PANORAMA "CYBER ATTACK" RECORDED FROM TRANSMISSION: BBC-1 DATE: 03:07:00 ............................................................... JANE CORBIN These underground hackers have the power to hijack your computer. SIR DYSTIC The internet is a very dangerous place to be. CORBIN This young man is the front line in the war against cyber terror. JOHN VRANESEVICH Terrorist groups are beginning to wake up to the type of power that this could provide them. CORBIN This teenager took thousands of credit card numbers with his computer. RAPHAEL GRAY You could teach your grandmother how to do what I was doing. It's a very simple thing. CORBIN Tonight, on Panorama, how safe are you from Cyber attack? (Reconstruction) CORBIN Dawn in the remote village of Clynderwen in Wales. A police squad arrive at a cottage where a family is sleeping. They are looking for a computer hacker who has downloaded thousands of credit card numbers. Someone known only by his on-line name "Curador". RAPHAEL GRAY They said "Are you Curador? And I said "Cura what?" You know, I tried to act innocent. But they said "If you're going to be funny with us we'll have to arrest everyone in the house because it's definitely someone in this house." They said "We'll have to arrest your mother and everyone." And I said "Okay, fine, I am Curador then." (Reconstruction) CORBIN The Welsh police seized computer equipment from 18 year old Raphael Gray's bedroom. His activities weren't just of interest to the local constabulary. An FBI agent was there to witness the arrest. GRAY He was wearing a grey trench coat, and he was the only one wearing a grey trench coat, and it is literally it's standard procedure, it's what FBI people where, in it's in their handbook, you know, "Wear a trench coat". CORBIN Raphael Gray is part of a growing global problem. Teenagers who have the urge and the skills to break into computers, stealing classified data and personal financial details, infecting machines with malicious programmes. The internet now connects the whole world. But some hackers say it's their mission to reveal how vulnerable the net really is. GRAY It didn't make much sense to me that there were so many computer systems run by huge organisations, and you've got guys earning lots of money - I mean it's not as if they're not getting paid enough - but seem to be just sitting on their arses doing something, exactly what I don't know, but nothing to do with security. Everything was left open. It just got me thinking. CORBIN In January Raphael Gray created a simple computer programme which enabled him to pinpoint at random security flaws in nine online stores where thousands of credit card numbers had been stored. He was then able to access the numbers on the retail sites. GRAY I just chose one at random. I just clicked on it, tried it and that was only ten minutes after I'd had the idea, and I was already getting 5,500 credit card numbers were downloading. No password, nothing, just click, click, click and here they were. CORBIN Raphael Gray downloaded the details of 26,000 credit cards. He says he sent a message warning some of the retailers he had their customers' details and they should lock their files. But they didn't respond. So he set up his own website and posted some of the card numbers there to advertise the security flaw he had found. But don't you feel that by having a website and posting people's credit card numbers on it you were acting wrongfully, illegally? You were exposing those people, their accounts, their credit numbers to misuse? GRAY I wasn't exposing them any more. I was, as I say, re-advertising them. Anybody else could have got access to them, no problem. You could teach your grandmother to do what I was doing. It's a very simple thing. CORBIN People visited Raphael Gray's website and used the card numbers to make fraudulent purchases. Many credit card companies will bear most of the losses incurred by the misuse of credit cards online. But the personal information the hacker can get by downloading details stored with the credit card numbers can be potentially even more useful. STEVEN PHILIPPSOHN INTERNET FRAUD LAWYER So he can go to the online bank and he can go to the email account of that particular individual, and most probably get access into that. And what is obviously very serious about that is having got access into the bank account he can steal from this consumer, and he can also get access to all his confidential business information as well. CORBIN The whole world is being urged to get on line, to experience the magic of the internet. Fifty million people in Britain already have access to the net and that's set to double in the next five years. We're all being told to get online, to do our shopping there, to live our lives there, it's the future, but I mean what about the security aspect? How serious is it? PHILIPPSOHN It's a very serious problem, I think. What people should do is realise that they are not shopping in the high street, and they should build their own protections. They should perhaps have different passwords for each subscription that they take out. They should check out the company to make