Full disclosure: I served as a character witness at Robert Morris's trial.
Before the trial, the judge was quite incredulous that the prosecutor
was pursuing a felony charge and refused to let the trial go forward
without confirmation from the prosecutor's superiors in Washington.
> I'm sure that Bob was proud of his son's accomplishments -- but not
that one.
As Bob ut it, "It {being the father] is not a great career move."
Robert confessed to Bob as soon as he realized the folly of loosing
an exponential, even with a tiny growth rate per generation. I
believe that what brought computers to their knees was the
overwhelming number of attacks, not the cost of cecryption. The
worm did assure that only one copy would be allowed to proceed
at a time.
During high school, Robert worked as a summer employee for Fred
Grampp. He got high marks for finding and correcting an exploit.
> making use of known vulnerabilities
Buffer overflows were known to cause misbehavior, but few people
at the time were conscious that the misbehavior could be controlled.
I do not know whether Berkeley agonized before distributing the
"debug" feature that allowed remote super-user access via sendmail.
But they certainly messed up by not documenting it.
Yes. The reason people freaked out when the worm came out was because it was the first one to hit the scene. The exploints that allowed it to propagate were known to a few, but the notion of a self propagating thing was quite novel (even if it had been theoretically discussed in many places prior to the worm, and even though others had proven it via slower moving vectors of BBS). It caught a lot of people off guard with their pants down, and it took a bunch of time to rectify (because it would reinfect if you weren't careful). That's why people wanted to prosecute on felony charges. But there was no intent to cause harm, and there was, at the time, no applicable law that could be used to charge as a felony anyway (apart from vague denial of property statues, which were at best a stretch).
In hindsight people like to point at it and what a terrible thing it was, but Robert just got there first. Any number of people could have written it given the extremely lax security profiles of the time (things are better today, but we are not immune to buffer overflows or privilege escalation attacks).
Warner