered to pay $10,050 in restitution. As of 2013, he was working as a professor at the Massachusetts Institute of Technology (MIT).
Revisiting the 1980s isn’t just digging up the past. The Morris Worm provides an opportunity to learn from previous cyber attacks to better secure your business now and into the future. A tool that organizations didn’t have at their disposal in the 80s has become a necessity for proactively protecting your systems: penetration testing. Through a range of tests—from network and wireless penetration tests to web application and social engineering tests—penetration testing lets you safely identify gaps in your security that leave you vulnerable to viruses, worms, and malware of all sorts. This approach helps determine whether your systems could withstand an attack and gives you insight into how to shore up your cyber security stance.