[ISN] Nature of the internet makes cybercriminals hard to catch

From: InfoSec News (isn@private)
Date: Mon Feb 09 2004 - 01:38:07 PST

  • Next message: InfoSec News: "Re: [ISN] .zip files putting the zap on antivirus products"

    http://www.smh.com.au/articles/2004/02/05/1075853987198.html
    
    Fort Worth, Texas
    February 5, 2004
    
    In 1990, Robert Morris Jr carved his name in cybercrime history when
    he became the first person prosecuted under America's 1986 Computer
    Fraud and Abuse Act.
    
    There haven't been a lot of others since. Professionals who follow the
    hazy world of computer viruses and worms bemoan that, but they also
    doubt it can be helped much.
    
    "Cybercrime is infinitely more difficult to prosecute than physical
    crime," said Matthew Yarbrough, a Dallas, Texas lawyer who created the
    Cybercrimes Task Force at the Dallas US attorney's office in 1997. "If
    someone doesn't brag about it, it's damn near impossible to catch
    these people."
    
    The latest high-profile worm, MyDoom or Novarg, hit last week and by
    Wednesday had infected about 20 per cent of the emails in the United
    States.
    
    The very nature of the internet, with its far-reaching links and easy
    anonymity, offers the opportunity for hackers and virus writers to
    launch attacks and disappear in an instant, said Yarbrough, who now
    heads the Cyber Law Group in the Dallas office of Fish & Richardson.
    
    That and the sheer volume of viruses, added Graham Cluley, senior
    technology consultant at Sophos, a computer security firm with offices
    in England and the United States.
    
    "We know of about 86,000 computer viruses, and they're all written by
    someone," Cluley said from his home in Oxford, England. "We know of a
    lot more virus writers than are ever arrested," largely because their
    handiwork doesn't cause enough damage, he said.
    
    He said the first conviction in Britain under a law similar to the US
    Computer Fraud and Abuse Act was in 1995, when Christopher Pile was
    sentenced to 18 months for his SMEG virus.
    
    Like Yarbrough, Cluley said that finding out who wrote a virus often
    depends less on sophisticated electronic sleuthing than on
    old-fashioned tips and gossip.
    
    "What is the fun of writing MyDoom and seeing it on the world news if
    you can't say to your mates, 'That was me!' They cannot resist talking
    about it," Cluley said.
    
    That's not much different from your run of the mill miscreants, said
    Lieutenant Jesse Hernandez, a spokesman for the Fort Worth Police
    Department in Texas.
    
    "Often, we end up clearing a case or getting good leads because people
    like to talk about their exploits and it gets back to us," Hernandez
    said. "That's why CrimeStoppers is so effective."
    
    But there are times when strong electronic clues exist. Jeffrey Lee
    Parson of Minnesota was arrested on August 29 for distributing a
    variation of the Blaster worm that eventually infected an estimated
    7,000 computers. Parson left clues, ranging from his website to screen
    names to his personal computer, virus experts said.
    
    But the creator of the original Blaster, which infected hundreds of
    thousands of computers, has never been identified.
    
    David Smith, author of 1999's Melissa worm, was identified by an ID
    number from the Microsoft Word program he used. Onel de Guzman, author
    of the Love Bug, or ILOVEYOU email worm of 2000, was found because he
    created a version of the virus for a college thesis.
    
    Smith, a New Jersey resident, was sentenced to 20 months in jail. But
    Guzman was released because the Philippines, where he lived, had no
    laws against creating a computer virus.
    
    Similarly, Chen Ing-hau of Taiwan was never charged with distributing
    the Chernobyl virus in 1998.
    
    The stiffest jail term worldwide, Cluley said, went to Simon Vallor of
    Wales, who drew two years in jail for his Gokar/Redesi worm in 2002.  
    That contrasts with Jan de Wit of the Netherlands, whose Anna
    Kournikova email worm went worldwide in 2001 but drew him a sentence
    of just 150 hours of community service.
    
    "He protested that it was too harsh, but fortunately they didn't
    listen," Cluley said.
    
    Microsoft Corp, whose widely used Windows and Outlook mail software
    programs are common targets of viruses, raised the financial stakes
    last November with $US250,000 ($A328,882) bounties on information
    leading to the arrest of the authors of the Blaster and So.Big worms
    that circulated last year.
    
    And although the US Department of Homeland Security last week
    announced the creation of the National Cyber Alert System, computer
    security experts don't predict significant progress in combating virus
    attacks.
    
    "Long term, there will always be people trying to do this," said Jonah
    Paransky, senior manager for Managed Security Services at anti-virus
    service Symantec. And it will continue to be difficult to trace
    "because people don't want someone tracking them everywhere they go on
    the internet. You get the same concerns about civil liberties" that
    apply in the rest of society, he said.
    
    The best approach for computer users, he said, is to invest in good
    anti-virus software and never open email attachments of suspicious
    origin.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 09 2004 - 04:59:34 PST