Morris worm

back to index

description: one of the first computer worms distributed over the Internet

18 results

pages: 523 words: 154,042

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
by Scott J. Shapiro

To see the limitations of cyberweapons, let’s return to the Morris Worm. The Morris Worm was a hyperspecialized program. It targeted only computers that contained distinctive hardware and software. The instructions Robert Morris Jr. encoded in his buffer overflow ran only on certain computers—in particular, on VAX and Sun machines. It was useless on those made by PDP, IBM, or Honeywell, which employed different instruction sets in their microprocessors. When hackers exploit the distinction between code and data, their exploits will work only on machines that run the same code. The Morris Worm was limited in other ways, too.

Whereas the vorms we’ve seen worked only on Windows machines, Mirai worked only on Linux devices, and only on those manufactured with default passwords. The failure to acknowledge the hyperspecialization of malware is long-standing. In 1988, Vesselin Bontchev objected to the Bulgarian news reports claiming that the Morris Worm could infect every computer on the planet. But if the malware like the Morris Worm is so hyperspecialized, why was the Morris Worm so disruptive? The answer is that the internet was in its infancy then, with few types of computers and few versions of operating systems. To use another biological metaphor, the early internet was akin to a “monoculture.” In the absence of genetic diversity, monocultures are at serious risk of devastating disease.

.: background and character of; CFAA and case against; Cornell University attendance and; criminal case against; father’s response to worm of; Graham friendship with; jurors in trial against; lawyer defending; post-trial career of; remorse of; trial testimony of; worm creation motivation of; see also Morris Worm Morris, Robert, Sr.; on Morris Worm creation; NSA job of; UNIX developments by Morris Worm; attack vectors; Bulgarian media on; computer community debates over; cybercrime debates and; cybersecurity actions after; duality principle exploitation with; FBI investigation of; Finger attack by; flaw in code; impact; lessons and increased security from; media coverage on; Melissa virus compared with; motivation for creating; origins; password discovery by; patch for and eradication of; programming of; reinfection rate of; SENDMAIL attack by; Sudduth warning email about Mosaic browser movies and television: artificial intelligence portrayal; Citizenfour (movie); cybersecurity early portrayals in; cyberwar themes in; The Imitation Game; The Matrix; Mr.

pages: 629 words: 142,393

The Future of the Internet: And How to Stop It
by Jonathan Zittrain
Published 27 May 2009

This made them both secure and sterile in comparison to generative machines hooked up to a generative network like the Internet. Contrary to CompuServe’s proprietary system, the Internet of 1988 had no control points where one could scan network traffic for telltale wormlike behaviors and then stop such traffic. Further, the Morris worm really was not perceived as a network problem, thanks to the intentional conceptual separation of network and endpoint. The Morris worm used the network to spread but did not attack it beyond slowing it down as the worm multiplied and continued to transmit itself. The worm’s targets were the network’s endpoints: the computers attached to it. The modularity that inspired the Internet’s design meant that computer programming enthusiasts could write software for computers without having to know anything about the network that would carry the resulting data, while network geeks could devise new protocols with a willful ignorance of what programs would run on the devices hooked up to it, and what data would result from them.

It could have remained installed for days or months, and it could have quietly performed a wide array of activities other than simply relaying a “present and accounted for” message to Morris’s designated home base to assist in his digital nose count. The university workstations of 1988 were generative: their users could write new code for them or install code written by others. The Morris worm was the first large-scale demonstration of a vulnerability of generativity: even in the custody of trained administrators, such machines could be commandeered and reprogrammed, and, if done skillfully, their users would probably not even notice. The opportunity for such quick reprogramming vastly expanded as these workstations were connected to the Internet and acquired the capacity to receive code from afar.

He apologized, and criminal prosecution for the act earned him three years of probation, four hundred hours of community service, and a $10,050 fine.22 His career was not ruined. Morris transferred from Cornell to Harvard, founded a dot-com startup with some friends in 1995, and sold it to Yahoo! in 1998 for $49 million.23 He finished his degree and is now a tenured professor at MIT24 As a postmortem to the Morris worm incident, the Internet Engineering Task Force, the far-flung, unincorporated group of engineers who work on Internet standards and who have defined its protocols through a series of formal “request for comments” documents, or RFCs, published informational RFC 1135, titled “The Helminthiasis of the Internet.”25 RFC 1135 was titled and written with whimsy, echoing reminiscences of the worm as a fun challenge.

pages: 568 words: 164,014

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat
by John P. Carlin and Garrett M. Graff
Published 15 Oct 2018

“He didn’t know there was even a law to violate—and he certainly wasn’t aware of the computer crime statute in particular,” one account of the incident recalled.51 The Morris Worm wasn’t the first program to do damage online; in 1987, at Lehigh University, the first destructive computer virus had been loosed on its network, but engineers were quick to contain it and it never left the campus, and just weeks before Morris’s experiment ran amok, Time magazine had featured “computer viruses” in a goofy-looking cover story with cartoonish bugs crawling all over a desktop monitor. Yet the Morris Worm was something different—a national digital watershed, not least because it was the first time the word Internet was ever used in the New York Times.

