Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!rutgers!att!occrsh!rjd
From: rjd@occrsh.ATT.COM (Randy_Davis)
Newsgroups: comp.misc
Subject: Re: Possible Fines for Virus Perpetrator
Keywords: Morris, virus, internet
Message-ID: <440@occrsh.ATT.COM>
Date: 7 Nov 88 15:27:29 GMT
References: <456@l5comp.UUCP>
Distribution: na
Organization: AT&T Network & Data Systems, OKC
Lines: 28

In article <456@l5comp.UUCP> john@l5comp.UUCP (John Turner) writes:
:
:		  So, it was Robert T. Morris Jr., was it?
:
:I believe the contemplated charges are 'unlawful access to a federal computer'
:(multiple counts?) and 'fraudulent use of a federal computer'; the second
:charge is good for twenty years hard time, the first for up to a year and a
:$250,000 fine.  Pretty heavy stuff for a 23 year-old Cornell grad student.

  Agreed.  Though he did bring some machines to their knees from the
side-effect of the virus starting all those mail processes at one time, I fail
to understand why everyone is yelling for his head.  I see at least two
reasons he should not be heavily prosecuted:

  1) He did not destroy data.
  2) The worm (not virus, as I understand it) pointed out, in a very graphic
     way, the vulnerablility of some systems, in a relatively non-destructive
     fashion.  It probably will get a lot more action than any simple security
     notice would.

  Sounds like the only reason it did any damage at all was an oversight on the
hacker's part, that the spawning of all those sendmail processes would slow
the machines to a standstill.

  Yeah, sure, this view is going to be unpopular, and is probably irrelavent
anyway, as he is going to be in high demand as a security expert - probably
enough so that somebody might offer him the fine money as a hiring bonus.

This is, of course, assuming he is found guilty if charges are filed.