absolutely certain that everything is alright, and of course they should check their statements very, very regularly. CORBIN But individuals using the internet can only take so many security precautions themselves. They are ultimately dependent on the software they have bought for their computer. [Microsoft Advertisement] Listen, the stuff that we make - it's powerful. It makes you powerful. CORBIN The giant Microsoft corporation dominates the software industry. Nine out of ten personal computers run on Microsoft programmes. The products are aggressively marketed as being easy to use by all groups of people. California - home to hi-tech silicon valley. But the west coast has it's less salubrious aspects. In a rundown area of San Francisco a more subversive group of computer programmers have a very different message for customers of Microsoft. This is New Hack City, the secret headquarters of the Cult of the Dead Cow. These hackers, who use gothic online names - Sir Dystic, Deth Veggie - are considered the cream of the hacker community and the scourge of the computer industry. 'SIR DYSTIC' CULT OF THE DEAD COW You know the internet is a very dangerous place to be, and it's being marketed right now as being this neat toy that everybody should come play with and get online today, and you don't get any warning when you log online. You don't get a warning that says look, you are opening yourself up to these possible ways of being exploited. So it is, in my opinion, a dark situation, and like I said, I think that the only way to deal with that is user education. CORBIN The Cult claims to educate computer users by exposing security flaws in one of Microsoft's most successful ever products. (Microsoft advertisement) CORBIN Windows 95 was launched with the greatest fanfare the industry had ever seen. The software package was installed on tens of millions of personal computers. SIR DYSTIC My main issue at the time was with Windows 95 which was essentially released without any security built into it. It had very, very minimal security. That was a marketing decision by Microsoft. They wanted to have as many people be able to use it as possible. CORBIN Sir Dystic created a programme to show up the flaws in Microsoft's back office software. He called it 'Back Orifice' and it enables a hacker to enter someone else's computer and seize control of it. We wanted a demonstration of how it worked. Sir Dystic loaded the software into his computer. Three miles away, across San Francisco, I logged into my laptop with Freakout, another member of the Cult. So Freakout, for the purposes of this demonstration I'm going to send this to..... I started typing a confidential memo to the editor of Panorama. Meanwhile, Sir Dystic was sending the Back Orifice programme to his victim disguised in an email message. Once I opened it, my keyboard was hijacked. I had not control over it. FREAKOUT Did you see that? CORBIN Yes, and I'm not controlling it at all. And look, the cursor is moving. Someone is deleting what I've just written. "Cult of the dead cow." They've got control of it. FREAKOUT Yes. CORBIN So that's how it works. FREAKOUT Yes. Sir Dystic, at the other computer, has now taken control of your machine and can now actually go ahead and type whatever he wants and send that to your editor. CORBIN And he won't know it's not from me. FREAKOUT It'll say that it's from you. CORBIN So he could say anything, and I mean that's very dangerous. And if I was using my bank account for example and I was in there, with details of my account, could a similar thing happen? Could he take it over? FREAKOUT He can record everything that you type and so it will actually find out which bank it is that you deal with. It'll pick up your login and your password, and depending on the particular service, he might be able to right checks or.... money. CORBIN So after I've left, in effect, it will seem as if I'm in control but it will be somebody else. FREAKOUT Yes. CORBIN That's scary. SIR DYSTIC By sacrificing security it's no longer a secure platform. It's certainly not anything that people should be doing things like online commerce and online banking from, but they are marketing it for that purpose. CORBIN But they would say that the fact you wrote this software is very malicious to show up the faults in the thing. SIR DYSTIC It's malicious to, for instance, show that there's a faulty seatbelt in a car? I don't understand how that's malicious. CORBIN The Cult of the Dead Cow have launched Back Orifice on the net where it can be downloaded free and used by anybody. It's spread widely and many people don't even know their computer has been infiltrated. You created it and put it out there. You must bear responsibility, or some responsibility. 