Inadvertently, the FBI paid Popov, who was already back in Ukraine, $10,000 to try to recapture the information, without realizing that their informant was actually one of the people who perpetrated the hack.108* The rising insecurity of the digital world was on display as authorities struggled in 2003 and 2004 against the rise of damaging computer viruses—known as SoBig and Bagle, each version more virulent and effective than the last, the latest iterations of the threat made famous by the Morris Worm 15 years earlier. In its first two days in the wild in August 2003, SoBig caused an estimated $50 million in damages in the United States, interrupted operations at Air Canada, and crippled computers at Lockheed Martin. “Bagle had the distinction of being the first truly commercial virus,” Joseph Menn wrote in Fatal System Error.109 Viruses and worms obviously weren’t new; the Morris Worm and the Melissa virus in 1999 had marked the arrival of mass-market computer infections, but whereas in both of those cases the inventors were arrested and sentenced, the minds behind SoBig and Bagle remained stubbornly at large.

Even more recently, we’ve seen that it’s possible for highly capable individuals to manufacture and deploy chemical and biological weapons. Online, the situation is even more fraught. Today, weapons of mass destruction can be deployed online by individuals even accidentally—the first “internet virus,” the Morris Worm, was unleashed by a graduate student who didn’t understand the destruction his program would cause. Terror groups, hacktivist groups such as Anonymous, and “patriotic hackers” can today unleash tools and disruptions online that a few decades ago would have been the sole capability of the world’s most powerful nations.

pages: 326 words: 103,170

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks
by Joshua Cooper Ramo
Published 16 May 2016

What drew his attention was that fabulous, unbelievable record of the Morris worm: 400 billion computations each second. “The features that make computer viruses a serious threat to computer integrity,” he wrote, “can also make them a powerful mechanism.” This optimistic gloss triggered a furious response. Eugene Spafford, also a well-regarded computer researcher, fired back: “For someone of Dr. Cohen’s reputation within the field to actually promote the uncontrolled writing of any kind of virus, even with his stated stipulations, is to act irresponsibly and immorally.” So here, then, is a line of sorts. The Morris worm, an example of really massive connection and interaction and speed, is a model for the world we live in now.

So, a few hours after Morris released his code, unwarned and unprepared, the Internet nearly froze. On November 2 and 3, 1988, machines around the United States were shut off, cables were pulled out of walls, and systems were wiped and restarted in a race to stop the robotlike spread of the disease and then to finally kill it off. The Morris worm was, on those fall 1988 days, acting out a sober-minded insight of the famed biological historian Alfred Crosby: “The nineteenth century was followed by the twentieth century, which was followed by the… nineteenth century.” Crosby meant that our age of topological connection had delivered us, again, into an age of infection.

But—and this is why we care about it here—by the time it reached “peak infection,” the worm was also doing something else. It had infected tens of thousands of machines, which were all cranking away in unintended harmony. During the forty-eight hours of its brief and unforgettable life, it was later calculated, the Morris worm had become the most powerful parallel computer in history. At its peak, it managed to achieve a processing speed of 400 billion operations per second—about twice the speed of the most expensive supercomputers of the day. Like any unexpected epidemic, the worm became a social, cultural, and technological milestone.

pages: 383 words: 105,021

Dark Territory: The Secret History of Cyber War
by Fred Kaplan
Published 1 Mar 2016

The first nightmare case occurred on November 2, 1988, when, over a period of fifteen hours, as many as six thousand UNIX computers—about one tenth of all the computers on the Net, including those at Wright-Patterson Air Force Base, the Army Ballistic Research Lab, and several NASA facilities—went dead and stayed dead, incurably infected from some outside source. It came to be called the “Morris Worm,” named after its perpetrator, a Cornell University grad student named Robert T. Morris Jr. (To the embarrassment of Fort Meade, he turned out to be the son of Robert Morris Sr., chief scientist of the NSA Computer Security Center. It was the CSC that traced the worm to its culprit.) Morris had meant no harm.

But he committed a serious mistake: the worm interrogated several machines repeatedly (he hadn’t programmed it to stop once it received an answer), overloading and crashing the systems. In the worm’s wake, many computer scientists and a few officials drew a frightening lesson: Morris had shown just how easy it was to bring the system down; had that been his intent, he could have wreaked much greater damage still. As a result of the Morris Worm, a few mathematicians developed programs to detect intruders, but these programs were designed to protect individual computers. Todd Heberlein’s innovation was designing intrusion-detection software to be installed on an open network, to which any number of computers might be connected. And his software worked on several levels.

