Robert Tappan Morris wrote a program to measure the size of the early internet. He released it from an MIT terminal to obscure its origin at Cornell. The Morris worm was a 99-line piece of code that exploited known vulnerabilities in Unix sendmail and fingerd. It contained a critical flaw. The worm was designed to copy itself to new machines, but Morris instructed it to check if a copy already existed. To avoid detection, he programmed it to duplicate itself one out of seven times even if it found a copy. This replication rate was far too high. The worm spread uncontrollably, infecting machines multiple times until they crashed under the processing load.
Within 24 hours on November 2, 1988, it incapacitated an estimated 6,000 of the 60,000 computers then connected to the ARPANET and early internet. Systems at Berkeley, Princeton, NASA, and the Pentagon ground to a halt. The cleanup cost ranged from $200 to $53,000 per site. The internet community, a small cadre of academics and researchers, was stunned. They had to communicate via ham radio and phone trees to coordinate a fix because the network itself was unusable.
The Department of Justice faced a novel problem: no clear law against writing a disruptive program. They used the 1986 Computer Fraud and Abuse Act, intended for hacking government or financial systems. The indictment on July 26, 1989, was a landmark. Morris was convicted in 1990, receiving three years of probation, 400 hours of community service, and a $10,050 fine. He argued it was an intellectual experiment gone wrong, not malicious theft or vandalism.
The worm created the concept of the internet emergency. It led directly to the formation of the CERT Coordination Center at Carnegie Mellon, the first dedicated computer emergency response team. Morris's prosecution established a legal precedent that negligence with code could be a federal crime. The event marked the end of the internet's innocent, academic era. It proved a network built for openness was profoundly vulnerable to a single flawed idea.