Revenge of the nerds; the real problem with computer viruses isn't genius programmers, it's careless ones

Washington Monthly, Jan, 1989 by Nicholas Martin

Nicholas Martin is the production manager of The Washington Monthly.

The real problem with computer viruses isn't genius programmers, it's careless ones

It was with admiration rarely applied to saboteurs that the media presented us Robert T. Morris Jr., the 23-year-old "whiz" who brought the 60,000-computer Advanced Research Projects Agency network (Arpanet) to a halt in November. Time called Morris's creation "one of the most sophisticated and infectious computer viruses the world has yet seen." The New York Times referred to Morris's virus as a "programming tour de force," and quoted, without comment, one Harvard graduate student's analogy that"It's as if Mathias Rust had not just flown into Red Square, but built himself a stealth bomber by hand and then flown into Red Square."

Morris fit-or was made to fit-the image of the Diabolical Supergenius Computer Nerd: Glasses. Frequent late-night sessions with the computer terminal. Slightly crazed look. He probably learned to read at age three and was doing calculus in seventh grade. His teachers all called him "brilliant," but bored with normal adolescent preoccupations and unchallenged by school work, he was drawn to the one deed that required all of his staggering intellectual prowess: breaking into the most powerful computer system on earth. Or something like that. In the movies we usually end up at DefCon Two.

Of course, many people in the computer business only helped encourage the notion that it took a one-in-a-million genius to pick this lock. A group of programmers working to counteract Morris's program told the Times they were "impressed with its power and cleverness." But then again, they would look sort of silly being outsmarted by your generic computer-literate 23-year-old.

In fact, a great deal of what Morris did was frighteningly simple. As Eugene Spafford, a Purdue computer science professor, wrote in a recent technical report on Morris's program, "The [program] was apparently. . .done by someone clever but not particularly gifted. In general, [it] is not that impressive and its 'success' was probably due to a large amount of luck rather than any programming skills possessed by the author." Morris didn't pick the lock to the Arpanet computers, so much as find the key someone had left under the mat. Or as it turned out, on top of it.

The key on the mat

The computers Morris invaded were part of the Arpanet, an international grid of telephone lines, buried cables, and satellite hookups established by the Department of Defense in 1969. It connects 60,000 computers owned by universities, private research companies, and the federal government. Users routinely share information on topics as diverse as the Strategic Defense Initiative (unclassified material only), Shakespeare, and-yes, some parts of the computer hacker stereotype are true-recent episodes of Star Trek. It's much like when the rest of us mail letters-except that the network's split-second speed definitely beats the U.S. Postal Service.

On the evening of November 2, Morris used his terminal at Cornell University to introduce a computer program into a Massachussetts Institute of Technology computer. (He apparently chose MIT to throw detectives off his trail.) The key to his success was finding a security flaw in "Berkeley Unix," the "operating system" or basic software, used by many of the network's computers. Morris's program-a "worm" as computer cops call this type of program-didn't exactly defeat the security systems on the 6,000 Arpanet computers it infected (about 10 percent of the computers on the network); it just ignored them.

His program made use of a simpl "mail" service, a convenience provided with most operating systems that allows one user to send a message to another. (In Los Angeles, Rodgers types in his idea for a new musical, and whoosh, off it goes to Hammerstein in Manhattan.) The Unix package came with such a program called "Sendmail." But computer programmers are as fond of optional extras as car buyers, and in this case the options made it just a bit too user friendly. Eric Allman, the Berkeley graduate student who wrote Sendmail, included a feature so people could mail messages not just to other people but also to other computer programs. All Morris did was to notice that if you could send a message (which is simply a collection of letters, numbers, and punctuation) to a program, then you could send a second program (which is also just letters, numbers, and punctuation) to the first program. From there it was simply a matter of Morris sending his instructions forth to be fruitful and multiply.

There are many different types of programs. Some make calculations, some organize data-and some start up or give birth to other programs. By mailing his worm to one of these surrogate mother programs, Morris ensured that it would get copied and sent forth to infect other computers. His program still couldn't delete other people's files-not at this stage anyway-but it enabled him to run a program on someone else's computer, something Unix security systems were supposed to control. Once there, Morris's program let loose with all sorts of requests: it searched the system for other computers to call up and infect; it broke into higher security areas; and it sent an announcement of its "birth" to a computer in Berkeley (apparently another effort to shake off computer detectives). After a while, the programs demanded so much time and memory from the computers that the computers broke down, or, in the jargon, "crashed."