Capital Gazette wins special Pulitzer Prize citation for coverage of newsroom shooting that killed five

Cybercriminals difficult to catch and prosecute


In 1990, Robert Morris Jr. carved his name in cybercrime history when he became the first person prosecuted under the 1986 Computer Fraud and Abuse Act.

There haven't been a lot of others since. Professionals who follow the hazy world of computer viruses and worms bemoan that, but they also doubt it can be helped much.

"Cybercrime is infinitely more difficult to prosecute than physical crime," said Matthew Yarbrough, a Dallas attorney who created the Cybercrimes Task Force at the Dallas U.S. attorney's office in 1997. "If someone doesn't brag about it, it's damn near impossible to catch these people."

The latest high-profile worm, MyDoom or Novarg, hit last week and had infected about 20 percent of the e-mails in the United States within days.

The nature of the Internet, with its far-reaching links and easy anonymity, offers the opportunity for hackers and virus writers to launch attacks and disappear, said Yarbrough.

That and the sheer volume of viruses, added Graham Cluley, senior technology consultant at Sophos, a computer security company with offices in England and the United States.

86,000 viruses

"We know of about 86,000 computer viruses, and they're all written by someone," Cluley said from his home in Oxford, England. "We know of a lot more virus writers than are ever arrested," largely because their handiwork doesn't cause enough damage, he said.

He said the first conviction in Britain under a law similar to the U.S. Computer Fraud and Abuse Act was in 1995. Christopher Pile was sentenced to 18 months for his SMEG virus.

Like Yarbrough, Cluley said that finding out who wrote a virus often depends less on sophisticated sleuthing than on old-fashioned tips and gossip.

"What is the fun of writing MyDoom and seeing it on the world news if you can't say to your mates, 'That was me!' They cannot resist talking about it," Cluley said.

That's not much different from your run-of-the-mill miscreants, said Lt. Jesse Hernandez, a spokesman for the Fort Worth, Texas, Police Department. "Often, we end up clearing a case or getting good leads because people like to talk about their exploits and it gets back to us," he said.

But there are times when strong electronic clues exist. Jeffrey Lee Parson of Minnesota was arrested Aug. 29 for distributing a variation of the Blaster worm that infected about 7,000 computers. Parson left clues, ranging from his Web site to screen names to his personal computer, virus experts said.

But the creator of the original Blaster, which infected hundreds of thousands of computers, has never been identified.

Worm author

David L. Smith, author of 1999's Melissa worm, was identified by an ID number from the Microsoft Word program that he used.

Onel de Guzman, author of the Love Bug, or ILOVEYOU e-mail worm of 2000, was found because he created a version of the virus for a college thesis.

Smith, a New Jersey resident, was sentenced to 20 months in jail. But Guzman was released because the Philippines, where he lived, had no laws against creating a computer virus.

The stiffest jail term, Cluley said, went to Simon Vallor of Wales, who drew two years in jail for his Gokar/Redesi worm in 2002. But Jan de Wit of the Netherlands, whose Anna Kournikova e-mail worm went worldwide in 2001 drew a sentence of 150 hours of community service.

"He protested that it was too harsh, but fortunately they didn't listen," Cluley said.

Microsoft Corp., whose widely used Windows and Outlook mail software programs are common targets of viruses, raised the financial stakes in November with $250,000 bounties on information leading to the arrest of the authors of the Blaster and So.Big worms that circulated last summer.

Progress to be slow

And although the U.S. Department of Homeland Security announced last week that the creation of the National Cyber Alert System, computer security experts don't predict significant progress in combating virus attacks.

"Long term, there will always be people trying to do this," said Jonah Paransky, senior manager for Managed Security Services at anti-virus service Symantec. And it will continue to be difficult to trace "because people don't want someone tracking them everywhere they go on the Internet. You get the same concerns about civil liberties" that apply in the rest of society, he said.

The best approach for computer users, he said, is to invest in good anti-virus software and never open e-mail attachments of suspicious origin.

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad