Teen charged in worm attack says case is inflated

[TS | Thomas]

Minneapolis — A high school senior charged with modifying a version of the Internet worm that crippled computer networks worldwide said the government has exaggerated its case against him, & disputed media coverage that portrayed him as a computer-savvy loner.

"I have a very supportive, close group of friends. I'm not reckless, I don't do drugs, smoke or drink. This is the first time I have ever had a run-in with the law. It's hurtful to see the accounts of me. I'm not depressed, embarrassed about my weight, or a misfit," Jeffrey Parson said in a transcript posted on MSNBC's Web site.

Would you like to know more?

 

[poertner_1274]

"My son is not brilliant; he's not genius," Rita Parson said. "Anyone that has any computer knowledge could have done what Jeff did."

Yes, but the thing is, is that others who have knowledge aren't doing that. I think the paretns are overlooking that simple fact. Whether or not others could do it...their sone DID it.

 

[Phantasm66]

Authorities say he admitted during an interview with FBI and Secret Service agents that he modified the original "Blaster" infection that made computers attack the Microsoft Web site last month.

Prosecutors said Mr. Parson's worm affected at least 7,000 computers.

His parents, Bob and Rita Parson, spoke publicly for the first time Tuesday on the Today show, and said their son was an ordinary teenager, not a computer whiz.

"My son is not brilliant; he's not genius," Rita Parson said. "Anyone that has any computer knowledge could have done what Jeff did."

OK, unless I am missing something, then what that kid did was obtain the C++ or whatever (probably C or C++) code for that virus, modified it, and then recompiled and redistributed it.

This is NOT something that any run of the mill kid can do. This kid IS a computer expert, and likely IS pretty bright. I certainly would expect him to score above 120 on an IQ test, just for having:

A) the ability to program in C++

B) the ability to read other people's C++ code

C)Being able to read that code well enough to know what parts to change

D)Knowing where the hell to download said code in the first place (probably some very obsure hackers IRC channel where you would never last longer than 1 minute on without being kicked unless you are 3leet)

E)Knowing how to release the mutation back in the field in such a way as to not be instantly traced and caught....

F)Additional computer skills not listed.

I work in a university's computer department and I think that only some of the lecturers and some other programmers here would know how to do the above. Modify the code, that is. Not where to get hold of it. Certainly, even pretty advanced students would not.

I know people who have PhD's in computing who would NOT HAVE THE FIRST CLUE!

This is NOT the work of "some kid" who innocently stumbled onto something and innocently changed it. That's crap.

That virus caused a lot of damage to workstations and servers all over the world, disrupted business and caused a lot of work for people like me. OK kid, I am grateful for being kept in a job, but you had to have known what you did was wrong. Sorry.

 

[Phantasm66]

If any of you can come on here, right here and now, and show us all how to download the code for viruses like klez, blaster, sobig, and then write an article on how you would alter the code to build a mutation, please do.

We will send you a hardware prize in the post.

I don't think any reader here can do that, right here and now. (Not without months of research, anyway.)

Come on this thread, right now, and post how you would design the next Sobig virus, or even show us that you have the existing code, and tell us all how you would modify it to make it more destructive?

On a web site full of computer geeks, I doubt ANY of you could post here, right now off of the top of your head, how to do that.

Find the code for sobig, and tell us how you would make the next mutation. If you do that, and I believe that you did it all your own work, I will send you a piece of hardware myself.

 

[Phantasm66]

It makes me so angry in these kinds of cases where both sides instantly start talking complete and utter crap, straight out of where the sun don't shine.

I defy ANYONE reading this right now to come on and tell us all how to create a virus mutation.

In fact, I would be interested in general to hear from someone who can come on right now and tell us all exactly what even this:

