First Indictment Under Computer Fraud and Abuse Act

Robert Tappan Morris, a Cornell University graduate student, is the first person to be indicted under the 1986 Computer Fraud and Abuse Act.

Morris was prosecuted for creating and releasing the Morris worm, generally recognized as the first computer worm to infect the internet. He released the worm from computers at MIT in order to keep the light of suspicion away from Cornell.

Morris said later that his intentions were purely intellectual, that he created the worm in an attempt to measure the size of the internet. A design flaw in the worm's delivery system, however, caused some infected computers to keep replicating the worm until they became unusable. A number of systems were disabled by the Morris worm.

On July 26, 1989, Cornell graduate student Robert Tappan Morris was indicted for spreading the Internet’s first worm virus, infecting more than 6,000 university, research center and military computers.

On July 26, 1989, Morris became the first person to be indicted under the Computer Fraud and Abuse Act of 1986. He was convicted in 1990, sentenced to three years of probation, 400 hours of community service, a fine of $10,050 and the cost of his supervision.

On July 26 1989, the first U.S. indictment for spreading malware was issued.

The Morris Worm, the first Internet worm, was released by Cornell grad student Robert Morris back in November 1988 that infected maybe 10% of Internet-connected machines. It exploited a vulnerability in Sendmail and fingerd to propagate itself.

The worm didn’t do anything intentionally malicious, but it spread itself with great vigor and chewed up system resources. It’s lasting effect was to open the eyes of the computing industry regarding network security, application vulnerabilities, and the value of having an incident response process (the effects of the worm was made worse by system administrators knee-jerk response of shutting down their Sendmail daemons).