Yevgeny Imakov today became the first prisoner in a refurbished Guantanamo Bay, now a prison for international criminals and fugitives.
On 26 August 2007 the Tusk.M virus became the worst ever simultaneous computer and mobile phone virus. Within 48 hours it had disrupted systems across the world. Direct costs to infrastructure and trade were valued at US$ 248 billion. Over 150,000 people lost their jobs as companies collapsed. Vodafone, among other telcos, suffered billions of dollars in costs from fines and lost revenue.
Even worse, 58 deaths were directly attributed to the virus when medical rescue teams were unable to secure assistance for accident victims in Europe and the United States.
The FBI and Interpol joined forces to find the source of the contagion. It took six months to track down Yevgeny Imakov, a resident of Uzbekistan, who refused to try him. It looked as if he would never be punished.
“It is essential that we send a message to cyber terrorists. Their crimes affect the whole world, and they must be held to account by the whole world.” So said Ashraf Ghani, UN Secretary General, at the Virus Response Summit in May, 2008.
Within three months, the International Criminal Court had their brief expanded to include acts of international sabotage caused by virus writers. Uzbekistan, facing global condemnation, capitulated.
Yevgeny was extradited, tried and sentenced to life in jail.
ANALYSIS >> SYNTHESIS: How this scenario came to be
September 2005: Viral Convergence
The first mobile phone virus strikes causing only moderate confusion. “This attack is really a proof-of-concept and may be an indication of a new type of blended threat to come,” warns Raimund Genes, president of Trend Micro’s European operation.
The virus spreads via Bluetooth and copies a computer virus called Wukill onto the infected phone’s memory card. Users who place their cards into their PCs then cross-contaminate their systems.
It doesn’t work well but is a frightening indicator of problems to come.
August 2007: Outbreak
The most expensive computer virus was the MyDoom attacks on SCO in 1994. It is estimated that the loss of productivity cost businesses around the world US$ 38 billion. Both SCO and Microsoft offered rewards of US$ 250,000 each but they were never claimed.
All of this would be eclipsed by the pace and fury of Tusk.M.
On 26 August 2007 mobile phone users in London’s Canary Wharf suffer a critical failure of their network. Investigators will later calculate the exact time of the outbreak as being 15h37. It is assumed to be a malfunction of local transmission towers.
In reality Tusk.M has taken control of phones in the area and is sending itself via 3G internet connections from phone to phone. It scans the phone’s list of saved numbers and sends itself. The local transmission towers are clogged by the weight of simultaneous connections. Then the transmission tower is turned into a massive broadcaster and sends the virus to all phones in the area. Computers connected to the 3G network are also infected and the virus rapidly spreads over the internet.
By the time Vodafone realizes what is happening the whole of the UK is infected. Later Vodafone executives will attempt to defend their lack of vigor in shutting down their network to prevent the virus’ spread. “We didn’t know,” was the regular statement from all officers. The British High Court fines them US$ 2 billion in one of the largest negligence fines ever.
Over the next 48 hours the virus spreads across the planet. The only way to stop it is to shut down networks, clear the system and then restart them. Symantec, McAfee and several other anti-virus companies work through the night frantically trying to figure out a way to stop the spread.
“It isn’t just updating our software. Once we identified the virus we could stop it pretty quickly. But it’s moving so fast that we can’t get our updates out ahead of the wave,” says an exhausted Gregor Brkv of F-Prot Antivirus.
Financial systems, largely dependent on telecommunications, go haywire. “Trillions of dollars of transactions are being affected. We’ve no idea where the money is. It’s going to take months to figure out,” says Megan McKenzie at Chase Manhattan, an American bank.
In the US the disconnections between service providers makes tracking the virus more difficult. Some networks shut down preemptively rather than wait for the virus to strike.
“I don’t think we have much choice. I’m terrified of this,” says John Norton of Qwest. Norton will later receive a presidential commendation for his quick thinking. Many other networks are, following on from the Vodafone trial, fined for negligence by not acting.
On 28 August US President George Bush appears on television to address the nation. “My fellow Americans. We may never know the true cost of the damage that has been unleashed on the world. But I promise you this, we will hunt down the person who did this and bring them to justice.”
