Slashdot Mirror
Blaster Writer Caught
Henry V .009 writes "The FBI will be arresting an 18 year-old in connection with MS Blaster, reports The Washington Post." According to the article, the teen was witnessed testing the worm, and then turned in by a bystander. It's also worth noting that this is merely one of the Blaster variations. Hope whoever it was had fun, because a world of pain is waiting in store now.
How on Earth do you witness somebody writing a virus?
He's sitting in front of a computer, hitting keys on the keyboard and looking at the monitor. That describes the person who wrote this story, the person who submitted this story, the person who posted the story, me getting first post, and everybody reading and moderating this and every other post to come.
It also describes RMS writing Emacs, Linus debugging the kernel, and SCO issuing another press release.
Did this witness actually read the code? What kind of idiot virus-writer lets someone he doesn't know pull up a chair and start auditing his code?
Or was the witness tipped off when the screen start flashing "NOW TESTING VIRUS"? Damn, I hate when that happens!
This doesn't sound quite right.
Is this truly the only Earth I can live on?
Also reported by the BBC
http://blog.nexusuk.org
The FBI will be arresting an 18 year-old
Coder: Huh? They are coming for me? I'd better get moving before they get here.
Lucky the authorities got to him first that is. Well they say there are more virus authors out there. Hopefully all that dental equipment I bought on Ebay will be put to good use.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
I mean, maybe he borrowed his mates computer to do something, saw something interesting, then got told to take a long walk off a short plank when he tried to blackmail him.
Well until someone is caught and Proven to have written the virus, as far as im concerned it is a bunch of FUD.
Life is like a box of chocolates, you never know when your gonna get food poisoning.
Or SCO will report that he used their proprietary code to do it, ergo everyone infected with the virus will now be sued by SCO for illegally using their code.
That sounds fishy.
The average person wouldn't have a clue about what a developer was doing. There's no way someone can walk by and know that the guy was testing a virus.
The article states that this "18 year old" is the author, but later on it talks about how he was "observed testing" which all sounds a bit dubious. Assuming he is the author I have very little sympathy, virus writers need to be accountable for their actions. If however he is just been made a scapegoat......
I submitted this story sometime ago, but got rejected. The kid actually did not write the MSBlaster worm, he modified it to make it more potent and released it. story here
.ACMD setaloiv siht gnidaeR
Perhaps, as some kids are at that age do (not all before you flame me), he had been bragging about it in an irc chat room, had an enemy/concerned chatter catch wind of it and reported it to the feds with logs and IP information.
Why not eh? stranger things have happened at sea.
--Mods giveth, Mods taketh away--
I'm a firm believer that Microsoft, for all it's faults, isn't nearly as much of a problem as it's doting customers. Microsoft has ALWAYS been terrible at security. This is not news. So who the hell keeps buying their crap?
Start charging the folks who deploy Microsoft for negligence.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Didn't download the patch huh?
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
...I got a virus in my computer and... and... it wrote another itself!
Just remember this
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
It can take weeks of computer forensics to identify what someone was creating on a computer, so I doubt very much that they're 100% certain this kid is guilty without inspecting his equipment. And last I checked they need proof before assigning guilt (unless Ashcroft's already removed that clause from US law).
Yo, RFTP/RTFA. It says in both the article and the post that the witness saw the person "testing" the virus, not writing it. Which is even more scary in a way. How did the witness know what he was doing? What day was it? Which version is he supposed to have written? Oh, and there has been "no arrest made in this matter yet."
The BBC article contains a bit more info: It says he's suspected of altering the original MSBlast worm into one that would cause more damage.
It also says: "Reports suggest he is likely to be arrested by the end of the day." WTF? They're giving him advance warning?!? Run, boy, RUN!!! LOL.
Anyone who's imagenation peaks at nameing one of the most significant viruses of out time as 'MS Blaster' deserves to get caught!
IIRC, the boy tried to DDOS www.windowsupdate.com, which is not the URL people usually use for windowsupdate.
Makes you wonder what a professional terrorist could do. The worm could have been far more destructive.
The worlds most intelligent bystander has just been identified.
