DOCSLIB.ORG

The Morris Worm

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Morris Worm The Morris Worm: The First Significant Cyber Attack Cause Mapping® On November 3, 1988, Robert Morris, a graduate student at Cornell, created and released the first computer worm that could spread between computers and Why? Because... copy itself. Morris didn’t have malicious intent and his worm appears to have been more the result of intellectual curiosity rather than a purposefully destructive cyber-attack, but an error in the program led to it propagating much faster than he intended. The worm significantly disrupted the young internet, introduced the Effect Cause world to the concept of a software worm and served as a wakeup call on the importance of cybersecurity. Basic Cause-and-Effect Relationship Start Simple A Cause Map, or visual root cause analysis, can be used to analyze this issue. A Cause Map is built by asking “why” questions and using the answers to visually lay out the causes that contributed to an issue to intuitively show the cause-and- effect relationships. Start by asking a few why questions. 5-Why Cause Map Why? Why? Why? Why? Why? Programmer Programmer Computers A worm was Impact to Programmer is believed the Error in the didn't intend to Programmer infected by introduced to Regulatory prosecuted worm was program disable underestimated worm the internet "harmless computers the speed of Evidence: Statement propagation by programmer. Worm quickly Verified by examining re-infected AND the code of the worm. computers over Programmer and over believed the Potential Intended to Expand as Needed Continue asking "why" questions to continue adding worm was reinfection was make the worm causes to the Cause Map. Mapping out all the causes that contributed to an "harmless" AND part of the difficult to issues ensures that all facets of a problem are well understand and helps design defend against Worm didn't Evidence: The programmer facilitate the development of effective, detailed solutions that can be Error in the behave as AND wanted one copy of the implemented to reduce the risk of a similar issues in the future. program intended worm to infect each computer, but designed the worm to duplicate itself every seventh time a AND A worm was computer indicated it already Impact to Programmer is had the worm to make the introduced to Inadequate Regulatory prosecuted the internet worm hard to defend testing against. 28-Why Cause Map Increased Impact to Computers Programmer Internet was awareness of Customer infected by was trying to still in its need for cyber worm gauge the size infancy Service security AND of internet Significant Little focus on cyber security Impact to costs from loss AND at time Financial of internet ~10% of Internet access connected Worm exploited systems Known software known This was the disabled bugs weren't AND weakness fixed first major Evidence: It's "attack" on internet Recovery Significant estimated that more Evidence: The Only a small than 6,000 university, Impact to efforts took connectivity programmer exploited number of Labor/ Time many man- issues with research centers and weak passwords and military computers users were on hours internet known vulnerabilities were infected. in the Unix sendmail, internet finger and rsh/rexec programs. AND To learn more visit our website at www.thinkreliability.com email: [email protected] phone: 281-412-7766 Impact to Delay in Many Attempt to ~10% of Production/ accessing computers prevent spread Internet See Same Schedule internet disconnected of computer connected Cause Copyright 2019 ThinkReliability, Novem, Inc. from internet worm systems .
Load more

Recommended publications
  • Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas
    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm On November 2, 1988, Robert Tappan Morris released a worm into the internet. The experimental worm was the first of its kind. It replicated itself and programmed itself, so it ended up spreading much faster than Morris expected. It self-programmed and self-replicated at an exponential rate in a manner that had never been seen before. Morris knew this worm was not necessarily ethical, for he released it out of MIT instead of his own Cornell University. In due course, many computers across the United States had crashed because of Morris. Once he discovered how much damage the worm had been causing, he reached out to a friend at Harvard looking for a solution to stop it. They attempted in sending an anonymous message to the network with directions that could kill the worm, but the message came through too late since they system was clogged. Many significant computers at colleges, businesses and the military became infected. The cost to fix each computer ranged from $200 to over $53,000. The worm exploited vulnerabilities in computer systems and in the UNIX email software. Within 24 hours of releasing the worm, thousands of people were aware something was unusual. Eventually, it would infect ten percent of all computers using the internet. The Morris Worm was the largest malware case ever to reach this percentage. However, the percentage was so high due to the fact that the number of computers was much less than today. The computers it impacted included significant systems, such as Stanford’s, Berkley’s and NASA’s.
