|If you haven't read or watched the news, various log files have named the responsible person as Robert Morris Jr., a 23-year old doctoral student at Cornell. His father is head of the National Computer Security Center, the NSA's public effort in computer security, and has lectured widely on security aspects of UNIX.
Associates of the student claim the worm was a 'mistake' - that he intended to unleash it but it was not supposed to move to quickly or spread so much. His goal (from what I understand) was to have a program 'live' within the Internet. If the reports that he intended it to spread slowly are true, then it's possible that the bytes sent to ernie.berkeley.edu were intended to monitor the spread of the worm. Some news reports mentioned that he panicked when, via some "monitoring mechanism" he saw how fast it had propagated.
A source inside DEC reports that although the worm didn't make much progress there, it was sighted on several machines that wouldn't be on its normal propagation path, i.e. not gateways and not on the same subnet. These machines are not reachable from the outside. Morris was a summer intern at DEC in '87. He might have included names or addresses he remembered as targets for infesting hidden internal networks. Most of the DEC machines in question belong to the group he worked in.
The final word has not been written - I don't think the FBI have even met with this guy yet. It will be interesting to see what happens.
Article on the internet worm
AL FASOLDT is a technology writer (syndicated newspaper columnist) and audio writer (Fanfare Magazine), newspaper editor in Syracuse, NY (the daily Herald Journal), poet, bicyclist,computerist
|who loves simple programming: a fan of the Atari ST and no fan at all of MS-DOS computers; 2 grown children.
"Let's start things off with some thoughts on who is really responsible here." This is an article I wrote for distribution this coming week.
AThis can be reproduced in electronic form as long as the text is not altered and this note remains on top. Distributed by the Technofile BBS.
By Al Fasoldt
There's an untold story in the furor over the electronic virus that infected 6,000 mainframe computers across the country earlier this month.
Left out of the many accounts of the prank pulled by a Cornell graduate student is something that could be the single most important issue of computer networking in the next decade.
It is put most simply in the form of a question: Who is in charge of our mainframe computer networks?
In more complete terms, it can be stated this way: Are we placing too much trust in the systems managers who run our nation's medium- and large-size computer systems?
I am posing this question for a practical reason, not a theoretical one. Lost in the furor over the mass electronic break-in is the fact that it could have been prevented - if the people in charge of the computers had been doing their job.
The hacker, Robert Morris, exploited a weakness in the operating system of these computer systems. The weakness was known to the operating system's designers, and the company that supplies the operating system had long ago sent notices to all its customers explaining how to patch the operating system to fix the weakness.