April 13, 2026, 6:28 am | Read time: 6 minutes

On the evening of November 2, 1988, 23-year-old student Robert Tappan Morris launched a small program. This seemingly harmless act ended with the shutdown of the internet. What happened? Thousands of computers were infected with a computer virus. The digital troublemaker was later named the “Morris Worm.”

But first, let’s go back to the beginning. The ambitious computer science student Robert Tappan Morris wanted to answer one question: How big is the internet, really? This question had been on his mind since the summer of 1988. At that time, Morris worked alongside his studies in the research lab of the American telecommunications company AT&T. There, he dealt with the security of Unix systems, an operating system popular on computers at the time.

Internet back then an elite circle

The birth of the internet as we know it today was still to come at that time. Nevertheless, the young student was interested in how many computers would be at risk if someone exploited a critical security flaw in the network.

To find the answer, he programmed a small tool to install it over a data line on the connected computers of the internet. This internet consisted of just about 60,000 computers and around two million users, mostly from the scientific community or university staff.

An unstoppable error

Morris was studying at Cornell University in New York State at the time. However, for his small experiment, he did not use the available devices at his university. To conceal his identity, the student used the computing center at MIT in Boston.

After sending his small program on its journey through the data networks from there, Morris went out to eat. Upon returning to the computer, nothing was the same. Not only was something brewing, but worse: What had already been set in motion was no longer stoppable.

Morris Worm brought the internet to its knees

For the construction of his small program, Morris had developed a precise plan. It was supposed to hop from computer to computer upon installation, with the sole purpose of reporting back the existence of a connected computer. The tool was meant to remain as invisible as possible and install itself only once on each computer.

However, due to a tiny programming error, things went terribly wrong. The tool spread unexpectedly quickly across the computers. Even more dramatically, it installed itself repeatedly on all computers. Within just three hours, several thousand computers in the U.S. were infected. The internet descended into chaos and ultimately, at least temporarily, completely collapsed.

Network was on the brink of collapse

On the night of November 2 to 3, 1988, the U.S. part of the then-internet was on the brink of collapse. Administrators of the infected computers reacted immediately and tried to rid systems of the pesky program. But the computer worm proved to be stubborn. Out of sheer desperation, some connected institutions simply took their computers offline.

The Morris Worm affected computers at universities such as Harvard, Princeton, Stanford, and Johns Hopkins. Even NASA’s computers refused to work due to the programming error.

How bad the Morris Worm really was

The damage caused by the first computer worm was relatively harmless. Today, people think of infected computers as having deleted hard drives and complete data loss. The Morris Worm did none of that.

It only put extreme strain on the hardware of the time, causing long load times and delays in email traffic on many computers. Later, investigators said that sending emails sometimes took days. That would be a disaster today, but it was already a significant issue back then.

The Morris Worm reportedly completely disabled up to 6,000 computers, accounting for about ten percent of the internet traffic at the time. The economic damage was estimated to be between 10 to 100 million U.S. dollars. An exact figure was never determined.

More on the topic

Office Alternative How a 16-Year-Old Taught Bill Gates to Fear

More than 40 years ago How Tetris Became a Global Gaming Phenomenon

Three years probation

Because a friend of Morris accidentally revealed the hacker’s initials to the “New York Times,” investigators tracked down Robert Tappan Morris within a few days.

It was only then revealed that Morris’ father worked as a data security expert at the NSA, the U.S. foreign intelligence service. The ” New York Times” reported this on November 5, 1988. Allegedly, Robert Morris Sr. was instrumental in the development of Unix. Whether the son was allowed to look over his shoulder more often remains the Morris family’s secret to this day.

The tiny programming error had legal consequences for the computer science student nonetheless. Morris is not only, albeit unintentionally, responsible for the first computer worm but also the first person to be convicted for spreading computer viruses. The judges’ verdict in 1990 was: three years probation, 400 hours of community service, and a fine of nearly 10,000 U.S. dollars. Additionally, he had to cover court costs of about 150,000 U.S. dollars.

Also interesting: Everything about security at TECHBOOK

First computer worm brings cybersecurity into focus

The worm did not hinder his later professional career. In 1995, Robert Tappan Morris founded the software company Viaweb with computer scientist Paul Graham. In the early days of the World Wide Web, it allowed the creation of online stores. Paul Graham recalls this time on his website.

The two former students sold the company to Yahoo in 1998 for 49 million U.S. dollars. Morris then began his academic career. Since 2006, he has been working and researching at MIT as a computer science professor. TECHBOOK also tried to reach Morris for a brief interview via email through the university. Unfortunately, there was no response from the developer of the first computer worm.

However, the Morris Worm had a positive outcome. As an immediate consequence, the Computer Emergency Response Team (CERT) was established in December 1988. This independent institution coordinates countermeasures to fend off large-scale hacker attacks on computer systems. CERT still exists today and is considered a pioneer of modern cybersecurity agencies worldwide, including in Germany.