 |
 |
|
|
 |
ISSUE V. 7 |
|
FEATURED ARTICLES |
| CEB
Profiles Playing by the Rules James E. Towery Jane McDermott Helping People and Preserving Rights The Hon. Ken M. Kawaichi (Ret.) Susan Godstone Litigation
Criminal
Law Employment
Law 1 Employment
Law 2 Estate Planning |
|
FEATURE OF THE MONTH |
|
ARCHIVE OF PAST ISSUES |
|
TEST YOUR KNOWLEDGE |
|
Criminal Law |
Prosecuting
Perpetrators of Malicious Software (Malware)
Susan W. Brenner is NCR Distinguished Professor of Law & Technology,
University of Dayton School of Law, Dayton, Ohio.
E-mail: Susan.Brenner@notes.udayton.ed
Website: http//ww.cybercrimes.net
On August 28, 2003, Jeffrey Parson, an eighteen-year-old high school senior,
was charged with one count of intentionally causing and attempting to
cause damage to a protected computer in violation of 18 US Code §
1030. (United States v Jeffrey Parson
(WD Wash, Aug. 28, 2003, No 03-457M). The Parson prosecution is interesting
because it illustrates the issues and difficulties involved in pursuing
those who create and disseminate malicious software or malware.
What is Malware?
Malware is computer code that is designed to damage or disrupt computer
systems or to perpetrate other nefarious acts, such as harvesting passwords.
The most common types of malware are viruses, worms and Trojan horses.
A virus is a computer program that copies itself and inserts the copies
into other programs or data files. Like viruses, worms replicate themselves;
unlike viruses, they do not attach themselves to other programs or data
files but exist independently. See Viruses, Worms, Trojan Horses and
Zombies, Computer World (May 1, 2000). Unlike viruses and worms, Trojan
horses do not replicate themselves. Trojan horses proliferate by masquerading
as benign programs; users are tricked into downloading the program containing
the Trojan horse.
Prosecuting Virus
Writers
New varieties of malware appear with ever-increasing frequency. Viruses
are the most common; so far, almost 63,000 have emerged, causing an estimated
$65 billion in damage. There have, however, been only three successful
prosecutions of virus writers to date, one in the United States and two
in the United Kingdom. The US prosecution resulted in the conviction of
David Smith for disseminating the Melissa virus, which caused over $80
million in damage. (See Martha Mendoza, Web Virus Writers, Senders Rarely
Jailed, Washington Post (August 30, 2003). Prosecutions fail because virus
writers exploit gaps and loopholes in cybercrime laws. Onel de Guzman,
suspected author of the "Love Bug" virus, was never prosecuted
because virus dissemination was not then a crime in the Philippines.
The Jeffrey Parson
Prosecution
Does the Jeffrey Parson prosecution represent a new trend or victory in
the pursuit of those who disseminate malware? The answer is yes and no.
Parson is accused of creating and disseminating a version of the Blaster
worm, which emerged in August 2003. The Blaster worm:
“scans the Internet for targets, attacks them, and installs itself on target computers. Each target computer then begins scanning and infecting other computers. Within three days, Blaster had infected an estimated one hundred thousand to two hundred thousand computers. By August 15 . . . estimates were as high as more than one million infected computers.”
US v Parson, supra.
Denial of Service Attack
The worm carried code that could launch a denial of service attack, shutting
down websites by overloading them with traffic. This code was designed
to cause infected computers to launch such an attack on a Microsoft website.
7,000 Computers
Infected
Parson’s version allegedly infected at least 7,000 computers and
launched a denial of service attack on Microsoft’s website. The complaint
against Parson alleges that his worm (a) caused “significant aggregate
loss” to the owners of the infected computers, and (b) caused losses
to Microsoft that “significantly” exceed the $5,000 threshold
required for a prosecution under 18 USC §1030. The complaint also
reports that Parson admitted modifying the Blaster worm to create his
version, usually known as W32/Lovesan.worm.b.
It appears that Parson created and disseminated malware, thereby causing
harm to innocent users. If that is true, the prosecution is appropriate.
The more important question, however, is whether the prosecution is a
significant step in our efforts to combat the architects of malware.
Significance of
the Parson Prosecution
On the one hand, the prosecution is significant. At the very least, it
demonstrates that, notwithstanding the paucity of successful prosecutions
to date, the government is committed to pursuing those who create and
disseminate malware. In addition, it has the potential to deter other,
similarly situated aspiring malware authors from engaging in comparable
activities. Historically, many virus writers have been adolescents like
Parson.
“Script kiddie"
On the other hand, Parson is not an expert in the creation of malware.
From the information that has emerged so far, he is better described as
a “script kiddie.” Script kiddie is a pejorative term that is
used to describe young, technologically unsophisticated hackers who use
programs ("scripts") that are available on the Internet to create
malware and launch attacks on computer systems. As one security expert
noted, Parson “didn’t do anything super new or exciting. He
just took other people’s ideas and cobbled them together without
adding a lot.” Steve Alexander, Alleged Internet Worm Launcher
Wouldn’t Need Much Sophistication, Star Tribune (August 31, 2003).
Parson's lack of technical expertise and sophistication is evident in
the fact that he included his online alias (“teekid”) and directions
to his website in his worm, which made it very easy for law enforcement
to track him down. See United States v Parson, supra. Parson is
not a major player in malware; prosecuting him is unlikely to have any
general deterrent effect upon the sophisticated authors of the Blaster
worm and the viruses that appear every day. As one security expert noted,
it is “almost impossible” to catch the big players because their
technical expertise lets them disguise their tracks and their identities.
See Elinor Mills Abreu, Virus Writers Difficult to Find in Cyberspace,
Reuters (September 12, 2003).
Parson is an attractive target for federal prosecution because he (a)
seems clearly to have disseminated the worm, (b) was easily apprehended
and, (c) is an adult. Many cybercrime perpetrators are juveniles; since
the federal system is not designed to handle juvenile offenders, federal
prosecutors usually defer to state juvenile courts. Since Parson is 18,
he can be prosecuted as an adult. Both Parson and his parents suggest
that he is being improperly targeted for prosecution, that the government
is trying to “make an example” of him when its time would be
better spent pursuing the author of the original Blaster worm. It is easy
to sympathize with the parents, but their argument has no legal merit.
If, as seems likely, the evidence shows that Parson did what he is accused
of doing, he violated federal law and, as an adult, is subject to prosecution
and punishment.
Conclusion
As to the larger picture, the case demonstrates, once again, the difficulties
involved in investigating and apprehending cybercriminals whose activities
transcend national boundaries and defy the application of local laws.
While the Parson prosecution will not impact greatly on the community
of sophisticated virus writers, it may have some deterrent effect on script
kiddies and others who, while relatively unsophisticated, still have the
capacity to do a great deal of harm in the cyberworld.
California Criminal Law Procedure and Practice
6th edition, 2069 pages, durable softcover, 2002
CR32114, $219.00