Federal law enforcement officials were joined by Microsoft's general counsel in trumpeting the arrest of a Minnesota teenager believed to be responsible for releasing one version of the W32.Blaster worm earlier last month.
US Attorney, John McKay, said the arrest of Jeffrey Lee Parson of Hopkins, Minnesota, also known by his online name ‘teekid’, was a significant accomplishment for federal law enforcement and that the case would "deliver a message to cyberhackers here and around the world".
Parson was charged in federal court in St. Paul, Minnesota, with one count of intentionally causing or attempting to cause damage to a protected computer.
He could face up to 10 years in prison if convicted, according to McKay, who said the Blaster-B worm caused great harm to the computers it infected and to Microsoft, the target of a distributed denial of service (DDoS) attack that was programmed into the worm's code.
"Cyberhacking is a crime. It harms persons and businesses," McKay said.
Speaking for Microsoft, General Counsel, Brad Smith, said the damage done to the software giant was "the small tip of an enormous iceberg" when taken together with the damage caused to the hundreds of thousands of systems worldwide that were infected by Blaster-A, Blaster-B and the other worm variants.
While McKay spoke of a tough investigation involving long hours and weekends spent tracking down Parson, security experts said the teenager left plenty of clues for investigators.
"It doesn't seem like he was too concerned with being caught," a virus research engineer at security company Network Associates, Craig Schmugar, said.
Parson, who is described in the complaint as a 6-foot 4-inch 320-pound white male, named the new Blaster version after himself using ‘teekid’ for the virus file, according to the complaint filed in US District Court for the Western District of Washington.
Moreover, he programmed his version of the worm to connect to a website, www.t33kid.com, that was registered in his own name and address in Hopkins.
According to the complaint, US Federal Bureau of Investigation and US Secret Service agents were on Parson's trail within days of Blaster-B's release on August 14, raiding his home on August 19 and seizing seven computers from that address.
Parson's version of the Blaster-A worm was simple and did not require him to have a copy of the Blaster source code to create, Schmugar said.
Using a simple program akin to a text editor, Parson could have simply modified some configuration settings used by the worm to change its name and instruct the worm to deposit a Trojan program that he intended to use to control infected machines, he said.
Network Associates’ AVERT antivirus lab didn't record any field reports of infections from the Blaster-B variant, Schmugar said.
Parson, who is 18, may have counted on hundreds of other virus writers doing the same, providing him with a kind of anonymity, he said.
That had been the case with previous outbreaks. Schmugar said. And while law enforcement usually promised to catch the original virus author, little attention had been paid in the past to copycats.
While other variants did appear, there were nowhere near as many as with previous outbreaks, he said.
Asked whether this was the first case ever brought against a copycat, McKay said he could only comment on the charges brought against Parson.
While acknowledging that Parson left some important "clues" for investigators, McKay said that key information leading to the teenager's arrest came from interviews by federal agents rather than information obtained on the Internet.
McKay declined to comment on whether the arrest of Parson would lead them closer to the author of the original Blaster worm, but said interviews were taking place in that case as well.
The US Attorney expressed satisfaction with Parson's release on bail.
He said the conditions of release, which prohibited Parson from using the Internet or computers, were adequate to protect the larger community.
"Is he dangerous? Yes, he's dangerous – but because of the serious harm he caused to computer systems," McKay said. "We don't have any reason to believe that danger exists beyond (Parson's) connection to the Internet."
Parson's arrest may not remove a top computer criminal from society, but it could deter future virus copycats, Schmugar said.
"Obviously there's a question of whether (Parson) is as significant as the author of Blaster-A, but hopefully it will deter people from modifying future viruses," he said.