00001 /* This file is Copyright 2003 Level Control Systems. See the included LICENSE.txt file for details. */
00002
00003 #ifndef MuscleMutex_h
00004 #define MuscleMutex_h
00005
00006 #ifndef MUSCLE_SINGLE_THREAD_ONLY
00007 # if defined(MUSCLE_USE_PTHREADS)
00008 # include <pthread.h>
00009 # elif defined(QT_THREAD_SUPPORT)
00010 # include <qthread.h>
00011 # elif defined(__BEOS__)
00012 # include <support/Locker.h>
00013 # elif defined(WIN32)
00014 # include <windows.h>
00015 # elif defined(__ATHEOS__)
00016 # include <util/locker.h>
00017 # else
00018 # error "Lock: threading support not implemented for this platform. You'll need to add code to the MUSCLE Lock class for your platform, or add -DMUSCLE_SINGLE_THREAD_ONLY to your build line if your program is single-threaded or for some other reason doesn't need to worry about locking"
00019 # endif
00020 #endif
00021
00022 #include "support/MuscleSupport.h"
00023
00024 namespace muscle {
00025
00031 class Mutex
00032 {
00033 public:
00035 Mutex()
00036 #ifndef MUSCLE_SINGLE_THREAD_ONLY
00037 # if defined(MUSCLE_USE_PTHREADS)
00038 : _lockCount(0)
00039 # elif defined(QT_THREAD_SUPPORT)
00040 : _locker(true)
00041 # elif defined(WIN32)
00042 : _locker(CreateMutex(NULL, false, NULL))
00043 # elif defined(__ATHEOS__)
00044 : _locker(NULL)
00045 # endif
00046 #endif
00047 {
00048 #ifndef MUSCLE_SINGLE_THREAD_ONLY
00049 # if defined(MUSCLE_USE_PTHREADS)
00050 pthread_mutex_init(&_locker, NULL);
00051 # endif
00052 #endif
00053 }
00054
00058 ~Mutex()
00059 {
00060 #ifndef MUSCLE_SINGLE_THREAD_ONLY
00061 # if defined(MUSCLE_USE_PTHREADS)
00062 pthread_mutex_destroy(&_locker);
00063 # elif defined(QT_THREAD_SUPPORT)
00064 // do nothing
00065 # elif defined(WIN32)
00066 CloseHandle(_locker);
00067 # endif
00068 #endif
00069 }
00070
00078 status_t Lock() const
00079 {
00080 #ifdef MUSCLE_SINGLE_THREAD_ONLY
00081 return B_NO_ERROR;
00082 #elif defined(MUSCLE_USE_PTHREADS)
00083 pthread_t self = pthread_self();
00084 if ((_lockCount == 0)||(!pthread_equal(_lockHolder,self))) // note: assumes (_lockCount==0) is atomic
00085 {
00086 if (pthread_mutex_lock(&_locker) == 0) _lockHolder = self;
00087 else return B_ERROR;
00088 }
00089 _lockCount++;
00090 return B_NO_ERROR;
00091 #elif defined(QT_THREAD_SUPPORT)
00092 _locker.lock();
00093 return B_NO_ERROR;
00094 #elif defined(__BEOS__)
00095 return _locker.Lock() ? B_NO_ERROR : B_ERROR;
00096 #elif defined(WIN32)
00097 return ((_locker)&&(WaitForSingleObject(_locker, INFINITE) == WAIT_FAILED)) ? B_ERROR : B_NO_ERROR;
00098 #elif defined(__ATHEOS__)
00099 return _locker.Lock() ? B_ERROR : B_NO_ERROR; // Is this correct? Kurt's documentation sucks
00100 #endif
00101 }
00102
00108 status_t Unlock() const
00109 {
00110 #ifdef MUSCLE_SINGLE_THREAD_ONLY
00111 return B_NO_ERROR;
00112 #elif defined(MUSCLE_USE_PTHREADS)
00113 return ((pthread_equal(_lockHolder,pthread_self()))&&((--_lockCount > 0)||(pthread_mutex_unlock(&_locker) == 0))) ? B_NO_ERROR : B_ERROR;
00114 #elif defined(QT_THREAD_SUPPORT)
00115 _locker.unlock();
00116 return B_NO_ERROR;
00117 #elif defined(__BEOS__)
00118 _locker.Unlock();
00119 return B_NO_ERROR;
00120 #elif defined(WIN32)
00121 return ((_locker)&&(ReleaseMutex(_locker))) ? B_NO_ERROR : B_ERROR;
00122 #elif defined(__ATHEOS__)
00123 return _locker.Unlock() ? B_ERROR : B_NO_ERROR; // Is this correct? Kurt's documentation sucks
00124 #endif
00125 }
00126
00127 private:
00128 #ifndef MUSCLE_SINGLE_THREAD_ONLY
00129 # if defined(MUSCLE_USE_PTHREADS)
00130 mutable pthread_mutex_t _locker; // gotta do some extra work to make the mutex
00131 mutable int _lockCount; // recursive, since pthreads doesn't support
00132 mutable pthread_t _lockHolder; // recursive mutexes directly (at least, not portably)
00133 # elif defined(QT_THREAD_SUPPORT)
00134 mutable QMutex _locker;
00135 # elif defined(__BEOS__)
00136 mutable BLocker _locker;
00137 # elif defined(WIN32)
00138 mutable HANDLE _locker;
00139 # elif defined(__ATHEOS__)
00140 mutable os::Locker _locker;
00141 # endif
00142 #endif
00143 };
00144
00145 }; // end namespace muscle
00146
00147 #endif

piece of code does???

