My lecture had been prepared the prior Friday. It was the combination of statistical analysis and computer skills that I taught every term to graduate students in the public policy program.

I placed the notes on the podium, slipped out of my suit coat, and started to roll up my sleeves. The routine was a theatrical touch I used to signal that I had left my office and was joining the students in the act of learning.

I picked up the chalk and was about to start my lecture when a student in the third or fourth row raised her hand and asked, "Can you explain what happened last week?"

The date was Monday, 7 Nov. 1988. The student's question referred to the Internet worm, a computer program that had attacked the nation's research computers during the previous week. An unwelcome visitor that had invaded the network and sucked up the free process cycles of every machine it infected, the worm crawled from machine to machine by exploiting security weaknesses in the late-1980s versions of the Unix operating system.

First spotted the prior Wednesday night by the computing staff at Cornell University, the worm was soon seen at MIT, which had strong research ties to Cornell. By shortly after midnight, it had spread across the country, reaching the machines at the University of California, Berkeley.

The worm used three different methods to propagate. It could drop a little piece of code in a remote machine by feeding a string of text to a common operating system command. It could also enter a machine through the mail program's debug option, which was commonly left open in those less sophisticated days. If those two methods failed, the worm could gather a list of user IDs from the machine and attempt to guess the correct password.

Most passwords of that era were short, simple, or obvious. A surprising number of young graduate students selected their passwords from popular culture. One computer manager speculated that every research computer in the nation had at least one user who protected his account with the password "darthvader."

By early Thursday morning, the worm had attacked all the major centers on the Internet and had drawn the attention of the network operators. At first, some operators thought that a malfunctioning program was consuming all of the machine time. When they could not purge the program from their computers, the operators concluded that something was wrong.

"A virus has been detected on media lab," wrote a worried researcher at MIT, who added that "The virus is spread via mail, of all things." Desperate to bring their machines back under control, the researcher took the radical step of terminating the e-mail system. Unable to communicate with their computers, the researchers were reduced to calling each other over the telephone.

"This situation will continue," apologized the MIT researcher, "until someone figures out a way of killing the virus and telling everyone how to do it without using e-mail."

At MIT, Cornell, and a half dozen other sites, the computer staff worked through the day and into Thursday night as they tried to isolate the program and determine how it worked. Some researchers grabbed images of the machine code as it spread itself through the network. Others traced the code's actions.

As they worked, the story of the worm started to spread through the research community. By the end of the day, the news had reached media outlets, which sent reporters to MIT and Cornell to ask what was happening to the nation's research computers.

Most of the reporters knew little about computer operations and even less about networks. The managers found that they had to explain the network's most basic activities, including e-mail, file transfer, and remote access.

"The media was uniformly disappointed that the virus did nothing even remotely visual," recalled an MIT researcher. "But the vast majority of the press seemed to be asking honest questions in an attempt to grapple with the unfamiliar concepts of computers and networks."

By Friday morning, the researchers were starting to understand how the worm operated and how they could keep it from spreading. They reconfigured their mail programs, changed the name of their C-language compiler, patched weak code, and hid their password files. By Saturday morning, the worm started to disappear from the computers, which allowed the researchers to return to their routine tasks. By Monday morning, only two problems remained: They needed to determine who had created the worm and find a strategy to block such programs.

On that Monday, standing in my classroom, I could do nothing to help solve these two outstanding problems, but I knew enough to be able to explain the worm, in broad terms, to my students.

Even though it was entirely improvised and had nothing to do with the goals of the course, that class was one of the most satisfying I have ever taught. The students drove the discussion, asking how the worm worked and how it might have spread. As the hour progressed, we moved into a fairly detailed discussion of computer processors, operating systems, and network protocols.

Midway through the class, the student who had started this discussion raised her hand again. "Why weren't our computers affected by the program?" she asked.

Her voice was almost plaintive, disappointed. An event of great import had just happened, but it had not touched her. The tone made me pause before answering. "Because we're different," I said.

I explained that the worm only worked on a certain kind of operating system and hence only touched a few brands of computers. The computers that had been affected were Unix systems made by Digital Equipment Corp. or Sun. Our school had IBM equipment that was connected to a network using IBM software. The plague passed over our house because we were different.

As I was addressing my class, the FBI was starting to draw up lists of individuals who might have created the worm. Although some media reports suggested that the worm might be an act of espionage from the tottering Soviet Union or the creation of organized crime, most investigators assumed that the perpetrator was a "bored graduate student"—someone who would have the necessary knowledge, access to networked computers, and the time such a project required.

On the whole, the graduate students who were developing computer networks at that time formed a fairly privileged class. To be sure, a number of them slept in their research labs and ate nothing but macaroni and cheese, but they worked at the elite research universities, had a good education, and came from comfortable homes.

No one should have been surprised when the FBI asked for warrants to search university computer laboratories, but they were. We "all gasped and hoped it had not really been one of our students," recalled one researcher.

By Thursday, the FBI was focusing its attention on Cornell University and one graduate student, Robert Tappan Morris, the son of a nationally known computer security expert.

The community of computer scientists did not know how to react to the news of Morris's arrest. He was one of their own, a young man who had been born into the world of digital technology. Yet, he had badly transgressed this community's standards of behavior.

These standards reflected the ideals of the scientists and engineers who had created the network. They had never been formally codified, but they permeated the community. The network was disciplined, explained one researcher, "almost exclusively by peer pressure." If someone misused the network, there was a good chance that he might get 500 or 1,000 pieces of electronic mail telling him that it wasn't an appropriate thing to be doing.

