That was a scary time, the first ever large scale network attack. I found myself a couple days later flying down to DC with some other folks from MIT and Harvard to brief a bunch of senior DoD and agency types on what happened, but the thing I remember most vividly was getting home late at night after spending the day repeatedly trying to disinfect and protect our machines, only to log in via a 4800 baud modem and see our machines were somehow infected yet again, with the realization we’d changed root passwords so many times I had no idea how to get in and fix it, nor any way to reach our sysadmin who was even more exhausted than I was.
So I called a friend, who is now a physics professor at MIT, and said “Our machines are infected, could you please break in, go root, clean the infection, and send an email to our sysadmin explaining to him you did this at my request?” All he said was “Ok, get some sleep” and yes even though we’d just spent almost 24 hours locking down every possible attack vector into our machines and network we woke up to clean machines with a polite email in the sysadmin’s inbox. I never have figured out whether that was more a measure of the state of network security in the late 1980’s or of the kind of mad skills it takes to become tenure track at a place like MIT.
There is a good telling of the worm story in the final chapters of Cliff Stoll’s amazing book on discovering a case of internet-hacking meets East-German-spies meets 2400-baud-modems and three-letter-agencies back in the mid 1980’s (which spent 42 weeks on the NYTimes bestseller list and is a ton of fun to read)[0]
I can't believe that I found a copy for 50c in a second-hand store. I call it my "most precious item" because it has the highest price:enjoyment ratio of anything I own.
The hacker Stoll was tracking, Markus Hess, was affiliated with other hackers that went on to found Chaos Computer Club.
One of the people he was working alongside, Karl Koch, was selling military information to the KGB in exchange for cocaine. He developed some form of paranoid psychosis and seemed to believe he was fighting the Illuminati.
There was a German film made about this called "23" (Koch was obsessed with the cult classic conspiracy fiction novel Illuminatus, and used the pseudonym "hagbard" after a character in the book).
He was found burned to death in woodland; it was ruled suicide.
The US site does actually offers an audio cassette for $100, but I'm going to assume that's not really what he wanted when he lamented the lack of a non-paper edition :-)
There is definitely a $9.99 kindle edition on my version of the US site. Dependent on billing/delivery address? Anyway, I can confirm it's there if you can find a way to get to it.
Speaking of Cliff Stoll and that story(its in the video told by Cliff himself), computer history museum recently posted Computer Crime panel from March 25th, 2000:
For those who don't know, the Robert T. Morris quoted in the text turned out to be the author of the worm, and the R. H. Morris also quoted was his father (who also did a lot of work with the NSA).
"In 1988 his discovery of buffer overflow first brought the Internet to the attention of the general public." has to be the understatement of the year.
I also seem to remember pg saying something somewhat tongue-in-cheek to the effect of other PhD students being jealous of rtm because, by being arrested, he managed to find a way out of the PhD program without the shame of quitting or flunking out...
"The danger with grad school is that you don't see the scary part upfront. PhD programs start out as college part 2, with several years of classes. So by the time you face the horror of writing a dissertation, you're already several years in. If you quit now, you'll be a grad-school dropout, and you probably won't like that idea. When Robert got kicked out of grad school for writing the Internet worm of 1988, I envied him enormously for finding a way out without the stigma of failure."
I remember the day it hit, quite well .. it was a huge deal. Nobody thought the Internet (in those days) was that safe .. but nobody expected the extent to which the worm brought systems to its knees - it really woke a lot of us up to just how exposed we were.
I wonder what the equivalent would be in todays terms .. some sort of Facebook-crippling JS injection, or so? I think its hard to come up with an example in the modern era- the scales are much higher, so the chances of making such a huge impact a lot lower.
The thing is, while Sammy was absolutely huge (and landed the author is a lot of legal trouble) it was totally harmless. The only thing is did was added a friend and a sentence to your MySpace profile, nothing that brings down sites or anything like that. Though technically MySpace did bring the site down to fix the worm though.
Plus 12 years ago can hardly be considered "modern day" in computer terms. ;)
It's now 3:45 AM on Wednesday 3 November 1988. I'm tired, so don't believe everything that follows... Apparently, there is a massive attack on Unix systems going on right now.
I doubt RTM ever wrote any commentary about the worm's creation but I think that would be really interesting to read. No doubt it's something he'd probably rather be forgotten, but it would be interesting to hear him talk about it.
Mark Eichin and Jon Rochlis at MIT and Gene Spafford at Berkeley did some pretty amazing work, reverse engineering the attack payload on the fly in real-time to regenerate the source C code responsible for the attack while the attack was under way and at a time when no one was doing that sort of work yet.
My favorite part of those efforts was when Spafford posted a tongue in cheek bugfix patch to the attack code midway through the attack (at a time when the only people in the world with the source code were his team, Mark and Jon, and of course RTM since he wrote it). I couldn’t find the patch but it’s somewhere in the RISKS archives from that era.
I believe the worm traveled with it's code, which it compiled since it attacked both Vax and Sun systems, so if you caught it in the act. You could grab a copy of the C code.
Fun connections if you're into that kind of thing: Robert Morris, who wrote the work, was one of the founders of YCombinator, and by extensions Hacker News.
One of the classic books on the history of computers is Clifford Stoll's "The Cuckoo's Egg". It's a great book in general, and it mentions Robert Morris and Paul
Graham, which I was surprised to find when I read it (it's not about the worm, but about a hacking incident).
And lastly, Clifford Stoll is apparently pretty active on YouTube, which I discovered when seeing a video of his for Numberphile, and finding out that it is, indeed, that Clifford Stoll.
Yeah! The first time I had heard of Robert Morris was in that book. I didn't know the author's active on YouTube - I'm definitely going to look him up.
I can't totally remember if I've got the right book here but I'm 99% sure Katie Hafner and John Markoff's hacker book "Cyberpunk" features not only RTM but Paul Graham as well during this episode. It never accuses Graham of being involved directly.
My favorite is how MS started development of OS/2 2.0 and NT OS/2 around that time, and there was x86 segmentation back then but they decided not to use it for 32-bit.
The really amazing thing was the speed of the response, as reflected in the chronology section. Nothing like this had ever happened before, the entire net was getting shutdown by the attacking worm, and within 48 hours the community had come together on its own, reverse-engineered the payload, and shut it down, problem solved. A truly amazing thing to have experienced and played a small part in.
So I called a friend, who is now a physics professor at MIT, and said “Our machines are infected, could you please break in, go root, clean the infection, and send an email to our sysadmin explaining to him you did this at my request?” All he said was “Ok, get some sleep” and yes even though we’d just spent almost 24 hours locking down every possible attack vector into our machines and network we woke up to clean machines with a polite email in the sysadmin’s inbox. I never have figured out whether that was more a measure of the state of network security in the late 1980’s or of the kind of mad skills it takes to become tenure track at a place like MIT.
There is a good telling of the worm story in the final chapters of Cliff Stoll’s amazing book on discovering a case of internet-hacking meets East-German-spies meets 2400-baud-modems and three-letter-agencies back in the mid 1980’s (which spent 42 weeks on the NYTimes bestseller list and is a ton of fun to read)[0]
[0]https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espiona...
reply