Ralph Nader brought the automotive industries up to safety standards. I'm too young to remember the public's preception of him, but it sounds like we need someone like him around again. Microsoft has enough defects inside it's operating system to make it the 2000's equivalent of the Ford Pinto. They should be held accountable.
What about the users though? This isn't the 70's and information is readily available about Microsoft's security practices. Why do they do it? Is it like riding a rollercoaster that has a 6 junction split at the end, only 2 of which leads to the egress queue, 3 of which leave you hanging on the top of a hill until you debug the rollercoaster, and the final split has a jump through a fiery ring with no landing zone? I mean come on, they all saw the rollercoaster... They all knew the ramifications of their actions.. What about them?
-B
Or have we forgotten how the system works?
Alleged writer. Innocent until proven guilty beyond all reasonable doubt.
Based on this report, the evidence so far is one witness of unknown competence. "Testing the infection"? I "tested the infection" yesterday by making sure that AVG can contain Blaster.
Oh, I'm sure that the FBI aren't (quite) dumb enough to announce this without doing some investigation, but the fact that they're announcing it as a fait accompli before they've even made the arrest indicates that this is a PR exercise.
But that's irrelevant speculation, because whatever their or my or your opinion on it, this guy is innocent... pause for breath... until proven guilty beyond all reasonable doubt. Let's drop the tabloid press pack mentality here.
If you were blocking sigs, you wouldn't have to read this.
Researchers also discovered another message hidden inside the infection that appeared (emphasis added) to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"
Yup, that's cryptic alright. I'll bet the FBI's first question will be to ask what he meant by that.
This is the beauty of OPEN SOURCE!! He got ahold of some code, modified and improved it, and released it back into the public domain! That's how it's SUPPOSED to work!
Think of the outrage that would have been touched off if he kept the modified code for his own use... INFORMATION WANTS TO BE FREE!!!
Where do I send my money? This guy is a HERO, not a CRIMINAL!
"Ask not what your country can do for you." --John F. Kennedy
prison rape is not
a laughing matter. I think
you are all sick fucks
Yes, I did. And in fact I did before the virus was even released. Further, I blocked port 135 at my router the day the virus was released. I have never even once had a virus infect any computer I own, even the ones running Microsoft OSes and Outlook/Outlook Express, and I've owned computers since 1980 starting with a TRS-80 Model 1.
Don't assume that because I think the little shits that write viruses should be held accountable for their actions that I am a newbie, a Microsoft fanboy, or a victim. You would be very wrong on all three counts.
If I were to remove the driver side window from my car and replace it with a piece of trash bag, making the car obviously insecure to anyone with more than two brain cells, that still does not give someone the right to damage the interior of my car. Likewise, just because Microsoft peddles insecure garbage does not give some little pimple-faced moron with no social life other than his left hand the right to damage someone's computer.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I am pretty sure it isn't illegal. What is illegal is putting it on someone's computer or network without permission, intentionally spreading it (in an active form) or allowing it to spread itself across space one does not own.
Since a virus is nothing more than a computer program, it would be incredibly difficult to make writing one illegal without catching a lot of legitimate software in the same net.
eg - Under a literal interpretation of one of Britain's early "anti-virus/anti-trojan" statutes, Windows 95 would have qualified as a 70 megabyte trojan!
So the writers of these virii certainly are doing a bad thing and certainly are aware of this, but it seems to me that Windows/Outlook/Office ship with a big red button and endless admonitions not to push it. Of the two, the button maker and the button pusher, I know who I find fault with most, but I suspect that the media and most observers are becoming accustomed to these ridiculous risk exposures as somehow inherent in computing and thus tend not to blame the button maker. Think also that this effect has something to do with why these problems never seem to actually get *fixed*.
Mafiaboy.
Given the age (he was only 15!), and given the media, he was still crucified. There was no sympathy angle, there was no "youngster gets hassled by overzealous feds" angle. He was, as could be expected, generally portrayed as an evil h4x0r who DoSed eTrade, eBay, Yahoo, etc.
No, whomever launched MSBlaster.B is not going to become a media darling, and he damned sure isn't going to win the hearts and minds of Joe Sixpack, whose computer kept rebooting itself due to the various incarnations of MSBlaster.
