[ISN] Wormholes in hacker case

From: InfoSec News (isnat_private)
Date: Thu Nov 07 2002 - 02:53:12 PST

  • Next message: InfoSec News: "Re: [ISN] Feds pursue secrecy for corporate victims of hacking"

    Forwarded from: Marjorie Simmons <lawyerat_private>
    By Patrick Gray 
    November 5 2002 
    The creator of the Anna Kournikova Internet worm, Jan De Wit, lost an
    appeal against his conviction in a Dutch court last week. He was
    sentenced to 150 hours of community service in September, 2001 for
    creating and releasing the worm. De Wit, aka OnTheFly, had appealed
    because he was afraid that a conviction would adversely affect his
    The primitive e-mail-based worm spread like wildfire in February,
    2001, infecting hundreds of thousands of computers. It arrived in an
    e-mail message promising raunchy pictures of the tennis star.  If the
    recipient opened the attachment, temptingly titled "Anna
    Kournikova.jpg.vbs", the worm would activate, sending itself to
    everyone in the receiver's address book.
    De Wit isn't a master by anyone's definition. He used a pre-made kit
    to write the worm, and most hackers regard him as a script kiddie.
    Script kiddies are hackers who have little real knowledge of computer
    security, or more importantly how to bypass it. They rely on scripts
    and tools that real hackers have written. Even other hackers regard
    them as mere pests.
    The Kournikova worm was fairly harmless and caused no direct damage to
    the systems that it infected. It did, however, cause mail servers
    across the world to become congested and in some cases seize up
    During the appeal, De Wit claimed that he was innocent of the charge
    laid against him because the worm did not cause any discernible damage
    to the infected systems.
    "Dutch law says there has to be damage in order for a conviction to
    occur, and there was no damage," said Theo Jansen, De Wit's lawyer.
    Jansen said his client did not mean to cause as much havoc as he did,
    and handed himself in to police when he realised the impact of what he
    had done. However, the prosecution did introduce at least some
    evidence of damage caused by the worm.
    Documents provided to the Dutch prosecution team by the US Federal
    Bureau of Investigation suggested that it had caused $US60,000 (about
    $A110,000) of damage among 55 affected organisations. But Jansen says
    the FBI "shook it (the damage figure) out of their sleeves" and that
    the FBI's explanation of how the amount was calculated was inadequate.
    During the trial, the court heard that De Wit had downloaded the virus
    toolkit he used to make the worm from the Internet.
    At the time that he released the worm, De Wit, who now works in a
    computer store, had just dropped out of his first year at university.
    His conviction will be permanently recorded, although he is still
    considering taking the matter to a higher court.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 05:04:00 PST