Sasser Author Under Arrest, Say German Police 549
Apogee writes "A number of german news websites, like n-tv, or the german yahoo news site (courtesy of the german press agency, lending this some credibility) (web sites in german) report that the programmer of the Sasser worm has been arrested by German police. The Sasser author is an 18-year-old man who was arrested on Friday in Rotenburg, Germany.
With the Sasser worm being the latest among worms that spread like wildfire among unpatched windows boxes, and apparently also caused serious computer outages and cost to the economy, how will this be transformed into an indictment?"
Update: 05/08 18:41 GMT by T : SexySas writes "As the German news site heise reports, the 18-year-old author of Sasser is responsible for Netsky, too. The German police is talking about 'a milestone in war against cybercrime'."
He was just helping his mother (Score:5, Interesting)
The motives of the alleged Sasser author were still unclear, but Der Spiegel suggested the teen may have wanted to drum up business for his mother, who owns a company offering assistance to computer owners.
About time (Score:4, Interesting)
as for ms, they should be considered just as guilty, with such a large corporate juggernaught they have, they should be able to look for these vulnerabalities early, and maybe go through some more extensive testing.. or at the VERY LEAST spend a million or so and tell they public they messed up, and how to fix it... (run windows update) at least this way, you have a educated public... ignornance is NOT strength.
So, how did he find the exploit? (Score:5, Interesting)
Realistically odds have to favour just reading the advisory, but there have been plenty of claims to the contrary.
The next question is, will any media actually bother to find out and publish the answer to that question. I'm guessing "absolutely no chance in hell".
Jedidiah.
Two possibilities (Score:5, Interesting)
It is all a lie! (Score:1, Interesting)
There is no such thing as an 18 year old man. Only somewhat a slashdot would think such a thing. This is clearly an atempt to get someone to trip up and admit to it. It is a trap people, dont believe it!
So basically, what's happened here was... (Score:1, Interesting)
A program exploits the extremely poor security track record of Microsoft products to spread itself. In my eyes, the provider of the broken software (=Microsoft) is just as much guilty as the person who made the self-disseminating program.
But history has shown that Microsoft cannot be sued while expecting to win. It's too big. In other words, Microsoft is above the law.
Melissa Virus (Score:3, Interesting)
If so, the same thing could happen to this guy with the German government.
I wonder if we can settle a small question (Score:4, Interesting)
Sasser broke a new record in the time it took to find the worm, from the time the hole on which the worm was based was issued a public patch. Now that we, allegedly, have the worm's author, we can ask him whether it was rev-enged from the patch, or whether he had prior knowledge of the hole.
Shachar
P.S.
I would wager the former, but still interesting to get an authorative answer.
Sentencing... (Score:2, Interesting)
I reckon he should get 10 minutes of prison time for every machine his trojan infected, since this is the time it probably takes someone on average to clean up the mess.
1,000,000 * 10 minutes = 166,667 hours = 6944 days = 19 years.
Seems fair to me, anyways...
Re:Was it a big joke / mistake? (Score:3, Interesting)
Re:Liability (Score:3, Interesting)
Times will change... (Score:3, Interesting)
You know, I really don't understand (Score:3, Interesting)
Re:phatbot authors busted too (Score:1, Interesting)
http://www.heise.de/newsticker/meldung/47209
While the sasser author comes from the northern part of Germany at least one of the phatbot writers is from the southern part of Germany. They don't seem to have any direct connection.
cb
Microsoft involvement [Re:they caught him...] (Score:5, Interesting)
Hardly likely to have happened, since according to the Yahoo! Germany newswire, Microsoft gave the vital hint to the German police that led to the arrest. Which makes you wonder whether they scanned their Apache..erm..IIS server logfiles to see who was reading about certain security alerts.
Re:MS (Score:3, Interesting)
I agree that worm writers are scum. They shouldn't be excused because someone else left a vulnerabilty for them to exploit.
But, especially at this point, I DO think that Microsoft deserves some blame too. SASSER follows in the wake of SQL Slammer and MSBlaster, arguably 2 of the most damaging buffer overflow exploits in many years. IIS has been repeatedly compromised by buffer overrun problems since its initial release.
It isn't hard to code an automated test for buffer overrun vulnerabilities. I have done it myself for embedded designs that I have done with TCP/IP capabilties. Admittedly, it was a much simpler task for my circumstances since my products support a very limited subset of TCP/IP, but then I don't have a legion of progranmmers at my disposal either.
Here' my point: given that you had a product that had suffered buffer overrun problems for yeras, wouldn't you test specifically for buffer overrun problems before release? Maybe I would give NT and win 2000 problems a pass but win2k3 and XP were both released after a long history of buffer overrun problems. Why didn't Microsoft test specifically for buffer overrun problems before releasing them?
