Intro

This blogpost is dedicated to two case studies, one about a famous hacker and another about a famous virus. Nowadays, as the Internet constantly evolves and so does the technological solutions around it, hackers and virus writers has a huge arsenal of methods for illegal penetration, steal of sensitive info or damage of severe damage of single computers or computer networks. Needless to say, such things as “evil twins” present a great security threat.

We, however, would like to step several years back and make our short research about “the pioneers”, the people who were among the first to start hacking and spreading of viruses. As it usually mentioned, we can learn a lot from history. And one thing that we can learn from history of Internet viruses and hackers is that sooner or later the individuals behind this illegal activities will be identified and punished by law enforcement agencies. Hackers and virus writers do leave “electronic fingerprints” in cyberspace, and they can be identified in contrast to the opinion that the Internet is absolutely anonymous.

Hacker

There are two types of Hackers, white and black hats. The white hat hackers are the ones that use their knowledge to help others. They can for example help companies to identify problems in their security. Black hat hackers are the total opposite. They use their knowledge to harm people. Targets can be individual person whose email or bank system has been hacked. Targets can also be companies that will loose money or some important information. These black hat hackers are the ones to expose companies to enormous danger and financial losses. I believe that white hat hackers are a good thing, meaning the ones that are actually honest, and that they are doing a huge favour for many companies. However, in many cases black hat hackers are lot more famous and it is much more interesting to write about them.

Jonathan James is famous because he was the first juvenile incarcerated for cyber crime in US. Jonathan was American citizen who was only 15 years old at the time of his first offence and 16 at the time of his conviction. Jonathan died in 2008. Shortly before his death Jonathan confessed he learnt his lesson and he was thinking about establishing own Internet security firm. The details about his dead have been kept away from the public. However, it has been speculated that he committed a suicide. He was only 24 at the time of his dead.

So what is it that he made?
He started with intrusions to various systems like Miami-Dade school systems. This brought him to attention of federal authorities. However, his intrusion into the computers of Defence Threat Reduction Agency made him a potential threat to USA. Defence Threat Reduction Agency, DTRA, is a division of United States Department of Defence. The purpose of DTRA is to analyze potential threats both at abroad and inside US territory.

James said that he installed a backdoor into the computer server that is located in Dulles, Virginia. Naturally he was unauthorized to do such thing. With “backdoor” hackers can bypass the normal authentication and that way get access to information. After this he installed a sniffer. Sniffer is programme that observe data moving in a network. Sometimes these “sniffers” are used to discover problems in networks, so for very legal pupose; however they can be used for illegal purpose as well and sniffers are usually hard to detect.This gave him the chance to monitor the traffic in the server including messages to and from DTRA employees. Furthermore, he got access to usernames and passwords of the DTRA employees; this also included at least ten official military computers. After Jonathans intrusion was spotted it was necessary that NASA, the National Aeronautics and space administration, which is also an agency of US government, shuts down all its computers for three weeks. It cost $ 41,000 for them to check and fix the systems. All of this happened in the late 1999, between August and October.

Agent from Department of Defence, NASA and local police raided the house of James in January 2000. After six months he was charged. Later on he had an agreement that he would plead guilty to two matters of juvenile delinquency and he would get lenient sentence in exchange. James was sentenced to six months in prison, and got probation until he would be 18. He was also required to write a letter of apology to NASA and the Department of Defence. Furthermore, he was banned from using computer for recreational purposes. However, later the judge reversed her decision and allowed James to serve six months under house arrest, with probation until age of twenty one. Later James violated the probation and was then take into custody and flown to federal correctional facility, where he served his six months.

Legal experts have said that in case he would of being adult he would have served at least ten years. The case was sealed due to the age of James. The specific details of his actions are unclear. However, it is believed that he used “nmap” port scan and scanned host for some of unknown fault in several of Sun Microsystem’s remote procedure call services. (Wikipedia). He made such efforts in order to gain unauthorized access to the computer systems.

Due to our limited knowledge on this technical area it is bit hard to truly understand what happened. However, I can understand that intrusion into system like Department of Defence is a major security risk. Intrusions to this kind of system, or any system in that that matter should not be allowed and therefore, should be heavily punished.

The funniest thing in the sad story that Jonathan made it for fun, just to challenge his own technical abilities. He was quite successful, as he not only get an unothorised access but also he also copied NASA’s software worth of 1.7 million dollars. And he did it for the purpose of improving his knowledge in C-programming. During the trial period he mentioned: “The code itself was crappy... certainly not worth of 1.7 million like they clamed”. J

References

http://en.wikipedia.org/wiki/Jonathan_James
http://www.itsecurity.com/features/top-10-famous-hackers-042407/
http://www.hackronomicon.com/?page_id=30
http://computer.howstuffworks.com/hacker4.htm

Virus

One of the most well-known viruses in the Internet is called Melissa. March 2009 is the 10th anniversary of the virus, as it first appeared in March of 1999.

How it works?