'DETH VEGGIE' CULT OF THE DEAD COW I don't feel responsible. I've thought about that. I've actually thought about this a lot. Like I said, I feel really bad about it, but I think what Microsoft is doing, the analogy that I use is that they're basically handing out loaded guns to school children, and what we're doing is saying hey that's really, really dangerous. SIR DYSTIC We're pointing out to the kids that if you pull that trigger, you could get hurt. Probably a lot of those kids are going to pull the trigger immediately but that happens. CORBIN When someone pulled the trigger in the Philippines on May 5th, the fallout echoed across the world. From the sprawling Third World City of Manila a deadly computer virus was released in the shape of a love letter. At computer security company 'Sophos' in Oxfordshire, a crack team of virus busters worked overtime to clean infected networks belonging to their desperate clients. GRAHAM CLULEY SOPHOS, ANTI-VIRUS COMPANY Love bug was the biggest virus incident that we've ever seen. The phones were basically just burned red hot, we had so many tens of thousands of phone calls coming in. CORBIN The Love bug was sent from a developing nation, but it was very sophisticated. It posed as an email love letter. Few could resist opening it. That was the trigger that spread the virus to everyone in their address system, destroying data as it went. CORBIN Was there panic out there? CLULEY I think there was amongst many people. There were so many people who were infected, who didn't know what to do, whose users were double clicking on this love letter and were spreading the virus further and further on. CORBIN Government systems from the House of Commons to the Pentagon, hundreds and thousands of businesses, tens and millions of personal computers. They were all hit by the Love Bug virus. The cost in lost time and destroyed data is almost impossible to estimate, but it could be as high as £8 billion. JANE CORBIN We've come to the Philippines to investigate how, at the push of a button, a computer virus can travel round the world, infecting millions of systems at a cost of billions of pounds. The Love Bug is one of the most recent in an increasing number of cases in which people have maliciously intruded into computers. What happened here in Manila should serve as a warning. A catastrophic global computer attack is now a real possibility. The media were in full cry by the time the police had identified the phone line through which Love Bug was sent, and descended on a house in a manila suburb. Once again FBI were on the scene when local police officers carried out the raid. The tenant of the house, a bank clerk, was arrested but protested his innocence. A computer student who also lived in the house hinted he may have released the virus by accident. Onel de Guzman has now been charged. Police have yet to prove who wrote the virus but a computer disc belonging to a second student, Michael Buen, was also found in the house. We tracked down 23 year old Michael Buen who has just graduated from computer college. He is the eldest of nine children in a family with little money. Until now he has refused to speak about the Love Bug, but he talked exclusively to Panorama. So who wrote the virus? It came from here, from the Philippines. MICHAEL BUEN I don't know, I'm just scared to answer you because I don't want to incriminate anybody or... CORBIN Did you write it? Did you have some involvement in the program? BUEN No. CORBIN Michael Buen denies he wrote the Love Bug but his version of events is not that straightforward. In February Sophos, the British security firm, were asked to examine a virus sent to some of their clients. It came in the from of a job application from abroad. CLULEY And as we scroll down, we can see his resume or CV. CORBIN Applicant's name. CLULEY Michael I. Buen. CORBIN Even his address here in the Philippines. CLULEY That's right, even a phone number as well as the position he's trying to get, the kind of job he's trying to get. CORBIN The virus was designed to reproduce itself, clogging files and email systems. CLULEY Largely it was just interested in spreading, so that it would infect all your Word documents and slowly travel across your network, and if you sent someone else an infected Word document. When they opened it, they would also become infected. CORBIN Michael Buen seemed to be displaying his skills in search of a job, but the virus contained a threat. CLULEY "Warning, if I don't get a stable job by the end of the month I will release a third virus that will remove all folders in the Primary Hard Disk, or in layman's terms, para ko na ring fi- normat ang Hard Disk Mo." CORBIN What's that? CLULEY Well I imagine it's Filipino for 'I'm going to shag your hard drive. CORBIN We challenged Michael Buen about his virus writing skills. His interview took place in the presence of his lawyer. I've a copy of this and this is a virus program. It's got your name on it. It came earlier in the year to a company in Britain. Is it from you this virus? BUEN Yes. CORBIN This virus? Because in it you say that if you don't get a job in a month, a stable job, you're going to release more viruses. Is this from you? BUEN Maybe I can postpone this... CORBIN But it has got your name on it. BUEN This is what I told you a while ago. CORBIN What is it? It's a virus. If you sent this one, then surely you could send another one like Love Bug. Michael Buen's lawyer tried to stop him answering the question. BUEN I could not even create Love Bug