Posted on 08/30/2003 7:32:31 AM PDT by Valin
An 18-year-old Hopkins High School student was arrested and charged Friday with creating one of the variants of the "Blaster" computer worm that contributed to crippling attacks on thousands of unprotected home and business computers this month.
Jeffrey Lee Parson, a senior at Hopkins High School, was arrested without incident by FBI and U.S. Secret Service agents in a raid at 7:20 a.m. at his family's townhouse, FBI Special Agent Paul McCabe said.
Parson's arrest capped an investigation spanning more than two weeks. It started at Microsoft headquarters outside Seattle, led to San Diego, hop scotched to Texas and ended up in a two-story, white multiplex building in Hopkins.
It also signals a new get-tough approach by federal authorities who, in the past, have not had the manpower, equipment, expertise or even incentive to chase virus and worm writers.
"We're hoping his arrest will deter others who think this is a funny way to play on their computers," said U.S. Attorney for Minnesota Tom Heffelfinger. "Mr. Parson faces some serious penalties. This is no joke."
"Cyberhacking is not joy riding. Hacking disrupts lives and victimizes innocent people across the nation," U.S. Attorney General John Ashcroft said in a prepared statement.
Federal officials emphasized that they are treating every Internet attack seriously, but they have yet to find the author of the original Blaster worm, nor the source of another virus called Sobig that clogged corporate email service last week. Past attacks by well-known viruses like Slammer, Klez, Nimda and Code Red remain unsolved as well, pointing out the difficulty of tracking wily virus writers.
Parson was charged with a single count of intentionally causing and attempting to cause damage to computers protected under federal law. He faces a $250,000 fine and up to 10 years in prison, a jail term that was doubled under the Patriot Act passed by Congress immediately after the 9/11 terrorist attacks.
The worm Parson allegedly built infected 7,000 computers, authorities said, but that would be only a fraction of the 500,000 machines worldwide infected by all the variants of the Blaster worm, according to anti-virus experts. Blaster in all its forms has caused between $5 million and $10 million in damage, authorities said in court.
Earlier this month, Blaster worms overloaded Sweden's largest telephone company and forced shutdowns of computer systems at the Federal Reserve Bank of Atlanta, the Maryland Motor Vehicle Administration, the Minnesota Department of Transportation and part of 3M facilities, including a plant in Hutchinson.
Parson appeared in U.S. District Court in St. Paul Friday afternoon, represented by federal assistant public defender Lyonel Norris. He made no plea. Wearing a gray T-shirt with a picture of a snarling bear on the back over the words "Big and Bad," khaki cargo shorts and white high-top athletic shoes, the burly, bleach-streaked Parson told Magistrate Judge Susan Richard Nelson that he lived with his parents, had no independent income and "about $3" in his bank account.
Parson was released in lieu of $25,000 bond and placed on home arrest. He can continue to attend school but he is under electronic monitoring and cannot leave his home except for medical emergencies or to attend his arraignment in U.S. District Court in Seattle on Sept. 17.
He is also barred from using a computer or Internet-connected device at home or school. Federal authorities confiscated seven computers from the Parson apartment last week and Parson's parents promised through their son's attorney, Norris, to give up their one remaining computer, according to a criminal complaint.
An inventory of the search warrant shows authorities also confiscated CDs, floppy disks, notes and notebooks. The computers are undergoing forensic examination.
Parson's family, looking stricken and holding hands, watched the teen's appearance from the back of the federal courtroom, and declined to comment afterward.
Nelson allowed Parson to post his bond out of public sight at the U.S. Marshal's office because of threats made against him. Heffelfinger said his office had received several anonymous telephone calls Friday morning from people who were angry because their computers had been disabled by a Blaster worm, and those threats were reported to the judge.
The U.S. Attorney said confining Parson to his home was as safe as he was going to get without incarceration, but he declined to comment on whether federal agents would be assigned to protect him, other than to say, "obviously, we're concerned about it."
In a criminal complaint filed in Seattle, investigators in a joint FBI-Secret Service computer crimes task force outlined how they tracked down Parson.
