My next class:
Reverse-Engineering Malware: Malware Analysis Tools and TechniquesOnline | Australia Eastern Standard TimeSep 16th - Sep 21st 2024

What were you doing 25 years ago (yesterday)?

Published: 2013-11-03. Last Updated: 2013-11-03 20:16:25 UTC
by Jim Clausing (Version: 1)
8 comment(s)

Until I noticed Larry Seltzer's story over on zdnet.com[1], I had forgotten the exact date, but I vividly remember taking my systems offline and having to rely on the telephone (horror!) to get information from some of my colleagues on what was happening.  25 years ago yesterday, the first significant internet worm, the infamous Morris worm, hit.  One of the major results of the worm and the realization that system/network administrators and those of us who were concerned with their security needed better ways to gather and disseminate information about what we now call malware.  The original CERT was created at CMU.  Until SQL Slammer came along (almost 15 years later), this was probably the fastest spreading worm to hit the (much smaller in 1988) internet.  These days, we don't seem to see nearly as many worms as we used to, the bad guys use other, more subtle, techniques to spread their malware, but 25 years ago yesterday, was a pretty significant one for our profession.  If any of our readers were working in the industry at the time, share your thoughts in the comments.

[1] http://www.zdnet.com/the-morris-worm-internet-malware-turns-25-7000022740/

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: Morris worm worm
8 comment(s)
My next class:
Reverse-Engineering Malware: Malware Analysis Tools and TechniquesOnline | Australia Eastern Standard TimeSep 16th - Sep 21st 2024

Comments

I was working on a sensitive government software development project, so my colleagues and I were cloistered in a lockbox and air-gapped from anything outside the secured area, but a coworker came back in after a coffee break and told the rest of us what had happened. For those not familiar with the details, read Cliff Stoll's book.

http://www.amazon.com/The-Cuckoos-Egg-Tracking-Espionage/dp/1416507787/ref=sr_sp-atf_title_1_1?ie=UTF8&qid=1383516705&sr=8-1&keywords=cuckoos+egg
I was at NYU at the time. While the Unix systems went down my VMS machines kept going happily. The advantages of avoiding monoculture. Of course even with working TCP/IP there weren't a lot of people to talk to out there for a while.
Not 25 but 20 years ago (1993) I was working at my first full time job as a LAN administrator for a government agency. The Wang VS mainframe (with beautiful green screen terminals) was king of the domain and ran everything from email, databases, word processing, and spreadsheets to custom applications. It was ugly but it was effective. The department was beginning a migration (I refuse to call it an upgrade) to a Windows NT 3.51 server environment complete with Windows NT 3.51 (Windows for Workgroups) clients. It took a few years to bring the Windows infrastructure to a point where it could do half as much as the hearty Wang VS environment did.

By 1996 the migration to Windows from Wang VS was almost complete. Everyone was getting used to Microsoft Word and most of the custom applications had been rewritten in C or Pascal for Windows. It was a refreshing, new start and everyone loved the wallpapers (coffee-cup) and the "millions of colors" they now had with VGA compared to their old and dusty one-color green screen terminals. Everything about the migration seemed like a success.

And then the phones started ringing... approximately 5 times more than they used to. We had to rename our "computer center" to the "helpdesk". And when we realized what we had done, we quietly said goodbye to the reliable and trustworthy days of the mainframe. Sure, everyone had millions of colors and nice wallpapers but they also had a new number memorized... the helpdesk. And the call volume never died down. Just when you thought it did, a new version of Windows or Word was released which re-started the troubleshooting cycle. A cycle that continues in countless agencies and corporations today. 20 years later, terms like "patch Tuesday" and "hotfix" are common and even seem normal to anyone who is in IT.

I still remember when the migration was over and the old Wang VS mainframe, along with many of its green screen terminals, had been moved into a cold and dark storage room. When I opened the storage room door, they looked up and asked, "What did we do wrong"? I looked down and couldn't answer... I couldn't answer because I didn't have an answer. I left and shut the storage room door feeling like I had betrayed a best friend. I can only hope that they have forgiven me...
I was probably a twinkle in an eye 25 years ago yesterday, as my birthday is August 1989.
I wasn't around for the Morris worm (I started off life as a programmer and got shunted into IT by accident later). But in the early 90s, during my 2nd go 'round with College, after my 3rd or 4th email to IT saying "You probably need to do <whatever> as root to fix <some-problem>", they hired me part time and my first task was to tighten up their security as they'd been compromised the previous summer.

After installing cops all over the place (remember cops?) I proceeded to setup a password cracker to see just how bad our users' passwords were. The results were pretty discouraging (imagine the fun of a CS major telling the head of the CS department that the first name of his son was a pretty dumb password, and a few days later telling him that adding a number to the end of the name wouldn't cut it either - grin).

And since the default password was the last 4 digits of the owner's social security number (ah, the good ol' days when any ol' default was "good enough"), I made a dictionary containing "0000-9999" and restarted the password cracker and promptly had cracked over 70% of all the accounts. That was my welcome to the world of IT and trying to get users to do "the right thing" (tm) and having to do stuff like replacing the passwd command with one that required stronger passwords and automatically expiring accounts with old/default passwords because users apparently couldn't be trusted to do "the right thing" (tm). (sigh)
Wait a minute, are you saying that this decade's new mobile platforms are now going to repeat history?
I was on BITNET as a CompSci student. Our bridge to the Internet was through CUNY. We were geographically closer to CMU. We noticed that those in CHAT on the beta IRC side were not very chatty, then we found out why.
Brings back memories...twenty-five years ago I was trying to make AppleTalk, Netware, and DECnet speak to each other. 8 years later, I found myself working at a company where one of the employees' was Robert Morris' uncle.
He didn't volunteer too much about his nephew.
--BC

Diary Archives