The first assessments are brutal. Network outages means that emergency rescue services are out of contact. Many people in car accidents or suffering from strokes or heart-attacks are unable to get help. 58 deaths are directly linked to the virus. “First thing we do after this is demand that network providers create a private and protected network for emergency services. We had the same problem during September 11,” says a frustrated Susie Velazquez, a paramedic in Vancouver.
It is agreed that an international convention is to be held in May in 2008 to develop an international response to telecommunications crime.
February 2008: The Hunt
In a rare moment of trans-Atlantic unity the FBI and Interpol agree to work together to find the culprit.
The costs from the virus continue to mount. Many businesses lost so much during the initial attack that they have gone insolvent. Internationally some US$ 248 billion has been lost, and more than 150,000 jobs. Litigation is becoming unsettling. Vodafone threatens to file for bankruptcy if their fine isn’t reduced. In several countries legislation is rapidly passed to cap all civil suites and prevent massive legal bills. “We learned our lesson from September 11. We had to limit liability there too, otherwise there is no end to it,” says Elliot Spitzer, new governor of New York.
Adding to the confusion, millions of mobile phone subscribers receive bills for the SMSs and bandwidth used by the virus taking over their phones. Riots ensue outside network operators offices as thousands of people protest against the high fees. Networks look as if they will lose billions of dollars reversing the bills. McAfee is first out with a commercial anti-virus application for mobile phones that prevents this type of attack.
Elsewhere, the criminal investigation gets under way. “We knew we had to start in London,” says Gillian Delaine of the FBI. “Our wonks spent months going back through the data. Eventually we isolated it to a single mobile phone. Then it got tricky. The phone used prepay vouchers and wasn’t registered. We could track it back to where it was purchased but they barely remembered who may have bought it. Seemed like we’d hit a dead end.”
“Thing is, the person who wrote this code was really good. But he wants us to know who he is. He’s going to boast about it. So we monitored blogs internationally. Even working across multiple language platforms. Someone must know something.” Erik Persson of Interpol worked with programmers to spot information.
“Our breakthrough came in late February. Unfortunately, that’s when things got complicated.”
Investigators discover that the writer is 28-year-old Yevgeny Imakov, an Uzbekistani national. Uzbekistan is a pariah state but their incredible oil wealth insulates them from much of world opinion. Russia is prepared to back them up at the United Nations.
“This is where we have to leave it up to the politicians,” says Gillian Delaine.
May 2008: Virus Summit
“This is not a question of sovereignty. A virus writer can cause far more damage than a suicide bomber. Yes, they do not blow things up but the damage they cause is worse. It is essential that we send a message to virus writers. Their crimes affect the whole world, and they must be held to account by the whole world.” So says Ashraf Ghani, UN Secretary General, in his opening remarks at the Virus Response Summit in May 2008.
The conference is subdued. Everyone agrees and a draft agreement is rapidly signed. Even Russia is cowed by the global response.
A raft of new laws are introduced. All cell phones must be registered. Networks receive an amnesty from liability for the outages but are charged with responsibility for knowing who all their subscribers are. Any unclaimed account must be shut down. Any crime effecting international commerce is now an international matter and these, ordinarily, civil cases are to be heard before the International Court of Justice.
The US, seen for once as one of the good guys, offers up Guantanamo Bay, now empty, as an international prison. It is accepted. No-one wants to look after Imakov on their soil.
Uzbekistan’s representative at the UN is offered a choice. Hand Imakov over or face immediate international isolation, a freezing of all bank accounts and a potential NATO invasion.
Imakov is handed over within 24 hours.
September 2008: Trial and Punishment
The trial, broadcast internationally, is longer than necessary, but many of the victims want to be heard. Psychologists feel that the continuous feed of pain may bring other potential hackers to the realization of the harm they cause.
“Imakov thought he was having a little fun. He is being charged now, not just with harm to business, but also with murder,” says Advocate Vim Duisenberg, the special prosecutor at the International Court of Justice at the Hague.
Imakov makes no statement and appears detached, almost inhuman. His parents are assaulted and they go into hiding. Even the normally anarchistic hacker community is quiet.
Phrack Magazine, the most famous hacker journal, declares, “Look, we’re not al Qaeda, we’re not trying to destroy the world.”
As Yevgeny Imakov is lead away to spend the rest of his life on Guantanamo Bay the message is clear: hackers will be treated as social pariahs.