The Morris Worm Saw A Grad Student Crash The Internet In 1988

There's bad work experiences, and then there's breaking the internet.


Rachael Funnell


Rachael Funnell

Digital Content Producer

Rachael is a writer and digital content producer at IFLScience with a Zoology degree from the University of Southampton, UK, and a nose for novelty animal stories.

Digital Content Producer

morris worm

The Morris Worm's invasion began on a VAX 11/750 computer in MIT's Artificial Intelligence Lab in Massachusetts, but it was released by its creator in New York.

Image credit: Retro-Computing Society of Rhode Island via Wikimedia Commons background extended (CC BY-SA 3.0)

If you ever think you’ve screwed up at college, you’ve surely got nothing on the creator of The Morris Worm. It was unleashed on November 2, 1988, by Cornell University PhD student Robert Morris Jr, and it broke The Internet.

There were no popping bottles involved in the incident, however, just three files that could launch what Morris and his colleague had coined “the brilliant project”: a self-replicating “worm” that could infect a computer, turning it into a base from which it could infect another.


The worm would begin its reign of terror from MIT’s Artificial Intelligence Lab in Cambridge, Massachusetts, but Morris himself was in Ithaca, New York. It was at 8pm on that fateful day that he remotely accessed, a VAX 11/750 computer, and executed three files that would change the way we saw The Internet forever.

Morris’s intentions had been to see how far a group of self-propagating computer worms could travel through The Internet, explains Scott Shapiro in his new book Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks. However, the first signs that his brilliant experiment might have gone awry first became apparent when he returned from dinner to find that the network was sluggish.

In his absence, The Morris Worm had replicated its way to Pittsburgh within minutes. It took less than three hours for it to spread from its point of origin in Ithaca back to Cornell where it was dawning on Morrison that the worm wasn’t just innocently infecting computers, it was crashing them, too.

And then, things took a sinister turn.

morris worm
The Morris Worm source code is now contained on a floppy disc at The Computer History Museum.
Image credit: Chris Devers via Flickr (CC BY-NC-ND 2.0)

“At 1:05 a.m., the worm penetrated Lawrence Livermore National Laboratory, a site responsible for securing the country’s nuclear arsenal,” wrote Shapiro in Fancy Bear Goes Phishing. “Soon the worm had burrowed into the Los Alamos National Laboratory in New Mexico, the home of the Manhattan Project and the world’s first atomic bombs. Robert’s brilliant project no longer seemed so brilliant.”

Whatever scientific experiment Morris had been planning, its academic potential was not appreciated by Cornell University who in a report on the worm said that while there was no direct evidence of malicious intent, “given Morris’ evident knowledge of systems and networks, he knew or clearly should have known that such a consequence was certain, given the design of the worm. As such, it appears that Morris failed to consider the most probable consequences of his actions. At the very least, such failure constitutes reckless disregard of those probable consequences.”

You can find out more about The Morris Worm in an excerpt from Fancy Bear Goes Phishing that features in the Book Bites section of issue 11 of CURIOUS, IFLScience’s free e-magazine, alongside an interview with author and Professor of Law and Philosophy Shapiro about the hacks that inspired his book.

curious morris worm
Find out more about The Morris Worm and the history of hacking in our Book Bites and Meet The Author features in CURIOUS, out now. Image credit: IFLScience

As he told IFLScience, the history of hacks is often a more complex story than waging senseless war from behind a keyboard.


“Although the history of hacking seems like a technical story, it is actually a human story. This may sound counterintuitive, given that hacking is typically associated with highly skilled computer programmers who write code to gain unauthorized access to data on the internet,” Shapiro told IFLScience. “To truly understand the root causes of hacking, we need to consider the interplay between what I refer to as ‘upcode’ and ‘downcode’.”

“Downcode is the technical computer code that hackers use to gain access to systems and data. It’s the code literally below your fingertips. Upcode, on the other hand, refers to the social, political, and institutional forces that shape the world around us, including personal beliefs, social norms, legal rules, corporate policies, professional ethics, and website terms of service. While computers run on downcode, humans run on upcode. And upcode shapes downcode.”

“Ultimately, hackers exploit the human vulnerabilities that give rise to downcode insecurities. That’s why it’s a mistake to think of cybersecurity as just – or even primarily – an engineering problem. It is more useful to think of hacking as a human, upcode problem. By examining the interplay between upcode and downcode, we can gain a deeper understanding of how hackers operate, why they do what they do, and what steps we can take to prevent future attacks.”


  • tag
  • internet,

  • computers,

  • break the internet,

  • science and society