Schoolboy Sven Jaschan has been arrested for releasing the Sasser worm, but law agencies are clueless as to how to stop many others like him perpetrating the same crime
The arrest of an 18-year-old schoolboy accused of unleashing Sasser and a series of 28 Netsky worms was both a relief and source of frustration for IT professionals.
Despite years of heavy spending on IT security, it is clear that stereotypical teenage hackers can still cause expense and embarrassment to business IT users.
The Sasser worm, which exploited a vulnerability in Micro-soft Windows, hit high-profile targets, including the UK Coastguard Service, British Airways and American Express and thousands of small businesses.
Variants of the Netsky worm are still creating serious difficulties for unprotected computer systems months after they were first released.
The arrest of Sven Jaschan at his mother's home in Waffensen, Germany, followed an international investigation. But his swift apprehension has left companies and law enforcement agencies wondering whether anything can be done to deter youngsters from being drawn to computer crime.
Last week, police started analysing computer equipment seized from Jaschan and a network of friends around his home town, who are believed to have collaborated to develop and distribute the worms.
"He was caught by his ego and partly his arrogance," said one investigator involved in the case. "Virus writers are motivated by boredom and a desire to appear to have some impact or significance on the world and they do it to get the rush of seeing their code listed on the anti-virus top 10."
His arrest followed a tip-off from acquaintances who were anxious to share the £250,000 bounty offered by Microsoft.
Jaschan bears all the hallmarks of a typical virus writer. He was shy and withdrawn with only one passionate interest: computers. He was studying informatics at school and hoped to go on to study computing at university.
Like many virus writers, Jaschan was probably motivated by a need for recognition, said David Wall, professor of criminal justice and information technology at Leeds University.
"The common thread among many hackers is introversion, a will to be linked to the world and to show the world they are there, while being shy when it comes to face-to-face contact," he said. "For many it is a question of esteem. They sparkle on the internet where they cannot in real life."
Graham Cluley, chief virus technologist at Sophos, said, "It is about showing off to friends and computer geeks. There are criminal writers, but it is more likely this guy was doing it to feel cool."
The need for intellectual challenge was probably another driving force for Jaschan.
"Virus writers have imaginations that lend themselves to complex mathematical problems. Like a lot of deviant activities, part of their appeal is being able to do something that is not condoned by others," said Wall.
Businesses and the police have long tried to find ways to prevent children turning into computer criminals. The National Hi-Tech Crime Unit said it was in talks with the Home Office about educating young people in responsible computer use in schools.
"Children need to be educated from an early age on how to look after themselves online. That is one of the best ways to educate them to protect others," said Philip Virgo, director of Eurim, the industry parliamentary group.
"Teenagers writing worms is rather akin to teenagers playing arson games. Teaching children not to play with matches is a good idea, but it is no substitute for removing the vulnerabilities."
Mitnick: feel foolish if Sasser hit you
Virus writers come low down in the pecking order of computer hackers, said Kevin Mitnick, once the world's most notorious hacker.
In an interview with Computer Weekly, Mitnick, now working as a computer security consultant and author, said Sven Jaschan's technical skills were nothing special. He was amazed that so many businesses fell victim to a worm that in his view was relatively easy to prevent.
"He was no great technical expert. There was a published vulnerability and he took his worm and used his exploit code to be able to propagate it in the many systems that Sasser touched," he said.
Businesses should feel embarrassed if the worm hit them, Mitnick said. "Companies should have known better - you don't leave port 445 open to a hostile network. It is foolish."
Mitnick said he understood Jaschan's obsession with computers. "I was a computer enthusiast myself and I spent the great majority of my time hacking."
Jaschan's arrest and police raids on his collaborators are unlikely to deter youngsters in the future, he added. "People doing this stuff do not assess the risk of being caught. They operate under the illusion of vulnerability."
This was first published in May 2004