Sasser Author Under Arrest, Say German Police 549
Apogee writes "A number of german news websites, like n-tv, or the german yahoo news site (courtesy of the german press agency, lending this some credibility) (web sites in german) report that the programmer of the Sasser worm has been arrested by German police. The Sasser author is an 18-year-old man who was arrested on Friday in Rotenburg, Germany.
With the Sasser worm being the latest among worms that spread like wildfire among unpatched windows boxes, and apparently also caused serious computer outages and cost to the economy, how will this be transformed into an indictment?"
Update: 05/08 18:41 GMT by T : SexySas writes "As the German news site heise reports, the 18-year-old author of Sasser is responsible for Netsky, too. The German police is talking about 'a milestone in war against cybercrime'."
phatbot authors busted too (Score:5, Informative)
Articles in English (Score:5, Informative)
Phatbot comes from Germany, too (Score:4, Informative)
Referenced Story in Der Spiegel (Score:2, Informative)
As reported in Der Spiegel [spiegel.de]
Cyber-terrorism (Score:3, Informative)
Re:Articles in English (Score:5, Informative)
Rothenburg an der Wümme. (Score:5, Informative)
Rothenburg a. d. Wümme is not the medival postcard town, it's just a small boring northern german town.
BTW: Wümme and Tauber are both rivers. German cities with same names ofter difference themselves by the rivers they lie at.
Re:I'm kinda curious (Score:3, Informative)
From Reuter [reuters.co.uk]: "Spokesman Frank Federau for Lower Saxony police said the man was arrested on Friday. He did not have the name of the suspect but said he was a schoolboy who lived with his parents near the central German town of Rotenburg.
"He is the programmer of the first version of the worm," said Federau. He said he did not have any details of how the suspect was found.
Police did not know if the suspect had also created other versions of the worm. They took all the teenager's computers from his parents' house, Federau said.
"He is still free. He is not in custody. There will now be a court case," he added."
Re:Will he go on trial (Score:5, Informative)
Re:Will he go on trial (Score:3, Informative)
Re:Not framed? (Score:5, Informative)
The boy is already back at home (no risk of escape) until he'll be tried. He'll probably get probation, at most. He'll MOST probably be tries under juvenile laws, which have the overruling goal of "educating" young people.
However, he'll be held responsible for the financial damages he's done.
Re:Will he go on trial (Score:3, Informative)
Re:Liability (Score:3, Informative)
Re:Not framed? (Score:4, Informative)
- he cannot be extradited. The German constitution forbids that.
- juvenile laws *can* be applied for ages 18-21 (and very often are), and they have to be applied below.
My guess: juvenile law, probation and probably several 100 hours of social service. And financial damages, of course.
Anyways, shouldn't Microsoft be in his place?
Re:phatbot authors busted too (Score:4, Informative)
Loerrach is about as far as you can get from the village the Sasser author came from and still be in Germany.
US authorities helped the German police in both cases.
Re:Not framed? (Score:5, Informative)
I guess most people will be afraid to fully disclose in court how their IT management works and how their other business processes run to prove the amount of money they have lost due to Sasser.
Re:The auther prolly used WinXP (Score:5, Informative)
Take your paranoid fantasies somewhere where people don't know enough to refute them.
First, when you compile an EXE file with MS tools, it follows a format called the Portable Executable format[1]. You can verify this by opening up the EXE in a hex editor. There are a few headers, a few sections for code and data, and maybe a debug section. There isn't a section called ".backdoor" or ".spyonuser". By examining it very carefully, it might be possible to determine which version of Windows produced it and what compiler, but you aren't going to find your MAC address, name, street address, and favorite color anywhere.
Second, if you're talking about a network backdoor, that's extremely unlikely also. You can see someone using a backdoor on a Backdoors aresimple packet dump. Set up a packet sniffer between your computer and your internet connection and watch for strange packets. Write a virus or something, and see if someone from MS makes a connection to your computer. If you're so paranoid as to think that MS has trojaned all the routers, switches and hubs in the world so as to make it completely impossible to trace, go see a psychiatrist.
[1] - Reference for the PE format: here [csn.ul.ie]
Microsoft was involved in getting him arrested (Score:3, Informative)
Microsoft then called the German police.
I am sure the person who called Microsoft was doing this because s/he wanted the reward. Otherwise s/he would have gone directly to the police.
Translated quote from the article:
Probably ran his mouth (Score:3, Informative)
Also most script kiddies/crackers run their mouth when they get caught. We had one on campus, he was using some program (I forget the name) that tried to spoof itself as the default gateway so all traffic would go through him and he could sniff passwords. He couldn't get it working right and it kept bringing down a part of the network. Well when we caught him he instantly confessed everything to us, then to the police.
The thing is that he (and those like him) are so convinced of their invenurability because of their anaonymity, that they are just totally unprepared to get caught. So when it does happen, they usually just break down and confess everything.