The Ethics of Hacking:The Worm of 1988

Thanks in advance to:

• thefuturesite.com• time.com• world.std.com/~franl• www.eos.ncsu.edu/eos/info/computer_ethics

Takeshi Toyohara

CS99 Presentation on March 7, 2000.

Computing Ethics

The Worm?

Not talking about Dennis Rodman

Creation of Robert Morris– Son of the former Chief Scientist at NSA

What’s A Worm

Characteristics – Propagates itself across a network using

resources on one machine to attack other machines.

Not like a virus – Program fragment that inserts itself into other

programs– Also unlike viruses, worms are not always

malicious in purpose.

Worm Stats

Released on November 2, 1988

Ended up infecting over 6,000 network computers across the U.S.

Infects computers running 4.2 or 4.3 BSD UNIX and derivatives like SunOS

How Does the Worm Work?

The worm program attempts to connect to other machines

Bypasses user authentication via – loopholes in the software– “favorite” password cracking

Creates copies of itself, which search out other computers and infect them.

Security Loophole #1

Rsh and rexec are network services which let you execute remote commands

Looks for a remote account with the same name

Security Loophole #2

If rsh and rexec fail, the worm attempts to use a bug in the finger program.

Bug in gets()– Worm sends extra 24 bytes that overflow the

buffer and cause the process to run worm code.

Security Loophole #3

If those fail, the worm tries to exploit sendmail

Bug lets you specify a command line as the recipient of a message – Released version was compiled in DEBUG

mode

A Day in the Life

NOVEMBER 2, 1988 6:00 PM At about this time the Worm is launched. 8:49 PM The Worm infects a VAX 8600 at the University of

Utah 9:09 PM The Worm initiates the first of its attacks to infect

other computers from the infected VAX 9:21 PM The load average on the system reaches 5 - usually

level is 1. 9:41 PM The load average reaches 7

A Day in the Life

10:01 PM The load average reaches 16 10:06 PM At this point there are so many worms infecting

the system that no new processes can be started. No users can use the system anymore.

10:20 PM The system administrator kills off the worms 10:41 PM The system is reinfected and the load average

reaches 27 10:49 PM The system administrator shuts down the system.

The system is subsequently restarted 11:21 PM Reinfestation causes the load average to reach

37.

Worm Effects

In under 90 minutes from the time of infection, the Worm had made the infected system unusable

Over 6,000 machines affected No physical damage, but between $100,000 and

$10,000,000 were lost due to lost access

An Ethical Worm?

Look at what the worm did and did not do.

The Worm is Good?

Did not delete a system's files Did not modify existing files Did not modify other programs to do its work

for it Did not install trojan horses Did not record or transmit cracked passwords Did not make use of any special privileges

gained

The Worm Did What?

Did show sysadmins numerous security holes

Did show that convenience is nothing without security

Did raise the world’s awareness to the vulnerability of the Internet

Did show other important lessons– Cooperation,diversity of networks, logging

Real Hacking

Hacking Cracking

“Hacking is generally accepted to be the arena of very smart people"

"Denial of service attacks, like what happened to Yahoo and eBay, are seen as bottom-of-the-barrel assaults; they don't require a lot of brains."

The Hacker Ethic

Information-sharing is a powerful positive good– ethical duty of hackers to share their expertise

by writing free software and facilitating access to information and to computing resources wherever possible.

System-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.

Hacking Ethically?

Highest forms of hacker courtesy– break into a system– explain to the sysadmin, how it was done and

how the hole can be plugged Hacker sense of community

– actively willing to share technical tricks, software, and computing resources with others

– Sysadmins just need to look for this info

My Thoughts

We should take a Machiavellian attitude towards hacking.

Morris’s release of the Worm was unethical, but the idea behind it had much merit.