From a personal standpoint, I think it's sort of shitty that this kid is getting busted for what seems to amount to no more than a bit of hex editing. I'd rather see the FBI investing its resources into tracking down the author of the original MSBlaster (as opposed to a barely-modified variant which didn't propagate widely)... And I'd much rather see them go after whatever assclown is responsible for SoBig.F, of which I've now received more than 6,000 copies at 100KB apiece. That's not to say that they aren't investigating these things, and I hope they find the perps eventually; but I think it's a bad deal that they're going to bust a kid who made a knock-off instead of the guy who started it.
I really don't buy the sympathy angle. The guy allegedly launched a worm variant, he probably bragged about it (another similarity to Mafiaboy), according to MSNBC, the FBI subpoenaed IRC server logs to track him down. Launch a worm and gloat about it to your 31337 buddies, and you get what's coming.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Dude, that was totally incoherent. Go get your coffee, and try again.
Mod point free since 2001
Folks, I know that "prison rape" jokes sound funny. I know that everyone gets a laugh when someone mentions "federal pound-me-in-the-ass prison." Yes, Office Space was one of the best movies ever made. No, that doesn't make prison rape hilarious.
Imagine if it were you in prison.
I have been incarcerated, and while I wasn't physically accosted (though I don't doubt that it may have happened if I'd been prescribed a longer stay), the sexual humiliation was probably the worst part of the experience. Prisoners have to shower. Together. And the jailors have seemingly no end of dick-jokes.
You have to disrobe before you get into the shower, obviously. You leave your prison garb in a "cubby" type lockeresque rack, and you hope that a) you remember which cubby you put your garb in and b) some joker doesn't forget such and take yours by accident.
After taking your clothes off, you have to pass by several guards before you get into the showers proper. And the guards utter sexually oriented insults to every inmate who walks past. "Hey smallcock." "How come you're so eager to get in the shower with a bunch of naked men?" "I bet all these guys want to have a big orgy!" "Today was grits and eggs for breakfast, but it must be sausage for dinner!" "Look at this, a whole shower full of little dicks!" etc. No, I'm not joking, the jailors really say this shit.
This was humiliating enough. I can't imagine the torture of actual prison rape. It happens, people, and it's very real. The things that go on in jail, most people (who, of course, have never been to jail) would not believe unless they witnessed it themselves. I hope that you don't have to, but at the same time, please have a modicum of respect for those of us who have been there, and those who are still there for whatever reason. I'm not asking you to have sympathy for people who have committed crimes; you do the crime, you do the time. But being a criminal does not mean you deserve sexual assault.
No aspect of prison is funny.
None.
Redmond, VA: The youngster will be charged by two companies with accusations of reverse engineering. Citing the Digital Millennium Copyright Act (DMCA), Microsoft is accusing him of implementing a piece of code that circunvents patented Microsoft's Windows protection.
Richard Ludwig, attorney for Microsoft, said "My clients believe that the writer of this virus is actively destroying the value of my client's proprietary technology, and demand that this viral activity cease immediately."
Mark Scheise, attorney for SCO, said the teenager violated its intellectual property rights by using SCO code in the virus. He said that each bit from its code was a perfect match with SCO's code. "He was using exactly the same two bits as SCO, just in another sequence". Scheise also added that this was not just a coincidence, and denied any request to disclose wich are the two bits. "I can't tell you wich are these two bits, but I assure you they're the same as thos used by SCO".
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
i hope he gets to finish his Big Gulp before the feds throw him in the van...
Build a fence around the Microsoft Campus. The Great Wall of Redmond.
And when the Mongolians come to tear it down, we'll dump sweet-and-sour pork on their heads.
Yet cars seem to still have so many security faults that are known, document, but unfixed. The biggest one is the highspeed collision. Running a car into another object, espically a car moving the the opposite direction, is highly likely to cause a catastrophic failure that often results in serious injury or death. This is a known flaw, it isn't like it is a mystery what happens when cars crash. It is even something that can be fixed to a degree with more durable, race-car style frames and 5/8 point safety harnessess instead of seatbelts.
