Justice mysteriously delayed for ‘Melissa’ author

So what's David Smith been up to lately?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Nearly twenty months after entering guilty pleas in state and federal court, David Smith, the confessed author of the infamous 'Melissa' Outlook worm, remains free on bail with no sentencing date in sight, while the prosecutors who once ballyhooed Smith's arrest as a model of swift and certain information age justice have fallen mysteriously silent.

When Melissa struck on 26 March 1999, it introduced a generation of Netizens to the concept of a computer virus. The worm targeted Microsoft Word users, and spread by sending an infected e-mail to the first 50 addresses in each victim's Microsoft Outlook address book. Though non-destructive by design, the virus propagated so quickly that it jammed corporate and government networks, forcing some large companies to sever their connections to the Internet temporarily. By some estimates, the virus caused millions of dollars in losses.

Within a week of the outbreak, New Jersey police and FBI agents tracked the virus through a hijacked AOL account to Smith, then 30. On 9 December of that that year the programmer pleaded guilty to computer crimes in state and federal court, and stipulated in a detailed plea agreement to having caused over $80,000,000 in damage. The losses, coupled with other stipulations in the plea agreement, carry a prison term of 46 to 57 months.

Then-US Attorney General Janet Reno lent a quote to the press release; Smith remained free on $100,000 bail.

There, the flurry of activity stopped. Smith's 18 February 2000 sentencing date was postponed; then, as the new date neared, it was postponed again. In all, Smith's sentencing has slipped five times. If he were to be sentenced today, the elapsed time between his adjudication and sentencing would come in at five times the 125 day federal average. The state case -- subordinate to the federal sentence -- remains in limbo.

The New Jersey US Attorney's office is mum on the reason for the delays, and Smith's lawyer, Edward Borden, didn't return repeated phone calls about the sentencing over the past six months. Smith himself, reached by telephone last May, declined comment.

More mysteriously, court records reflect no filings by either Smith's defense attorney or federal prosecutors relating to his sentencing and the postponements. The only visible additions to Smith's file since his 1999 guilty plea are three court orders granting Smith permission to leave New Jersey, once to travel to Brunswick, Georgia on business, twice to visit friends on the Florida Keys.

Informed speculation on Smith's elusive date with the gavel tends to follow two lines of thought.

First, legal experts say, prosecutors and Smith's lawyer may have privately reopened negotiations over the amount of loss caused by Melissa's rampage. Smith's plea agreement leaves him the option of arguing in court that he should be sentenced below federal guidelines, because he didn't intend to cause financial losses. Additionally, while Smith admitted to causing over $80,000,000 in losses, the court is not bound by that admission, and if a pre-sentence investigation by the US Probation Department finds that Smith caused less damage, the judge would likely hand down a lower sentence.

"It's unusual that it would take this long, but the sentencing details can be maddeningly confusing in this kind of case," says Mark Rasch, a former Assistant US Attorney who handled the only prior federal computer virus prosecution: the case against the 1988 Internet worm author Robert Morris.

"We had exactly the same kind of problem in the Morris case," says Rasch, now vice president for cyberlaw at Predictive Systems. "Morris caused $200,000 in damage, but intended to cause no damage. How do we treat him?"

The second possibility, and one which better accounts for the silence now surrounding the case, is that Smith found a way out of his prison fate: cooperation on another, unrelated investigation.

"Parties are filing things under seal, and that typically means somebody is cooperating with the prosecutor," says Matthew Yarbrough, also a former federal computer crime prosecutor. "The government doesn't want to put him in jail before his cooperation is finished."

Yarbrough, now an attorney with Fish & Richardson, recalls one white collar crime case he prosecuted in which the defendant remained free and awaiting sentencing for two years, while working undercover for law enforcement in exchange for special consideration. "We carried that thing on for two years, under seal," recalls Yarbrough. "We needed him out there, on the ground, helping us."

"That typically would account for a long delay between a plea and a sentencing," agrees Rasch. "Under the sentencing guidelines, the only way you can really reduce your sentence... is to cooperate against other people. In light of the fact that Smith stipulated to eighty million dollars in losses, it's likely that he would offer to cooperate. And if he offered to cooperate, the government may have found a way to use his cooperation."

It's not clear what Smith, a virus writer with no known involvement with other criminals, would have to offer prosecutors. But "there's a serious possibility that could be exactly what it is," says Yarbrough.

"I really couldn't comment on that either way," answers Mike Drewniak, spokesman for the US Attorney's office in New Jersey.

Since Melissa's romp over two years ago, the Internet has hosted hundreds of other viruses, from LoveLetter to Code Red and Sircam. Many of them have wrought more havoc then David Smith's creation. But the open-ended case against Smith remains the only US prosecution of a Web-era Internet virus writer.

Sentencing is currently scheduled for 10 September 2001.

© 2001 SecurityFocus.com, all rights reserved.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.