When the Internet was first hacked: How One Accidental Worm changed the World

On the evening of 7 November 1988, a young and talented computer scientist had left MIT, the world renowned research university in Cambridge, USA, and went out for dinner. When he came back a few hours later, however, he found that his computer was unusually slow. It wasn't long before he realized what had gone wrong, and that he was the cause.

Panicking, he called a friend at Harvard and confessed to his mistake. It turned out that the problem wasn't only on his computer, but in computers nationwide. The two of them tried to send anonymous messages on the Internet on how to solve the problem, but with all the traffic congestion, only a few people got the cure.

Universities, important medical research facilities, defense institutions, and even the military found their computers fall like dominoes. Something was slowing down the machines and causing them to crash, so much that emails delivered slower than the post. Within a day, six thousand online machines were down, which was ten percent of the total online machines in those days.

The student who caused this, Robert Tappan Morris, hadn't intended to destroy the Internet. But his ingenious self replicating code had accidentally done the world's first cyberattack, and given birth to a new form of warfare.

The Internet Back Then

Back in the 80's, the Internet was a tiny village, unlike the multiverse it's now. It was mostly used for academic purposes, and security wasn't a concern. Programmers shared code openly, and no one thought it could be used for criminal purposes.

But that was changing fast. As more computers connected to the Internet, and more talked to each other(almost a thousand times more over the decade), it raised fears that bad things could be shared more easily and secretively.

The Catastrophic Error behind the Morris Worm

Robert Tappan Morris was the son of an early innovator at Bell Labs, the legendary research arm of US telecommunications giant AT&T, known for many world-changing inventions, and had the one-in-a-million opportunity of growing up with computers in those days. He made good use of that opportunity, choosing that path as a student, and graduated out of Harvard as a talented computer scientist.

Earlier that year, Robert had joined Cornell University, and was invested in developing a "worm," a self-replicating code that could copy itself from one machine to another through the Internet by exploiting flaws in security systems, like weak passwords.

It was designed to be fast and undetectable, hence difficult to kill, but it also had a simple off switch. Off the computer, and the worm dies with it. But there was a problem with that solution. Computers were only shut down once a fortnight in those days. And Robert was aware of this.

He thought of a precaution; if a worm reached an already-infected computer, one of them would die. But this precaution was shadowed by his urge to make the worm powerful. He never thought it would harm computers after all; the worm's role was only to swim through the holes in the Internet, to test how far it could go, simply like NASA sending a probe into interstellar space. Only six in seven worms were given this "weakness," because he feared clever innovators would exploit this weakness and fish the worm out.

Which meant, one in seven of these worms was given carte blanche to replicate no matter what. And that percentage, which seemed tiny, was enough to multiply and spread so fast they brought thousands of computers to a halt and clogged the network.

Photo by cottonbro studio: https://www.pexels.com/photo/computer-monitors-on-white-table-8875501/

The Change in the Cyber World

It wasn't the first worm to ever be coded, but it was the first to spread so widely and cause global disruption. It had shown the world the ability to exploit vulnerabilities remotely, how something programmed could behave unpredictably, and delivered the naked truth that the Internet, was insecure. If friendly fire could cause so much chaos, then what about the enemies outside? Would this give them new ideas?

It wasn't long before those worrying questions were answered. The US soon found their networks being accessed day and night by foreign hackers, mostly using Trojans(a type of malware disguised as a legitimate software to fool users into downloading it), and were agonized to realize that, most of the time, they couldn't find where they came from, let alone their identities. They could do nothing but watch.

Only using intel from allies and double-agents, they figured it was an enemy country, and they were stealing documents on US weapons and technology, (which they were obviously banned from buying; not even second or third hand) saving decades and millions, if not billions, on research. State-sponsored hacking had begun.

Photo by Lucas Andrade: https://www.pexels.com/photo/signs-and-symbols-on-chalkboard-14000469/

Hackers: The Superheroes and Supervillains of the New World

Espionage, a practice that drained the entire lives of spies for tiny secrets, and rarely such sensitive information, was suddenly being done on a large scale through the Internet by people sat behind screens and keyboards and not even part of the military. Unable to control the multitude of attacks they were facing, the US was forced to use other measures to neutralize the issue, like creating fake documents that pretended to improve the quality of weapons and planes and blueprints for weapons that wouldn't work.