The lab’s managers reached out to Karl Levitt, a computer science professor at UC Davis. Levitt brought in his star student, Todd Heberlein. By 1990, the Air Force Cryptology Support Center (which, a few years later, became part of the Air Force Information Warfare Center) was upgrading its intrusion-detection system. After the Morris Worm, the tech specialists started installing “host-based attack-detection” systems, the favored method of the day, which could protect a single computer; but they were quickly deemed inadequate. Some of the specialists had read about Heberlein’s Network Security Monitoring software, and they commissioned him to adapt it to the center’s needs.

pages: 470 words: 144,455

Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
Published 1 Jan 2000

Two, the same rush to market means that some companies are pushing software on the populace before fixing the long list of bugs that they have already identified. (And while they fix bugs found in beta, they don’t do a second beta cycle to test the fixed code.) ATTACKS ON FAULTY CODE Most of the computer security problems we see are the result of faulty code. Here are some examples: • In 1988, the Morris worm used a bug in the UNIX fingered program to gain root access to computers running the program. This is a buffer overflow, explained in the next section. • In 1999, someone discovered a bug in a Hotmail CGI script that allowed one user to access the e-mail account of another user. This kind of flaw was discussed in Chapter 10.

If the computer asks a user for an 8-character password and receives a 200-character password, those extra characters may overwrite some other area in memory. (They’re not supposed to—that’s the bug.) If it is just the right area of memory, and we overwrite it with just the right characters, we can change a “deny connection” instruction to an “allow access” command or even get our own code executed. The Morris worm is probably the most famous overflow-bug exploit. It exploited a buffer overflow in the UNIX fingered program. It’s supposed to be a benign program, returning the identity of a user to whomever asks. This program accepted as input a variable that is supposed to contain the identity of the user.

(Of course he can always try to commit a crime using the vulnerability, but let’s assume that he is an honest bloke.) The practice of telling the world is known as full disclosure, and it has become popular over the past several years. And it is the subject of a violent debate. But first a soupçon of history. In 1988, after the Morris worm illustrated how susceptible the Internet is to attack, the Defense Advanced Research Projects Agency (DARPA) funded a group that was supposed to coordinate security response, increase security awareness, and generally do good things. The group is known as CERT—more formally, the Computer Emergency Response Team—and its response center is in Pittsburgh at Carnegie Mellon University.

pages: 492 words: 153,565

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
by Kim Zetter
Published 11 Nov 2014

What’s more, the first version of Conficker avoided infecting any machines in Ukraine, suggesting this may have been its country of origin. 2 Melissa wasn’t the first prolific attack, however. That honor is reserved for the Morris worm, a self-propagating program created by a twenty-three-year-old computer science graduate student named Robert Morris Jr., who was the son of an NSA computer security specialist. Although many of Stuxnet’s methods were entirely modern and unique, it owes its roots to the Morris worm and shares some characteristics with it. Morris unleashed his worm in 1988 on the ARPAnet, a communications network built by the Defense Department’s Advanced Research Projects Agency in the late 1960s, which was the precursor to the internet.

Morris unleashed his worm in 1988 on the ARPAnet, a communications network built by the Defense Department’s Advanced Research Projects Agency in the late 1960s, which was the precursor to the internet. Like Stuxnet, the worm did a number of things to hide itself, such as placing its files in memory and deleting parts of itself once they were no longer needed to reduce its footprint on a machine. But also like Stuxnet, the Morris worm had a few flaws that caused it to spread uncontrollably to 60,000 machines and be discovered. Whenever the worm encountered a machine that was already infected, it was supposed to halt the infection and move on. But because Morris was concerned that administrators would kill his worm by programming machines to tell it they were infected when they weren’t, he had the worm infect every seventh machine it encountered anyway.

pages: 332 words: 97,325

The Launch Pad: Inside Y Combinator, Silicon Valley's Most Exclusive School for Startups
by Randall Stross
Published 4 Sep 2013

In 1988, in his very first months at Cornell, he had written a little bit of code that would replicate itself so he could count the number of computers that were connected to the Internet. A flaw in the program caused havoc: it replicated itself in an unplanned fashion and the congestion brought down a significant portion of the Internet. The “Morris worm” brought the young student unwanted international notoriety, expulsion from Cornell, and federal charges that could have led to twenty-one to twenty-seven months in prison. He eventually was given probation instead and was able to restart his graduate studies at Harvard.7 (Without that delay, Graham would later say, Morris would have been a junior professor by the time he reached twenty-nine and “wouldn’t have had time to work on crazy speculative projects with me.”)8 Graham’s very first idea for a startup was to offer art galleries a software service to create an online store for their art.

