Teenager Charged in Blaster Attacks

A Minnesota teenager was arrested Friday and accused of distributing one of the computer infections that slowed global Internet traffic and shut down some corporate networks this summer.

Federal law enforcement officials said 18-year-old Jeffrey Lee Parson of Hopkins, Minn., was charged with one count of intentionally causing or attempting to cause damage to a computer. They said he created a variant of the Blaster computer worm that infected thousands of computers by exploiting flaws in Microsoft Corp.’s popular Windows operating system.

“With this arrest, we hope to send a message to cyber-hackers here and around the globe,” said John McKay, U.S. attorney for the Western District of Washington state. Working with Microsoft, federal prosecutors and investigators in Seattle have led the hunt for authors of malicious computer code.

McKay called Parson a “key and significant player in the Blaster worm problem.” Although the high school senior isn’t accused of creating the Blaster worm, federal officials say he created a version called “B Variant,” which affected at least 7,000 computers.

The original Blaster worm, based on code written by Chinese programmers, has affected possibly millions of computers.

Neither Parson nor his parents, Robert and Rita, could be reached for comment Friday.

A neighbor described the 6-foot-4, 320-pound Parson as a loner who spent most of his time listening to music.

“He’s really smart, and I’m not surprised he was into computers,” said neighbor Curtis Mackey, a St. Paul real estate agent.

“He had headphones on all of the time,” wore baggy clothes and sported a Mohawk-inspired haircut. “He had one friend, another kid he would hang out with at the park. But that was pretty much it.”

Parson was placed under house arrest and will be electronically monitored until he appears at a Sept. 17 hearing in U.S. District Court in Seattle. He could face up to 10 years in prison and a $250,000 fine if convicted.

Investigators became aware of several variants of the Blaster worm Aug. 14, including one variant referred to in the Internet security community as “Lovesan B,” or the B Variant.

Both worms and viruses are invasive computer programs that usually spread through e-mail. Worms, however, are designed to infect entire networks instead of just individual computers. Once it infects a computer, a worm can leave holes that hackers can later exploit.

Blaster, for instance, was designed to harness vulnerable PCs and use them to send enormous amounts of data to Microsoft’s corporate computers in a bid to overwhelm the company’s technical service Web site.

The architecture of the Internet makes tracking the authors of worms and viruses difficult. A hacker “may build the worm in his apartment and ship it ... to Korea” in hidden form, said Tom Ohlsson, vice president of marketing for Xaffire Inc., a Superior, Colo., firm that tracks the performance of the Internet.

McKay did not disclose what led the FBI to Parson. But computer security experts and Parson’s neighbor Mackey said Parson’s close friend alerted the FBI after he allegedly saw Parson sending out the worm on a publicly accessible computer.

On Aug. 19, investigators seized seven computers from the two-story apartment Parson shares with his family in Hopkins, a community of 17,000 about 15 miles west of Minneapolis-St. Paul.

Parson’s computer skills apparently developed as a hobby, even though his high school boasts an extensive curriculum of advanced computer courses, including classes devoted to networking and repairing computers, according to the school’s Web site.

Parson apparently prowled the Internet for information on how to build viruses, worms and other nefarious computer exploits. Over the last year or so, Parson’s online handle, teekid, appeared in various chat rooms and bulletin boards frequented by hackers and computer hobbyists.

In one May 2002 posting on www.webmasterworld.com, teekid sought help on how to insert his own content into someone else’s Web page. A year later, Parson boasted on his own Web site about creating destructive computer code.

“My little p2p worm spreads via kazaa and imesh, downloads a file from web; no biggie,” Parson said on his site before it was taken offline this week.

The summer’s computer attacks underscore the growing vulnerability of PCs as they become more tightly linked through the Internet. And they also highlight the apparent eagerness of some computer users to try to disrupt computer networks, even without the hope of financial gain or widespread recognition.

“The damage done to Microsoft in this instance is a small tip of the huge iceberg of damage all over the world,” Microsoft general counsel Brad Smith said Friday.

McKay would not say whether other arrests were imminent, saying only that “the investigation is ongoing.”

The arrest of Parson is unlikely to provide authorities with direct clues to the main culprit unless they knew each other, experts say.

Several years ago, Russian crime organizations popularized a scheme in which they used the threat of worms and other computer exploits to pressure companies to hire them as security experts or pay huge sums to avoid being targeted by an electronic attack.

As the federal government began cracking down on computer crime, the tactic became less popular and the creation of worms and other exploits has become almost entirely the province of computer hackers and hobbyists, experts say.

They look at it as “an arms war in which people are adding new features all the time” to take down computers, said Alan Paller, a computer security expert at the SANS Institute, a Bethesda, Md.,-based research and training organization.

*

Times staff writer Tomas Alex Tizon in Seattle contributed to this report.