Even though Morris had violated the network community's standards, he found a fair amount of sympathy among his peers. "I don't know of too many who want to see this kid rot away for the next few decades in a jail," commented one computer scientist. The researchers acknowledged Morris as one of their own, an individual who had demonstrated bad judgment and seemed to be aware of his error.

The community was generally relieved when the young graduate student received only a mild punishment for his actions: three years probation, $10,000 in fines, and 400 hours of community service. "He was playing with fire," observed one witness who had testified against Morris, "but he didn't really mean to burn anybody."

The strongest objections to Morris's sentence came from those interested in commercializing information technology. "Industry was counting on a tough sentence for Morris," wrote two members of the US Congress. Viewing Morris as representative of a renegade segment of society, they argued that "Destructive computer hacking would largely stop if a few computer vandals were put behind bars."

The 1988 worm attack occurred at a key point in the Internet's development. The news stories that explained network operations and services introduced digital communication to millions and laid the foundation for the effort to build a commercialized Internet four years later. Yet, it also marked the end of the Internet as a close, tightly knit community. Prior to 1988, most of the major network managers knew each other. They shared information and handled their responsibilities with a personal touch. Users might feel that they were part of an inner sanctum. Yet, this world was slipping away as the network expanded.

The Internet's expansion brought greater uniformity to computer hardware and software. When Arpanet's progenitor began operation in 1970, the idea of a common operating system running across dozens of different platforms was unknown. "The types of machines and operating systems involved in the network vary widely," explained an early article on networking. "The only commonality among the network membership is the use of highly interactive time-sharing systems; but, of course, these are all different in external appearance and implementation."

After the 1988 worm attack, software designers moved to secure the network by protecting a few common pieces of software, such as Unix. When the next generation of worm writers began to test their skills, they aimed at a target that may have been better protected than the 1988 Internet, but was also more standardized. This standardization created new targets for virus writers, such as the common e-mail interface found on most office computers.

In May 2000, another debilitating worm attack struck the Internet. Emails that sported the subject line ILOVEYOU carried the virus. These e-mails contained an attachment that would use the e-mail interface to replicate itself and send copies to every address stored in the recipient's e-mail database.

Within hours, the new worm had circled the globe and paralyzed the computers of many institutions, including Ford Motor Company and several major New York investment firms.

Unlike the 1988 attack, a group of institutions that had been given the job of defending the network against intrusion studied the ILOVEYOU virus. These institutions had developed a great deal of expertise about worms, Trojan horses, viruses, and other programmatic attacks on the network. "It frightens me to think about what is out there," confessed one security expert. Such attacks were no longer caused by a "bored graduate student." By then, many different sorts of people possessed the expertise, had access to equipment, and had the time needed to prepare such a program.

Early in the attack, someone claimed that the ILOVEYOU virus had originated with a German graduate student, but this idea was quickly dismissed. The virus code contained several clues that it came not from Europe but from the Philippines. It included, for example, the word "barok," a Tagolag term meaning "fool" or "crazy person." It also had the phrase "I hate to go to school." A security consultant suggested that "They're either trying to look like a teenager or they are a teenager."

The investigation soon focused on a small group of friends from a lower-middle-class neighborhood in Manila. The most likely suspect appeared to be Onel de Guzman, a student at a local computer school who lived in a weary and worn apartment with his sister and her boyfriend. In their world, there was enough money to purchase an inexpensive desktop computer, but there were no family connections to the computer community like those that Robert Morris's father possessed. De Guzman had shown talent in computer programming at a local computer school, but he had accomplished nothing that would have given him entry to the laboratories of Harvard or Cornell.

De Guzman found no sympathy from computer scientists, business students, or the computer industry. Even though he made a few statements about the freedom of the Internet, these ideas found no sympathetic ears in the US. Most network users were disappointed when de Guzman did not have to face prosecution on charges of disrupting the Internet. "A panel of prosecutors dismissed the charges," reported The New York Times in Sept. 2000, "saying the laws cited did not apply to computer activity and there was insufficient evidence showing an intent to gain from the e-mail program."

Over the years, the students of 1988 and those that followed taught me how far the Internet had extended into our lives. The letters I received from them followed a common pattern. Each began with the hope that I remembered them, gave a brief sketch of the author's life, and perfunctorily asked for news about me. At the end, appearing to be an afterthought, they added, "and could you write a recommendation for me?"

As a group, these students were delighted to discover the Internet's growing scope. They wrote messages from a luxury hotel in Atlanta that delivered coffee and chocolate to them at their keyboards; a public library in Alaska, where the crews of fishing boats waited in line to use a computer; a technology center in rural Germany; a cafe in Yerevan, Armenia, that had electricity for only eight hours a day; and a massive room off New York's Times Square, where the air hung heavy with the smell of sweat and the keys clicked as 80 people anxiously rushed to finish their work before their allocated computer time came to an end.

Even though they relished the power of computer networks, these students were wary of network technology in a way that younger individuals were not. They had been eager to leave our school with its nonstandard machines and restricted protocols. But they were not surprised when public machines were crippled by viruses, when security software blocked their messages, or when they received enticing offers of quick wealth from the distant relatives of central African dictators. Their first introduction to network had been the Internet worm. They knew the price you had to pay when you wanted to be like everyone else.

David Alan Grier is the editor in chief, IEEE Annals of the History of Computing, and the author of When Computers Were Human (Princeton University Press, 2005). Grier is an associate professor in the Center for International Science and Technology Policy at the George Washington University. Contact him at grier@gwu.edu.