Alfred Prufrock” (Eliot), 200 Lynch, Sean, 123, 187 Machinima, 144 Mackey, Kurt, 51, 168–70, 219, 223 Mah, Jessica, 52–54 Malcolm X, 197 Mamet, David, 101 Manhattan Project, 3 Mason, Andrew, 112 McCay, Jason, 29–32, 32–33, 51, 92–97, 202–3 McClure, Dave, 35, 87, 147 McKinsey & Company, 114 Menlo Park, CA, 41 Mercedes, 214 Merrill Lynch, 211 Meteor, 234 MetroLyrics, 126, 127 Miami, FL, 40, 237 MicroMint, 105 micropayments, 105, 107, 125 Microsoft, 16, 131, 238 BASIC, 11, 68 Codecademy, 216 cofounders, 161, 162 Graffiti Facebook app, 165 invisibility in early years, 159 Office, 36 original idea, 68–69 startups, threat to, 59 MileSense, 228 Millicent, 105 Milner, Yuri, 28, 47, 87, 88, 222 Minecraft, 165, 168 Mint, 10, 204 MIT, 98, 112 Collison, Patrick, 61, 64 Graham, Paul, 22, 162, 203 Morris, Robert, 27, 63 Vogt, Kyle, 142 Mixpanel, 131 MobileWorks, 89–90, 134–39, 194 Moghadam, Mahbod, 80–82, 84, 126, 196, 201 Mohamed, Shazad, 47 MongoDB, 30, 31, 92–93, 137 MongoHQ, 30–33, 51–52, 92–97, 102, 135, 136 finalist interview, 32–33 Heroku, 31, 32 Mackey, Kurt, 219 Skype, 223 venture capitalists, 202–3 MongoLab, 92 MongoMachine, 135 Moore, Demi, 206, 214 Morris, Robert academic training, 24–25 Artix, 29 father of, 253n7 interviewing finalists, 10 MIT, 27 privacy, 253n8 Prototype Day, 119 Viaweb, 24–26, 29, 42, 133 YC partner, 27, 57, 63 Morris worm, 24–25, 253n7–8 Moses, 197 Mountain View, CA, 2, 10, 17, 35, 51, 98–99 mSpot, 106–8 Musk, Elon, 66 MVP (minimum viable product), 77 MySpace, 201 MySQL, 137 Narula, Prayag, 89, 134–39 NASDAQ, 5 National Computer Security Center, 253n7 National Security Agency, 253n7 Nebraska, 39 New World Ventures, 263n14 New York City, 42, 80 GroupMe, 124 Rap Genius, 223 SeedStart, 42 startups’ interest in, 148 YC, 256–57n3 New York Times, 105, 209 New York University, 91, 112 New Zealand, 238 NFC, 66, 151–59 NFL, 167 Nike, 122 99dresses, 267–68n6 North Carolina, 209 Northeastern University, 112 Notifo, 219–20 NowSpots, 51, 168–70, 218–19, 223 Obvious Corporation, 58 oDesk, 172 O’Doherty, Patrick, 17–18 OMGPOP, 225–26 One Kings Lane, 54 Ooyala, 104 Open Systems, 46 OpenID, 156 Opez, 98–100, 218 Oracle, 60, 161, 238 Oxford University, 57, 62 Pang, Randy, 9, 68, 163–64 Panguluri, Srini, 60, 66, 151, 154, 155, 160 Paperlinks, 51, 103, 153 Paramount, 165 Parse, 122, 129, 228 capital raised, 212, 230, 233 Demo Day, 212 Rehearsal Day, 185–86 YC alumni, 160 Path, 265n1 PayPal, 58, 64, 66, 107–8, 140 Pay2See, 105 Pellow, Ben, 110–12, 134, 136, 138, 218 Persson, Markus, 168 Philippines, 238 PHP, 122 Picasa, 43 Picplum, 194, 219 Pictionary, 225 Pincus, Alison, 54 Pioneer Way, 40 Pittsburgh, PA, 41, 237 Play-Doh, 127 Polis, Jared, 41 Portland, OR, 223 Posterous, 63, 147 PostgreSQL, 137 PowerPoint, 36 Pristavec, Venetia, 104 Procter & Gamble, 208 Providence, RI, 42 Puff Daddy, 164 Python, 124 QR codes, 152–53, 156–58 QuickBooks, 53 Quicken, 53 Rackspace, 101, 131 Rails, 122 Ralston, Geoff, 151–58 Rap Genius Altman, Sam, 196–202 Demo Day, 216 expanding idea, 235–36 growth, 78–80 New York City, 223 Prototype Day, 126–27 Taggar, Harj, 80–85, 196 Ravikant, Naval, 58 Ravisankar, Vivek, 212–13 Ready-Campbell, Noah, 105–9 Red Bull, 130 Reddit, 59, 106, 166, 195 Redis, 137 Rejection Therapy, 121 Ren, JP, 43–44, 103, 130–33 Reno 911, 121 Ridejoy, 120–21, 163, 187–88, 192, 211.

pages: 1,331 words: 183,137

Programming Rust: Fast, Safe Systems Development
by Jim Blandy and Jason Orendorff
Published 21 Nov 2017

Andy Wingo Systems programming languages have come a long way in the 50 years since we started using high-level languages to write operating systems, but two problems in particular have proven difficult to crack: It’s difficult to write secure code. It’s especially difficult to manage memory correctly in C and C++. Users have been suffering with the consequences for decades, in the form of security holes dating back at least as far as the 1988 Morris worm. It’s very difficult to write multithreaded code, which is the only way to exploit the abilities of modern machines. Even experienced programmers approach threaded code with caution: concurrency can introduce broad new classes of bugs and make ordinary bugs much harder to reproduce. Enter Rust: a safe, concurrent language with the performance of C and C++.

While a student at the University of Utah, researcher Peng Li modified C and C++ compilers to make the programs they translated report when they executed certain forms of undefined behavior. He found that nearly all programs do, including those from well-respected projects that hold their code to high standards. And undefined behavior often leads to exploitable security holes in practice. The Morris worm propagated itself from one machine to another using an elaboration of the technique shown before, and this kind of exploit remains in widespread use today. In light of that example, let’s define some terms. If a program has been written so that no possible execution can exhibit undefined behavior, we say that program is well defined.

