Police Call 'Sasser' Programmer a Bottom-Feeding Hacker
May 14, 2004Police in the German state of Lower Saxony are continuing their probe into the confessed 18-year-old programmer of the "Sasser" Internet worm, which brought computer networks to a halt last week. Their investigation has shed light on a subculture of dilettante youth hackers capable of wreaking mass havoc because of their lack of experience in programming. They're often working with code that's too sophisticated for them, and the consequences can be devastating.
Earlier this week, authorities searched homes in small towns near Hanover to determine whether Sven J. from nearby Waffensen disseminated the Sasser virus with the aid of accomplices. One has already confessed to having gotten a copy of the code from Sven J. and distributing it.
Investigators arrested Sven J., the main suspect, Friday after an acquaintance tipped off Microsoft, which then alerted police. He now faces criminal and civil proceedings that could result in millions in damages. The Sasser worm quickly crawled to the far corners of the Internet and interrupted the computer systems of millions of companies and private users.
28 ways to infect your computer
Microsoft has alleged that Sven J. is responsible for all 28 strains of the computers worms Sasser and "Netsky," which have been making the rounds on the Internet since February 16. Shortly before Sven J.'s arrest, the man programmed a second variation of Sasser and released it onto the Internet. Investigators said they found source code for both worms on the harddrive of his seized computer.
Operating system-developer Microsoft has said it will provide a $250,000 (€212,000) bounty to the informant if the suspect is convicted. Computer sabotage is currently the most likely charge that will be filed against Sven J., which includes a jail term of up to five years.
In his confession to investigators with the state criminal office in Hanover, the young man said he had originally sought to create an anti-virus program. With his virus, he said, he intended to remove other viruses from computers, including "Mydoom" and "Bagle." But in the end, what he wound up with was "Sasser," a worm that disrupted the computers of Delta Airlines in the United States, the British Coast Guard and the European Commission in Brussels. State criminal office director Rüdiger Butte said Sven J. admitted he hadn't thought about the possible damage the worm could cause.
Attack of the 'scriptkiddies'
In an interview with the wire service Agence France Presse, investigators described Sven J. as a so-called "scriptkiddy," jargon for bottom feeders in the hacker hierarchy, which is comprised of hackers, crackers and scriptkiddies.
Thousands are active in Germany's hacker scene -- from school children to professors to security experts. Most are young, overwhelmingly male and possess a knowledge of computer programming that is far above the norm. They meet regularly at hacker conventions, like those held by the venerated Chaos Computer Club, which is respected for its well-intentioned hacks. Hackers are curious and they see the digital world as an adventure ground where they can cross boundaries and find security holes.
The difference between hackers and crackers is that hackers hack Websites in order to bring attention to security holes, stopping before they inflict damage. But crackers seek to inflict as much damage as possible through attacks such as denial of service, which sends so many commands at a server that it virtually cuts off access to other users.
Beneath them you can find the scriptkiddies, crackers in training as it were. Most of them lack the knowledge and experience of sophisticated hackers and crackers, and they tend to download programming code that's already available on the Internet. The reason for their success is that they're often already using code that has proven effective in past attacks.
Weak security
According to investigators, that also proved to be the case with Sven J., who seized on a previously known Microsoft security hole and relied on the pre-existing code for the Netsky virus, which he then transformed into Sasser.
As police in Germany continue their investigation, some groups are pointing the finger at Microsoft, with its long track record of spotty programming and security holes. The Chaos Computer Club offered some indirect support by saying that Microsoft, too, should be held liable for the security holes in its operating systems that make them so vulnerable to worms and viruses.
Prosecutors believe that a court case will be brought against the Sven J. in a juvenile court within a few weeks.