Internet Expert Witness Opines on Network Damage Caused by Computer Worm

    Internet expert witnessThis case involves a graduate student at a prominent school who had access to his school’s computers through a student computer account. The student created a computer spyware program called an “Internet worm” that could exploit the security defects on computer networks. The worm was capable of spreading across a national network of computers after being inserted into one computer location connected to the network. The student’s programming of the worm made it blend in with the typical Unix operating system of the computer, making it difficult to detect or read so other programmers were not able to “kill” the worm easily. The worm would “ask” each computer whether it already had a copy of the worm and if the computer did not have a copy, it would duplicate itself onto the computer. However, when the student released the worm, it began replicating and re-infecting computers much faster than he had predicted. This resulted in far more copying than the student had intended. The worm caused many PCs around the country to crash, including computers at research facilities, universities, and military sites. The student’s worm caused thousands of dollars in damages and harmed security practices and procedures. It was particularly harmful for businesses with BYOD, or “Bring Your Own Device” polices in place, where the computer an employee brought home could easily pick up and spread the worm virus. An expert in digital forensics and internet security/computer electronics was sought to opine on the issue.

    Question(s) For Expert Witness

    • 1. Can a computer programmer be convicted of a crime for creating a computer worm, and if so, what law does this violate?

    Expert Witness Response

    The Computer Fraud and Abuse Act of 1986 (18 U.S.C. § 1030) is a criminal statute that was created to punish anyone who engages in computer hacking and gains unauthorized access to computer networks. The law was created to punish those who intentionally or knowingly access a computer without authorization or exceed authorized access by causing damage or loss to a computer or its data. The law was amended in 1996 to add a new section (18 U.S.C. § 1030 (a)(5)(A) which prohibits someone from knowingly causing the transmission of a program, information, code, or command that intentionally causes damage to a protected computer. In this case, the student would probably be guilty of violating the Computer Fraud and Abuse Act since he intentionally damaged protected computers by creating a worm that duplicated itself on those computers. A computer worm is especially dangerous since it is capable of traveling from computer to computer and attacking each computer. In this case, the student has probably violated the law even though he did not intend for the worm to duplicate itself at such a fast rate. Since the Computer Fraud and Abuse Act was expressly created to punish those who knowingly invade a computer system even when the damage caused may not be intentional, the student has probably violated the law in this case.

    Contact this expert witness