or like virus. So... CORBIN But you did send this one. BUEN (nervous laugh) CORBIN You don't want to answer? CLULEY The significance is that it appears Michael Buen definitely was involved in writing computer viruses. The amount of information in here about him strongly suggests that he's written viruses before and maybe other viruses as well. CORBIN Of the type that Love Bug became. CLULEY It's a similar type of virus. It's not exactly the same but there are strong similarities here. If it wasn't him who wrote Love Bug, then it appears that it was one of his mates. CORBIN Michael Buen and Onel de Guzman trained at the AMA Computer College in Manila. Already popular, it's not inundated with students enrolling for computer courses. Young people here see the computer industry developing in the Far East as their best chance for employment. Whoever created the Love Bug has become a national hero for highlighting the technological potential of the Philippines. GIRL STUDENT Filipinos are proud of him because of what he did, because nobody does it, only we Filipino can make it. BOY STUDENT Even though we belong to the Third World country, we have the power to make that kind of virus. 2nd GIRL STUDENT Well the Philippines can be very good, can produce very good programmers as well, though in a very bad way. BUEN Maybe they look up to me. Maybe they look up to us and so they might just think that we are great. CORBIN So it's put the Philippines on the map as it were. BUEN Yes. It's clearly not that bad to create viruses. GRAHAM CLULEY SOPHOS, ANT-VIRUS COMPANY This really gives a very bad image I think, an impression to youngsters that virus writing is cool, you can get yourself famous, and you can have a great time, and maybe get a good job out of it. We'd much prefer if people were told virus writers are scumbags, that what they're doing is very damaging to computer systems, and that the shouldn't really be congratulated for causing so much enormous devastation. CORBIN The Love Bug virus caused so much devastation because it too targeted one of Microsoft's best selling products. Love Bug highlighted the question of whether security or the ability to perform lots of functions is Microsoft's main priority for its products. Do you think that Microsoft is as aware of security as it could be? I mean could they make their products more secure? CLULEY Definitely we could have more secure products from Microsoft. The problem is, we strongly suspect they'll never do that. CORBIN Why? CLULEY The region is largely commercial.. If they took out some of the functionality which causes viruses, it would also cut out some of the functionality which does all kinds of cool stuff as well. And so users may say well we're not going to buy the next version of Microsoft Word because we can't do X, Y and Z any longer. CORBIN So do you think their marketing department is running their security department? CLULEY Yes, I think security is really on a back burner compared to functionality and features and animated paperclips talking to you. CORBIN It was a Microsoft product too which Raphael Gray, the Welsh hacker, was able to penetrate. From it he accessed databases used by retailers to store credit card details. RAPHAEL GRAY Microsoft will always be what Microsoft are, it seems to be it's what they do. Microsoft write software and worry about the security problems later basically. CORBIN Yes, but if there weren't people like you trying to get into their systems, they wouldn't have a problem either. GRAY But there are always going to be people like me trying to get into the system. That's what the system is there for. CORBIN On its website Microsoft does acknowledge some of the security flaws discovered in its products by putting up software to fix them. It can be downloaded for free. But it's down to customers to protect themselves and not everyone is aware of that. GRAY Microsoft don't advertise the fact that they have security problems, so they don't advertise the fact they have security fixes, so not everybody knows you can get them. So it's a kind of a catch 22. Microsoft don't want to tell the world they've got a problem but they need the world to know that they've got a fix. CORBIN It's not just hackers who criticise Microsoft. Security companies which deal with viruses are concerned about the ease with which they can spread in certain Microsoft systems. How seriously do the anti-virus community take the problems of viruses with Microsoft, and did you try to get Microsoft to do anything about it? CLULEY Something like 18 months ago we wrote to Microsoft an open letter; a number of anti-virus companies signed it saying "hey, here at the things you can actually do to Microsoft Word to dramatically reduce the chances of virus infection" so we've been lobbying for that for some time. CORBIN And what's happened? CLULEY Nothing's happened. We've not even had a reply as far as I'm aware. CORBIN Why do you think that is? CLULEY It's hard to say. Maybe Microsoft are rather embarrassed by the whole situation. CORBIN Microsoft declined to be interviewed and questioned on our programme. Instead they gave us a statement