Robert Tappan Morris (born November 8, 1965) is an American

computer scientist A computer scientist is a person who is trained in the academic study of computer science. Computer scientists typically work on the theoretical side of computation, as opposed to the hardware side on which computer engineers mainly focus (al ...

and

entrepreneur Entrepreneurship is the creation or extraction of economic value. With this definition, entrepreneurship is viewed as change, generally entailing risk beyond what is normally encountered in starting a business, which may include other values th ...

. He is best known for creating the Morris worm in 1988, considered the first

computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...

on the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...

. Morris was prosecuted for releasing the worm, and became the first person convicted under the then-new

Computer Fraud and Abuse Act The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (), which had been included in the Comprehensive Crime Control Act of 1984. The law pr ...

(CFAA). He went on to cofound the online store

Viaweb Viaweb was a web-based application that allowed users to build and host their own online stores with little technical expertise using a web browser. The company was started in July 1995 by Paul Graham, Robert Morris (using the pseudonym "John ...

, one of the first

web application A web application (or web app) is application software that is accessed using a web browser. Web applications are delivered on the World Wide Web to users with an active network connection. History In earlier computing models like client-serve ...

s, and later the

venture capital Venture capital (often abbreviated as VC) is a form of private equity financing that is provided by venture capital firms or funds to startups, early-stage, and emerging companies that have been deemed to have high growth potential or which ha ...

funding firm

Y Combinator Y Combinator (YC) is an American technology startup accelerator launched in March 2005. It has been used to launch more than 3,000 companies, including Airbnb, Coinbase, Cruise, DoorDash, Dropbox, Instacart, Quora, PagerDuty, Reddit, Str ...

, both with Paul Graham. He later joined the faculty in the department of

Electrical Engineering and Computer Science Computer Science and Engineering (CSE) is an academic program at many universities which comprises scientific and engineering aspects of computing. CSE is also a term often used in Europe to translate the name of engineering informatics academic ...

at the

Massachusetts Institute of Technology The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the ...

(MIT), where he received

tenure Tenure is a category of academic appointment existing in some countries. A tenured post is an indefinite academic appointment that can be terminated only for cause or under extraordinary circumstances, such as financial exigency or program disco ...

in 2006. He was elected to the

National Academy of Engineering The National Academy of Engineering (NAE) is an American nonprofit, non-governmental organization. The National Academy of Engineering is part of the National Academies of Sciences, Engineering, and Medicine, along with the National Academy ...

in 2019.

Early life

Morris was born in 1965 to parents Robert Morris and Anne Farlow Morris. The senior Robert Morris was a computer scientist at

Bell Labs Nokia Bell Labs, originally named Bell Telephone Laboratories (1925–1984), then AT&T Bell Laboratories (1984–1996) and Bell Labs Innovations (1996–2007), is an American industrial research and scientific development company owned by mult ...

, who helped design

Multics Multics ("Multiplexed Information and Computing Service") is an influential early time-sharing operating system based on the concept of a single-level memory.Dennis M. Ritchie, "The Evolution of the Unix Time-sharing System", Communications of t ...

and

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

; and later became the chief scientist at the

National Computer Security Center The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...

, a division of the

National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...

(NSA). Morris grew up in the Millington section of

Long Hill Township, New Jersey Long Hill Township is a township in Morris County, New Jersey, United States. As of the 2010 United States Census, the township's population was 8,702, reflecting a decline of 75 (−0.9%) from the 8,777 counted in the 2000 Census, which had ...

, and graduated from

Delbarton School Delbarton School is a private all-male Catholic Church, Catholic college-preparatory school in Morristown, New Jersey for young men in seventh grade, seventh through twelfth grades. It is an independent school directed by the Benedictine monks ...

in 1983. Morris attended

Harvard University Harvard University is a private Ivy League research university in Cambridge, Massachusetts. Founded in 1636 as Harvard College and named for its first benefactor, the Puritan clergyman John Harvard, it is the oldest institution of higher le ...