Now of course this isn't seen as a reason to sue car makers because it is an unintended way of using your car. You aren't SUPPOSED to crash it, and if you are a good driver you won't unless another bad driver hits you. The things that concern people are when cars fail when they do nothing wrong, ie the Firestone tire thing, or when the kind of failure is out of perportion with the mistake, ie low speed collison leads to gas tank explosion.
Well, see, with computer security vunerabilites you are talking about people making unexpected use of your product. They are sending bad data to it, data it isn't designed to accept or work with. Somethimes this causes an unexpected result.
So as far as I'm concerned, the computer world already has BETTER safety than automobiles. People can do all sorts of nasty, unexpected things to my computer, and it will shrug them off as if it were nothing. Any time some problem IS discovered, I am given an update to fix it. This would be like driving around in a car that had unpickable locks, un breakable glass, would not damage you or itself when you hit a wall, etc. Then if it was discovered that, for example, a certian acid could melt your locks and let someone in, they'd send you new locks that were impervious to that.
Now of course software is virtual and so this can be done whereas it can't with a physical thing liek cars, but I'm not seeing any problems here. All security holes come from assholes trying to do things they shouldn't. I gaurentee if you setup a seperate physical trusted network with only users you know to not be hax0rs you will never find a system comprmised, even if they all remaing unpatched. It is only when you connect to the internet and every asshat is free to try and do all sorts of things they shouldn't are you in any danger.
Reread the article. They didn't bust the original author. They busted the lamewad that renamed msblast.exe to penis32.exe -- all he did was modify the existing virus.
Granted, the dipshit _touched_ the virus code and released a variant (albeit an extremely unoriginal one)
It was probably about as difficult as hex-editing a file. Gee. 5 minutes of dicking around is going to get him a life long prison ass pounding. Way to go, Genius.
And of course the uninformed media is going to paint the dumb bastard to be THE msblast author. Can anyone say "Scapegoat?"
When I read the piece, my initial reaction was, "They really should arrest Bill Gates". However, on some reflection, I'm not so sure Microsoft is the sole source of all the disruption over these worms.
OK, so the MS software makes worms and virus spreading relatively easy, due to activeX, executable mail attachments and bad security "out of the box" (open ports, exposed services such as RPC etc).
Still, if a motor manufacturer sold a mass market car without locks, windows or an alarm system, would anybody buy it?
The answer is, probably not. There's the issue of personal responsability to obtain a secure car. Same with software. Maybe it's all of those major businesses and misguided "CIOs" who keep buying Microsoft who ought to be arrested. Between them and the Microsoft execs, they've managed to create an environment which makes it easy for these bored young men to create worms.
Poor 18 year old guy. Why should he be arrested? After all, what's a script(kiddie) among friends?
The MSBlast worm was responsible for one of the worst computer security outbreaks of this year.
Where it should read....
Microsoft was responsible for one of the worst computer security outbreaks of this year.
From the BBC article found here
Personally, the media is more focused on promoting the stereotype of the teenage kid who has go nothing better to do that 'hack' computer systems. The emphasis should be on why it was so easy for an amateur was able to write such a destructive program. Bottom line is that Microsoft writes bad software, and people need to know this. Obviously Microsoft isn't 100% responsible for this, but making a media scapegoat isn't going to solve the underlying problem. I don't feel sorry at all for the Maryland Department of Motor Vehicles. They deserved what happened to them, it was only through their own ignorance that it happened. People in today's society want to use computer, bur rarely take the time to learn and understand even the most basic principles of how they work. And what heppens is after that, they expect techies like us to take their shit.
--
Adobe's anti-counterfeiting softw
I expect the comments in the first place. It's inevitable among any community that has people the likes of the "Frist p0st" and "go to cnn.com [secret link to goatse.cx]" commenters. But the moderation system is in place so that crap like that can get ignored by the people who don't want to hear it.
If you think it's funny, Obviously I can't/won't stop you from moderating it that way. But think about the real issue behind it before you encourage lighthearted humor about rape.
But you are of course obliged to make a good faith efferot test your software and make sure it does not have simple bugs, compiles and runs before you release it. The kid was obviously just releasing his testing his changes prior to releasing the source as he was required to do under the GPL.
all viruses should be GPL. THen bill gates will really be right.