The Microsoft Secret Police caught this kid (Score:5, Interesting)
"Microsoft signs security pact with Germany" http://news.com.com/2100-7343-5204643.html [com.com]
That was on may 4th... Today THEY GOT HIM. Thats quite a remarkable effort from the Private Secret Police of Microsoft.
Robert
Re:come down hard (Score:3, Interesting)
Sven hit Windows at questionable sweetspot (Score:4, Interesting)
http://news.bbc.co.uk/1/hi/technology/3687583.stm [bbc.co.uk]
"According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it."
The 18 year old kid, (his name is Sven?) really hit Microsoft windows at its weakest sweetspot: Federal ordered builtin hookups for "remote security management" and other "activities" as e.g. Spyware.
Robert
Germany eh? (Score:4, Interesting)
We found various infection scripts lying around, because Norton's quarantine seemed to have stopped the infection script in its tracks. One thing it did was to take the machine's details and upload them to an FTP server. A server in
We don't know if this invasion used the same exploit as Sasser, or if a small number of Sassered boxes get FTP status or what. But the German moviez + German FTP dropbox seems suspicious.
Luckily we had the IP-address, username, and password in the script, and were suprised to find we could login there and delete the info. Hopefully the hacker hadn't copied it, but the box has been re-installed from scratch.
And the user is now seriously contemplating Linux, after losing two days...
Baz
Re:Idiot (Score:3, Interesting)
Re:Idiot (Score:1, Interesting)
Re:Sentencing... (Score:2, Interesting)
Sure, murderers get 25 years, so why should someone who caused no physical harm to humans but inconvinience and loss of money be fined for much less?
Funny that this is the same slashdot that also rejects the idea of 5 years in jail for copyright infringment (at least when it's about music).
Get some principles, people.
An 18 year old? (Score:1, Interesting)
this kid is either an experienced systems programmer,
a skript kiddie (just unleashed it through out the world),
or a scapegoat.
C'mon, I thought slashdotters were KNOWLEDGEABLE about this kinda shit. You people taking this at face value?
ugh.
Re:I'm kinda curious (Score:3, Interesting)
I think most of it is "bragging rights". Which is why you notice the most successful psychopaths in history are the quiet ones....
Re:they caught him too soon (Score:3, Interesting)
A computer system is not a unique person, but nowadays it's very much an extension of one. It has things I've written, things I've done, and important stuff I need to remember. If it's lost, a whole chunk of my life goes away.
I think the preoccupation society as a whole has with people breaking into computers is sick, especially considering that many people are on the side of the person doing the attacks. And that disgusts me since I've seen what a horrible pain it is to recover from an attack.
It frustrates me that people deliberately and maliciously seek out to cause uncountable numbers of innocent people pain. I think people who are sick enough to act that way deserve to be weeded out and removed from society.
For all the outrage I've gotten from my analogy, nobody's put a serious dent in my point: That people who do these things get away with it all the time, and that they somehow need to be stopped.
If you want to counteract my feelings and my analogy, let's hear some positive recommendations on how to deal with these people. What would you do to put the point in their heads that this kind of conduct hurts real people and has enormous costs?
D
Re:they caught him too soon (Score:3, Interesting)
No apology if they got the wrong guy.....
Saturday on Slashdot seems to bring out an even higher proportion of anti-government conspiracy theorists than usual (I'm using your post as an example, but there are dozens of others in the thread below this). Sometimes I wonder how many of the posters here actually are script kiddies themselves.
The fact is this guy confessed [yahoo.com]. And not only did he confess, he apparently provided great detail on various worms that he's created. They also found the source code on his PC. That seems like pretty compelling evidence to back up his confession.
I was surprised to read he's only eligible for 5 years in prison. My wife joked "well, he'll get a free dorm room for college". I'm sorry, but this is not a deterrent, which is the point of having criminal penalties in the first place. From the news article, it sounds like he's clearly not very scared. They need to extradite him somewhere where he can really be forced to pay the price for the damage he's caused.
Everybody here should support throwing the book at guys like this. This is the internet we're talking about here, and worms like sasser at best make it harder to use, at worst can take down corporate networks (which sasser did) and even 911 systems, defense networks, hospital networks, etc.
Re:He was just helping his mother (Score:2, Interesting)
Re:The auther prolly used WinXP (Score:3, Interesting)
I would like to say that my post was in reply to a post claiming that the virus author was captured because of a Microsoft backdoor in their own compiler products. He did not specify that the virus author had a trojaned copy, or that his compiler was altered in any way from one I might install. He implied that there was a backdoor in the standard installation of MS tools and Windows which inserted enough personal information for tracking. I'd simply like to state that under the conditions stated by original poster, that technique is not practical, and extremely unlikely.