    [Show full text]
  • Lesson 6: Hacking Malware
    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
    [Show full text]
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
    [Show full text]
  • Hacking Techniques in Wired Networks
    Hacking Techniques in Wired Networks Qijun Gu, Pennsylvania State University, University Park Peng Liu, Pennsylvania State University, University Park Chao-Hsien Chu, Pennsylvania State University, University Park Introduction Principles of Hacking Seven Steps of Hacking Overview of Hacking Toolkits Classifications of Hacking Toolkits Attacks against the Internet Infrastructure Attacks against DNS Attacks against TCP/IP Attacks against BGP Attacks against End Systems of the Internet Morris Worm Melissa Sadmind Code Red I and Code Red II Nimda SQL Slammer W32/Blaster Attacks against Enterprise Network Systems Attacks against Private Networks Attacks against Private Networks with Web Service Attacks against Firewalls and Virtual Private Networks Conclusion Keywords: Wired network, Security, Cyber attack, Vulnerability, Hack, Worm, Virus, Internet infrastructure, End system, Enterprise network Wired networks, especially the Internet, have already been indispensable in our daily activities. However, in the last 10 years, security “disasters” have challenged the design and development of networks and systems. Vulnerabilities in current systems are frequently exploited by hackers and attackers. Cyber attacks have become a more and more serious threat to our society. In order to better protect networks, this article gives an overview on a variety of hacking techniques. This article focuses on the objectives, principles, functionalities and characteristics of different types of hacking techniques in wired networks, and provides in-depth discussions on the common characteristics of cyber attacks, the structure and components of cyber attacks, and the relationships among cyber attacks. These discussions can help security professionals grasp the “soul” of a “new” cyber attack in an easier and quicker way. INTRODUCTION Nowadays, wired networks, especially the Internet, have already become a platform to support not only high-speed data communication, but also powerful distributed computing for a variety of personal and business processes every day.
    [Show full text]
  • Automating Cyber Attacks
    Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser NOVEMBER 2020 Established in January 2019, the Center for Security and Emerging Technology (CSET) at Georgetown’s Walsh School of Foreign Service is a research organization fo- cused on studying the security impacts of emerging tech- nologies, supporting academic work in security and tech- nology studies, and delivering nonpartisan analysis to the policy community. CSET aims to prepare a generation of policymakers, analysts, and diplomats to address the chal- lenges and opportunities of emerging technologies. During its first two years, CSET will focus on the effects of progress in artificial intelligence and advanced computing. CSET.GEORGETOWN.EDU | [email protected] 2 Center for Security and Emerging Technology NOVEMBER 2020 Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser ACKNOWLEDGMENTS The authors would like to thank Perri Adams, Max Guise, Drew Lohn, Igor Mikolic-Torreira, Chris Rohlf, Lynne Weil, and Alexandra Vreeman for their comments on earlier versions of this manuscript. PRINT AND ELECTRONIC DISTRIBUTION RIGHTS © 2020 by the Center for Security and Emerging Technology. This work is licensed under a Creative Commons Attribution- NonCommercial 4.0 International License. To view a copy of this license, visit: https://creativecommons.org/licenses/by-nc/4.0/. Document Identifier: doi: 10.51593/2020CA002 Cover photo: KsanaGraphica/ShutterStock. Contents EXECUTIVE SUMMARY III INTRODUCTION V 1 | THE CYBER KILL CHAIN 1 2 | HOW MACHINE LEARNING CAN (AND CAN’T) 11 CHANGE OFFENSIVE OPERATIONS 3 | CONCLUSION: KEY JUDGMENTS 21 ENDNOTES 29 Center for Security and Emerging Technology i iv Center for Security and Emerging Technology Executive Summary acking is a well-established part of statecraft.
    [Show full text]
  • The Ultimate Cybersecurity Guide for the It Professional
    THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC.
    [Show full text]
  • The Air Force Can Learn a Lot from What It Has Already Seen in Cyberspace. Old Lessons
    The Air Force can learn a lot from what it has already seen in cyberspace. Old Lessons, “New”By Rebecca Grant Domain Cape Cod radar tower in Massachusetts was a prototype for the SAGE air defense system. SAGE needed computers with memory, digital relays linking radar sites, and systems engineering to bring them together. 86 AIR FORCE Magazine / September 2013 ashington is once again strategic challenges, such as continental wrestling with how to tack- air defense in the 1950s and real-time le the military challenges command and control in the 1980s, of cyberspace. “The rise of fueled progress in the exploitation of Photos via MITRE Corp. cyber is the most striking cyberspace. development in the post-9/11 national In its infancy, the domain of cyber- Wsecurity landscape,” Chairman of the space did not look much like the clouds Joint Chiefs of Staff Army Gen. Martin and commons known around the globe E. Dempsey said in a June 27 speech at today. The special qualities of cyberspace the Brookings Institution. Dempsey said emerged only when computers gained about 4,000 new military cyber positions more memory and power and networks could be created. Perhaps 1,000 of those linked them together. may be within the Air Force. Responding to new growth in the In the (Cyber) Beginning cyber mission poses a challenge to the Back before social media, the World Air Force. Over the past decade, the Wide Web, the fi rst emails, and even USAF position has swung from taking before ARPAnet, the fi rst closed cy- a vigorous lead in the mission area to berspace system was the Air Force’s going slow on cyber—to avoid a po- Semi-automatic Ground Environment, tential “black hole” as Air Force Chief or SAGE.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]
  • Cyber Conflicts in International Relations: Framework and Case Studies
    Cyber Conflicts in International Relations: Framework and Case Studies Alexander Gamero-Garrido Engineering Systems Division Massachusetts Institute of Technology [email protected] | [email protected] Executive Summary Overview Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks.
