Web of Crime: Who's Catching the Cybercrooks?

Artwork: Diego Aguirre
Part 5 of a special five-part series.

In 2004, after months of putting a virtual tail on a hacker who called himself Pherk, Federal Bureau of Investigation agent Timothy Nestor had the guy right where he wanted him. Though unsure of Pherk's identity, Special Agent Nestor was tracking every digital footstep the hacker took as he wreaked havoc on dozens of businesses by shutting down their online storefronts.

Pherk's modus operandi was to commandeer an army of 2000 zombie computers and use those PCs simultaneously and repeatedly to request Web pages from the sites; the surge in queries would overwhelm the sites' servers, knocking the businesses offline. What the hacker didn't know was that Nestor, supervisor of the FBI's Cyber Crime Squad in New Jersey, had isolated one of the zombies and was now following the perpetrator's every online move.

Eventually the accumulating evidence of these illegal Web activities enabled the FBI to trace the attacks to 17-year-old Jasmine Singh Cheema. Nestor then obtained a search warrant; and in early December 2004, six FBI agents and two New Jersey state police officers barged into the Edison, New Jersey, home of Cheema's parents. According to Nestor, the 17-year-old Cheema sat at the family's dining room table and confessed everything to the FBI as his mother hovered nearby.

Attacks Increase

Pherk's technique of crippling a Web site by flooding it with information is called a distributed denial of service (DDoS) attack. Despite being illegal, such attacks are on the rise. And not surprisingly, the number of PCs infected with malicious code that turns PCs into zombies has risen as well--from 3000 during the first quarter of 2005 to 13,000 during the second quarter, according to a report from anti-virus firm McAfee.

Big-time criminals aren't always responsible for these crimes. Authorities said Cheema's attacks were aimed at a handful of Web sites that competed with CustomLeader.com, a small online sports memorabilia business. Business owner Jason Arabo, himself only 18 at the time, is alleged to have given Cheema some of his company's imitation classic sportswear as payment for Cheema's work. Arabo, was arrested in March and charged with conspiracy to commit the attacks. If convicted, he faces up to five years in prison and fines totaling as much as $250,000.

The FBI, who supplied this photo, identified the subject as Jasmine Singh Cheema. The agency said that it obtained the image from an online dating site.
Cheema pleaded guilty in New Jersey Superior Court to two counts of computer theft by hacking online businesses; on August 12, he was ordered to serve five years in youth detention and to pay $32,000 in restitution.

According to the New Jersey state attorney general's office, Cheema generated the attacks by compromising PCs throughout the world with a virus. The infected PCs then sent the victims' systems trillions of packets of data per hour, overwhelming them.

What disturbed law enforcement officials most about the Cheema case was the extent of the damage his attacks caused in spite of their simplicity. Investigators report that Cheema infected 2000 computers just by making available on a file-swapping network a file advertised to be a picture of Jennifer Lopez naked. Instead of opening an image, though, people who clicked the file installed a Trojan horse that exploited PCs with poor virus and firewall protection. The PCs then became clandestine members of Cheema's zombie army.

Subscribe to the Security Watch Newsletter

Comments