Army Researchers Thought Morris' Worm Was Foreign Attack
Jan. 17, 1990
SYRACUSE, N.Y. (AP) _ Officials at an Army laboratory thought a foreign enemy was trying to steal military data when the worm unleashed by a Cornell University graduate student invaded their computer system, a computer specialist testified Tuesday.
''Our specific concern was that it was an attack by a foreign power,'' said Michael Muuss, leader of the Advanced Computer Systems team at the Army Ballistics Research Laboratory at the military proving ground in Aberdeen, Md.
''We had a real fear that someone had broken in and was trying to take data inside and send it to somebody outside, or that it would modify data,'' Muuss said as the federal computer tampering trial of Robert T. Morris entered its second week of testimony.
Jurors also listened to testimony from computer system managers at Purdue University, Carnegie-Mellon, Georgia Polytechnic Institute and the University of Rochester.
Prosecutors expect to call their final three witnesses Wednesday in the case against Morris, who is charged with designing and setting loose a program that broke into a federal nationwide computer network in November 1988 and paralyzed an estimated 6,000 computers.
Defense attorney Thomas Guidoboni claims that Morris, 25, of Arnold, Md., created the worm as an experiment, made a mistake that allowed it to go berserk and did not mean to cause any damage.
Muuss testified Tuesday that the Army laboratory shut down 200 computers linked to MILNET, a global network carrying unclassified military information, when Morris' worm infected one machine hooked up to the Internet network. MILNET carries information ranging from computational chemistry to data on improving projectiles and armors.
The research center disconnected itself from MILNET, and two supercomputers located at Aberdeen were shut off to outsiders for six days while a team worked to eradicate the worm from the system, Muuss said.
Guidoboni questioned whether the research facility overreacted by shutting off all its computers for so long when most universities attacked by the worm were operating again within two days.
''At a university, the end result may have been that someone didn't get a paper published,'' said Muuss, adding that his computers contained information on the evolution of weapons to 20 years in the future.
''Protecting defense information is a critical part of the defense business,'' he said. ''We had to certify that no data was stolen or modified, and make sure our system could resist such an attack if it happened again.''
Under cross-examination, Muuss acknowledged that computer security at the military laboratory had been improved because of the worm's invasion.
Witnesses from the universities described to the jurors the events surrounding the worm's attack and the efforts made to purge it from their systems. While no data was permanently lost or damaged, the witnesses said the worm proved costly in terms of eradication and follow-up investigations .
Guidoboni focused his questioning on the point that the worm was easily halted by switching off the infected computer and unlinking from Internet.
Daniel Nydick, a systems manager at Carnegie-Mellon, said he got rid of the worm simply by crawling under his computer and unplugging it.
However, Nydick said outside the courtroom that it was ''probably unrealistic'' to apply that solution to the problem when it was university- wide. He added that officials also were unsure where the worm was coming from and how it was getting into the computers.