ad info

Editions | myCNN | Video | Audio | Headline News Brief | Feedback  





Bush signs order opening 'faith-based' charity office for business

Rescues continue 4 days after devastating India earthquake

DaimlerChrysler employees join rapidly swelling ranks of laid-off U.S. workers

Disney's is a goner


4:30pm ET, 4/16









CNN Websites
Networks image

Burden of Proof

Computer Virus Investigation: Protecting Against the 'Love Bug'

Aired May 9, 2000 - 12:30 p.m. ET



MICHAEL VATIS, FBI NATIONAL INFRASTRUCTURE PROTECTION CENTER: It's very easy for cybercriminals to spoof their identity, to make themselves appear to be coming from one place, when they are in fact coming from someplace else.

MARTHA STANSELL-GRAMM, CHIEF OF COMPUTER CRIMES, JUSTICE DEPARTMENT: Laws against general kinds of damage or forgery or theft sometimes have been used by states to cooperate with us on these kinds of investigations.

GEORGE CLARK, CYBER LAW EXPERT: One of the things that people are trying to do is to get all countries which are using the Internet, virtually everybody now, to have a law against this type of offense so that you can have extradition, if necessary, if there is serious harm in one country.


GRETA VAN SUSTEREN, CO-HOST: It started as a cyber love note, but quickly morphed into a desktop black widow. Today on BURDEN OF PROOF: Protection against the "love bug" e-mail virus and how to prosecute computer crime across international borders.

ANNOUNCER: This is BURDEN OF PROOF with Roger Cossack and Greta Van Susteren.

VAN SUSTEREN: Hello and welcome to BURDEN OF PROOF.

U.S. and Philippine investigators continue to work together to crack the "ILOVEYOU" computer virus case. Earlier today, authorities released a Manila bank employee after questioning him.

ROGER COSSACK, CO-HOST: Reomel Ramones was invited to be questioned, and he has not been charged with anything. Investigators are still searching for his girlfriend, though. She is also wanted for questioning.


REOMEL RAMONES, QUESTIONED ABOUT VIRUS (through translator): Last night, I accepted the NBI invitation to shed my light on the "ILOVEYOU" virus in order to clear my name. I am happy that I now have the opportunity to prove my innocence without being detained.

I view my temporary release a victory of sorts, and I am confident that a thorough investigation will result in my full vindication. I thank the Department of Justice for their decision to allow the NBI to continue with their investigation into this matter, and in order not to impede or interfere with that investigation, I have no further comment.


VAN SUSTEREN: Joining us today from Dallas, Texas, is computer security expert Bill Hancock. And here in Washington, Carrie Poniewaz (ph), international law professor Jim Feinerman, and Internet law professor Nicholas Allard.

COSSACK: And in the back, Jessica Peck (ph), Kimberly Gonsalves (ph) and Dan Itel (ph). Also joining us here in Washington is CNN justice correspondent Pierre Thomas.

Pierre, what is the FBI and the Justice Department doing about this latest bug?

PIERRE THOMAS, CNN JUSTICE CORRESPONDENT: Well, Roger, as you stated, the investigation has centered on this apartment in Manila, the man that they interviewed yesterday they view as a potential suspect. But again, when they searched his apartment yesterday, they did not find a computer, they found records and other disks, but they did not find a computer. So this investigation, while the Justice Department feels it is at a very promising point, it is still not near being conclusive.

VAN SUSTEREN: Pierre, you know, you talk about they are doing this, they are doing that, but we are talking about an investigation that is physically located in the Philippines. But is the United States Justice Department, in some way, helping the investigation? Are they actually in Manila? or are they staying on American soil?

THOMAS: Absolutely. They have FBI agents who are in the Philippines working hand in hand with the Filipino authorities. Obviously, the Filipino authorities have the lead in their own country, but the FBI is consulting, is providing the information. And this is really an investigation that shows how with cybercrime there really are no boundaries, and that you have to have cooperation from jurisdiction to jurisdiction.