Some drink at the fountain of knowledge. Others just gargle.
Ha ha, yes, it is quite amusing to be sent to prison for a nonviolent offense (typing on a keyboard, for instance) and subsequently violently raped repeatedly by multiple large black men while the guards stand by and laugh and the prison wardens make no effort to keep it from happening. We will be sure to laugh heartily when you, your brother, father, son, uncle and/or cousins are sentenced to 30 days for some minor offense which they may or may not have committed. We will chuckle about the fact that they have a very good chance of coming home broken and scarred physically and psychologically by their horrifying experiences. Ha ha ha.
Rape is immoral. Rape is inhuman. Rape is cruel and unusual punishment, and we have laws against that. I always find it entertaining how our entire prison establishment feels these laws are unimportant, and our culture thinks that jokes about young, weak, and sometimes innocent people getting forcibly sodomized is a fabulous thing to joke about. Wait, no, I don't find it entertaining. I find it makes me sick to my stomach.
It's also heartening to see every prison rape joke getting a +5, Funny. Thank you, moderators. Great way to get karma. Keep up the good work.
Help Stop Prisoner Rape by not treating it like a joke.
A quick snippit of info over at The Register seems to hint that the kid did in fact write Blaster-B, not the patching varient (does anyone remeber CodeGreen after CodeRed??).
Seems that he was 'under surveillance', was caught testing the varient, and is going to be charged with writing the varient.
So what do we do with this stupid kid? In an age when dorking around on your computer can cause millions of dollars in lost revenue (albiet, you probably know if you're about to release a worm), these things are going to happen more and more often.
1) Does this kid need to learn his lession in jail?
No, This kid is young. He's stupid. I'm sure he didn't do this realizing that he'd be headed to jail in a few months (if proven guilty). But what do you do with someone who's broken the law like this? Send him to Microsoft to learn how to fix bugs and become a programmer? Take him to the programmer who was responsible for the bug and tell them that this 18 year old kid made him look like a dumbass? Who knows?
2) Does Microsoft need to fix their insecurities?
This is as much MS's fault as it is anyone elses. I mean, if I bought a car (I hate to bring the whole car analogy thing up again) and someone came along and leaned up on it wrong and it stopped working. I'd be pissed at the manufacturer, not so much the leaner (who is laying on the ground with a bloody nose by now).
Just some thoughts.
T.
Look it up, amigo. If you know about a felony and you don't report it, you are guilty of cover-up and can serve time for your avoidance of doing the right thing.
You have an amazingly rosy view of how the law works in this country. You must be those law-abiding citizens with nothing to fear that I keep hearing about. When we have laws that will revoke habeas corpus for the bizarre and impossible crime of loitering with space aliens (1982, Department of defense appropriations bill) and the hard-hitting "conspiracy of one", you can and will go down for anything if they want you.
Do you think it's an accident that we have the largest prison population, in absolute and relative terms, in the world?
Laws are for people with no friends.
The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
Yeah, some might say YOU should be more careful for not locking the window... but the REAL criminal still is the burglar that took your stuff! M$ has some serious problems, but that doesn't mean we should lose all of our common sense JUST to attack them some more.
Does M$ software have security issues? Yeah. Should script kiddies be let off easy because they take advantage of these problems? No. They are no better than the burglar that entered your unlocked window!
We need to start making people take responsibility for their own ACTIONS and quit blaming others. It's like blaming a door-lock manufacturer because someone can pick the lock! There will always be people that take UNLAWFUL advantage of real or perceived situations. That doesn't mean they are any less to blame for their actions.
-=-jw-=-
IS it really worth ruining a persons life, if he is found guilty, just becuase you as a sys admin had to deal with an inconvience. Windows update didn't go down, maybe some of your time was spent dealing with it, but that is YOUR JOB. And if your network isn't up to date with updates, IMHO, it's your damn fault.
Sadly he'l be the scaegoat while all the network admins, microsoft etc gets to go free. I just don't think that any punishment they give him will fit the crime... Personally i think he just needs to do some community service, what he did was wrong, but nothing truely bad.
