Beware the bounty hunter in gym class

Stupid hacker trick No. 2: Teenage anti-spam vigilante gets collared after high school "friend" rats him out

Perp: Sven Jaschan

Status: Free on parole, currently employed by a security vendor

Dossier: Mild-mannered Sven Jaschan never struck anyone as the master-criminal type, but by the age of 17, the German worm-writing wunderkind had already established himself with Netsky, a piece of malware that spreads from computer to computer and removes two types of spam-sending botnet malware, Bagle and Mydoom. Not content with the pace of his anti-spam vigilantism, Jaschan fashioned an even faster way to destroy his targets in 2004 in the form of Sasser.

The first versions of the Sasser worm were discovered in the wild just days after a Russian hacker released source code to exploit a newly discovered vulnerability in the Windows LSASS (Local Security Authority Subsystem Service) library, which manages local security on Windows 2000 and XP systems. Within days, Sasser unleashed all kinds of unintended chaos, initiating unstoppable 60-second countdowns to reboot on infected PCs. Thousands of computers, regardless of whether they were infected with Bagle or Mydoom, began rebooting repeatedly, the by-design behavior of Windows when the LSASS process is terminated. Whole networks of governments, banks, and hospitals were taken offline for hours, or in some cases, days.

Jaschan, who embedded messages to anti-virus researchers in Sasser, tied the worm to Netsky. Anti-virus companies confirmed that the two worms were related but still had no idea who the author was. That all changed a week later when one of Jaschan's high school friends contacted Microsoft's German office and offered to identify the creator of Sasser in return for the $250,000 publicized bounty. Jaschan was arrested, brought to trial, and convicted on a computer crime charge in Germany. The judge was lenient, however, handing down a suspended sentence. Free to saddle up to his computer again, Jaschan was even offered a job by German computer security vendor Securepoint.

(In a slightly ironic twist, the LSASS vulnerability Jaschan tapped to help distribute Sasser is the same exploit used by the version of the RBot Trojan Ancheta used to send spam and load adware onto PCs. Oh, the double-edged sword.)

Upshot: Noble intentions aside, Jaschan's ill-conceived execution of Sasser wreaked havoc for months, as the worm periodically resurfaced to infect and reinfect machines. Lucky for him he wrote his worms before he turned 18 and could only be tried as a juvenile. Speaking of juvenile, how about bragging about your criminal exploits to would-be friends at school? Lesson learned: Be careful whom you count among your clique of confidants, and don't use your high school network as the platform to launch your attacks on the Net.

[ Stupid hacker index | Christopher William Smith: The upper limit of enhancement ]