, Macro Basicsabout, Macro Basics fragment types supported by, Fragment Types main(), Handling Errors in main() Mandelbrot setbasics of calculation, What the Mandelbrot Set Actually Is concurrent implementation, Concurrency concurrent program for, A Concurrent Mandelbrot Program mapping from pixels to complex numbers, Mapping from Pixels to Complex Numbers parsing pair command-line arguments, Parsing Pair Command-Line Arguments plotting, Plotting the Set rendering with fork-join parallelism, Revisiting the Mandelbrot Set running the plotter, Running the Mandelbrot Plotter writing image files, Writing Image Files map adapter, map and filter map typesBTreeMap<K, V>, HashMap<K, V> and BTreeMap<K, V> HashMap<K, V>, HashMap<K, V> and BTreeMap<K, V> map, defined, HashMap<K, V> and BTreeMap<K, V> map.entry(key), Entries mapping, Mapping from Pixels to Complex Numbers match expressions, A Simple Web Server, if and match Matsakis, Niko, Rayon max method, max, min max_by method, max_by, min_by max_by_key method, max_by_key, min_by_key memoryenums in, Enums in Memory raw pointers and, Moving into and out of Memory strings in, Strings in Memory types for representing sequence of values in, Arrays, Vectors, and Slices memory ordering, Atomics method calls, fully qualified, Fully Qualified Method Calls methodscalling, Function and Method Calls defining with impl, Defining Methods with impl fully qualified method calls, Fully Qualified Method Calls integers and, Integer Types min method, max, min min_by method, max_by, min_by min_by_key method, max_by_key, min_by_key Model-View-Controller (MVC), Using Closures Effectively modules, Modulesin separate files, Modules in Separate Files items, Items, the Building Blocks of Rust libraries and, Turning a Program into a Library paths and imports, Paths and Imports standard prelude, The Standard Prelude Morris worm, Why Rust?, Type Safety moves, Movesand control flow, Moves and Control Flow and indexed content, Moves and Indexed Content assigning to a variable, More Operations That Move closures and, Closures That Steal constructing new values, More Operations That Move Copy types as exception to, Copy Types: The Exception to Moves defined, Why Rust?

pages: 509 words: 132,327

Rise of the Machines: A Cybernetic History
by Thomas Rid
Published 27 Jun 2016

In June 1991, Schwartau repeated his dire and alarmist warning to the House Committee on Science, Space, and Technology: “Government and commercial computer systems are so poorly protected today that they can essentially be considered defenseless,” he told the committee, “an electronic Pearl Harbor waiting to occur.”36 Later that year, Schwartau self-published a novel, Terminal Compromise, articulating his fears of the coming electronic doom.37 Such fears had been germinating for years already. Computer hackers had become a signature phenomenon of the 1980s, with several high-profile cases making national news.38 In late 1988 the Morris worm emerged, one of the first computer worms on the still nascent internet, and the first to get mainstream media attention. One book in particular influenced the threat perception: Clifford Stoll’s 1989 The Cuckoo’s Egg chronicled how a German hacker breached Lawrence Berkeley National Laboratory and then sold stolen files to the KGB, Russia’s spy agency.39 In 1991 the Michelangelo virus caused a major scare.