This made their attackers question the credibility of documents they stole in the future, but it was only a temporary solution to a complex problem.

New worries were born, and with them new terms: cyberattacks, cyberespionage, and cybersecurity. And not only the US, but all states had no choice but to push for more people with "magic under their fingers" called hackers.

Photo by Anete Lusina: https://www.pexels.com/photo/crop-cyber-spy-typing-on-computer-keyboard-while-hacking-system-5240544/

These hackers developed techniques fast; phishing was placing trojans in innocent-looking emails, you press a link and you're compromised, and spear-phishing was targeted, socially-engineered attacks where attackers would learn everything about their victim and send them emails pretending to be a boss or friend, rigged with attachments that could install malware when pressed(even a picture could hide a Trojan).

These Trojans gave the attacker so much power; they could provide real time control of a target computer, extract files, and even remotely access the camera and microphone.

This vulnerable state of the Internet, combined with human error and developing technology, psychological warfare, told governments around the world that, on top of the land, water, and skies, they had a new space to protect their nations from: the cyber space.

The Current Situation

On top of malware like the worm Morris created, the trojans, and other techniques like phishing and spear phishing as mentioned earlier, modern day

cyber attacks include many more sophisticated methods. This might be disheartening, but as often, as the evil develops, so does the good, and unlike

back then, we have better defenses.

Examples for common modern day attacks are ransomware(also a type of malware, like the name suggests, but it

uses encryption to hold sensitive data hostage and hence demand money from victims), fileless attacks(since antivirus solutions can detect malware from files, fileless malware is used to bypass it), account takeover(attackers take over accounts using stolen credentials, capitalizing on data breaches and using

sources like the dark web, or simply social engineering pretending to be someone to customer care, and phishing), DoS or DDoS attacks(denial of service attacks or distributed denial of service attacks, which is when a computer is used to clog a target with traffic so that the system can't respond to legitimate requests. DDoS is when multiple infected machines are used to do this; a large scale attack that can slow down websites and shut them down), and "Mitm" attacks(Man-in-the-middle attacks, where an attacker places himself in the middle of data transfer between two parties and steals them; a common method is creating fake hotspots or "free Wi-fi" that looks legitimate).

Important precautions for everyone online are: confirm whether your account data has been in a data breach using sites like haveibeenpwned.com and if so-change your password and use a stronger one, use a password manager and try to use different passwords-remember to make them strong for different sites, thus making yourself less vulnerable(if you use one password for everything, and a hacker finds it out, he can get everything, can't he?), use multi-factor authentication(this is crucial; accounts without this might as well not have a password), secure your devices with strong passcodes and if possible, stronger security systems like fingerprints, setting the device to ask for password every time an app is to be downloaded, install anti-virus solutions, don't allow it to automatically connect to free networks, update it regularly, use a secure web browser, and last by not least, and perhaps the most important-be careful about what you click.

Send emails and messages from unknown, suspicious parties straight to the bin; don't let your curiosity destroy you. And even if the message looks like it's from someone you know, verify it is from them before clicking anything.

DoS and DDoS attacks can be prevented using many layers of security, like implementing specialized DoS/DDoS protection services, using firewalls(they filter web traffic to block malicious requests and distinguish legitimate requests from illegitimate), updated and regularly maintained software, minimized attack surface(closing potential access points or weak points attackers can enter from), etc.

Photo by Dan Nelson: https://www.pexels.com/photo/a-laptop-over-a-round-table-4973899/

The Bitter Truth

It is truly remarkable how a single experiment and an accident can change the world. But is has been done before, like with the discovery of pencillin, and continues to do so. It is up to us as humans to look at both sides of the coin and take in all the lessons these "accidents" provide us. Today, although countries are separated from each other by armed borders, vast oceans and skies, we are only seconds away from contacting each other.

Most of us are connected in this "cyberspace," a place where almost anything can be shared, which unfortunately means evil roams in large numbers, chased by those trying to bring it down. What began as one man's accident has grown into a battlefield where nations, criminals, and corporations fight out unseen wars, sat behind screens a few millimeters thick.

The towering stockpiles of warheads that can disintegrate entire countries gather dust. The world of hackers is no longer the underground of the Internet; it's the frontline of the modern world.