Chain of Silence, Spring 1999: Melissa's Warning Signs of the Internet Age

Chain of Silence, Spring 1999: Melissa's Warning Signs of the Internet Age

In March 1999, an email was quietly sent in the United States. It arrived via Microsoft Outlook, a common tool used by everyone for business correspondence and communication with friends. The subject line read "Important Message From <user name>" and the attachment was "LIST.DOC. Many of the recipients opened this innocuous e-mail without warning. At that moment, a chain of silence began.

The "Melissa virus" was an extremely sophisticated and fast infection method at the time, exploiting the macro function of Microsoft Word to automatically resend itself to the top 50 recipients in the Outlook address book. This mechanism, in which the infected themselves were the propagators of the virus, was both a convenience and a vulnerability of the Internet. Attachments were made to look like business documents, cleverly circumventing the recipient's psychological defenses.

The virus did not directly cause destruction. However, by automatically sending a large number of e-mails, it placed a tremendous burden on e-mail servers and caused disruptions in the communications infrastructure of many companies and government agencies. Particularly large corporations and telecommunications carriers suffered serious consequences, including internal mail outages, server downtime, and business disruptions, resulting in social disruption. The author, David L. Smith, was arrested by the FBI and became the first person to be held seriously liable for the social damage caused by the virus.

Melissa spread quickly from the United States to the rest of the world, landing in Japan within days of its discovery. A wide range of organizations, including major corporations, government offices, and universities, reported infections, and emergency measures such as email restrictions, network shutdowns, and temporary server suspensions were implemented one after another. In particular, educational institutions and telecommunications carriers experienced server overloads and, in some cases, complete network shutdowns. The media coverage at the time focused heavily on this new type of virus, and it served as an opportunity to raise public awareness of the vulnerability of information security.

Historically, the Melissa virus can be considered a turning point in the evolution of computer viruses. While many earlier viruses were transmitted via floppy disks or other physical media, Melissa was the first to spread through the new space of the Internet. In addition, the "social engineering" approach of pretending that an e-mail message was from a trusted source and using the recipient's judgment to spread the message had a major impact on subsequent viruses.

In response to the spread of viruses, Microsoft revised the specifications of Word and Outlook to restrict the automatic execution of macros. Anti-virus software companies also rushed to develop automatic updating functions and improve the accuracy of real-time detection, and the security system of society as a whole began to undergo major changes. Above all, the greatest legacy of this incident is the widely shared recognition in Japanese society that "security is not an added value of IT, but a fundamental element. The Ministry of Education, Culture, Sports, Science and Technology (MEXT) and the Ministry of Internal Affairs and Communications (MIC) also stressed the importance of information morality and Internet literacy education, and the introduction of such education into elementary and secondary education was promoted.

The Melissa incident affected the foundations of society, such as infrastructure, institutions, and education, more deeply than the direct economic loss. In the spring of 1999, in a chain of silence, we finally began to recognize the sound.