http://www.smh.com.au/articles/2004/02/05/1075853987198.html Fort Worth, Texas February 5, 2004 In 1990, Robert Morris Jr carved his name in cybercrime history when he became the first person prosecuted under America's 1986 Computer Fraud and Abuse Act. There haven't been a lot of others since. Professionals who follow the hazy world of computer viruses and worms bemoan that, but they also doubt it can be helped much. "Cybercrime is infinitely more difficult to prosecute than physical crime," said Matthew Yarbrough, a Dallas, Texas lawyer who created the Cybercrimes Task Force at the Dallas US attorney's office in 1997. "If someone doesn't brag about it, it's damn near impossible to catch these people." The latest high-profile worm, MyDoom or Novarg, hit last week and by Wednesday had infected about 20 per cent of the emails in the United States. The very nature of the internet, with its far-reaching links and easy anonymity, offers the opportunity for hackers and virus writers to launch attacks and disappear in an instant, said Yarbrough, who now heads the Cyber Law Group in the Dallas office of Fish & Richardson. That and the sheer volume of viruses, added Graham Cluley, senior technology consultant at Sophos, a computer security firm with offices in England and the United States. "We know of about 86,000 computer viruses, and they're all written by someone," Cluley said from his home in Oxford, England. "We know of a lot more virus writers than are ever arrested," largely because their handiwork doesn't cause enough damage, he said. He said the first conviction in Britain under a law similar to the US Computer Fraud and Abuse Act was in 1995, when Christopher Pile was sentenced to 18 months for his SMEG virus. Like Yarbrough, Cluley said that finding out who wrote a virus often depends less on sophisticated electronic sleuthing than on old-fashioned tips and gossip. "What is the fun of writing MyDoom and seeing it on the world news if you can't say to your mates, 'That was me!' They cannot resist talking about it," Cluley said. That's not much different from your run of the mill miscreants, said Lieutenant Jesse Hernandez, a spokesman for the Fort Worth Police Department in Texas. "Often, we end up clearing a case or getting good leads because people like to talk about their exploits and it gets back to us," Hernandez said. "That's why CrimeStoppers is so effective." But there are times when strong electronic clues exist. Jeffrey Lee Parson of Minnesota was arrested on August 29 for distributing a variation of the Blaster worm that eventually infected an estimated 7,000 computers. Parson left clues, ranging from his website to screen names to his personal computer, virus experts said. But the creator of the original Blaster, which infected hundreds of thousands of computers, has never been identified. David Smith, author of 1999's Melissa worm, was identified by an ID number from the Microsoft Word program he used. Onel de Guzman, author of the Love Bug, or ILOVEYOU email worm of 2000, was found because he created a version of the virus for a college thesis. Smith, a New Jersey resident, was sentenced to 20 months in jail. But Guzman was released because the Philippines, where he lived, had no laws against creating a computer virus. Similarly, Chen Ing-hau of Taiwan was never charged with distributing the Chernobyl virus in 1998. The stiffest jail term worldwide, Cluley said, went to Simon Vallor of Wales, who drew two years in jail for his Gokar/Redesi worm in 2002. That contrasts with Jan de Wit of the Netherlands, whose Anna Kournikova email worm went worldwide in 2001 but drew him a sentence of just 150 hours of community service. "He protested that it was too harsh, but fortunately they didn't listen," Cluley said. Microsoft Corp, whose widely used Windows and Outlook mail software programs are common targets of viruses, raised the financial stakes last November with $US250,000 ($A328,882) bounties on information leading to the arrest of the authors of the Blaster and So.Big worms that circulated last year. And although the US Department of Homeland Security last week announced the creation of the National Cyber Alert System, computer security experts don't predict significant progress in combating virus attacks. "Long term, there will always be people trying to do this," said Jonah Paransky, senior manager for Managed Security Services at anti-virus service Symantec. And it will continue to be difficult to trace "because people don't want someone tracking them everywhere they go on the internet. You get the same concerns about civil liberties" that apply in the rest of society, he said. The best approach for computer users, he said, is to invest in good anti-virus software and never open email attachments of suspicious origin. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 09 2004 - 04:59:34 PST