Blaster, also called Lovesan, is a worm — differing from a traditional computer virus in that it travels by itself without human intervention such as opening an infected email file attachment. Worms typically burrow their way into computers through vulnerabilities or "holes" in the software, and can spread quickly.
Perhaps more than 500,000 computers worldwide have been infected by some variant of Blaster, some experts believe.
The original worm, Blaster.A, appeared Aug. 11 and caused computers repeatedly to shut down as it took control. It unsuccessfully attempted to collect an army of "zombie" computers to block access to a Microsoft Web site where computer users could download a software patch for the hole.
Parson allegedly took the original worm, Blaster.A, changed its code slightly, including renaming it "teekids.exe" after his online name "teekid." Anti-virus software makers called it Blaster.B or Lovesan.B, the second version of the worm released on Aug. 13, two days after the original was already rampaging over the Net.
Agents in Washington State ran a copy of Blaster.B at Microsoft headquarters in Redmond, Wash., noting that it contacted a Web site www.t33kid.com. They traced the ownership of www.t33kid.com through Internet companies and their owners in San Diego, Calif., and Watauga, Texas, who provided hardware and leased computer server access or hosted the Web site.
The trail eventually ended in Hopkins, the complaint said, where Time Warner Cable, a high-speed Internet provider, confirmed that a computer with the same Internet address as the Web site was registered to Robert Parson, Jeffrey's father.
Minnesota agents took over, issuing a search warrant Aug. 19 and questioning Jeffrey Parson. The complaint said Parson admitted modifying the Blaster worm and creating the variant, and that he installed a way to control all the computers it infected by remote control at a later time.
But in order to maintain the list of compromised computers, the complaint said, Parson had to include instructions telling each infected computer to contact www.t33kid.com and register itself.
Computer security experts were unimpressed by Blaster.B. It contained only superficial changes that took no special sophistication, said Vincent Weafer, senior director of Symantic Security Response, a research arm of the security software maker Symantic.
The way Parson led investigators back to his own Web site also showed a lack of Internet smarts, others said.
"This was a rookie move," said Eric Schultze, chief of security architecture for Shavlik Technologies, a Roseville company that makes the anti-worm software patches for Microsoft. "That's not something a more advanced worm writer would do."
Tim Huber also contributed to this report.
No ... he can rub mice with the likes of Kevin Mitnick (infamous hacker and cracker) ...
Gone are the days shown in a murder mystery, when in the final scene a single constable places the suspect under arrest. Now, even non-violent criminals are arrested in raids. The militarization of our police force continues. Did they have air support and snipers during this raid, "just in case"?
Who is Kevin Mitnick?The picture that emerged after his arrest in Raleigh, N.C. last February was of a 31-year old computer programmer, who had been given a number of chances to get his life together but each time was seduced back to the dark side of the computer world.
Legendary cracker Kevin Mitnick had violated one company too many - hacker Tsutomu Shimomura's. The exclusive story of the last hours of Shimomura's quest for justice, as he closes the trap on his prey.
By Tsutomu Shimomura
Kevin Mitnick was a nuisance. For more than 15 years, he broke into computers, looked around, stole things, and then broke into yet more computers. He did little major damage, but his constant visitations became harassing - especially if you tried to catch him. Then he would screw up your phone service, or your private mail, or your credit records, or even your job. Although he was arrested five times for his digital trespassing, Mitnick wouldn't stop.
As far as Mitnick, I've went to many conferences over the years, and I really get sick of some of the youngster who try to put him on a pedestal. If anything, Tsutomu Shimomura is the one they need to be talking about - he pretty much handed Mitnick his a$$ on a platter, and in the process pointed out a lot of bad computing practices by some very large and prominent companies.
Mitnick outright 'stole' information and manuals, suckered and conned passwords and access rights out of office personnel, impersonated service workers and in one case law enforcement and literally combed through the trash of his likely targets - these guys are no more than 'script kiddies' who have probably just taken previous viri they have received and reverse engineered them ...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.