, Washington Post 2003-09-02
Government investigators yesterday arrested a Minnesota teenager on charges of unleashing a version of the "Blaster" worm that snarled Internet traffic and shut down computer systems from Maryland to Sweden earlier this month.FBI agents arrested Jeffrey Lee Parson, an 18-year-old high school senior, early yesterday at the home he shares with his parents in Hopkins, Minn. The U.S. attorney's office in Seattle, which is leading the case, charged Parson with intentionally damaging thousands of computers owned by Redmond, Wash.-based Microsoft Corp., other businesses and individuals.
The 6-foot-4, 320-pound Parson -- described by a neighbor as an academically advanced teen who often sported a Mohawk -- appeared before a U.S. magistrate judge in St. Paul but did not enter a plea. He was released without posting bail and returned home. Parson's lawyer, Lyonel Norris, an assistant federal defender for the district of Minnesota, declined to discuss the case.
Parson did little to cover his tracks, according to the criminal complaint. He appears to have boasted of unleashing viruses. According to a version of his Web site, recorded by the Internet search engine Google, Parson claimed to have created a worm called "p2p.teekid.c" that was spread by people using popular services such as Kazaa and iMesh, which are used by millions of people to share songs, video and movie files. Parson used the pseudonym "Teekid" online, according to prosecutors. The site contained no references to Blaster, however.
Prosecutors alleged that Parson modified the existing Blaster virus, which began circulating on the Internet on Aug. 11, and unleashed his own, more insidious version known as Blaster.B, among other names. Computer security experts suggested yesterday that Parson probably downloaded the original worm and simply added a bit more code.
The magistrate judge yesterday ordered that Parson be subject to house arrest and denied access to the Internet. He faces up to 10 years in prison and a $250,000 fine if convicted.
"With this arrest we want to deliver a message to cyber criminals here and around the world that the Department of Justice takes these crimes seriously," U.S. Attorney John McKay said at a news conference in Seattle. Homeland Security Secretary Tom Ridge issued a statement praising the arrest.
McKay said his office is still trying to find the author of the original Blaster.
According to a criminal complaint, the trail to Parson picked up quickly after federal investigators found a Web address -- www.t33kid.com -- embedded in the Blaster.B worm's program.
Federal agents subpoenaed California Regional Internet Inc., the owner of the Internet protocol address corresponding to the Web site, to determine who had registered the site. They found Brian Davis of Watauga, Tex.
Davis told authorities that he controlled the computer hosting www.t33kid.com, but the Web site had been set up and was operated by a user named "teekid." Davis corresponded electronically with "teekid" and provided information to federal authorities that led them to another Web site maintained by the same user, hosted on a home computer. Using public databases, authorities tracked the computer to the Parson home.
Authorities with a warrant searched the Parson home on Aug. 19, seizing seven computers that are undergoing forensic analysis. According to the complaint, Parson admitted to federal agents during the search of his house that he modified the Blaster worm.
"He's your average high school kid who likes to play with computers, a good kid. I've never known him to get in any trouble at all," said a neighbor, Curtis Mackey. "He's definitely not trying to hurt anybody."
The original Blaster exploited a flaw in a part of Microsoft's Windows operating system, which runs more than 90 percent of the world's personal computers, that allows data files to be shared across computer networks. The fast-moving virus crippled computers around the globe, forcing the Maryland Motor Vehicle Administration to shut down on Aug. 12. Prosecutors allege that Parson's version infected at least 7,000 computers, which were instructed to attack Microsoft's Web site.