COSSACK: Pierre, I have learned that one of the problems that they had in this case was that they could hot find a judge in the Philippines to sign a search warrant over the weekend because of perhaps the technical nature of the search warrant. Therefore, the whole weekend, this suspect's home was not searched. And guess what? When they did go in there to search it, they couldn't find the computer. Is that true, that they had to wait to get a search warrant?

THOMAS: I think the details are still unclear about that, but it is clear that they -- they were monitoring this particular apartment, I'm told by sources, as early as 12 hours after the virus attack first began. So there is somewhat of a gap between when they first started monitoring the apartment and when they actually went in and did the search warrant. So that is an issue that may become important over time.

VAN SUSTEREN: Let's go to Dallas to Bill Hancock.

Bill, you are an expert in computer security. Why does it seem that, with all of these experts that work in our computers, and doing our programming, that we are having this problem?

BILL HANCOCK, EXODUS COMMUNICATIONS: The problem really stems from the fact that a lot of software that's been developed and being used for e-mail and used around networks around the world was never really developed with a security emphasis as part of the software being written. So the result is things like visual basic scripts that are being used in the "love bug," and other types of attacks, there is really nothing in the computers themselves as part of the architecture to defend against this kind of security breach.

VAN SUSTEREN: Bill, is it -- do they do this just sort of for fun or is there any way they make money on doing this -- these viruses, is there any value to the person doing it?

HANCOCK: Well, there's always the competitive intelligence issue, and sometimes you will get into industrial espionage issues, and that is a very, very small percent of what really goes on. The reality is is that most of these are with situations with antisocial behavior, and these are kids trying to make a message or they maybe somebody in particular trying defame a company or go back and prove they are very good at what they do.

A lot of these attacks are pedestrian in nature, they really don't involve sophisticated type of security concepts like stenography. So the result is is that a lot of these are actually carried out in the name of social justice, and they try to justify these over and over again as being a way to expose security violations and holes.

COSSACK: Bill, take, you know, extend it out a little bit. Why should I care about this? I mean, what I see is the "love bug" come in, if I would have opened it up, I can tell you that my computer obviously would have gone down, but there's more to that. I mean, suppose I don't have a computer, suppose I'm just some person, is this going to stop me from getting a Social Security check or some interchange I'm having with the government. Why is this really serious?

HANCOCK: Well, this particular attack being through e-mail is serious in the fact that it does disrupts business operations, it does shows things down. People that might issue you your Social Security check or maybe are doing something for you might be tied up with dealing with the virus itself. More importantly, other types of attacks, like we saw in February, which can actually disrupt the network, shut things down, and keep things from being processed correctly. Those types of attacks are more insidious than this particular one. But all of them put together cost businesses money and they take time.

VAN SUSTEREN: Pierre, do we have any idea of the damage that has been created by this latest virus? Are there money estimates?

THOMAS: There are many estimates out there, some putting it in the billions. But one thing I wanted to follow up on, by what the guest just said, is that one thing that law enforcement are very concerned about is the potential that countries, nations would be developing capability to launch these attacks on a wide-scale basis. And in fact, we interviewed someone from the White House just a few months ago who talked that there were a number of countries developing the capability to do these kinds of attacks, and what these limited attacks showed by individuals is that they can cause a lot of disruption.

COSSACK: Bill, apparently the authorities in the Philippines do not have the hard drive from the computer, don't have the computer at all. Is that going to make getting a case against this individual impossible?

HANCOCK: I don't know about impossible, but it is going to make it extremely hard. You have to remember that with computer crime, what you have to be able to produce is evidence. Evidence is what is on the hard drive. Anything else is a copy or a working copy of the evidence, and not evidence itself. So without the computer, and without the hard drive, it is going to be very, very difficult to go back and find out exactly where this came from. Plus, the computer will also have some limited record-keeping capability. There will also be some information on the computer itself that can help us backtrack where it came from. And some of the rumors we are hearing are showing that it may not be this individual involved at all.

VAN SUSTEREN: Bill, can you teach me how to create a virus? Is it that simple? or is this something that is far more complicated than you...

COSSACK: And Bill, I want to jump in here, and say: When she's asking about teaching Greta, we are really talking about teaching someone that may have a difficult time with this.