Maybe there might be one or two regulars who have a clue, maybe.

Now, unless I am missing something, you have to at least be able to understand what I have quoted in order to have the C++ skill to modify klez, or blaster or sobig.

And THEN you have to know where to get the code in the first place, or know enough about the security vulnerability to write everything from scratch.

Unless I am missing something? Is there some "virus creation toolkit" you can download from kazaa, or something??

Normal mortals can't do this sort of thing. To suggest that they can is nonsense. Unfortunately, when it comes to computers, the general public seem to believe nonsense.

 

[Phantasm66]

What, no takers?

Perhaps some random, run-of-the-mill fat kid who "isn't a genius", and "doesn't have any special computer skills" will know????!?!?!?!

 

[filthy_mcnasty]

this code looks like a wrapper class for a mutex to work on various platforms.
it's c++ (as the use of a class would indicate).

a mutex is a kernel object global to the system it's created on often used for thread syncronization and allowing only one instance of an application to run at a time.

the majority of the class is inlined (which is not usually done) but to get a better idea of what this does (aside from what i've said) i'd need to see the other header files and the file that actually implements this.


btw i agree with everything you're saying phantasm BUT seeing as how the kid was handed the code (which i'm willing to bet was done in vb) making some modifications to a worm which simply exploits a buffer overflow wouldn't require as much programming knowledge as you would think. the kid obviously knows more than his parents would like you to believe though and there's not a chance in hell the regular joe schmoe computer user can do that, you're right.

 

[Elcarion]

I agree with you Phantasm. The sad truth is that if this kid wasn't dumb enough to point to his own website or tell someone else what he did then he'd likely never be found. It's so easy to do what he did and hide your tracks.
I also agree with filthy that it's really not that hard to modify a virus or worm. It's actually amazing to me that more effective worms haven't been released yet. It may be that as a security professional I know where many commonly over-looked system vulnerabilities lie. Unfortunately, many of these are very easy to exploit on either Windows or Unix/Linux systems.
I think it would be easy for someone to get a general idea of what your sample code does just by searching Google for "mutex threads". Someone with a little C++ experience would pick up on it very quickly. Search for "mutex threads MuscleSupport.h" and you will find all of the source code for MUSCLE 2.43.

 

[Phantasm66]

Thanks both for your useful comments.

The reason I posted the mutex code was that I read recently (can't recall if it was blaster or sobig, it WAS one or the other) used a spawned mutex, and so I was equating the level of object orientated programming knowledge to work with mutexes to that which would be required to write one of these viruses. Or rather, to BEGIN to write something like that.

Its true that writing some code to exploit some buffer overflow vulnerability isn't TOO MUCH of a programming wizardry, but there is more to do on such a virus project, such as giving it the ability to spread, etc. Someone who can do that has good knowledge of client server network programming, etc, and is a skilled C++ programmer. I don't think that either blaster or sobig was written in Visual Basic, however that would not stop it from being a perhaps very complex program which it would take a skilled programmer to write.

filthy_mcnasty:

How long have you been into programming? Would you have any idea how to write a virus in C++ ?

 

[acidosmosis]

It depends, but I think with a bit of research 2 or 3 of us could make a pretty dangerous virus. It might not cause a problem like w32.blaster or SoBig.F but there are a few pretty smart people here like Soul that could probably do some damage.

I know one of my main gifts is that if I don't already know something I can find out or learn it myself in a pretty small amount of time. I think that ability in itself can be pretty dangerous in a small amount of time if I allowed it to. At the moment though I can't program a bit of code in C++ or any other programming language.

If I was going to hack and cause some damage I would purchase a used laptop. I would completely format the hard-drive. Install an illegal copy of Windows and only the software and files I needed to complete the job, and take that laptop to some random location and hook it up to a phone line and do my damage from there. The main thing I wouldn't do is do this from my own home but from a *random* location.

As far as the guys that created these worms such as w32.blaster I dont think they were necessarily too smart. I say that mainly cause you can't really base how smart these guys are on creating a virus such as w32.blaster that took advantage of an exploit which did most of the work for them. The main reason I say that is there was a security hole in Windows which isnt very much different than the Messenger exploit and they used it. Obviously the Messenger exploit doesn't cause near as much as a problem as the RPC exploit, but I think they just got lucky in the fact that the RPC problem happens to cause computers to shutdown if a problem occurs.