saying they are committed to protecting customers' information and that both security and functionality are key considerations in their products. Microsoft goes on to say it encourages its customers to keep abreast of current security hazards and that it works very closely with the anti-virus community. The inherent weaknesses of commercial software have come to light largely through hackers and virus writers boasting of their exploits. There are, however, more shadowy groups hiding in cyber space whose dedicated attacks on government systems are potentially an even greater threat. They're out to wage war using the internet. The biggest magnet for hackers from all over the world is the extensive computer network of America's space agency. NASA scientists are engaged in pioneering research, some of it linked to America's defence. ROBERTA GROSS INSPECTOR GENERAL, NASA NASA is a symbol of frontiers that are still open for America. We go to space, we go to outer space. We invite the public in because it is an exciting place and we want them to see it and so that's part of our mission. The problem is, is that hackers come in and they stay in. They come in and take things they're not supposed to take and they go from NASA to places they're not supposed to go and that's the problem. CORBIN NASA has built up its own squad of cyber cops, experts who track down invaders. They have powers of arrest and work with governments and police forces all over the world. In the past year alone NASA has experienced half a million cyber attacks. How serious can it be? GROSS Well you take NASA's missions and you take its vulnerabilities, then you can see how serious it can be. What do we have? We have a shuttle that has astronauts and astronaut safety. Everybody knows oh there's a problem with Huston. That's all run by computers. So if you have a problem, a potential vulnerability, or somebody is able to supersede the system that we set up, that's dangerous. CORBIN Panorama can now reveal that during a 1997 shuttle mission astronauts were put at risk by hackers. Michael Foale, the British-born scientist, was on the Mir Space Station during a linkup with the American astronauts. The vital computer systems that constantly monitor the astronaut's heartbeat, pulse and medical condition were broken into. GROSS We had an activity at a NASA centre where a hacker was overloading our system and overloaded it to such an extent that it interfered with communications between the NASA Centre, some medical communications and the astronaut aboard the shuttle. CORBIN And what was the shuttle doing at the time? GROSS It was docking with the Mir. CORBIN So this was a pretty critical moment. GROSS Well NASA has a lot of failsafes and it makes sure that there's not just one way of communicating, and so the transmission ultimately went through and there were other means of communication, but it showed the potential that hackers have for really doing serious damage to NASA's mission, and astronaut safety. CORBIN The penetration of NASA's complex systems has heightened Washington's fears. America's technological superiority is actually making it vulnerable to its enemies. SENATOR JOHN KYL CHAIR, SENATE SUBCOMMITTEE ON TERRORISM There is a point here that you can't attack the United States frontally because of our military power but you can attack us at our weak spots, and clearly the internet, and the reliance on technology generally, offers an opportunity to attack both the civilian sector as well as the military sectors that give countries leverage that they wouldn't otherwise have. CORBIN The first warning of the potential for cyber war came in February 1998 in what became known as 'Operation Solar Sunrise'. The computers of the Pentagon and other military sites came under sustained attack from an unknown source. KYL Solar Sunrise was serious enough that our top defence department people described it as the most serious intrusion into the United States up to that point. CORBIN The attack came at a time of heightened tension in the Gulf with American forces on full alert as Saddam Hussein threatened UN arms inspectors. The fear was that Iraq has launched its own counter attack in cyber space. KYL It went all the way up to the President of the United States it was that serious. CORBIN But ultimately the mystery of Solar Sunrise was solved not by the top brass but by a young ex- hacker. Twenty-one year old John Vranesevich runs a popular website, AntiOnline, where hackers gather to boast about their exploits. He tracked down the real culprits on the internet, not the Iraqis but two 16 year old boys from California. JOHN VRANESEVICH HACKER INVESTIGATOR I had the opportunity to acquire some of the log files that these hackers had had from breaking into systems, and some of the systems they broke into were literally super computers, being run by the US military, and so certainly it becomes quite apparent why the military was so worried and worked up about the case as they were. CORBIN But there was indeed cause for alarm. A foreign mastermind was behind the attacks. An Israeli youth about to be called up for his country's