VAN SUSTEREN: At least I know where the power button is on my computer.

COSSACK: All right, so she's one step ahead of me.

HANCOCK: It is actually not that difficult at all. In this case, what we are looking at is something called a worm. A virus does not replicate, but a worm does, and what it does is it attaches a program with it. The program is somewhat destructive, and what a lot of people don't realize is that if you do activate the program there is other things that get parked on your disk and will hurt you later. There is one running around right now that will hit Mother's Day, and will probably go out and start destroying files on Mother's Day itself.

VAN SUSTEREN: So how long would it take to teach me to do these worms.

HANCOCK: Not very long at all because, in this case, if someone writes an original, we see a lot of copycats right after that. And even to the point that on the Internet there is something called the virus developer's tool kit, it costs $129, and it is actually quite good, and through just simple menu, you can point and click, and create your own virus.

VAN SUSTEREN: And probably go to jail on top of it.

COSSACK: All right, Pierre Thomas, thank you for joining us today.

When we come back, as the Internet blurs the lines of international commerce, where can hackers be charged for cybercrime? Stay with us.


An appeals court ruled that a retired L.A. public defender, who spent less than two hours preparing for the penalty phase of a trial, did such a bad job that the death sentence against his client should be overturned.



VAN SUSTEREN: Good news for our Internet-savvy viewers: you can now watch BURDEN OF PROOF live on the World Wide Web. Just log-on to We now provide a live video feed, Monday through Friday, at 12:30 p.m. Eastern time. If you miss that live show, the program is available on the site at any time via video-on-demand. You can also interact with our show and even join our chatroom.


JESUS DESINI, ATTY. FOR REOMEL RAMONES: The legal issues involve that the Department of Justice continue with the investigation of the case in order to give the NBI full freedom to pursue other leads, as well as for the DoJ to study the northern legal issues, and pending such continuing investigation that the suspect be released on his own recognizance.


COSSACK: Early today, Manila authorities released a bank employee after questioning. If someone is charged in the case of the "love bug" virus, where could that case be prosecuted?

Well, Jim, they announced they have a suspect in the Philippines, but obviously it affected people in the United States all over the world. Who gets jurisdiction? What court ends up with what? Who decides whether or not this person is guilty?

JIM FEINERMAN, INTERNATIONAL LAW PROFESSOR: Well, there are two questions, one theoretical and the other practical call. The theoretical question is anywhere that the effects were felt of this crime, there's the potential to prosecute this person, assuming that the Philippines delivers him up through extradition or some other means. As a practical matter, it seems likely that since the investigation is already underway in the Philippines, and the authorities there ate on top of it, they are cooperating with the U.S. government authorities, for example.

COSSACK: But there's no crime of actually this kind of crime there's the crime of fraud that would carry some penalty in the Philippines, but certainly not that kind of, I think, emphasis that there would be in this country.

NICHOLAS W. ALLARD, INTERNET LAW PROFESSOR: Roger, I take slight issue with that, excuse me. It is -- There is a device access act which would be applicable under Philippine law.

VAN SUSTEREN: That's their law?

ALLARD: That's their law. Now, they have not passed, like the U.S. and many other countries have, they have not passed a specific comprehensive computer crime law, we have an anti-hacker law that was passed long ago, and it was used 12 years ago to prosecute Morris in the first federal hacking prosecution. But they do have laws. And also, the existing criminal laws are applicable, if I pick up a computer and hit you over the head with it, I am still going to be committing assault and battery. So we shouldn't get too gun shy just because computers are involved.

VAN SUSTEREN: That raises an interesting issue. If I go into a liquor store and rob five people, I get five counts of armed robbery. If somebody gets arrested for this, and has virtually affected hundreds and thousands of computers, do you get -- can you theoretically get all those counts? every computer you hacked into?

ALLARD: That is a very good point. I think that people that are goofing off, I think they are just goofing off and not engaged in very serious antisocial and criminal conduct, should realize the magnitude of what they are doing. The potential number of offenses is almost exponential.