Like you said Phant, there is a large difference between people that know how to do certain things and use them for good or use them for destructive reasons. These people should be punished to the extent of the law.

 

[Phantasm66]

Another thing I don't buy is that kid's insistence that he is not a loner.

I am sorry, but if you know that much about computers by the time you are 18, you DO SPEND A LOT OF TIME ALONE IN YOUR ROOM....

And it TAKES ONE TO KNOW ONE... So I should know.

I don't think that anything that has been said by the prosecuting forces in this case is unrealistic. Unless someone comes forward and says he is a terrorist or something. That's crap too.

Now, wait and see what happens to this kid. I have warned you all off of computer crimes before, I hope. Judges and Juries do not understand computer crimes. They blow things out of proportion (although that won't be needed here with this kid) and you get treated like a terrorist or something. Watch this kid get treated like Kevin Mitnick and locked up with child killers, etc for years.

 

[filthy_mcnasty]

phant, i've been programming with c/c++ for about 5 years now.

coding a virus is not much different than any other program. it just carries the malicious intent. a 'trojan' for example is simply a server/client thing very similiar to any chat application you see.

while my programming has stayed more constructive (chat applications, code generators, file swapping things for my friends on campus etc etc) i have coded my own trojan before (which i never infected a single person other than myself with i should add) using win32 c.

a virus is such a broad definition. a recursive function call that deletes everything on the c: drive (not currently in use of course) is a mere few lines of coding. a self replicating / spreading worm would require more work but isn't overly hard. (in fact, i've used a mutex, which i mention because you posted a wrapper for one, to help force an application to delete itself [was a temp installer file], a similiar technique could be applied to make a virus copy itself over and over) and a generic buffer overflow isn't a lot of work either (i haven't looked into this rpc one that these worms affect though so cannot comment on how easy that was).

char *lp1;
lp1 = malloc(40961);
memset(lp1, 'I', 40960);

(this is c, not c++)

boom, then send lp1 and you had a buffer overflow that would crash a user list on the old msn gaming zone (note that they have long since fixed this, this code is at least 3 years old now and i made them aware of this issue).
that takes little knowledge to actually do. i allocate a buffer bigger than what the other side was expecting and send it. viola.

 

[acidosmosis]

Originally posted by Phantasm66
I am sorry, but if you know that much about computers by the time you are 18, you DO SPEND A LOT OF TIME ALONE IN YOUR ROOM....

Hehe, it's amazing how much I knew by the time I was 10 after having a computer for less than a year. I was already doing things most people couldnt imagine (in DOS). ;-).

Your right, these things do get blown out of proportion. I find it very disturbing and angering. I am very sick of the general public which knows nothing about computers and trys to tell US how to operate one and how they work. To be fair, in cases like these we needs judges with lots of experience a computer field such as programming. People like us are like a completely misunderstood race. Lots of us have social phobias or some kind of social issues, somewhat created from sitting in front of a computer most of our lives we don't learn to survive out in public like most people do among the cliche's and "popular" people. I also think a lot of us when we begin get a lot of our satisfaction from the fact that sitting in front of a computer makes us feel good in many ways. We can go to so many places that only most can imagine by playing video games or learning so many things every day on the Internet and in our mind we create this world where we feel like that one day were going to be important, or do something amazing. We can live out our fantasys in a video game and even try to create our own games. The limits to what we can do and learn are almost unlimited. We feel important among our "L337" internet peers because we can do something creative with C++ or we got a high score in 3DMark because of a few tweaks.

In a lot of ways I think we are alone in this world. We are still a race that is being born and hasnt been fully accepted yet but has went a long way from the days of 8086 PC's where all geeks were losers. In lots of ways now we are "cool" and accepted and even Hollywood has begun to use people like us as the "new electronic cowboys". We still aren't fully accepted by the public but mostly because we are misunderstood.

 

[Phantasm66]

Thanks for your useful comments, filthy_mcnasty.

Now, compare the chances of you, a C++ programmer with 5 years experience, creating a sucessful virus....

...To someone with NO special programming or computer experience modifying someone else's code to create a new mutation....

I don't know exactly what this kid changed in the code, but he clearly knew enough about programming to know WHAT to change.

For anyone to suggest that a novice is capable of this is rubbish. I am glad we are all in agreement about that.

I agree with what you are saying... To a person with 5 years C++ experience, coding a virus might not be too hard.