Jude,” 263–64 Military Critical Technologies List (MCTL), 323–24 Military Cryptanalysis (Friedman), 269 military research cyborgs, 128–40 helmet-mounted sights, 198–206 and man-machine symbiosis, 146–47 Pedipulator, 132–34 virtual space and, 196–206 MILNET, 312 Milton, John, 91 mind as machine, 163–64 Mindell, David, 29 “Mind Is a Leaking Rainbow” (Stenger), 232–34 Minihan, Kenneth, 312, 313 Ministry of the Interior (MVD) (Russia), 330, 331 missiles, 43–72, 78, 99, 140, 303 Mission Control Center (Houston, Texas), 140 MIT, See Massachusetts Institute of Technology MIT Radiation Laboratory (Rad Lab), 19–21, 32 MIT School of Engineering, 11 Mixmaster Type II remailer, 291 modems, 81 Molander, Roger, 309 Mondo 2000 magazine, 227, 242, 243, 263, 265 money, 257; See also digital cash monkeys, neurological research with, 65–66 “Monkey’s Paw, The” (Jacobs), 94 Moondust (game), 212 Moonlight Maze, 316–39 moon race, 127, 142 Moore, Edward, 118–19 Moore School of Electrical Engineering, 114 Morgan, Thomas, 13 Morningstar, Chip, 228–30, 234, 241 Morris worm, 308 Morse, Marston, 29 Mosaic 1.0 browser, 264 Moscow, Russia, 316, 318 Mosher, Ralph, 128–31 on “Beetle” cyborg, 136 and cybernetic myths, 345 on limitations of robotics, 133 on radio-controlled CAM, 137 and walking truck, 134, 135 Moulton, Stephen, 139 mouse, computer, 173 Mr. Slippery (fictional character), 266, 293 “Music in Cyberspace” (Barlow), 232 mutation, 117, 150 MVD (Ministry of the Interior, Russia), 330, 331 mythologies, form of, xiv–xv myths, cybernetic, See cybernetic myths NACA (National Advisory Committee for Aeronautics), 11, 12 NASA (National Aeronautics and Space Administration) and cyberspace, 220 cyborgs and space travel, 127–28 and data gloves, 215 Engineering Man for Space: The Cyborg Study, 127–28 founding of, 123 Philco and, 140 and Whole Earth Catalog, 168 NASw-512 project, 127–28 Natick Laboratories, Massachusetts Hardiman exoskeleton, 137 National Academy of Sciences, 25 National Advisory Committee for Aeronautics (NACA), 11, 12 National Aeronautics and Space Administration, See NASA National Defense Research Committee (NDRC) Division C, 25 Division T, 28 establishment of, 12 fire control division, 29 microwave research, 19 radar, 17 Rad Lab, 21 VT fuse, 35 National Institute of Standards and Technology (NIST), 274 National Oceanic and Atmospheric Administration (NOAA), 320 National Research Council, 12 National Science Foundation, 253 national security, cybernetic myths and, xv National Security Agency, See NSA National Technical Information Service, 324 NATO (North Atlantic Treaty Organization), 208 NAVSEA (Naval Sea Systems Command), 316 NDRC, See National Defense Research Committee negative feedback defined, 49 and enchantment of the machine, 351 for Headsight, 139 and homeostat, 56 in Psycho-Cybernetics, 164 and Whole Earth Catalog, 171–72 nervous system, as machine, 63 Netscape, 244 networked machines, 122, 147–48, 251 networks, 2–3, 180, 222 Neuromancer (Gibson), ix–x, 189, 210–12, 242 neuroses, 58 New Age movement, 165–66 “New Directions in Cryptography,” 251 New Economy, 246–47 Newsweek magazine, 73 New York Times Hap Arnold article, 74 and cybernation, 102 and cybernetics, 53 Cybernetics reviews, 51–52 NSA encryption story, 271 and VR, 219 New York Yankees, 164–65 Nietzsche, Friedrich, 140, 291 Nigh, Ron, 171 Nike missile, 78 9/11 terrorist attacks, 338–39 NIST (National Institute of Standards and Technology), 274 NOAA (National Oceanic and Atmospheric Administration), 320 nonexistent systems, 69 no-notice interoperability exercises, 311 non-secret encryption, 248, 250; See also public-key encryption NORAD (North American Air Defense Command), 77, 99 NSA (National Security Agency) and the Clipper Chip, 274 cyber-related work, x and cypherpunks, 269–71 and “Declaration of the Independence of Cyberspace,” 245 and Eligible Receiver, 311–13 and Moonlight Maze, 327, 328, 337 and public-key encryption, 253, 254, 258 and VR, 243 nuclear-powered aircraft, 128–31, 135–36 nuclear war, 208 nuclear weapons, 45, 73–76 “Numbers Can Be a Better Form of Cash Than Paper” (Chaum), 257 Nunn, Sam, 310 Oak Ridge National Laboratory, 280 Office of Naval Research, 136–37, 253 Omni magazine, 149, 243, 294–98, 301–2 OODA (observe, orient, decide, act) loop, 300 Operation Desert Storm, 302 Operation Sundevil, 238–40 Optik, Phiber (Mark Abele), 237, 238 Orenstein, Peggy, 240–41, 243 organic chemistry, 119 organic machines, 113–14 organism-environment interaction, 57–61, 64–67 organisms, 113–55 computers as thinking machines, 120–22 cyborg research, 123–27 cyborgs, feminism, and postmodernism, 151–54 and man-machine interaction, 143–48 military research on cyborgs, 128–40 and participant evolution, 140–41 radio-controlled cyborg, 138–40 self-reproducing machines as plants, 118–19 ultraintelligent machines, 148–49 viruses as, 115 originality, machine’s potential for, 120–21 Other Plane, 207, 208, 266, 288 Owens, William, 306 PACOM (US Pacific Command), 311–13 Palo Alto, California, 177, 181, 259, 264 Palomilla (tricycle cart), 83–84 Paradise Lost (Milton), 91 Parkinson, David, 23–24 Parkinson’s disease, robotic modeling of, 83–84 Parsons, Talcott, 52 participant evolution, 140–41 Partridge, Earle, 77 patriarchy, 152, 153 Patrick, Robert, 154 Patton, George, 28 Paul Proteus (fictional character), 86 Pavlov, Ivan, 62 PDP-10 mainframe computer, 181–82 Pearl Harbor, Japanese attack on, 20, 32 Pedipulator, 132–34 Pentagon, See Defense, US Department of Pentagon Papers, 254 Persian Gulf War (1990-1991), 246, 302, 305 personal computer and Apple’s 1984 Super Bowl ad, 187–88 Douglas Engelbart and, 173 William Gibson and, 211–12 Timothy Leary and, 187–89 and second wave of hackers, 184 pessimism, See dystopia peyote, 185 PGP (Pretty Good Privacy), 261, 272–73 Philco Corporation, 137–40 Phreak, Acid (Elias Ladopoulos), 237–39 physico-chemical system, nervous system as, 64 physics, nonexistent systems and, 69 PicoSpan software, 191, 193 Pile, Sir Frederick, 38–41 pip (radar image), 17 pipology, 18 plants, self-reproducing machines as, 118–19 Playboy magazine, 121–22 Player Piano (Vonnegut), 86–87 political activists, 341 political myths, xiv, xv Popular Mechanics, 132–33, 205–6 Post, Jonathan, 294–98 postmodernism, 151–54 Powell, Colin, 302, 303 Powell Doctrine, 302 power grid, 313 prime numbers, 250, 252 Princeton University, 29, 114, 115, 117 Principality of Sealand, 287–91 printing, as predecessor to crypto anarchy, 268 privacy anonymity and, 272 encryption and, 247, 256–61 programming languages, 213 progress, thinking machines and, 4 Project 2, 25 Prometheus, 343 prostheses, 50–51 proximity fuse, 26–27, 40, 41, 67 pseudonyms, 277, 281–82 pseudoscience, 160–62 psychedelic drugs, 172–73 Gregory Bateson and, 179 and computers, 189 High Frontiers magazine, 185–87 and human bio-computer, 188 and Spacewar, 182 Psycho-Cybernetics (Maltz), 162–65, 169, 345 psychopharmacology, 123 public-key encryption, 247, 248–55, 278 punk, 246 “Push-Button Warfare” (Newsweek article), 73 “Putting Humans into Virtual Space” (Furness and Kocian), 205 Queen Mu (Alison Bailey Kennedy), 263 R2-D2, 204 radar, 17–21, 80–81 radar stations, 77, 99 radio-controlled cyborg, 138–40 radio shell, 27–28, 40 Rad Lab, See MIT Radiation Laboratory RAF (Royal Air Force) Fighter Command, 8, 30 Rand, Ayn, 258 Rand Corporation, 111, 303–5, 309–10 Randolph Air Force Base (San Antonio, Texas), 122–24 range computer, 24 Rather, Dan, 203 read-only memory (ROM), 23 Reality Hackers magazine, 218–19 Rees-Mogg, Lord William, 285 relationships, technology and, 2–3 religion and cybernetic myth, 348 God and Golem, Inc., 89–92 and spiritual aspects of cybernetics, 348 remailers, 272–73, 291 reproduction, See self-replicating machines Revolution in Military Affairs (RMA), 302–3, 306 Rheingold, Howard, 232, 235–37, 242 Riley, Frank, 87–88 Rivest, Ron, 251–54 RMA (Revolution in Military Affairs), 302–3, 306 robot (term), 83 robot bomb, 40–41; See also V-1 (Vergeltungswaffe 1) flying bomb Rockland State Hospital (Orangeburg, New York), 123–24 Roger Pollack (fictional character), 207 Rolling Stone, 181 ROM (read-only memory), 23 Ronfelt, David, 303–5, 309 Roosevelt, Franklin D., 12 Rorvik, David, 141–42 Rosenblueth, Arturo, 46, 52, 56 Rossman, Michael, 172–73 Roughs Tower, 287 Royal Air Force (RAF) Fighter Command, 8, 30 rue, Larry, 9 R.U.R.

