A German teenager responsible for the Sasser computer worm pandemic went on trial Tuesday. He faces charges of computer sabotage, data manipulation and disruption of public systems.
Not your regular, slimy kind of worm: the Sasser traveled fast
The spokeswoman for the tribunal hearing Sven Jaschan's trial said the 19-year-old admitted during the first day of the closed-door hearing to having unleashed the destructive program in the spring of 2004.
The Sasser worm didn’t require users to receive an email or open a file to be infected -- just having a vulnerable Windows machine connected to the Internet was enough.
The IT departments of many organizations were caught unawares, and the worm spread further. At the European Commission in Brussels, 1,200 computers shut down. In the United States, Delta Airlines was forced to cancel several flights.
In the German city of Hanover, staff at the Postbank took a step back in time and recorded transactions on paper. And in Seattle, Microsoft promised a reward of $250,000 (210,000 euros) for information leading to the responsible hacker.
They left their doors wide open
Windows open to the word (and viruses, too)
By exploiting a known hole in the local security component of Windows operating system, the worm spread quickly, infecting hundreds of thousands of computers in just a few days, overloading processors and forcing systems into an unstoppable pattern of shutting down, then rebooting. It apparently did no lasting harm.
Microsoft had issued a security bulletin and a patch to correct the problem two weeks earlier, but only the companies and individuals who installed the update were protected.
The house in which Sasser was born:
It's estimated that the economic cost of the Sasser worm attack ran into millions of dollars, and it was all caused by Jaschan, a then 18-year-old school student working from his basement in the small North German village of Waffensen.
Attracted by the reward, two of the hacker’s schoolmates tipped off Microsoft, who then informed the police.
A job instead of jail
Seven days after the worm was released, police arrested the hacker and seized his computer as evidence. After confessing, the youth was released, and within five months was employed as an IT trainee at Securepoint, a German software security company. But now it’s time for the young man to face the music -- more or less.
German public prosecutors have put the youth on trial for damages of 130,000 euros ($155,000), an amount some argue doesn’t reflect the scale of the crime at all.
But it’s all prosecutors can do. Any party wanting to sue for damages needs to file a civil lawsuit against the alleged perpetrator.
Computers often host uninvited guests
Though 143 claims have been made -- not surprisingly -- very few large, publicly-listed companies are willing to admit their systems were defeated by a lone teenager using publicly available information.
He's just a kid
If the hacker had been an adult, the court could sentence him to a fine or up to five years imprisonment. But as a juvenile, he’s likely to receive a much more lenient sentence.
Jaschan was known as a mild-mannered and friendly teenager, a spokeswoman for the court in the northern city of Verden said.
"The court must hand down a sentence that can have an educational effect on the young man."
Defense lawyer Jens Möwe says his client has learned his lesson and won’t re-offend. He expects the trial to be over within three days.