Sasser worm creator's trial starts in Germany

[Chmee]

So, what do you think is the appropriate punishment for this kid?

Teen Allegedly Confesses to Creating Worm

By CLAUS-PETER TIEMANN
The Associated Press
Tuesday, July 5, 2005; 9:42 AM

VERDEN, Germany -- A German teenager reiterated his confession to creating last year's "Sasser" computer worm as he went on trial Tuesday on computer sabotage and related charges, a court official said.

The trial of Sven Jaschan, 19, was being held behind closed doors in the northwestern town of Verden because he was a minor at the time of the offense. He entered the courthouse through a side door and did not speak to reporters.

After proceedings began, Jaschan "admitted to the alleged offenses in every detail," court spokeswoman Katharina Kruetzfeld said.

Because defendants do not enter formal pleas under German law, proceedings continue despite Jaschan's confession. The trial was to last three days, with a possible verdict on Thursday.

Authorities said Jaschan already confessed to creating the worm at the time of his arrest in May 2004, about a week after the worm hit public hospitals in Hong Kong, a third of Taiwan's post office branches and check-in desks at British Airways.

The charges, which also include disrupting public services and illegally altering data, carry a maximum sentence of five years in prison, though Kruetzfeld said Jaschan, as a minor, faces a lesser penalty.

Jaschan was arrested at his family's home after Microsoft Corp. received a tip from an informant seeking a reward. Exploiting a flaw in the company's Windows 2000 and Windows XP operating systems, the worm had raced around the world and caused some computers to continually crash and reboot.

Unlike most outbreaks, Sasser did not require users to activate it by clicking on an e-mail attachment. Sasser is known as a network worm because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.

Authorities who questioned Jaschan said they got the impression his motive was to gain fame as a programmer. He was arrested sitting at his computer at the house of his mother, who runs a computer store in the small northern town of Waffensen.

The teenager has told officials his original intention was to create a virus, "Netsky A," that would combat the "Mydoom" and "Bagle" viruses, removing them from infected computers. That led him to develop the Netsky virus further _ and to modify it to create Sasser.

Investigators say he had launched a new version of Sasser that was meant to limit the damage just before his arrest.

In their indictment, prosecutors chose the cases of three German city governments and a public broadcaster whose systems were disrupted.

Five suspected accomplices _ including the informant _ also are under investigation, but Jaschan "is the big fish," prosecutor Helmut Trentmann said before the trial.

Link

[Tiger Ace]

I'd hope for a LONG sentence, equilivent somehow to the number of $'s lost because of his worm.

[wautd]

So, what do you think is the appropriate punishment for this kid?

Long life community service as a help desk. He wont reach 30

[Einhander Sn0m4n]

Locked in a room with thirty angry sysadmins who've had to remove sasser infections and a large table of various implements of pain, suffering, and death.

EDIT: DON'T FORGET TO GET IT ALL ON CAMERA!

[White Haven]

Sasser was awesome...Sasser and Blaster. It was the perfect 'punishment for being a fucking idiot' virus...you had to pay someone to fix it for you, hence you suffer for your own stupidity, but it did, for the most part, no damage at all (outside of botched, incompetent attempts ot remove it, which dovetails nicely with punishing stupidity). And before anyone jumps up and attacks me, I'm a retail computer tech. I put scores of hours into fixing Sasser systems, all told, so yes, it made me work my ass off. But it made morons shell out money, and it was a wholly nondestructive boot-to-the-head(tm) for people running out-of-date antivirus software on out-of-date operating systems. A few even managed to redeem themselves by learning from the experience.

[Chmee]

Sasser was awesome...Sasser and Blaster. It was the perfect 'punishment for being a fucking idiot' virus...you had to pay someone to fix it for you, hence you suffer for your own stupidity, but it did, for the most part, no damage at all (outside of botched, incompetent attempts ot remove it, which dovetails nicely with punishing stupidity). And before anyone jumps up and attacks me, I'm a retail computer tech. I put scores of hours into fixing Sasser systems, all told, so yes, it made me work my ass off. But it made morons shell out money, and it was a wholly nondestructive boot-to-the-head(tm) for people running out-of-date antivirus software on out-of-date operating systems. A few even managed to redeem themselves by learning from the experience.

There's no such thing as an out-of-date OS ... there are new OS's with new features, but if you bought a Win98 system and it does everything you need your computer to do, why should you just placidly follow Uncle Bill's mandate to buy something new from him that does things you don't need? You should be patching the hell out of that old OS, but replacing it just for the sake of having the latest & greatest whether you need it or not is simply surrendering to the Microsoft marketing bandwagon like an obedient little cube-drone.

[gizmojumpjet]

And before anyone jumps up and attacks me, I'm a retail computer tech. I put scores of hours into fixing Sasser systems, all told, so yes, it made me work my ass off. But it made morons shell out money, and it was a wholly nondestructive boot-to-the-head(tm) for people running out-of-date antivirus software on out-of-date operating systems. A few even managed to redeem themselves by learning from the experience.