pages: 573 words: 142,376

Whole Earth: The Many Lives of Stewart Brand
by John Markoff
Published 22 Mar 2022

It was the moment when the nation was first alerted simultaneously to the power and potential threat of computer networks. Meant to be a harmless “Kilroy was here” bit of electronic graffiti, because of a small programming error the Morris worm tore through the nation’s then brand-new internet, initially raising fears of a foreign invasion or a cyberattack—although that word had not yet been coined. Russell Brand warned that the Morris worm was just the tip of the iceberg. After the talk, John Walker, AutoCAD’s CEO, suggested that the world was in a brief golden period between the first warning and a real catastrophe. But Stewart Brand decided that while the legal system moved glacially, technology was moving at light speed and that the “crackers” (as he referred to bad guys, to distinguish them from “white hat” hackers) wouldn’t easily have the upper hand.

pages: 651 words: 186,130

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
by Nicole Perlroth
Published 9 Feb 2021

., the respective chiefs of research and science at the NSA’s National Computer Security Center, thought Gosler could teach their analysts a thing or two. This was 1987. Proto was a giant at the agency. Morris Sr., the government’s most senior computer scientist at the time, would earn infamy one year later as the father of Robert Tappan Morris, the Cornell student who unleashed the “Morris worm” from MIT, which would brick thousands of computers at a cost of tens of millions of dollars. Gosler had worked with some of the government’s top computer scientists before, but nothing prepared him for “the Fort.” Walking into Fort Meade, his first impression was simply, “This is a different league.”

