Nature of the internet makes cybercriminals hard to catch

[InfoSec News <isn () c4i org>]

http://www.smh.com.au/articles/2004/02/05/1075853987198.html

Fort Worth, Texas
February 5, 2004

In 1990, Robert Morris Jr carved his name in cybercrime history when
he became the first person prosecuted under America's 1986 Computer
Fraud and Abuse Act.

There haven't been a lot of others since. Professionals who follow the
hazy world of computer viruses and worms bemoan that, but they also
doubt it can be helped much.

"Cybercrime is infinitely more difficult to prosecute than physical
crime," said Matthew Yarbrough, a Dallas, Texas lawyer who created the
Cybercrimes Task Force at the Dallas US attorney's office in 1997. "If
someone doesn't brag about it, it's damn near impossible to catch
these people."

The latest high-profile worm, MyDoom or Novarg, hit last week and by
Wednesday had infected about 20 per cent of the emails in the United
States.

The very nature of the internet, with its far-reaching links and easy
anonymity, offers the opportunity for hackers and virus writers to
launch attacks and disappear in an instant, said Yarbrough, who now
heads the Cyber Law Group in the Dallas office of Fish & Richardson.

That and the sheer volume of viruses, added Graham Cluley, senior
technology consultant at Sophos, a computer security firm with offices
in England and the United States.

"We know of about 86,000 computer viruses, and they're all written by
someone," Cluley said from his home in Oxford, England. "We know of a
lot more virus writers than are ever arrested," largely because their
handiwork doesn't cause enough damage, he said.

He said the first conviction in Britain under a law similar to the US
Computer Fraud and Abuse Act was in 1995, when Christopher Pile was
sentenced to 18 months for his SMEG virus.

Like Yarbrough, Cluley said that finding out who wrote a virus often
depends less on sophisticated electronic sleuthing than on
old-fashioned tips and gossip.

"What is the fun of writing MyDoom and seeing it on the world news if
you can't say to your mates, 'That was me!' They cannot resist talking
about it," Cluley said.

That's not much different from your run of the mill miscreants, said
Lieutenant Jesse Hernandez, a spokesman for the Fort Worth Police
Department in Texas.

"Often, we end up clearing a case or getting good leads because people
like to talk about their exploits and it gets back to us," Hernandez
said. "That's why CrimeStoppers is so effective."

But there are times when strong electronic clues exist. Jeffrey Lee
Parson of Minnesota was arrested on August 29 for distributing a
variation of the Blaster worm that eventually infected an estimated
7,000 computers. Parson left clues, ranging from his website to screen
names to his personal computer, virus experts said.

But the creator of the original Blaster, which infected hundreds of
thousands of computers, has never been identified.

David Smith, author of 1999's Melissa worm, was identified by an ID
number from the Microsoft Word program he used. Onel de Guzman, author
of the Love Bug, or ILOVEYOU email worm of 2000, was found because he
created a version of the virus for a college thesis.

Smith, a New Jersey resident, was sentenced to 20 months in jail. But
Guzman was released because the Philippines, where he lived, had no
laws against creating a computer virus.

Similarly, Chen Ing-hau of Taiwan was never charged with distributing
the Chernobyl virus in 1998.

The stiffest jail term worldwide, Cluley said, went to Simon Vallor of
Wales, who drew two years in jail for his Gokar/Redesi worm in 2002.  
That contrasts with Jan de Wit of the Netherlands, whose Anna
Kournikova email worm went worldwide in 2001 but drew him a sentence
of just 150 hours of community service.

"He protested that it was too harsh, but fortunately they didn't
listen," Cluley said.

Microsoft Corp, whose widely used Windows and Outlook mail software
programs are common targets of viruses, raised the financial stakes
last November with $US250,000 ($A328,882) bounties on information
leading to the arrest of the authors of the Blaster and So.Big worms
that circulated last year.

And although the US Department of Homeland Security last week
announced the creation of the National Cyber Alert System, computer
security experts don't predict significant progress in combating virus
attacks.

"Long term, there will always be people trying to do this," said Jonah
Paransky, senior manager for Managed Security Services at anti-virus
service Symantec. And it will continue to be difficult to trace
"because people don't want someone tracking them everywhere they go on
the internet. You get the same concerns about civil liberties" that
apply in the rest of society, he said.

The best approach for computer users, he said, is to invest in good
anti-virus software and never open email attachments of suspicious
origin.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.