Actually, considering the self-deprecating humour on slashdot, I wouldn't read too much into it. How many of us have joked about "slashdot readers being virgins." Mainly because we have a large geeky population, and many (but not all) of said geeky population lack the social skills to properly interface with members of the same gender, let alone the opposite sex.
The virgin isn't really a reference to sexual activity per-se, so much as it is a reference to the fact that somebody with so much a lack of a "life" probably is very likely sitting in front of a PC 24/7 and not meeting women.
Actually, sounds a lot like me in High School. Except that I didn't write viruses (custom backdoors to deal with people in the lab I didn't like, yes, but the teachers knew and found it amusing), and I now do have a social/sex life in addition to geeky pursuits.
Of course... another trademark of my geekdom is that said social life usually falls on the backburner whenever the newest Final Fantasy or RPG comes out... luckily the g/f is into 'em too (though I haven't gotten her on Warcraft/Starcraft or FPS yet).
On the other hand, nobody ever said prison was supposed to be all Tea and Crumpets, either: it's punishment for crimes committed and convicted. .
The punishment is incarceration, it is NOT sodomy. I have never heard a judge say in his/her verdict, "and I convict the defendant to 5 years of incarceration, with the occasional guy holding him down and taking him anally". NO. It's against the law. Just because it's prison, it doesn't mean it's alright to break laws. Gee, if that's the case, you could slip small boys into the prison for the whole yard to have a little fun with, jesus.
-- This space for lease, low setup fee, inquire within!
Who would understand he was actually writing a virus? Well, perhaps a fellow coder, a hacker, a classmate?
But then that brings the question: such individuals are usually fairly close-knit. If you're around the dude long enough to realize his code is a blaster-variant, and he is somewhat of a friend, or good associate, would you turn him in? How many geeks would?
It's a hard decision, especially with a decent chance that with the current upset over said viruses even a script-kiddy variant-writer is going to get lynched after being caught. It'd make him/her a good example for other would-be virus writers, but would you do it to somebody you know?
Of course, many such geeks are vain. It could have been somebody declaring, "you think blaster was bad... wait until you see the badass variant I'm writing. I'm going to 0WZ0R J00"...
Gee, maybe we should take his message more seriously. Maybe the author of the worm is correct in some aspects. Some say that Microsoft is solely to blame for this. I'd say it is not 100% correct. There is a shared blame for the security problems:
--
No memory available for sig. Please reboot now.
Coderz 4 Life
It seems that everyone here is focused on putting this guy in prison. I really can't justify putting someone who wrote a virus in prison while CEOs who have stole billions roam free.
Not to mention, there were two components to this problem. People need to stand up and take some responsibility when thier machines get infected. Personal firewalls and anti-virus have become common place, so I don't take that as an excuse.
Yes, the kid should get some probation, possibly some community service managing / repairing systems for underprivelaged folks. But then that would depend on the legal system being motivated by rehabilitation and not retribution.
--WooooHoooo--
Actually, prison rape is a very racial thing. He was completely right to point out that it would almost certainly be large black men doing the raping. You see, the black gangs, and the Hispanic gangs, do not let anybody (else) touch members of their own race. The whites fail to form such gangs, and are victimized. Often the youngest white males, usually in for some sort of first time drug offence, are in the most danger. Check out the article Hard Time by Jared Taylor.
Apart from the obvious "innocent until proven guilty" matter, how about we don't publicly hang some kid for tweaking a virus until we've found the real author and proved his/her guilt.
Stop propagating the MS spin. Just because MS has convinced the mainstream media and the Anti-virus software houses ( whos entire buisness is dependent on MS) to change the name does not mean everyone needs to do the same. The only true name for the virus is MSBlaster.
While I initially found the article linked to be interesting (and appalling), I grew uncomfortable with what appeared to be a racist bent to the editorializing in the article.
A Google search turns up the fact that Jared Taylor is considered "America's most dangerous racist." The rest of the American Renaissance site is full of erudite but clearly racist commentary.
Yes, prison rape is appalling, but a better link for reference on the topic is this one for the original book on the subject, rather than a racist's view of the material.