http://www.washingtonpost.com/wp-dyn/articles/A2306-2003Aug29.html By Ben White and Charles Duhigg Washington Post Staff Writers Saturday, August 30, 2003; Page A01 Government investigators yesterday arrested a Minnesota teenager on charges of unleashing a version of the "Blaster" worm that snarled Internet traffic and shut down computer systems from Maryland to Sweden earlier this month. FBI agents arrested Jeffrey Lee Parson, an 18-year-old high school senior, early yesterday at the home he shares with his parents in Hopkins, Minn. The U.S. attorney's office in Seattle, which is leading the case, charged Parson with intentionally damaging thousands of computers owned by Redmond, Wash.-based Microsoft Corp., other businesses and individuals. The 6-foot-4, 320-pound Parson -- described by a neighbor as an academically advanced teen who often sported a Mohawk -- appeared before a U.S. magistrate judge in St. Paul but did not enter a plea. He was released without posting bail and returned home. Parson's lawyer, Lyonel Norris, an assistant federal defender for the district of Minnesota, declined to discuss the case. Parson did little to cover his tracks, according to the criminal complaint. He appears to have boasted of unleashing viruses. According to a version of his Web site, recorded by the Internet search engine Google, Parson claimed to have created a worm called "p2p.teekid.c" that was spread by people using popular services such as Kazaa and iMesh, which are used by millions of people to share songs, video and movie files. Parson used the pseudonym "Teekid" online, according to prosecutors. The site contained no references to Blaster, however. Prosecutors alleged that Parson modified the existing Blaster virus, which began circulating on the Internet on Aug. 11, and unleashed his own, more insidious version known as Blaster.B, among other names. Computer security experts suggested yesterday that Parson probably downloaded the original worm and simply added a bit more code. The magistrate judge yesterday ordered that Parson be subject to house arrest and denied access to the Internet. He faces up to 10 years in prison and a $250,000 fine if convicted. "With this arrest we want to deliver a message to cyber criminals here and around the world that the Department of Justice takes these crimes seriously," U.S. Attorney John McKay said at a news conference in Seattle. Homeland Security Secretary Tom Ridge issued a statement praising the arrest. McKay said his office is still trying to find the author of the original Blaster. According to a criminal complaint, the trail to Parson picked up quickly after federal investigators found a Web address -- www.t33kid.com -- embedded in the Blaster.B worm's program. Federal agents subpoenaed California Regional Internet Inc., the owner of the Internet protocol address corresponding to the Web site, to determine who had registered the site. They found Brian Davis of Watauga, Tex. Davis told authorities that he controlled the computer hosting www.t33kid.com, but the Web site had been set up and was operated by a user named "teekid." Davis corresponded electronically with "teekid" and provided information to federal authorities that led them to another Web site maintained by the same user, hosted on a home computer. Using public databases, authorities tracked the computer to the Parson home. Authorities with a warrant searched the Parson home on Aug. 19, seizing seven computers that are undergoing forensic analysis. According to the complaint, Parson admitted to federal agents during the search of his house that he modified the Blaster worm. "He's your average high school kid who likes to play with computers, a good kid. I've never known him to get in any trouble at all," said a neighbor, Curtis Mackey. "He's definitely not trying to hurt anybody." The original Blaster exploited a flaw in a part of Microsoft's Windows operating system, which runs more than 90 percent of the world's personal computers, that allows data files to be shared across computer networks. The fast-moving virus crippled computers around the globe, forcing the Maryland Motor Vehicle Administration to shut down on Aug. 12. Prosecutors allege that Parson's version infected at least 7,000 computers, which were instructed to attack Microsoft's Web site. At the news conference in Seattle, Microsoft general counsel Brad Smith said all the versions of Blaster had cost the company tens of millions of dollars. McKay said the amount of damage Blaster.B did was significant but declined to elaborate. Blaster is one of a handful of viruses that have plagued home computer users and businesses this summer and stoked fear that ever-more-savvy hackers could launch attacks that could cripple an economy that increasingly relies on e-mail and Internet access to conduct business. Last week, officials in the United States and Canada raced to blunt the effects of Sobig.F, a new strain of a virus that has infected computers since January. Investigators said code in Sobig.F instructed infected computers to contact one of 20 other computers to download instructions for another possible cyber attack. "A lot of the power of viruses that experts have been warning about is now being unleashed," said Aviel Rubin, a professor at the Johns Hopkins University Information Security Institute. "The combination of vulnerable platforms, such as Microsoft's Windows, combined with clever virus writers, is leading to an Internet that is quickly going to make using computers a lot less efficient." The Blaster worms, unlike some previous viruses, do not require users to open e-mail attachments to spread. Instead, they propagate through the Microsoft vulnerability. Experts at computer security firm Symantec say infection rates of the various versions of the Blaster worms peaked a little over a week ago, infecting a total of 1.2 million machines to date. Some computer security experts cautioned that Parson's arrest probably won't reveal the identity of the worm's original authors. "Blaster was a sophisticated and complex worm," said Sharon Ruckman, senior director at Symantec Security Response. "Whoever wrote it may be clever enough that we can't track them down." This case illustrates how easy it is for relatively inexperienced users to launch computer attacks using tools created by others, and how easily worms and viruses can spread, experts said. "Whoever developed the Blaster worm had to know how to write effective code," said Ken Dunham, malicious code intelligence manager for Reston-based iDefense Inc. "Anyone after that could have spread it without much technical ability." Experts estimate there are more than 30,000 Web sites containing virus programs and tools for launching attacks. In 2001, a 21-year-old in the Netherlands created the Anna Kournikova virus after downloading a "worm generator" program from the Internet that allows users to create viruses by making choices from pull-down menus, Dunham said. The virus infected hundreds of thousands of computers. The code's author was apprehended and eventually sentenced to 150 hours of community service by a Dutch court. Washingtonpost.com staff writer Brian Krebs and researcher Richard Drezen contributed to this report. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 09:28:33 PDT