The future's bright for (ex-)virus writers

2005-08-01

Costin Raiu

Kaspersky Lab
Editor: Helen Martin

Abstract

Sasser author Sven Jaschan walked away free from a German court last month after receiving a 21-month suspended sentence for his crimes. With a job offer already in the bag, his future could be rosy. Costin Raiu looks at the fate of Jaschan and other virus writers and hackers who have been convicted.


There has been a lot of publicity lately about the author of the Sasser worm, Sven Jaschan, following his conviction by a German court. This got me thinking about other virus writers and hackers who have been caught, and the similarities between them.

What are the similarities between Sven Jaschan and, for instance, Robert Morris, Jr? Well, they both wrote highly successful network worms, which caused chaos when they took over the Internet. They both confessed to writing their worms, although Sven Jaschan first had to be found by the police, who did this thanks to information provided by a couple of his friends (or ex-friends – I'm not sure whether Sven will be playing with them for a while, given that they sold him for Microsoft's $250,000 bounty). Finally, both Jaschan and Morris received fitting sentences, which in Robert Morris's case put him back on track and, as far as I can tell, drove malicious software writing out of his mind.

What about the similarities between Sven Jaschan and Kevin Mitnick? Actually, in this case, there are more differences than similarities: Mitnick was a hacker and wasn't really into writing malware. Moreover, Mitnick didn't even write his own tools; he relied on ones created by his friend 'jsz' at Ben Gurion University in Israel. Sven Jaschan wrote his own viruses, carefully choosing the exploits which would allow his creations to spread at maximum speed on the Inter-Windows-net. Whereas Mitnick was driven by profit and the need to make a living, Sven Jaschan was a young man coding worms in order to show the world how clever he was. So there is no real similarity between Mitnick's sociopathic behaviour and Jaschan's utter foolishness.

It would seem that Sven Jaschan's profile is a lot closer to Robert Morris, Jr's than Kevin Mitnick's. But this may not be the whole story.

Almost immediately after being apprehended, Sven Jaschan was hired by a security company, which promised to teach him to become a security programmer. With a suspended prison sentence of 21 months, and 30 hours of community service to pay for his crime, Jaschan can return to his studies knowing that he has a job in the security field, and a very bright future ahead of him (if he stays away from the malware game). Here, Kevin Mitnick's story is more than relevant. The author of two popular (they could even be called best-selling) security books, Mitnick is now a regular speaker at various security events, most notably the IDG Roadshows. This ex-hacker is now teaching people to secure their systems against the very things he was doing a couple of years ago.

I wouldn't be surprised if, in a couple of years, the reformed Sven Jaschan becomes the author of a couple of books (best-sellers, of course) on computer viruses and ways to attack networks. Thanks to his notoriety as the author of Sasser, he could be in high demand for teaching people how to protect themselves against viruses. The fact that these would be the very same people he infected with his creation years ago would be almost irrelevant. Sven Jaschan would have been turned overnight into a marketing symbol, which is exactly what happened with Mitnick.

Of course, Jaschan could write another worm, spread it over the Internet and go to jail, this time for good. Given the alternative, I think the choice is obvious.

The question is: who is at fault in the current situation, when reformed hackers and (why not?) virus writers, are talking about security, writing books which become best-sellers and being transformed into idols for the 12-year-old slashdot trekkie who has too much spare time? Is it the people who promote them, or the audience attending the seminars and buying the books? I'm afraid that the answer has serious implications. Moreover, I'm afraid that this issue will come back to haunt us in years to come. One question you should all consider: if Sven Jaschan writes a book, will you be buying it?

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

VB2018 paper: Fake News, Inc.

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Alternative communication channel over NTP

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

VB2018 paper: Under the hood: the automotive challenge

In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That’s the size of network an average SMB would have, only there’s no CIO/CISO, and…

VB2018 paper: Android app deobfuscation using static-dynamic cooperation

Malicious Android applications are quite common, and can even be found from time to time in the Google Play Store. Thus, a lot of work has been done in both industry and academia on Android app analysis, and in particular, static code analysis. One…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.