[ISN] Hopkins teen pleads guilty in Internet attack

From: InfoSec News (isn@private)
Date: Thu Aug 12 2004 - 00:14:10 PDT


http://www.startribune.com/stories/789/4923066.html

Randy Furst
Star Tribune 
August 12, 2004 

After months of negotiations between prosecutors and defense
attorneys, a 19-year-old Hopkins man pleaded guilty Wednesday in U.S.  
District Court in Seattle to releasing a widely publicized Internet
virus.

But the plea agreement set the stage for what may be a larger legal
battle on how much damage the virus did and whether Microsoft Corp.  
should shoulder some of the blame.

Assistant U.S. Attorney Annette Hayes said she would ask for
restitution in the millions of dollars for the "Blaster" worm that
Jeffrey Parson sent out over the Internet last August. But defense
attorneys maintain that Parson's virus caused far less damage than
prosecutors contend.

Under the agreement, he agreed to a prison sentence of between 1½
years and three years and one month. The 10-page memorandum lays out
his admissions in the case, but it is apparent that major facts remain
in dispute.

The amount of restitution ordered could affect how much time he
serves.

Although federal law allows a judge to order restitution of more than
$1 million, it does not necessarily mean that Parson, who lives with
his parents in Hopkins, can pay it.

"He works at a minimum-wage job," and he pays rent to his parents,
said his lawyer, Carol Koller, assistant public defender.

Prosecutor Hayes said she had not determined how long a sentence she
will ask for within the perimeters of Parson's plea agreement.

Either side can pull out of the agreement if it does not agree with
the sentence imposed by U.S. District Judge Marsha J. Pechman, who
presided at Wednesday's hearing.

Parson was a senior at Hopkins High School when he was arrested. He
has since graduated.

Issues remain

Sentencing was set for Nov. 12 when both sides are expected to lay out
their sharply divergent views to Pechman.

"There are two issues that remain open," Hayes said in a telephone
interview. "How many computers were infected and how much damage that
caused.

"The government's position is that there were more than 48,000
computers that were infected by Parson's version of the MS Blaster
worm. The government's position is that the Blaster worm in all its
variants caused millions and millions in damage, both to individual
computers and Microsoft, but in particular, Parson's version of the
worm caused well more than $1 million dollars in damages."

However, Koller said she disagrees.

"We contest that," she said. "We ... believe that damage figures are
far lower."

She also challenged the claim that Parson is responsible for the large
sum of money Microsoft spent to prevent its Web site from being
disabled by Parson's virus. "One of the ... issues is how much
Microsoft did in reaction to the Blaster worm they would have had to
do anyway, even had there never been a Blaster worm," Koller said.  
"They had released a product that was vulnerable."

Lou Gellos, a spokesman for Microsoft in Redmond, Wash., said
Wednesday that he did not know how much damage Parson's version of the
Blaster virus caused the company.

"The prosecutor's office is working with our people at Microsoft on
what those damages are," he said, "and this is a figure that will come
out at sentencing." He said he also did not know how many e-mails
Parson's virus generated in its attack.

"It wasn't just Microsoft," he said. "It was a worm that infected many
people's computers throughout the world."

Parson's role

According to court documents, Parson learned about a virus called the
MS Blaster worm, which was designed to spread randomly and infect
computers with a code that directed them to launch an attack on a
Microsoft Web site called windowsupdate.com. The object would be to
clog the site, causing people to get a notification denying them
access.

Parson obtained a new version of the worm, which came to be known by
various names, including the "B" or "teekids" variant. It contained
some "back-door software" that would allow him access to computers he
infected at a later time. On Aug. 12, 2003, he transmitted the virus
to 50 computers. It spread later to more computers, but just how many
is in dispute. Those computers then launched their attack on
Microsoft's Web site on Aug. 16. The worm, however, did not succeed in
shutting down the Web site. Microsoft responded to the attack, and the
plea agreement says the losses to Microsoft and the infected computers
are at least $5,000.

Koller, the public defender, said "everybody agrees" that the original
Blaster worm did far more damage than Parson's version. Part of the
issue will be how much of it can be laid at Parson's feet.

It is not clear where he will serve his sentence. "We believe he would
be eligible for placement in a federal prison camp," said Koller. Such
camps are considered lower-security prisons.

At the hearing, Pechman removed Parson from electronic home monitoring
before his sentencing. He can leave home only to go to work, or to
doctor's appointments, or if he gets permission from a pretrial
services officer.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Thu Aug 12 2004 - 02:46:22 PDT