Nature of Internet makes cybercriminals difficult to catch
Date: February 02, 2004
Source: The Holland Sentinel
Anonymity available online lets hackers, virus makers attack, disappear
In 1990, Robert Morris Jr. carved his name in cybercrime history when he became the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
There haven't been a lot of others since. Professionals who follow the hazy world of computer viruses and worms bemoan that, but they also doubt it can be helped much.
"Cybercrime is infinitely more difficult to prosecute than physical crime," said Matthew Yarbrough, a Dallas attorney who created the Cybercrimes Task Force at the Dallas U.S. attorney's office in 1997. "If someone doesn't brag about it, it's damn near impossible to catch these people."
The latest high-profile worm, MyDoom or Novarg, hit this week and by Wednesday had infected about 20 percent of the e-mails in the United States.
The very nature of the Internet, with its far-reaching links and easy anonymity, offers the opportunity for hackers and virus writers to launch attacks and disappear in an instant, said Yarbrough, who now heads the Cyber Law Group in the Dallas office of Fish & Richardson.
That and the sheer volume of viruses, added Graham Cluley, senior technology consultant at Sophos, a computer security firm with offices in England and the United States.
"We know of about 86,000 computer viruses, and they're all written by someone," Cluley said from his home in Oxford, England. "We know of a lot more virus writers than are ever arrested," largely because their handiwork doesn't cause enough damage, he said.
He said the first conviction in Britain under a law similar to the U.S. Computer Fraud and Abuse Act was in 1995, when Christopher Pile was sentenced to 18 months for his SMEG virus.
Like Yarbrough, Cluley said that finding out who wrote a virus often depends less on sophisticated electronic sleuthing than on old-fashioned tips and gossip.
"What is the fun of writing MyDoom and seeing it on the world news if you can't say to your mates, 'That was me!' They cannot resist talking about it," Cluley said.
That's not much different from your run-of-the-mill miscreants, said Lt. Jesse Hernandez, a spokesman for the Fort Worth Police Department.
"Often, we end up clearing a case or getting good leads because people like to talk about their exploits and it gets back to us," Hernandez said. "That's why CrimeStoppers is so effective."
But there are times when strong electronic clues exist. Jeffrey Lee Parson of Minnesota was arrested Aug. 29 for distributing a variation of the Blaster worm that eventually infected an estimated 7,000 computers. Parson left clues, ranging from his Web site to screen names to his personal computer, virus experts said.
But the creator of the original Blaster, which infected hundreds of thousands of computers, has never been identified.
David L. Smith, author of 1999's Melissa worm, was identified by an ID number from the Microsoft Word program he used. Onel de Guzman, author of the Love Bug, or ILOVEYOU e-mail worm of 2000, was found because he created a version of the virus for a college thesis.
Smith, a New Jersey resident, was sentenced to 20 months in jail. But Guzman was released because the Philippines, where he lived, had no laws against creating a computer virus.
Similarly, Chen Ing-hau of Taiwan was never charged with distributing the Chernobyl virus in 1998.
The stiffest jail term worldwide, Cluley said, went to Simon Vallor of Wales, who drew two years in jail for his Gokar/Redesi worm in 2002. That contrasts with Jan de Wit of the Netherlands, whose Anna Kournikova e-mail worm went worldwide in 2001 but drew him a sentence of just 150 hours of community service.
"He protested that it was too harsh, but fortunately they didn't listen," Cluley said.
Microsoft Corp., whose widely used Windows and Outlook mail software programs are common targets of viruses, raised the financial stakes last November with $250,000 bounties on information leading to the arrest of the authors of the Blaster and So.Big worms that circulated last summer. No one from Microsoft was available Wednesday to discuss the status of the Antivirus Reward Program.
And although the U.S. Department of Homeland Security on Wednesday announced the creation of the National Cyber Alert System, computer security experts don't predict significant progress in combating virus attacks.
"Long term, there will always be people trying to do this," said Jonah Paransky, senior manager for Managed Security Services at anti-virus service Symantec. And it will continue to be difficult to trace "because people don't want someone tracking them everywhere they go on the Internet. You get the same concerns about civil liberties" that apply in the rest of society, he said.
The best approach for computer users, he said, is to invest in good anti-virus software and never open e-mail attachments of suspicious origin.
^macro[showdigestcomments;^uri;Nature of Internet makes cybercriminals difficult to catch]