That's bullshit. This worm affected Hospitals, Coast Guards, Airlines. People affected by those shutowns were being punished for their own stupidity?

If someone comes along and steals my car, you can A)tell me I'm a fool because I didn't have a car alarm, or you can B)blame the fucking assfucker who actually committed the crime of stealing it. If you chose option B, you chose wisely.

This hacker should be treated just as if he'd stolen millions of dollars from the millions of people his malicious code affected.. I think 30-10 years would be good, up for parole in 15-20. Lifelong ban from using a computer, irrevocable, and that on pain of death. I think that's about fair. I know he's 19 and I don't care. He knew better. If he says he didn't he's a liar.

[White Haven]

Yes, he's to blame. But so are the asshats who, through their own willful ignorance, allowed their systems to be hashed. If any virus is going to spread out and hit a lot of people, I'm QUITE glad to see it as a nondestructive one. Sasser was a love-tap, a nice little wake-up call that most users needed dearly.

[Chmee]

Yes, he's to blame. But so are the asshats who, through their own willful ignorance, allowed their systems to be hashed. If any virus is going to spread out and hit a lot of people, I'm QUITE glad to see it as a nondestructive one. Sasser was a love-tap, a nice little wake-up call that most users needed dearly.

Exactly how I'd describe this punk's shower-room encounters with hardened felons (pardon the pun) during his incarceration.

[gizmojumpjet]

Yes, he's to blame. But so are the asshats who, through their own willful ignorance, allowed their systems to be hashed. If any virus is going to spread out and hit a lot of people, I'm QUITE glad to see it as a nondestructive one. Sasser was a love-tap, a nice little wake-up call that most users needed dearly.

NO, dipshit, it's not acceptable to blame the victim. Many people who were affected by this worm had nothing to do with the administration of the systems compromised by the malignant code. You can be as glad as you like to regard Sasser et al as nondestuctive, but you'll also be wrong, as well as either stupid or ignorant.

[Xon]

That's bullshit. This worm affected Hospitals, Coast Guards, Airlines. People affected by those shutowns were being punished for their own stupidity?

It takes criminal stupidity for places like that to be infected by Sasser.

Now days people are legally liable for maintaining their computer system security to a reasonable level in Australia.

[Einhander Sn0m4n]

And we all know the disruptive effects of massive amounts of any one particular worm's noise the worm's active scanning and uploading can generate. It's simple waste of bandwidth that cannot be recouped. GJJ has a point, even without touching upon the bandwidth issue faced by everyone on the network not directly affected by the sasser worm.

[Dahak]

He can expect prison up to 5 years and/or additional fines.
More dramatic could be the civil proceedings.
The verdict is expected for today, so we'll know...

[Praxis]

That's bullshit. This worm affected Hospitals, Coast Guards, Airlines. People affected by those shutowns were being punished for their own stupidity?

It takes criminal stupidity for places like that to be infected by Sasser.

Now days people are legally liable for maintaining their computer system security to a reasonable level in Australia.

I suppose the WiFi arrest wouldn't go through in Australia.

If you haven't heard, a guy was arrested because he connected to a COMPLETELY unprotected, open wireless network, and used the internet connection. The owner of the WiFi network proclaimed it was like stealing and had him arrested.

[Dahak]

The verdict is now in.
The boy gets 21 months detention on probation.

[gizmojumpjet]

That's bullshit. This worm affected Hospitals, Coast Guards, Airlines. People affected by those shutowns were being punished for their own stupidity?

It takes criminal stupidity for places like that to be infected by Sasser.

Now days people are legally liable for maintaining their computer system security to a reasonable level in Australia.

You may not have noticed that I emphasized public services that were affected by the worm; this worm could have, and might have, endangered or cost people's lives.

You can posture all you want about the legal requirements regarding X users in Y countries, but if you can't understand that writing malicious code that damages the systems of HOSPITALS and AIRLINES is fundamentally WRONG, well, I can't justify spending the time conversing with a lower primate.

Regarding the WiFi arrest, I'm not entirely sure I agree with it, since I haven't seen any demonstrable damages incurred by the Host.

[Boyish-Tigerlilly]

I think it's really irrelevant whether or not the people who get the problem are stupid. Yes, they should have been more careful, but that's beyond the point. It's wrong to take advantage of or directly/indirectly harm anyone for malicious purpouses, regardless of the stupidity of the person. It's not even a factor, ethically.

It's just a needless waste of time to devise things like that.

It was the perfect 'punishment for being a fucking idiot' virus...you had to pay someone to fix it for you, hence you suffer for your own stupidity, but it did, for the most part, no damage at all (outside of botched, incompetent attempts ot remove it, which dovetails nicely with punishing stupidity). And before anyone jumps up and attacks me, I'm a retail computer tech.

Oh I believe you are. It would certainly explain away the "Technician Superiority Complex" you have. It seems oh so prevelant among the retail technicians.