The future's bright for (ex-)virus writers

2005-08-01

Costin Raiu

Kaspersky Lab
Editor: Helen Martin

Abstract

Sasser author Sven Jaschan walked away free from a German court last month after receiving a 21-month suspended sentence for his crimes. With a job offer already in the bag, his future could be rosy. Costin Raiu looks at the fate of Jaschan and other virus writers and hackers who have been convicted.


There has been a lot of publicity lately about the author of the Sasser worm, Sven Jaschan, following his conviction by a German court. This got me thinking about other virus writers and hackers who have been caught, and the similarities between them.

What are the similarities between Sven Jaschan and, for instance, Robert Morris, Jr? Well, they both wrote highly successful network worms, which caused chaos when they took over the Internet. They both confessed to writing their worms, although Sven Jaschan first had to be found by the police, who did this thanks to information provided by a couple of his friends (or ex-friends – I'm not sure whether Sven will be playing with them for a while, given that they sold him for Microsoft's $250,000 bounty). Finally, both Jaschan and Morris received fitting sentences, which in Robert Morris's case put him back on track and, as far as I can tell, drove malicious software writing out of his mind.

What about the similarities between Sven Jaschan and Kevin Mitnick? Actually, in this case, there are more differences than similarities: Mitnick was a hacker and wasn't really into writing malware. Moreover, Mitnick didn't even write his own tools; he relied on ones created by his friend 'jsz' at Ben Gurion University in Israel. Sven Jaschan wrote his own viruses, carefully choosing the exploits which would allow his creations to spread at maximum speed on the Inter-Windows-net. Whereas Mitnick was driven by profit and the need to make a living, Sven Jaschan was a young man coding worms in order to show the world how clever he was. So there is no real similarity between Mitnick's sociopathic behaviour and Jaschan's utter foolishness.

It would seem that Sven Jaschan's profile is a lot closer to Robert Morris, Jr's than Kevin Mitnick's. But this may not be the whole story.

Almost immediately after being apprehended, Sven Jaschan was hired by a security company, which promised to teach him to become a security programmer. With a suspended prison sentence of 21 months, and 30 hours of community service to pay for his crime, Jaschan can return to his studies knowing that he has a job in the security field, and a very bright future ahead of him (if he stays away from the malware game). Here, Kevin Mitnick's story is more than relevant. The author of two popular (they could even be called best-selling) security books, Mitnick is now a regular speaker at various security events, most notably the IDG Roadshows. This ex-hacker is now teaching people to secure their systems against the very things he was doing a couple of years ago.

I wouldn't be surprised if, in a couple of years, the reformed Sven Jaschan becomes the author of a couple of books (best-sellers, of course) on computer viruses and ways to attack networks. Thanks to his notoriety as the author of Sasser, he could be in high demand for teaching people how to protect themselves against viruses. The fact that these would be the very same people he infected with his creation years ago would be almost irrelevant. Sven Jaschan would have been turned overnight into a marketing symbol, which is exactly what happened with Mitnick.

Of course, Jaschan could write another worm, spread it over the Internet and go to jail, this time for good. Given the alternative, I think the choice is obvious.

The question is: who is at fault in the current situation, when reformed hackers and (why not?) virus writers, are talking about security, writing books which become best-sellers and being transformed into idols for the 12-year-old slashdot trekkie who has too much spare time? Is it the people who promote them, or the audience attending the seminars and buying the books? I'm afraid that the answer has serious implications. Moreover, I'm afraid that this issue will come back to haunt us in years to come. One question you should all consider: if Sven Jaschan writes a book, will you be buying it?

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

VB2019 paper: APT cases exploiting vulnerabilities in region‑specific software

Some APT attacks are carried out by exploiting vulnerabilities in region-specific software. Government agencies frequently use such localized software, and this tends to be the target of attackers. In Japan, there have been many cases where attacks…

Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

Web application vulnerabilities are an important entry vector for threat actors. In this paper researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting…

VB2019 paper: Cyber espionage in the Middle East: Unravelling OSX.WindTail

It’s no secret that many nation states possess offensive macOS cyber capabilities, though such capabilities are rarely publicly uncovered. However, when such tools are detected, they provide unparalleled insight into the operations and techniques…

VB2019 paper: 2,000 reactions to a malware attack – accidental study

This paper presents an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. Many of the victims were unaware…

VB2019 paper: Why companies need to focus on a problem they don't know they have

There is a type of crime, breach of company policy, misuse of company assets and security threat that is often overlooked: as one in 500 employees use their work computer to handle child sexual abuse material. This crime and misuse of company assets…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.