COSSACK: Jim, is this -- what we have seen here i think is highly unusual in the sense that this is supposed one act that violates laws all around the world. Does this call for some kind of super law that would cross boundaries, because it has such an effect around the world?

FEINERMAN: Well, this isn't the only thing, or the first thing that's had this potential for effect all around the world. And I think that there are laws in place that on a national basis can deal with it. There may be some calls in reaction to this particular event for some sort of supernational legislation, but those things are resisted by many countries, including our own, which don't like to get subjected to laws that are passed by foreign countries or by sort of super national bodies that don't come under the control of our courts and our Congress. VAN SUSTEREN: Nick, I don't want to pretend like I knew this beforehand, but you told me this was not the first "love bug" virus, what's the history on this crime?

ALLARD: That is right. As far as I can determine, the first "love bug" was about 1850s. It was very common for Victorian gentlemen, as a hobby, to engage in hacking and code break. And the co-inventor of the telegraph actually hacked into a love message between one of the students and a young woman in London, and intercepted, and then sent his own message advising her not to run away with the young fellow. So this is just an example of these problem of hackers and the integrity of communications infrastructures is nothing new.

COSSACK: Except the dynamics are incredibly more intense. I mean, as we point out, the theory, we are concerned I suppose of someone being able to take down defense computers, that's like aggression or an act of war.

ALLARD: Well, thank goodness they haven't. And you know, when one fisherman hauled up the trans-Atlantic cable and that it was a sea monster and cut it, and cut off communications electronically between the U.S. and Europe, you know, that was a pretty serious interruption too. So again, you are right in terms of the magnitude. But what we really need is cooperation between companies, the public, better understanding, and the government. And it is not necessarily the case that we can actually solve these problems even if we are able internationally to enact new laws.

VAN SUSTEREN: Jim, as a practical matter, we have an extradition treaty with the country of the Philippines. Is it likely that the Philippines will allow us to -- I mean, that they would in any way help us bring this person back to the United States and prosecute, assuming that the person is in the Philippines.

FEINERMAN: Well, that turns on two things, one is whether or not they decide, just as a matter of choice, that they want to prosecute this crime in the Philippines, and we feel they are doing a good job, so we won't press them on extradition; but also, as an international legal principle, it is necessary for a person to be extraditable, that the defense be sort of dually criminal, that is criminal both in the country where it was committed and in the United States. And some people have raised this problem of the mismatch of the law, the fact that we have very extensive laws about what is now being described as cybercrime, whereas the lack of something that is specifically addressed to that in the Philippines might be a bar. I don't think it is. And I think that in the general criminal laws of the Philippines, there is probably enough so that this person would be, if the Philippines agreed, extraditable to the United States.

ALLARD: I agree with Jim.

VAN SUSTEREN: Can you hold that thought for one second, Nick, so we can take a break? Do our laws need to be updated for life in the 21st century? We'll ask our panel when we come back.


Q: On what grounds does the conservative Southeastern Legal Foundation say that President Clinton should lose his law license?

A: They say disbarment proceedings are justified because the president "failed to live up to the standards demanded of a lawyer/president." The Arkansas Supreme Court Committee of Professional Conduct is expected to decide on the matter this month.



VAN SUSTEREN: Agents with the FBI are working with authorities in Manila to identify the source of the "Love Bug" virus.

Nick, you wanted to say something before we went to break.

ALLARD: Well, I just was agreeing with Jim about the extraditability of this individual. You know, if a crime is committed outside the United States, it affects people of the U.S., the U.S. government has the ability to seek extradition. In this particular case, the U.S.-Philippine extradition treaty -- the conditions for extradition are that the individual is under arrest in the Philippines, that he's subject to criminal offense, that with a year or more serving time, and then is indicted in the United States.

And so it's very conceivable, once the facts develop, for this individual or individuals to be subject to extradition by the United States from the Philippines.

COSSACK: Bill, it seems to me that what we have here is this young man in the Philippines...


COSSACK: ... or woman -- and I agree that no one has been charge yet. But I would suggest that they probably didn't have the most sophisticated equipment at their -- at hand, and yet they were able to accomplish all of this. That leads to the question of, can you really protect yourself from these kind of people?