    [Show full text]
  • Studying and Classification of the Most Significant Malicious Software
    Studying and Classification of the Most Significant Malicious Software Dr. Wajeb GHARIBI, Computer Science & Information Systems College, Jazan University, Jazan, KSA. [email protected] Abstract—As the cost of information processing and Internet University, this grandfather of modern computer virology, accessibility falls, most organizations are becoming demonstrated a virus-like program on a VAX11/750 increasingly vulnerable to potential cyber threats which its system[2]. rate has been dramatically increasing every year in recent times. Nevertheless, the idea for computer viruses actually appeared much earlier. Many consider the starting point to In this paper, we study, discuss and classify the most be the work of John Von Neumann in his studies on self- significant malicious software: viruses, Trojans, worms, reproducing mathematical automata, famous in the 1940s. adware and pornware which have made step forward in the By 1951, Neumann had already proposed methods for science of Virology. demonstrating how to create such automata. In 1959, the Keywords: Informatics; information Security; Virolog; British mathematician Lionel Penrose presented his view Cyber threats. on automated self-replication in his Scientific American article 'Self-Reproducing Machines'. Unlike Neumann, I. INTRODUCTION Penrose described a simple two dimensional model of this Nowadays, there is a huge variety of cyber threats that structure which could be activated, multiply, mutate and can be quite dangerous not only for big companies but also attack. Shortly after Penrose's article appeared, Frederick for ordinary user, who can be a potential victim for G. Stahl reproduced this model in machine code on an IBM cybercriminals when using unsafe system for entering 650 [3].
    [Show full text]
  • A Guided Fuzzer for Finding Buffer Overflow Vulnerabilities
    Dowser: A Guided Fuzzer for Finding Buffer Overflow Vulnerabilities ISTVAN HALLer, ASIA SLOWINSKA, MATTHIAS NeUGSchWANDTNer, AND HerberT BOS Istvan Haller is a PhD student uffer overflows have long plagued existing software systems, making in the Systems and Network them vulnerable to attackers. Our tool, Dowser, aims to tackle this Security group at the Vrije issue using efficient and scalable software testing. Dowser builds on Universiteit Amsterdam. His B a new software testing paradigm, which we call dowsing, that focuses the current research focuses on testing effort around relevant application components. This paradigm proved automatic analysis of software systems and its application to enhance system security. successful in practice, as Dowser found real bugs in complex applications [email protected] such as the nginx Web server and the ffmpeg multimedia framework. Buffer overflows represent a long-standing problem in computer science, first identified in Asia Slowinska is an assistant a US Air Force study in 1972 [2] and famously used in the Morris worm in 1988. Even after professor in the Systems and four decades, buffer overflows are perennially in the top three of the most dangerous soft- Network Security group at the ware errors. Recent studies [8] suggest that the situation will not change soon. One way to Vrije Universiteit Amsterdam. handle them is to harden the binary using stack canaries, address space randomization, and Her current research focuses on the like in the hope that the program will crash when the buffer overflow bug is triggered; developing techniques to automatically analyze however, although crashing is better than being pwned, crashes are undesirable, too.
    [Show full text]
  • Code-Red: a Case Study on the Spread and Victims of an Intemet Worm
    Code-Red: a case study on the spread and victims of an Intemet worm David Moore, Colleen Shannon, k claffy Abstractm On July 19, 2001, more than 359,000 comput- I. INTRODUCTION ers connected to the Internet were infected with the Code- At 18:00 on November 2, 1988, Robert T. Morris re- Red (CRv2) worm in less than 14 hours. The cost of this epidemic, including subsequent strains of Code-Red, is es- leased a 99 line program onto the Internet. At 00:34 on timated to be in excess of $2.6 billion. Despite the global November 3, 1988, Andy Sudduth of Harvard University damage caused by this attack, there have been few seri- posted the following message: "There may be a virus loose ous attempts to characterize the spread of the worm, partly on the Internet?' Indeed, Sun and VAX machines across due to the challenge of collecting global information about the country were screeching to a halt as invisible tasks uti- worms. Using a technique that enables global detection of lized all available resources [1] [2]. worm spread, we collected and analyzed data over a period No virus brought large computers across the country to of 45 days beginning July 2nd, 2001 to determine the charac- teristics of the spread of Code-Red throughout the Internet. a standstill - the culprit was actually the first malicious worm. Unlike viruses and trojans which rely on human In this paper, we describe the methodology we use to trace the spread of Code-Red, and then describe the results of our intervention to spread, worms are self-repficating software trace analyses.
    [Show full text]