army, Ehud Tenebaum, was instructing the American teenagers on what to do and which sites to attack, amongst them sensitive NASA networks. ROBERTA GROSS INSPECTOR GENERAL, NASA What concerned us was we had teenagers involved who were being mentored by a foreign citizen, and they don't know why he was mentoring them. They just thought that was cool, somebody sharing tricks, somebody that was one of their kind of people. But they don't know who he is and they don't know his motives, and they don't know why he wanted them to do certain things or learn certain things. We still don't know necessarily where all the information is that the Israeli citizen had, and so that makes it very worrisome. CORBIN More worrying still are signs that terror groups have begun to use the expertise of hackers. Osama bin Laden is the man suspected of being behind the bombing of USA embassies in East Africa two years ago. He's now top of the FBI's most wanted list. Last year John Vranesevich identified an American teenager calling himself Chameleon, stealing satellite images from US military sites. He was doing it for a man claiming to be a follower of bin Laden. VRANESEVICH This individual sent Chameleon a thousand dollars up front money in exchange for the software, and after Chameleon sent him the software he was promised another $10,000 and additional work. CORBIN So here we had a terrorist paying a hacker essentially. VRANESEVICH Paying a kid. CORBIN Paying a kid to get him sensitive defence information to order as it were. VRANESEVICH Exactly. Luckily we found out about this. We tracked down Chameleon to his parents' home in California and twenty FBI agents raided him at gunpoint before he had the opportunity to ship the software. CORBIN John Vranesevich is now paying the price for using his computer skills to help the FBI track down hackers and the criminals who commission them. VRANESEVICH We began seeing some rather severe death threats from this individual who claimed to be part of a terrorist faction. CORBIN And he was threatening you. VRANESEVICH Threatening me, my family and other individuals who had been working on this case. CORBIN What did he say? VRANESEVICH He said all sorts of great things that I don't think I can repeat on the air but the gist of it was: "I have a great deal of money, I have proven that with Chameleon. If I can send a 17 year old a thousand dollars, do you not think that I could send some twice or ten times that much to shut you up?" CORBIN It's not just terror groups who are seeking to penetrate America's defences through computers. US senators have been hearing evidence in secret about a mysterious cyber attack called Moonlight Maze. The suspect is a foreign state. KYL It was a very sophisticated hacking into a series of defence and government computers and university research type computers which resulted in the theft of a great deal of highly sensitive information. CORBIN The data targeted included classified naval codes and details of missile guidance systems. Officials investigating Moonlight Maze traced the source of the attacks and the timing. They took place only during office hours and they emanated from a building in the heart of Moscow. It's the headquarters of the Russian Academy of Sciences, a place well known to former KGB insiders who worked there. OLEG KALUGIN HEAD OF COUNTER-INTELLIGENCE, KGB When I was the chief of security at the Academy of Sciences of USSR we used hundreds and even sometimes thousands of scientists to do the job in the intelligence and security matters to not only to steal secrets but also to work on special projects under the auspices of the KGB for instance. CORBIN The aims and the exact identities of the hackers are still a mystery. They've disappeared back into the recesses of the internet for the moment. But Moonlight Maze has proved that information warfare is now not just in the realms of science fiction. KALUGIN I have reasons to believe that the Russians are actively working on how to penetrate the other countries' cyber and internet and computer services and how to paralyse them in case of.. well in emergency or something which would be desirable rather than using nuclear weapons. SENATOR JOHN KYL CHAIR, SENATE SUBCOMMITTEE ON TERRORISM We're living on borrowed time, we are. If we are in a conflict, a very serious conflict in the near future, I have no doubt that those against us will attempt to use information warfare techniques to gain their goals. CORBIN Western governments, including our own, have declared war on the hackers. They're providing funds and creating special police units to fight cyber attacks. But there's a limit to how far they can control a problem that's growing round the world, and the hackers always pride themselves on being at least one step ahead of the authorities. This is now the real frontline defence in the war against cyber attack. Young ex-hackers like John Vranesevich and his friends in small town America, not the traditional forces of law and order. They are the ones who understand hacker mentality. They know where and how to find them on the internet, and they can keep up with the latest