Ken Thompson’s 1984 Turing Award speech, “Reflections on Trusting Trust,” is available here: www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf. Gosler’s Chaperon Experiments were also detailed in a 2016 dissertation by Craig J. Weiner, at George Mason University, titled: “Penetrate, Exploit, Disrupt, Destroy: The Rise of Computer Network Operations as a Major Military Innovation.” The damages estimate from the Morris Worm are taken from Adam Levy’s 2016 book, Avoiding the Ransom: Cybersecurity for Business Owners and Managers (lulu.com). The references to the number of lines of code in Linux, the Pentagon’s Joint Strike Fighter Aircraft, and Microsoft Vista were sourced from Richard Danzig’s 2014 article, “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies,” published by the Center for a New American Security.

pages: 260 words: 40,943

Hacking Exposed: Network Security Secrets and Solutions
by Stuart McClure , Joel Scambray and George Kurtz
Published 15 Feb 2001

The moderator of the Bugtraq mailing list, Aleph One, wrote an article for the security publication Phrack Magazine (issue 49) titled “Smashing the Stack for Fun and Profit.” This article had a profound effect on the state of security as it popularized how poor programming practices can lead to security compromises via buffer overflow attacks. Buffer overflow attacks date as far back as 1988 and the infamous Robert Morris Worm incident; however, useful information about specific details of this attack was scant until 1996. P:\010Comp\Hacking\748-1\ch08.vp Wednesday, September 20, 2000 10:21:28 AM Color profile: Generic CMYK printer profile Composite Default screen Hacking / Hacking Exposed: Network Security / McClure/Scambray / 2748-1 / Chapter 8 Chapter 8: Hacking UNIX A buffer overflow condition occurs when a user or process attempts to place more data into a buffer (or fixed array) than was originally allocated.

Rummage: A History of the Things We Have Reused, Recycled and Refused To Let Go
by Emily Cockayne
Published 15 Aug 2020

Kirkman was not the only dealer to fence stolen goods. It did not take a Sherlock Holmes to detect the crime of one ‘Moriarty’ in 1825, but proving it was another story. Having been observed stealing a pewter quart pot from the Fox & Peacock on Gray’s Inn Lane, John Moriarty was found to have taken it to a nearby marine store, run by Henry and Morris Worms. The pub landlord saw his pot, about to be melted down: ‘it had my name and sign on it.’ That was easy enough, but two further pewter pots were also missing. Near by in the store, a pan was found that contained recently melted pewter. Despite suspicions and circumstance, nothing could be proven.17 43.

pages: 409 words: 112,055

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
by Richard A. Clarke and Robert K. Knake
Published 15 Jul 2019

He turned down his pilot training slot and went into intel, where he got his last choice for training, in Signals Intelligence. That turned out to be a good thing because U.S. Air Force Signals Intelligence was at the leading edge on cybersecurity in the 1990s. His early exposure had come from the Morris Worm, the Cuckoo’s Egg, and the Solar Sunrise incident. (Healey is steeped in this history and has written A Fierce Domain, the definitive book on these incidents.) Hired by Venables at Goldman to be its first computer emergency response team (CERT) coordinator in 2001, Healey became immersed in defense of the corporate world.

pages: 444 words: 118,393

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece
by Ron Jeffries
Published 14 Aug 2015

A self-denial attack describes any situation in which the system—or the extended system that includes humans—conspires against itself. The classic example of a self-denial attack is the email from marketing to a “select group of users” that contains some privileged information or offer. These things replicate faster than the Anna Kournikova Trojan (or the Morris worm, if you’re really old school). Any special offer meant for a group of 10,000 users is guaranteed to attract millions. The community of networked bargain hunters can detect and share a reusable coupon code in milliseconds. One great instance of self-denial occurred when the Xbox 360 was just becoming available for preorder.

Howard Rheingold
by The Virtual Community Homesteading on the Electronic Frontier-Perseus Books (1993)
Published 26 Apr 2012

IBM and MCI's venture, ANS, had been managing NSFNET since 1987; in 1991, ANS, a nonprofit corporation, set up a for-profit subsidiary called ANS CO+RE to sell CMC services. In a December 1991 story in the New York Times , headlined "U.S. Said to Play Favorites in Promoting Nationwide Computer Network," technology reporter John Markoff , who broke the story of the Morris Worm, wrote, "Just one week after President Bush signed legislation calling for the creation of a nationwide computer data `superhighway,' a debate has erupted over whether the government gave an unfair advantage to a joint venture of IBM and MCI that built and manages a key part of the network." Markoff quoted several experts and private competitors who fear ANS could use its position as manager of the NSFnet to make things difficult for competitors who want to connect to the Net.

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
by Kevin Mitnick
Published 14 Aug 2011

As soon as he confirmed that the password worked, he contacted me, full of pure excitement, and asked for my help in finding anything of interest, most particularly any reported security vulnerabilities that we could leverage in our hacking. The Computer Emergency Response Team, CERT, based at Carnegie Mellon University, in Pittsburgh, was a federally funded research and development center established in November 1988, after the Morris Worm brought down 10 percent of the Internet. CERT was intended to prevent major security incidents by setting up a Network Operations Center to communicate with security experts. The Center created a vulnerability disclosure program with the mission of publishing advisories about security vulnerabilities, usually after the software manufacturer had developed a patch or created a work-around to mitigate the risk of the security flaw.