But a person with 5 years of C++ experience IS A SKILLED AND EXPERIENCED COMPUTER PERSON!!!! Not some random web surfer or run of the mill teenager. Those kinds of skills are probably associated more with a 20something geek, not an 18 year old. This guy knows computers and programming well, and he KNEW what he was doing.

 

[filthy_mcnasty]

But a person with 5 years of C++ experience IS A SKILLED AND EXPERIENCED COMPUTER PERSON!!!!

i agree with this point entirely. at this point i better know a thing or 2 about computers or else i better stop programming them.

Those kinds of skills are probably associated more with a 20something geek, not an 18 year old

this part i dont agree with as much. i just turned 19 myself a few months ago. by no means do i know everything (that'd be nice though) but at my age i honestly feel i have a pretty good grasp of c/c++ compared to others who do it for a living (i'm just a college student). that said though, this kind of knowledge is sprouting up at younger and younger ages. i know 16 year olds now who know stuff that at 16 i had no thought of.

my point in that though, is that you are exactly right. this kid knew what he was doing (albeit he did it really sloppy from what i hear) and had a clear intent to do damage. his parents are trying to pull a public relations scam and get people to feel sorry for him.

upon returning to campus last week, a friend of mine was infected with some variation of that virus within minutes. i'll feel sorry for the kid when he comes out to fix all these people's computers up so i dont have to.

 

[aoj145]

Well, I think the point your missing is that this kid and his family are preparing for a legal case.

Unless he pleads guilty and paints a bullseye on his *** for his new found friends in prison they're definately going to downplay his ability to write code. Only an ***** would walk up to the press and say "Yes, I know how to do this ... but, but, but it wasn't me."

They're trying to paint a picture for his defense when it goes to court by creating public opinion. Knowing that probably 95% of the population knows nothing about programming, viruses, etc. they're hoping that they can carry this story over to a courtroom setting where a judge and/or jurry would believe such nonesense whether it's true or not.

You can walk into a McDonald's kill everyone with a gun, but the first thing you're going to say when they arrest you is "I didn't know what I was doing. I don't know how to work a gun let alone own one." Odds are, though, they'll still fry your *** after it's been thouroughly plundered by your cell mate named Bubba.

Welcome to the screwed up thing we call the American justice system and the equally screwed up media. It's great to have the ability to a fair trial and your day in court, but most times it just turns into a three ring circus.

If it gets enough media attention this kid will probably be able to finally get a publicity loving ambulance chaser, he'll walk and make a million dollars after writing a book about the incident and appearing on countless talk shows.

 

[filthy_mcnasty]

=) exactly what the end of my post was trying to get at. well said.

 

[aoj145]

It just aggrivates me that people who violate, or are suspected of violating copyright laws online are often treated more like villians than the people who actually try to maliciously destroy everything.

Some kid will get sued by the RIAA for $10,000 while this 'hacker' kid will be home eating Cheetos and trying to figure out how next to wreck havoc.

 

[Rick]

"I have a very supportive, close group of friends. I'm not reckless, I don't do drugs, smoke or drink. This is the first time I have ever had a run-in with the law. It's hurtful to see the accounts of me. I'm not depressed, embarrassed about my weight, or a misfit," Jeffrey Parson said in a transcript posted on MSNBC's Web site.

I'm very glad he said this, because these things get blown rediculously out of proportion and it always looks like some unhappy, fat kid with low test scores wants to hack the planet.

He's guilty of something... I don't think it's news worthy though.

 

[Phantasm66]

Originally posted by aoj145 Some kid will get sued by the RIAA for $10,000 while this 'hacker' kid will be home eating Cheetos and trying to figure out how next to wreck havoc.

I think you will find it will be a very long time before the virus writing kid is allowed to touch a computer again.

Anyways, to sum up I think that any kid who is that age and has that kind of grasp of programming is clearly bright and computer skilled. Trying to say that you are not is lying, and doesn't stick.

This isn't something that happened as some kind of unhappy accident to some unsuspecting internet user.

"Oh, I just accidently found the code for a very dangerous and destructive virus, oh... ah... look, without any computer skill at all I have accidently rewritten parts of it to make it more dangerous! Surely this is the sort of thing that EVERYONE can do?!?!" Bollocks. Complete and utter bollocks.

OK, we have found a C++ programmer from among our number who is the same age and probably equal, maybe even greater ability - but that person is obviously a pretty bright boy too. These kinds of youngsters do exist, and they are getting younger. But they still represent a very small fraction of the population. And, they are sufficiently intelligent enough, and mature enough at 18-19, to know that what they are doing is wrong when they mod a virus.