technical developments. CORBIN The FBI says they're on top of this, but are they? JOHN VRANESEVICH HACKER INVESTIGATOR FBI has currently backlogged 800 cases that they've chosen to accept and investigate. CORBIN 800 cases? VRANESEVICH 800 cases. CORBIN In a backlog. VRANESEVICH In a backlog, and those are the ones that they've chosen to investigate. The FBI doesn't investigate every computer crimes case that is reported to them. CORBIN So they're pretty much snowed under. VRANESEVICH I would say so. CORBIN And when the attacks originate in a country like the Philippines the task is even harder. Love Bug is something new for Manila's hard pressed National Bureau of Investigations. In fact, it's their very first computer crime case. The police are hampered by old equipment and a lack of technical know how. They've even failed to find the computer used to send the Love Bug Virus. It went missing in the three days it took a judge to issue a search warrant. And whilst there's no shortage of bugs amongst the police files, they're more usually the six- legged kind. And how computer literate are you? ELFREN MENESES NATIONAL BUREAU OF INVESTIGATION Well I would consider on a scale of one to ten I would still consider myself as number five. We are not so much computer literate but I can say in the investigation it's okay, but on going deeper into the technical aspect of it would be a different thing. CORBIN Only now at the end of the day has the Parliament of the Philippines introduced a new bill in order to make cyber crime illegal here. And it can't be backdated to apply to the Love Bug creators. Victims of the virus in the west may want to see the perpetrators in prison, but few here believe anyone will be prosecuted. Even if those responsible are caught, that's not the end of it. Is the answer to catch these people and put them behind bars? Is that the end of the matter? GRAHAM CLULEY SOPHOS, ANTI-VIRUS COMPANY It's great if you catch a virus writer and stop him writing viruses, but that only helps for new viruses they might write. The viruses they've already written will carry on spreading over the internet. Love Bug will be here for years and years to come, even though all the anti-virus products detect it, it will still be lurking in corners of the net. People will carry on being infected. The crime carries on. CORBIN In Wales Raphael Gray waits to hear whether the computer crimes he's accused of will land him in prison. He insists he only downloaded credit card numbers to highlight security flaws, not for personal gain. But he acknowledges there are criminals out there who want to use hackers like him. He's already declined an offer from someone seeking his computer skills to launder money. RAPHAEL GRAY The things he was offering me as well, I mean it was tempting. I mean when you're 15 or 16 years old and someone walks up and he says: "You can have as much money as you want. We'll set you up in a flat, any computer equipment you want, anything you want. Anything you want, literally, it's yours. All you've got to do is no questions asked, do what we ask you to do. Do this bank, do whatever." CORBIN Do you think there are a lot of people out there who want to use the skills of young hackers for illegal purposes? GRAY Definitely. Definitely. I wouldn't be the first person whose been offered this but I'm probably one of the few people who've said no. (Reconstruction) CORBIN Even Raphael Gray's experience in the local police station after his arrest shows how complacent and confused many of us are when it comes to computer security. GRAY Just above the monitor for the custody system there was a huge piece of paper and in nice big letters said "The password for the custody system is CUSTODY" so not only was it a ridiculously simple password like 'custody' but their staff couldn't remember it so they had it nicely printed above the computer system. Anyone could have sat down and I could have bailed myself out. I was left alone loads of times. CORBIN Today we all need computers, even if we don't really understand them. But like it or not security is ultimately down to each individual. Given the speed at which the whole world is becoming connected, the risk is that it will only be a matter of time before someone, somewhere, finds a way to bring down the whole system. VRANESEVICH As more and more people come on line, younger and younger people come on line who are by definition less mature, we're starting to see much more of a malicious attitude, and unfortunately computers now are providing the power where these individuals can ruin people. CLULEY The key thing about viruses these days is the internet. They're looking at how fast they can infect every computer on the planet. CORBIN It's an irony isn't it because business got very excited about the internet and the possibilities, but it could be the weak link, the vulnerability. CLULEY It's a real shame. I remember the days when I got into computing, you didn't have to worry about viruses. Computers were really fun. Today, everything you download, everything you receive in an email, you have to be cautious about and virus scan. [END] 1