The Morris Worm of November 2,1988. The worm was one of the first computer worms distributed over the internet. The Morris worm gained a lot of media attention and it became the first felony conviction under the 1986 Computer and Fraud abuse act.
Robert Morris was the one to create the worm with the help of the computer systems at MIT. Robert claimed the worm was only supposed to gauge the size of the internet not cause harm to people. The worm exposed the vulnerabilities in Unix Sendmail, finger and weak passwords. The worm would cause the computer to slow down even more each time it got infected and eventually cause the computer to become unusable. The error with the worm was the exercise into a virulent denial of service attack in spreading the worm. The Morris Worm was not destructive worm, it just caused the computer to slow and collapse under the weight of the processing. Robert Morris designed the worm to copy itself which cause a computer to get infected multiple times and make the computer crash. The worm was supposed to go undetected but a major design flaw resulted in the drastic number of copies on computers it was installed on.
Michael Rabin’s said Robert Morris should have tried it on a simulator first. A lot of Morris intentions were unclear. What he did was to force certain security vulnerabilities to be fixed by writing a worm that publicly exploited them. According to Eugene Spafford the code contained no commands that would harm a computer that it was ran on it only contained codes that would exploit vulnerabilities.
Robert Morris’s worm looks more like a white hat hacker, than the criminal action like a black hat hacker. The US government estimated the cost of damage to be $100,000-$10,000,000. Clifford Stoll who helped shut down the worm found that two thousand computers were infected within fifteen hours. It took two days just to remove the virus. Robert Morris was tried and convicted under the Computer Fraud and Abuse Act. After many appeals he was finally sentenced to three years of probation, 400 hours of community service, and a fine of $10,050. Kevin Mitnick started committing crimes at a very young age. At the age of thirteen he used social engineering and dumpster diving to bypass the punch card system that the Los Angeles bus system used.
At the age of sixteen he broke into Digital Equipment Corporation (DEC) and copied all their computer software. He was later charged for that crime in 1988 and was sentenced to twelve months in jail and three years of supervised release. At the end of his supervised release he hacked into the Pacific Bell voice mail computers. When a warrant was issued for his arrest he became a fugitive for two and a half years.
While he was running from the police he gained unauthorized access to dozens of computers. He also cloned cell phones to hide his location. Kevin also intercepted and stole computer passwords, altered computer networks and broke into and read private emails. On February 15,1995 he was found in his apartment in Raleigh, North Carolina. He was found with more than one hundred cloned cell phones and multiple pieces of false identification.
Kevin Mitnick was charged with fourteen counts of wire fraud, eight accounts of unauthorized devices, interception of wire or electronic communications, unauthorized access to a federal computer, and causing damage to a computer. In 1999 Kevin Mitnick pleaded guilty. He was sentenced to forty-six months in prison plus twenty-two months for violating the terms of his 1989 supervised release.
He served five years in prison, four and a half years pre- trial and eight months in solitary confinement. He spent the time in solitary confinement because he convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone. He was released on January 21,2000. During his supervised release he was forbidden to use any communions except a land line. He fought that decision in court and eventually winning in his favor. In December 2002 a judge ruled that Kevin Mitnick was able to possess a federally issued amateur radio license.
Kevin now runs Mitnick Security Consulting which is a computer security consultancy and is part owner of KnowBe4, which is a provider of an integrated platform for security awareness training and simulated phishing testing.