Using Virus/Worm comments to implicate others
Tim May
timcmay at got.net
Thu Sep 4 00:53:38 PDT 2003
Reading about the Romanian student arrested today for allegedly
releasing one of the "Blaster" variants, I was struck by how easy it
would be to "bring a shitstorm down" on someone by inserting comments
into the virus code.
--excerpt--
Second Suspect Arrested for Internet Virus
Wed Sep 3, 5:54 PM ET
By JIM KRANE, AP Technology Writer
Police in Romania on Wednesday arrested a 24-year-old former student
in connection with a computer-crippling Internet worm, according to a
computer security company that aided police.
...
Company analysts traced Ciobanu through some Romanian-language text
inside the virus that eventually led them to a Web page containing
Ciobanu's home address and telephone number, Vicol said.
...
--end excerpt--
Tim again: This is not the first time an arrest has been made based on
comments in virus/worm code. Sometimes the comments are about
professors, sometimes about girlfriends, sometimes about local food and
other trivia.
It would be easy to implicate someone, for at least the initial months
of house arrest (as with Parsons, the American kid also arrested for an
alleged Blaster release), by scattering incriminating comments. Getting
incriminating evidence onto their home or office computers is not as
easy, but we can all think of ways this could be done.
Absent verifiable signatures on such code (who would sign such a thing
with a traceably sig?), conviction may be difficult. A charged person
could claim he was "set up."
Still, acquittal is months or years down the road, after great expense.
I'll bet we see something along these lines soon.
--Tim May
"They played all kinds of games, kept the House in session all night,
and it was a very complicated bill. Maybe a handful of staffers
actually read it, but the bill definitely was not available to members
before the vote." --Rep. Ron Paul, TX, on how few Congresscritters saw
the USA-PATRIOT Bill before voting overwhelmingly to impose a police
state
More information about the Testlist
mailing list