Headline Archives


Catching a Cyber Saboteur


Sasser author arrives at court in July

Sasser author arrives at court in July. AP Photo

In the spring of 2004, millions of Internet-connected computers around the world suddenly began to sputter and spontaneously reboot. Entire systems had to be shut down-disrupting vital services in Hong Kong hospitals, the British Coast Guard, Taiwan post offices, Australian train stations, banks, and many other businesses and government departments worldwide.

The culprit? “Sasser”: a set of malicious codes—more than just a worm or virus—that took advantage of a security vulnerability in computer operating systems. Unlike many previous cyber attacks, this one didn't spread through e-mail attachments. Computers could become infected simply by being turned on.

Who sent it? Our agents in Seattle quickly began trying to find out, working with officials at Microsoft to analyze the code and trace it back to its author.

Then, a break in the case. Sasser's creator—a German college student—began bragging about his exploits to his friends. Two of them turned him in, hoping to collect Microsoft's $250,000 reward. German national police located the student and arrested him sitting at his computer in his family's home in Waffensen, Germany.

One problem, though. The student had erased vital evidence on his computer. How to link him to the crime?

That's when the power of partnerships came into play. The cyber saboteur admitted sending the malicious code to an acquaintance through a U.S.-based instant messaging service. German authorities called us...and we contacted the messaging service, enabling us to trace the transmission to a specific IP address. Then, German investigators used the information to make the direct link to the student.

Case closed. In July, the German student was convicted of data manipulation, computer sabotage, and interfering with public corporations. He also admitted creating and distributing the malicious code called "Netsky."

But more to come.... Law enforcement worldwide is pursuing hackers and other cyber crooks...and we're currently investigating “SoBig,” “Bagel,” “MyDoom,” and other major online attacks. If you have any information on them, please don't hesitate to call us or submit a tip on this website.

And please, protect yourself from future attacks by using a computer firewall, keeping your anti-virus software up to date, and making sure you have the latest security patches for your operating system.

Resources: FBI Cyber Program | More Cases