Information Technology Reference
In-Depth Information
security holes in their systems. They received the instructions they needed to patch these
holes before a truly malicious intruder took advantage of them to enter their systems
and do a lot of damage to their data. Of course, Morris could have produced the same
beneficial result simply by contacting the system administrators at UC Berkeley and
informing them of the security holes he had found.
The Internet worm had numerous harmful consequences. A large amount of time
was spent by system administrators as they defended their machines from further at-
tacks, tracked down the problem, installed patches, and brought machines back on line.
There was a disruption in email and file exchange traffic caused by computers being
taken off the network. About 6,000 computers were unavailable for a day or two. Dur-
ing this time, many thousands of people were less productive than they could have been
had the systems been up and running. Morris himself was harmed by his actions. He
was suspended from Cornell and convicted of a felony, which resulted in a sentence of
probation, community service, and a substantial fine.
Considering all of Morris's options, it is clear that another course of action—simply
alerting the Unix community to the bugs—would have produced all of the benefits with
none of the harms. Therefore, from a utilitarian viewpoint, Morris was wrong to have
released the Internet worm.
From the perspective of virtue ethics, Morris's actions are not consistent with those
of a virtuous person. He selfishly chose to use the Internet as an experimental laboratory,
and he deceitfully released the worm from MIT rather than Cornell University. When the
worm began spreading uncontrollably, he avoided taking responsibility for his actions
by asking a trusted friend to post the message to the Internet explaining how to fight the
worm.
In conclusion, Morris may not have been acting maliciously, but he was acting
selfishly. If he had wanted to experiment with worms, he probably could have gotten
permission to try out his creations on a local area network detached from the Internet,
so that even if his worm multiplied out of control, there would have been no fallout to
the rest of the computer community. Instead, he chose to use the entire Internet as his
experimental laboratory, inconveniencing thousands of people.
The Sasser worm, launched in April 2004, exploited a previously identified security
weakness with PCs running the Windows operating system. Computers with up-to-date
software were safe from the worm, but it infected about 18 million computers worldwide
nonetheless. The effects of the worm were relatively benign; infected computers simply
shut themselves down shortly after booting. Still, the worm made millions of computers
unusable and disrupted operations at Delta Airlines, the European Commission, Aus-
tralian railroads, and the British coast guard [27].
After Microsoft offered a reward of 250,000 euros, a fellow student pointed the
finger at German teenager Sven Jaschan, who confessed to the crime and then began
working for German computer security firm Securepoint. Because he was 17 when he
released the worm, Jaschan was tried in a juvenile court, which sentenced him to one
and a half years' probation and 30 hours of community service [27, 28, 29].
