[tptacek]

I think the bigger thing was that the Internet just wasn't that big a deal at the time. I got serious access in '93, and into '94-95 there were still netsplits on it (UUNet/NSFNet is the one I remember most). It was a non-remunerative offense, with really unclear intent, that took out a research network. He had good counsel, as you can tell from the reporting about the trial, but the outcome made sense. I doubt his dad had much to do with it.

[mturmon]

Yeah, in 1988 the Internet appeared like a research network that connected universities. No money was directly at stake and the systems harmed didn't appear critical. Related to what Thomas says above, part of the response to the incident was to partition the Internet for a few days [2] - I don't know if such a thing would be possible now.

But looking into the specifics again after all these years [1], I read:

"The N.S.A. wanted to clamp a lid on as much of the affair as it could. Within days, the agency’s National Computer Security Center, where the elder Morris worked, asked Purdue University to remove from its computers information about the internal workings of the virus."

and that CERT at CMU was one response to the incident [2].

So there is a whiff of the incident being steered away from public prosecution and towards setting up security institutions.

Robert Morris did get a felony conviction, three years probation, and a $10K fine. As for hn users, aside from pg, Cliff Stoll has a minor role in the story.

[1] https://archive.nytimes.com/www.nytimes.com/times-insider/20...

[2] https://en.wikipedia.org/wiki/Morris_worm#Effects

[mr_toad]

> I think the bigger thing was that the Internet just wasn't that big a deal at the time.

Maybe I’m just getting old, but it seems like nothing was such a big deal at the time.

Everything seems to have gotten more uptight in the last few decades. I used to have a metal cutlery set that an international airline gave to every passenger on the plane.

[esafak]

Organizations naturally accrue regulations in response to incidents as time goes by.

[lysace]

> I think the bigger thing was that the Internet just wasn't that big a deal at the time.

”Computer crime” definitely was though.

[mindcrime]

From what I can remember, while there was some public awareness of "computer crime" by 1988 (War Games helped with that), it wasn't exactly a "big deal" to most people yet. My subjective recollection is that things took a marked turn around 1990, with the advent of "Operation Sundevil"[1], the raid on Steve Jackson Games, etc.

And by the mid to late 90's (I'd say about 1997) it was finally becoming "received wisdom" to most hacker that "this is real now: getting caught doing this stuff could mean actual jail time, fines, not getting into college, losing jobs, etc." Now I grew up in a rural part of NC and so we probably lagged other parts of the country in terms of information dispersal, so I expect other people view the timeline differently, so YMMV.

[1]: https://en.wikipedia.org/wiki/Operation_Sundevil

[tptacek]

Lots of chaos, but just three arrests. Did any of them proceed to full prosecutions? I'm reasonably sure Bruce Esquibel wasn't charged (at least, there's nothing in PACER to say so). I have no idea who "Tony The Trashman" was.

[icedchai]

Barely. In my area around that time, teenagers were causing havoc by breaking into local colleges just so they could get onto IRC and access FTP sites. "Network security" was a pretty new concept.

[tptacek]

Ehh? It had only recently been made explicitly criminal by federal statute. If you're thinking of "the Hacker Crackdown" that occurred a few years after the Morris Worm, or of Kevin Mitnick's exploits, it's worth keeping in mind that they were doing pretty crazy shit even relative to today; they were owning up phone switches across the country. And despite that, the penalties were not crazy high.

What you didn't have back then was financial fraud on the scale that happens today, where even nominal damages run into 8-9 figures.