Here are our suggestions how the virus worked. A user receives an email with subject line “Important Message from (name of infected user)”. In fact, at the same time, other 49 first contacts from the infected user’s contact list receive the same email. The body of the message read as “Here is the document you for…” and message contained attachment called LIST.DOC. As the email is coming from the person you know, the subject line looks innocent and, to get the matter worse, you really expect a document, you will probably open the file. (The file contains around 80 links to X-rated websites). As soon as the file is opened, a macro inside the document emails it to another 50 people in your address book. After that the virus would infect other documents. Unlike viruses like Chernobyl that erase the first megabyte of data on a hard disk, the Melissa virus did not cause a huge damage for computers. Besides forwarding itself to contact from contact list, the virus inserted some quotations from “The Simpsons” TV Series. However, according to Wikipedia.org’ article about Melissa, some of virus’s later version try to delete critical information from the computer (Melissa.U).

Melissa is considered to be a “virus” as it required additional software to be active; in this case Melissa required MS Word. Also, sometimes Melissa is called as “Macro virus” as in fact it required a macro programme to send itself to contact in the contact list. Thus, as Melissa was spreading from computers to computers, it was a worm.

What were the consequences?

The viruses before Melissa were even more dangerous, but the all have a problem of spreading around, especially on the large scale. That time, viruses spread via floppy disks, or infecting the Office documents at the same computer. Therefore, the coverage was quit insignificant. Melissa was the first fastest-spreading malicious code. During few days, thousand of computers around the world were infected. Large companies, like Microsoft and Intel, reported that they recognized the viruses in their computers and Microsoft exchange databases. Microsoft, for example, was forced to shut down its outgoing email service aiming to stop the spread of the virus. Clearly, business operations/ activties were affected.

Also, the major problem was that in some organizations email servers were overloaded with outgoing email (each infected computer sends 50 email at the same time. Consider the fact that there are hundreds of PCs in large organizations).

Even though the peak of virus existence lasted for several days, until large antivirus software companies issued update to combat the virus, the virus were present around the world for a long period of time (because it spreaded very fast). According to BBC article, virus infected more than 1 000 000 computers and the damage totaled in 80 million dollars.

Also, the problem with that virus was that it infected Word’s normal.dot template. That means, every new document created by an infected computer contained macro that sends the document via email. Thus confidential information could be leaked to other parties with any notice to a computer owner. Overall, the damage is repre3sented by negative effects on business activities, infected Word documents, and possible lost of confidential info.

Who was the creator and what happened to him?

David Smith (New Jersey) created the Melissa, which he named after a stripper dancer in Florida. The creator called himself as a Kwyjibo. Initially, the virus was not designed to cause harm. Likewise, there was not any material gain for the creator (the virus did not steal passwords, credit card info or other sensitive and lucrative data). The fact again confirms assumption that early version of viruses were made just for fun by computer genius, for the sake of excitement when the whole world is concerned with what the virus writer has accomplished. However, due to overload of email servers, it did cause harm.

David Smith was found by police in April 1999, the week after the virus started to spread. It was relatively easy to identify the author, as the virus started to spread from Usenet discussion group called alt.sex. Computer technicians, FBI and police coordinated their efforts and were able to track down the IP address of the user who posted the infected zipped file to discussion board. CNET article contains details of the procedure which took place to identify David Smith: http://news.cnet.com/8301-1009_3-10206275-83.html

He faced 20 months in jail, fine of 5,000 dollars and order to stay away of computer networks. The sentence could have been stricter terms; however, Smith was assisting authorities during the interrogation process. Smith confessed that the creation of virus was a “colossal mistake”.

What can we learn from the both cases?

As the conclusion, let’s see what we can learn from the two different cases.

First of all, very often bad things in the Internet used to originate from “computer genus” that did not aim at material gain, but wanted either challenge theirselves through difficult task of cracking the servers of an organization or achieve fame as a creator of ever-fastest viruses. Sadly, that most of computer hackers and virus writers are outstanding computer specialists and they could use their talent to contribute to society through creation of useful computer programmes and earn money in a very legal way.

Nowadays, however, the creation of malware is considered to be a source of getting money. Indeed, big bucks are involved in computer malware and articles in the Internet sometimes cite “a business model for malware” (of course, illegal business model).

Some people believe that the Internet as a “virtual reality” differs completely from our usual, physical reality. Therefore, crimes performed in the Internet does not equal to crimes in the real world (stealing banking passwords is not the same as stealing wallet from a pocket of a man at the street. However, crime is crime both in real world and the digital one. And both cases illustrate that sooner or later the digital crime will be seriously punished.

Second of all, the Melissa virus actually pioneered the fast worldwide expansion of malicious codes via emails.

Third of all, a lot of viruses can be prevented through with few actions educated users must undertake:
1) Do not open received email attachments without scanning them with good antivirus software
2) If you do not expect an email letter form a friend/colleague and then you receive email with subject line saying something like “Important info you asked”, it’s better to call the person before opening and ask whether he/she actually sent the email.

These simple rules can diminish likelihood that you will get a self-propagating virus, like Melissa.

Resources:

http://www.f-secure.com/v-descs/melissa.shtml (F-Secure Virus Descriptions : Melissa)

http://en.wikipedia.org/wiki/Melissa_virus

http://www.eweek.com/c/a/Security/10-Years-With-Melissa-the-Worm-That-Changed-the-World/

http://news.bbc.co.uk/2/hi/americas/1963371.stm

http://news.cnet.com/8301-1009_3-10206275-83.html

http://news.cnet.com/Melissa-virus-spreads-in-Internet-time/2100-1023_3-223648.html?tag=mncol;txt

http://computer.howstuffworks.com/worst-computer-viruses.htm