, and later went on to graduate school at

Cornell University Cornell University is a private statutory land-grant research university based in Ithaca, New York. It is a member of the Ivy League. Founded in 1865 by Ezra Cornell and Andrew Dickson White, Cornell was founded with the intention to teach an ...

. During his first year there, he designed a

(see below) that disrupted many computers on what was then a fledgling internet. This led to him being indicted a year later. After serving his conviction term, he returned to Harvard to complete his

Doctor of Philosophy A Doctor of Philosophy (PhD, Ph.D., or DPhil; Latin: or ') is the most common Academic degree, degree at the highest academic level awarded following a course of study. PhDs are awarded for programs across the whole breadth of academic fields ...

(Ph.D.) under the supervision of H.T. Kung. He finished in 1999.

Morris worm

Morris'

was developed in 1988, while he was a graduate student at

. He released the worm from MIT, rather than from Cornell. The worm exploited several vulnerabilities to gain entry to targeted systems, including: * A hole in the debug mode of the

sendmail Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet. A descendant of the ...

'' program * A

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memory ...

or overrun hole in the ''

fingerd In computer networking, the Name/Finger protocol and the Finger user information protocol are simple network protocols for the exchange of human-oriented status and user information. Name/Finger protocol The Name/Finger protocol is based on Req ...

'' network service * The transitive trust enabled by people setting up network

login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some form ...

s with no

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

requirements via '' remote execution'' (rexec) with ''

Remote Shell The remote shell (rsh) is a command line computer program that can execute shell commands as another user, and on another computer across a computer network. The remote system to which ''rsh'' connects runs the ''rsh'' daemon (rshd). The daemon ...

'' (rsh), termed ''rexec/rsh'' The worm was programmed to check each computer it found to determine if the infection was already present. However, Morris believed that some

system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ensu ...

s might try to defeat the worm by instructing the computer to report a

false positive A false positive is an error in binary classification in which a test result incorrectly indicates the presence of a condition (such as a disease when the disease is not present), while a false negative is the opposite error, where the test resul ...

. To compensate for this possibility, Morris programmed the worm to copy itself anyway, 14% of the time, no matter what the response was to the infection-status interrogation. This level of persistence was a design flaw: it created system loads that brought it to the attention of administrators, and disrupted the target computers. During the ensuing trial, it was estimated that the cost in "potential loss in productivity" caused by the worm and efforts to remove it from different systems ranged from $200 to $53,000.

Criminal prosecution

In 1989, Morris was indicted for violating

United States Code In the law of the United States, the Code of Laws of the United States of America (variously abbreviated to Code of Laws of the United States, United States Code, U.S. Code, U.S.C., or USC) is the official compilation and codification of the ...

Title 18 (), the

(CFAA). He was the first person to be indicted under this act. In December 1990, he was sentenced to three years of probation, 400 hours of community service, and a fine of $10,050 plus the costs of his supervision. He appealed, but the motion was rejected the following March. Morris' stated motive during the trial was "to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects ehad discovered." He completed his sentence as of 1994.

Later life and work

Morris' principal research interest is computer network architectures which includes work on

distributed hash table A distributed hash table (DHT) is a distributed system that provides a lookup service similar to a hash table: key–value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The m ...

s such as Chord and wireless

mesh networks A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...

such as Roofnet. He is a longtime friend and collaborator of Paul Graham. Along with cofounding two companies, Graham dedicated his book ''ANSI Common Lisp'' to Morris, and named the

programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming ...

that generates the online stores' web pages

RTML RTML is a proprietary programming language used exclusively by Yahoo!'s Yahoo! Store and Yahoo! Site web hosting services. History The language originated at Viaweb, a company founded in 1995 by Paul Graham and Robert T. Morris, as the templa ...

(Robert T. Morris Language) in his honor. Graham lists Morris as one of his personal heroes, saying "he's never wrong."

Timeline

*1983 – Graduated from

Morristown, New Jersey Morristown () is a town and the county seat of Morris County, in the U.S. state of New Jersey. ...

