The Department of Defense thought the Russians were attacking.

An MIT computer called PREP was the first to be penetrated. It was Nov. 2, 1988, and the time was approximately 8 p.m. Within hours and into the following morning, an estimated 10% of all machines connected to the Internet would crash, overloaded with several copies of a mysterious program.

See also: 8 Best Free Tools for Internet Security

It wasn’t until a few days later that the source of the problem became clear: a computer worm — a program with the goal of widespread self-replication through theberk Internet — and the first of its kind. Saturday marks its 25th anniversary.

Surprisingly, the worm's creator was not a Soviet cyber-criminal but a 23-year-old Cornell student who'd made a few crucial coding errors. His name was Robert Morris, he'd unleashed something he could not control, and the eyes of a continent were suddenly trained on him.

"Early in the morning of the 3rd — really early — I tried to log in to look at my email and I couldn't get into the server, into the hub," says Gene Spafford, Ph.D. "Spaf" is a professor of computer science at Purdue University and one of a handful of experts that stepped up to analyze and dismantle the worm in the hours following its release. "So I went in to investigate what was wrong with the server and in doing so, found some software problems."

Those software problems were, of course, the effects of the Morris worm. Its uninhibited self-replication overwhelmed servers, slowing them until they eventually crashed. It happened quickly, and it happened in labs, schools and government agencies across the nation.

Spaf quickly created two separate mailing lists in response to the emergency: one local, for administrators and faculty, and another, referred to as the Phage list, for those with questions or information regarding the attack. The Phage list would become a vital resource through which Internet users could understand the worm, stay up to date on news and discuss broader security concerns.

One early anonymous poster relayed a message he'd received from then anonymous source. The message said, simply, "I'm sorry" and listed ways to prevent the worm from spreading further. The source would later be revealed as Andy Sudduth, a friend of Morris' from Harvard University.

"I guess it was bound to happen some day," reads a response from a Phage list participant.

For Phage list members, Internet users and Morris, the saga had only just begun.

The Internet in 1988

"The Internet at the time was very open. Security was not really a major concern," says Mikko Hypponen, chief research officer of F-Secure, a Finnish anti-virus company. "Almost all the services were run by universities, and commercial use of the net was frowned upon."

The best estimates had the total number of machines connected to the Internet in the neighborhood of 65,000 to 70,000 machines in 1988. Though it'd been around for about 15 years at the time, the Internet was still a primarily academic, military and governmental organism.

"I won't say we trusted everybody, but there was generally the attitude that nobody was out to do vandalism or mischief," Spaf tells Mashable. "You lived in a neighborhood where there were many people down the block, but you could leave your doors unlocked without worrying about arsonists in the neighborhood."

Administrators believed their flawed security practices to be adequate, largely because of the nature of the online community at the time. The Morris work quickly exploited these vulnerabilities.

The Worm

Economic losses caused by the worm's effects varied by location and length of infection. The University of California Berkeley estimated that purging the worm from the institution took 20 work days. The judge's opinion in U.S. v. Morris states, "The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000."

One industry estimate places the total cost of the Morris worm between $250,000 and $96 million dollars.

"All people knew at the time was that computers were shutting down," says Mark Rasch, the federal prosecutor in United States v. Morris during an interview with Mashable. "There was this degree of panic and uncertainty because of the nature of how the worm spread."

Though the worm was sophisticated, pervasive and highly disruptive, it was not programmed to destroy or delete anything, and it never did. Its destructive power came from its rapid self-replication — the faster it copied itself, the slower and more bogged down network communication became. In under 90 minutes from the time of attack, the worm would render an infected system unusable.

"The software was clearly written to spread. It could've been written to be destructive — it wasn't," says Spafford. "So I don't think he had any intent to cause damage. Anything that was caused was likely accidental or incidental."

Morris, by most accounts, did not intend for the worm to replicate as quickly as it did. Through a coding error, the worm spread much faster and more publicly than was likely intended. The Cornell report on the worm states, "Morris seemed preoccupied but appeared to believe that he had made a 'colossal' mistake."

Image: Flickr, Intel Free Press

"The truth is, with an attack like this, assumptions ranged from mildly annoying to the end of the world," Rasch says. "There were some who thought this was a prelude to world war, thought this was an attempt by the Soviet Union to engage in cyber warfare, and you know, launch nuclear weapons."

The Motivation

If the worm wasn't intended to damage or steal anything, what was Morris' motivation? Some in the community have speculated it was intended to bring attention to security flaws. Spafford disagrees.

"I don't see that there's evidence for that. The flaws that were there, he could've pointed out in other ways," he says. "I've never really bought into the idea that you've gotta burn a building down to show it's flammable."

According to Rasch, the Department of Justice at the time had no higher agreed-upon motive than "because it could be done."

"It was driven in part by curiosity and possibly a certain amount of hubris," says Spaf, who admits the motive can never be certain. "He's remained quiet on all of this for the last 25 years — which I think is much to his credit, by the way. He's appeared to be contrite, moved on with his life and actually done some very good things in his career."

Morris ultimately came forward and admitted to creating the worm. His trial marked the first federal computer crime case.

The Trial

Morris was convicted of violating the Computer Fraud and Abuse Act, was fined $10,050 and sentenced to 400 hours of community service and three years of probation. Many, including Spafford, feel his felony conviction was too harsh.

"I've never thought that a felony was quite the appropriate level. I think a misdemeanor would've been much more appropriate," he says. "A lot of it was unintentional vandalism."

According to Rasch, the debate between a felony or misdemeanor charge was rigourous.

"It wasn't reached lightly; it wasn't like, we need to punish this guy," he says. "He began his testimony by saying, I did it and I'm sorry. "I said, 'Okay, what am I gonna prove: He didn't do it or he's not sorry?'"

The conduct of the crime, says Rasch, clearly fell within felony provisions. The general consensus of all parties was that Morris was not a criminal; he was someone who committed a crime.

The Outcome

In the years since, Spafford has explored seeking a presidential pardon for Morris. The latter's behavior and the changing nature of computer crime has led many to believe Morris' felony conviction should be removed.

"Not only would I support a pardon, but if he were to ask me, I would represent him in seeking a pardon," says Rasch."Does he need a felony on his record? No. Does he need to have the restraints on civil rights and liberties associated with a felony conviction? No. Is he rehabilitated? I think he was rehabilitated within an hour of the worm's launch.

"I'm sure that Im not Robert Morris' favorite person in the world, but I went to pains not to over-prosecute, not to over try him."

The Morris worm case led to the creation of CERT and fundamentally changed the way Internet users viewed security. In a time when the general public was largely unaware of the Internet, his crime brought it to the forefront of the national debate. Not many condone his actions, but there's no denying the impact Morris has had on online evolution.

"He's not an evil genius because he's neither evil or a genius," says Rasch. "He's just a very smart guy who wrote a program that did pretty much what he wanted it to do — except for that one mistake."

Image: Mashable composite. iStockphoto, krystiannawrocki