By Martin, Nicholas
The Washington Monthly , Vol. 20, No. 12
Nicholas Martin is the production manager of The Washington Monthly.
The real problem with computer viruses isn't genius programmers, it's careless ones
It was with admiration rarely applied to saboteurs that the media presented us Robert T. Morris Jr., the 23-year-old "whiz" who brought the 60,000-computer Advanced Research Projects Agency network (Arpanet) to a halt in November. Time called Morris's creation "one of the most sophisticated and infectious computer viruses the world has yet seen." The New York Times referred to Morris's virus as a "programming tour de force," and quoted, without comment, one Harvard graduate student's analogy that"It's as if Mathias Rust had not just flown into Red Square, but built himself a stealth bomber by hand and then flown into Red Square."
Morris fit-or was made to fit-the image of the Diabolical Supergenius Computer Nerd: Glasses. Frequent late-night sessions with the computer terminal. Slightly crazed look. He probably learned to read at age three and was doing calculus in seventh grade. His teachers all called him "brilliant," but bored with normal adolescent preoccupations and unchallenged by school work, he was drawn to the one deed that required all of his staggering intellectual prowess: breaking into the most powerful computer system on earth. Or something like that. In the movies we usually end up at DefCon Two.
Of course, many people in the computer business only helped encourage the notion that it took a one-in-a-million genius to pick this lock. A group of programmers working to counteract Morris's program told the Times they were "impressed with its power and cleverness." But then again, they would look sort of silly being outsmarted by your generic computer-literate 23-year-old.
In fact, a great deal of what Morris did was frighteningly simple. As Eugene Spafford, a Purdue computer science professor, wrote in a recent technical report on Morris's program, "The [program] was apparently. . .done by someone clever but not particularly gifted. In general, [it] is not that impressive and its 'success' was probably due to a large amount of luck rather than any programming skills possessed by the author." Morris didn't pick the lock to the Arpanet computers, so much as find the key someone had left under the mat. Or as it turned out, on top of it.
The key on the mat
The computers Morris invaded were part of the Arpanet, an international grid of telephone lines, buried cables, and satellite hookups established by the Department of Defense in 1969. It connects 60,000 computers owned by universities, private research companies, and the federal government. Users routinely share information on topics as diverse as the Strategic Defense Initiative (unclassified material only), Shakespeare, and-yes, some parts of the computer hacker stereotype are true-recent episodes of Star Trek. It's much like when the rest of us mail letters-except that the network's split-second speed definitely beats the U.S. Postal Service.
On the evening of November 2, Morris used his terminal at Cornell University to introduce a computer program into a Massachussetts Institute of Technology computer. (He apparently chose MIT to throw detectives off his trail.) The key to his success was finding a security flaw in "Berkeley Unix," the "operating system" or basic software, used by many of the network's computers. Morris's program-a "worm" as computer cops call this type of program-didn't exactly defeat the security systems on the 6,000 Arpanet computers it infected (about 10 percent of the computers on the network); it just ignored them.
His program made use of a simpl "mail" service, a convenience provided with most operating systems that allows one user to send a message to another. (In Los Angeles, Rodgers types in his idea for a new musical, and whoosh, off it goes to Hammerstein in Manhattan. …