Morris worm

Study Guide

Overview of the Robert Morris Case

The Internet Worm

  • Exploited weaknesses that network administrators should have already been aware of.
  • The lessons of the worm.
    • There are those that suggest thanking Morris for his actions provided a serious wake up call to system administrators around the country.
    • Worm exploited previously known bugs.
    • Worm discovered serveral new security issues, like password files being kept in public directories, networks with diverse computers have a lesser chance of incapacitance, etc.
  • RFC 1135- search on '2.'
    • Another group argues that the worm was deliberately released to blatantly point out security defects to a community that was aware of the problems, but were complacent about fixing them.
    • Media stated that the author of the worm did the computer community a favor by exposing the security flaws...
  • Cornell Commision's Findings.
    • Although such security flaws may not be known to the public at large, their existence is accepted by those who make use of UNIX. It is no act of genious or heroism to exploit such weaknesses.
  • The biggest hole was the debug option, which has been well-known for about 15 years.

Was harm intended?

  • Crisis and Aftermath.
    • Program contained no code to explicitly damage the system it ran on.
    • Program had no mechanism to halt the spread of the worm.
    • It does not seem that the worm was started by accident or not intended to propagate widely.

Should Robert Morris be treated lightly since he did not intend physical damage?

  • Cornell publishes its findings.
    • Morris made only minimal efforts to halt the worm once it propagated.
    • Sentiment among the computer science community appears to favor strong disciplinary meacures for perpetrators of acts of this kind.
    • Such disciplinary measures, however, should not be so stern as to damage permanently the perpetrator's career.

Should Morris be punished at all?

  • Crisis and Aftermath.
    • Author should be rewarded and the vendors and operators of the affected machines should be the ones punished.

What ethical and goverment laws did he break?

  • Computer Fraud and Abuse Act.
    • knowingly accesses a computer without authorization or exceeds authorized access.
    • causes loss to one or more others of a value aggregatin $1,000 or more.
  • Cornell's policies.
    • Policy for the "Use of the Research Computing Facility" prohibits "use of its computer facilities for browsing through private computer files, decrypting encrypted material, or obtaining unauthorized user privleges." All three aspects of this policy were violated by Morris.
  • RFC 1135- search on '3.2'
    • NSF issued an ethical network use statement. DNCRI DAP defines unethical any activity which purposefully or through negligence:
      • disrupts the intended use of the networks
      • wastes resources through such actions (people, bandwidth or computer)
      • destroys the integrity of computer-based information
      • compromises the privacy of users
      • consumes unplanned resources for control and eradication
  • NY computer laws and the Internet Worm.
    • N.Y. law states that unauthorized use of a computer is a class A misdemeanor.
    • Computer trespass is a class E felony.
    • The worm was released and designed to gain access to material (host lists) for propagation of the worm.

Should the source code for the worm be made available so that others can study it to protect against it?

  • RFC 1135- search on '3.4'
    • An effective way to correct known security flaws is to publish descriptions of the flaws so that they can be corrected. We threrefore view the effort to conceal technical descriptions of the recent virus as short-sighted.
  • Cornell comments on this:
    • Many members of the UNIX community are ambivalent about reporting security flaws in UNIX out of concern that knowledge of such flaws could be exploited before the flaws are fixed in all affected versions of UNIX.