Melissa e-mail virus author David Smith
was sentenced to 20 months in a federal penitentiary by the U.S. District
Court in New Jersey Wednesday, according to news reports.
Smith was apprehended
in 1999, after Federal Bureau of Investigations officials found him
residing in his brother’s house in Eatontown, N.J.
The Associated Press quotes Smith as saying the computer virus, which caused
systems to crash and forward itself to 50 other addresses in the
Microsoft Outlook address book, was a “colossal mistake.
Attorneys on both sides agreed the damages caused by the so-called mistake
totalled more than $80 million dollars worldwide, though the judge only
fined Smith $5,000.
He faced 10 years in jail and a $50,000 fine for his actions, but
prosecutors suggested a lighter sentence given the defendant’s help in
catching other virus makers, notably scores of script kiddies who cloned a
legion of Melissa knockoffs.
The sentence comes at a time when cyber-terrorism aeems to be on the
rise. While security hacks over telephone lines have been going on since
the advent of Captain Crunch and his “phreaking box” in the 1970s, a rash
of high-visibility security break-ins — as well as post-9/11 worries —
have cast a brighter spotlight on the problem.
According to a GartnerG2 report released Wednesday, 90 percent of
cyberattacks exploit known (i.e., preventable) security flaws which could
have been avoided with the installation of a security patch by the
Richard Mogull, research director for GartnerG2, said patches are available for IT staffs, but many don’t
bother to download and install them.
“Estimated losses from Code Red and Nimda were in the billions of dollars,
yet Code Red exploited a flaw for which a patch was available, proving that
we never learn from our mistakes,” he said. “Nimda exploited the same flaw
just a few months later. Both continue to survive on the Internet today.”