HANCOCK: Oh, I think you can protect yourself against almost anything. The question is, how much time and money do you want to devote to the protection requirement? A lot of people these days have DSL connections at home, cable modems at home, they got a high-speed connection, and yet they don't do anything to protect themselves from probing attack, from bad e-mail, from viruses and what have you. So one of the problems that we have is that the vendors, the manufacturers of software, the manufacturers of equipment have to step up to the plate and start implementing better security in the software products that we use as consumers.

COSSACK: And what would that be?

HANCOCK: Well, a good example is, right now, if you have a DSL connection at home, you have an ISDN connection at home, what have you, you need to start thinking about putting in a fire wall. If you're using e-mail, then you need to start thinking about putting in a good virus killer that will go back and extract these types of things.

VAN SUSTEREN: Jim, you know -- I'm sorry.

COSSACK: All right, let me just as you one question. You said a fire wall: What -- for those of us...

VAN SUSTEREN: For the benefit of Roger, what is a fire wall?

COSSACK: Yes, for us uninitiated, what is a fire wall?

HANCOCK: Well, a fire wall is a software program that you put between yourself and an untrusted network. It has the ability to filter out different types of applications going back and forth. Some of the more sophisticated fire walls can even filter out different types of e-mail viruses or possibly look for strings in e-mails like "ILOVEYOU" or something like that. You can actually get fire walls for free around the Internet that consumers can download and put on their computers or put on their desktop computers in their office.

VAN SUSTEREN: I look forward to Roger doing that.

COSSACK: And would that have worked in this case? Yes, that would be -- would that have worked in this case, Bill?

HANCOCK: It would not have really helped a lot because this is an e-mail situation and it is a worm. What you have to do in this type of situation is, where the person operates the e-mail security server, they would go back and put in filters or put in different types of technology to go back and pull these off before the e-mail is actually delivered to the client's system, which would be at your home or at your desktop.

VAN SUSTEREN: You know, Jim, I think of the, quote, "lucky defense attorney" in this case if someone is prosecuted in this country, because the first person to get prosecuted is going to have a very, very aggressive prosecution to make an example out of him or her. Do you agree?

FEINERMAN: I think that's likely. And I think there's also a danger that, in terms of the extradition and other questions about the relations between the U.S. and the Philippines about this case, that there is some danger that the Philippines may have to stand up to what is perceived as American bullying about this.

Now, so far, the authorities have been very cooperative and I think they have every reason to do this and not be seen as a kind of haven for this hijacking or piracy on the Internet. But on the other hand, they have to be very sensitive to the perception in their own country as to how their nationals, if it is a Filipino who is ultimately charged with the crime, are treated in an international community.

VAN SUSTEREN: It's amazing how you can trespass into another country and commit crime and never cross over.

COSSACK: Yes, and what's really interesting here is it's not just the United States that this has affected, this was all over Europe. I mean, suppose Great Britain says, you know, we want this fellow here -- or woman.

ALLARD: Well, that'll be an issue to decide in terms of priority and so on. But it would be hard to say that a prosecutor would be overzealous in this case when you look at the amount of damage that was done. And there's good precedent...

VAN SUSTEREN: They're going to want to make an example out of it so everyone -- so no one else does it.

ALLARD: But Greta, back in 1991, Morris, a Cornell graduate, was convicted of a very similar activity, and his defense was, well, I didn't mean for it to get out of hand. I was just trying to point out that the systems were flawed. And then, of course, the Morris virus got out of hand and he was convicted and it was upheld by the second circuit in 1991. Very similar situation.

COSSACK: All right, that's all the time we have for today. Thanks to our guests and thank you for watching.

Tonight's Big Game lottery could reach a $350 million jackpot. What would you do with all of those millions? But it doesn't matter because I'm going to win it. So find out what other lottery winners have spent their dough on today on CNN's "TALKBACK LIVE." That's at 3:00 p.m. Eastern.

VAN SUSTEREN: And I know I'll be back tomorrow, but after Roger wins the lottery I'm not sure about him. But join us.

COSSACK: We're both out.



Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.