*1987 – Received his

Bachelor of Arts Bachelor of arts (BA or AB; from the Latin ', ', or ') is a bachelor's degree awarded for an undergraduate program in the arts, or, in some cases, other disciplines. A Bachelor of Arts degree course is generally completed in three or four years ...

(B.A.) from

. *1988 – Released the Morris worm (when he was a graduate student at

) *1989 – Indicted under the

(CFAA) of 1986 on July 26, 1989; the first person to be indicted under the Act *1990 – Convicted in ''United States v. Morris'' *1995 – Cofounded

, a start-up company that made software for building online stores (with Paul Graham) *1998 – Viaweb sold for $49 million to

Yahoo Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo! Inc. (2017–present), Yahoo Inc., which is 90% owned by investment funds ma ...

, which renamed the software ''Yahoo! Store'' *1999 – Received Ph.D. in Applied Sciences from Harvard for thesis titled ''Scalable TCP Congestion Control'' *1999 – Appointed as an

assistant professor Assistant Professor is an academic rank just below the rank of an associate professor used in universities or colleges, mainly in the United States and Canada. Overview This position is generally taken after earning a doctoral degree and general ...

at MIT *2005 – Cofounded

, a seed-stage startup

funding firm, that provides seed money, advice, and connections at two 3-month programs per year (with Paul Graham,

Trevor Blackwell Trevor Blackwell (born 4 November 1969, in Canada) is a computer programmer, engineer and entrepreneur based in Silicon Valley. Blackwell is a developer of humanoid robots. Dr. Blackwell is the founder and former CEO of Anybots and a partner at ...

, and

Jessica Livingston Jessica Livingston, born 1971, is an American author and a founding partner of the seed stage venture firm Y Combinator. She also organized Startup School. Previously, she was the VP of marketing at Adams Harkness Financial Group. She has a B. ...

) *2006 – Awarded

at MIT *2006 – Technical advisor for

Cisco Meraki Cisco Meraki is a cloud-managed IT company headquartered in San Francisco, California. Their products include wireless, switching, security, enterprise mobility management (EMM) and security cameras, all centrally managed from the web. Meraki wa ...

*2008 – Released the

Arc, a

Lisp A lisp is a speech impairment in which a person misarticulates sibilants (, , , , , , , ). These misarticulations often result in unclear speech. Types * A frontal lisp occurs when the tongue is placed anterior to the target. Interdental lisping ...

dialect The term dialect (from Latin , , from the Ancient Greek word , 'discourse', from , 'through' and , 'I speak') can refer to either of two distinctly different types of Linguistics, linguistic phenomena: One usage refers to a variety (linguisti ...

(with Paul Graham) *2010 – Awarded the 2010 Special Interest Group in Operating Systems (SIGOPS)

Mark Weiser Mark D. Weiser (July 23, 1952 – April 27, 1999) was a computer scientist and chief technology officer (CTO) at Xerox PARC. Weiser is widely considered to be the father of ubiquitous computing, a term he coined in 1988. Within Silicon Vall ...

award *2015 – Elected a Fellow of

Association for Computing Machinery The Association for Computing Machinery (ACM) is a US-based international learned society for computing. It was founded in 1947 and is the world's largest scientific and educational computing society. The ACM is a non-profit professional member ...

(ACM, 2014) for ''"contributions to

computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...

ing,

distributed systems A distributed system is a system whose components are located on different networked computers, which communicate and coordinate their actions by passing messages to one another from any system. Distributed computing is a field of computer sci ...

, and

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

s."'' *2019 – Elected to

References

External links

* , at MIT {{DEFAULTSORT:Morris, Robert Tappan 1965 births Living people American computer programmers American computer scientists Computer systems researchers Cornell University alumni Place of birth missing (living people) Delbarton School alumni MIT School of Engineering faculty Computer security academics American computer criminals American technology company founders People from Long Hill Township, New Jersey Lisp (programming language) people American computer businesspeople Y Combinator people Harvard School of Engineering and Applied Sciences alumni People convicted of cybercrime People charged with computer fraud