Question: "Who Invaded Computers in the 21st Century?" Answer: "Moop"

The London Times reported that police in the United Kingdom and Finland arrested three men in their homes this morning, in connection with an alleged conspiracy involving the writing and distribution of computer viruses. The men - reportedly a 63-year-old man from England, a 28-year-old man from Scotland, and a 19-year-old man from Finland - allegedly creating Trojans attached to spam that set up back doors to infected systems. Authorities believe that thousands of systems in the United Kingdom and other countries were infected with the virus, known as Ryknos, Breplibot or Stinkx, to create a zombie network.

According to a detective constable with the London Metropolitan Police Computer Crime Unit, the men allegedly coordinated their activities through a forum that they named "Moop." [Note: Although the Times ascribes the name to the garage band of South Park characters, Urban Dictionary lists no fewer than 32 definitions for "Moop."] The men were reportedly being interviewed by police on suspicion of conspiracy to commit unauthorised modification of computer material, in violation of the United Kingdom's 1992 Computer Security Act.

The Wrong Men

In Alfred Hitchcock's classic film The Wrong Man, one character, Lieutenant Bowers, confidently stated, "An innocent man has nothing to fear, remember that." Two recent reports from the United Kingdom and the United States show that, even in a world of high-tech law enforcement, innocent men have something to fear when criminals turn them into victims of identity theft. In the United Kingdom, Friday's London Times recounted the case of Roderick Rigby, a 51-year-old Lancashire upholsterer, who "received 52 summonses for driving offences that he says he did not commit" and was convicted and fined in his absence -- sometime even when he was on vacation.

According to the Times, Rigby started receiving mailed notices of fines for driving offenses, though the notices were for people with different names. He also learned that people were registering cars under his name and then accumulating parking and speeding tickets. In May 2004, he himself was arrested after someone named Royle, who was wanted for driving a car without a license or insurance, gave Rigby's address. The arresting officer apparently cautioned Rigby in the "names of Royle or Rigby". [A note on United Kingdom criminal law: A "caution" means that the suspect must go to a police station, where a senior police officer formally addresses the suspect and warns him or her about the alleged conduct and the consequences if the suspect commits a further offense. The caution is then recorded in writing. According to the U.K. Criminal Justice System Online website, a caution is not a conviction, but "can be put before a court if the suspect is convicted of another offence."] After the Driver and Vehicle Licensing Agency confirmed to magistrates that Rigby was not the offender, the caution was expunged from the record.

Nonetheless, later in 2004 a driver stopped for speeding somehow knew Rigby's name and address and gave them to police, along with a close approximation of Rigby's date of birth. When the driver failed to show up at a police station to produce his driver's license, insurance certificate, and vehicle registration, as required under U.K. law, Rigby received a summons ordering him to appear in court. He also started to receive other parking tickets and speeding fines, and had to appear nine times in court just on the initial summons. In another case, a court threatened him with contempt of court when he tried to explain that his was a case of mistaken identity. A conviction on one charge gave Rigby a £540 fine and six points on his license. His barrister later estimated that contesting the charges cost Rigby £30,000. Subsequently, Rigby was present at a hearing on one of the charges against him, when he heard a Crown Prosecution Service (CPS) prosecutor tell the court "that the defendant was excused from appearing in person because he was in prison for wounding." In a scene that would seem implausible in a B-movie, Rigby jumped to his feet and said, “No, I am not. I’m here.” Ultimately, a judge stated "that heads would roll at the CPS if it could not explain the matter."

A CPS spokeswoman later stated that the suggestion that Rigby was in prison for a wounding was "an administrative error," evidently due to the fact that Rigby had been confused with a real prisoner, Roderick James Rigby, who was serving a 14-month prison sentence. The spokeswoman confirmed that the Rigby in prison and the Rigby in court were not the same man.

Today's Washington Post reported the case of Elias Fishburne IV, a hairdresser from Maryland who was mistakenly arrested after a traffic accident in which he was involved. More than a decade ago, Fishburne had lost his Navy identification before shipping out for Desert Storm. On his return, he found that someone had bought thousands of dollars of furniture, clothing, and cellphones in his name. In the case of a $4,000 furniture purchase, a letter from his former captain, swearing that Fishburne was at sea at the time of the purchase, apparently cleared up the matter.

On May 5, 2005, however, Fishburne was arrested after his accident by a Maryland state trooper, after a Georgia arrest warrant listed Elias Fishburne as one of several aliases used by a career criminal, Jarvis Tucker. Even though, according to Fishburne, a booking officer at the county jail could see that Fishburne's date of birth, height, weight, and facial features were clearly different from those of Tucker, another officer dismissed the doubt and Fishburne was processed.

Over the next 37 days that Fishburne spent in custody, the criminal justice system repeatedly fell short in the fundamental task of verifying that Fishburne was indeed the man Georgia was seeking. According to the Post, the arresting officer did not perform a required computer check in the National Crime Information Center computer "because the computer system was out of service." Five Maryland law enforcement and corrections agencies and the Georgia sheriff responsible for the warrant regarded someone else as responsible for confirming Fishburne's identity. Fishburne was advised to waive extradition to Georgia without being told that waiver, in effect, would suggest that he was the person being sought. Even after arriving in Georgia for processing at the Fulton County jail, and the booking officer taking his fingerprints could see the prints of Tucker on her computer screen, she reportedly agreed that "[i]t doesn't add up" but continued to process him.

Thirty-six hours after his arrival at the jail, a background check by Fulton County authorities finally showed that they had the wrong man. Fishburne was released with no cash, no apologies, and no ticket home. Authorities did give him an $80 check to refund money that his mother and friends had deposited in a jail commissary account. The check was made out to Jarvis Tucker.

Power Trips in India

Last Monday's Washington Post ran an interesting feature about the efforts of S.K. Das, a utility company enforcement manager in New Delhi, India, to track down individuals and businesses who steal power from his company. The theft of electrical power in New Delhi is a substantial problem. The New Delhi power ministry reports that about 36 percent of all power consumed in this city of 14 million is stolen. The substantial number of free-riders places significant strain on the city's power grid, which can experience blackouts of whole districts of the city when residents use fans and air conditioners to get relief from oppressive summer heat.
Part of the solution, according to the article, is technological: new power meters equipped with computer chips and modems, which enables monitoring of tampering from remote locations; and replacement of low-voltage lines, which individuals can tap simply by throwing metal hooks over the lines, with high-voltage lines. For now, however, human intervention, involving both power company employees and the police, appears the most effective deterrent to continued power theft. Power thieves span the social classes, from slum dwellers to the affluent. The work of cutting off power theft is not without its risks: earlier this year, while trying to conduct an enforcement raid, Das and his enforcement team "were beaten by a mob that a local politician had whipped up." To his credit, Das recognizes that power theft has been a habit for "the past 20 or 30 years," and sees his work as a way of changing "the mind-set of the people."
Das's efforts can be seen as a microcosm of India's struggles to curb power theft and upgrade its electrical infrastructure. A recent BBC News report estimated that "somewhere between a third and half of the country's electricity supply is unpaid for." Moreover, Indian farmers, whose irrigation systems reportedly consume at least 20 percent of India's power, are accustomed to getting free or unfairly low-priced power (i.e., low set rates that take no account of the volume of power consumption). The Christian Science Monitor reported last year that farmers did not take kindly to government cutoffs of free electricity in many areas. Even after the Indian Parliament made power theft a criminal offense in 2003, some politicians are reluctant to challenge the farmers' lobby or upset constituents by pressing the power theft issue too vigorously. Reported "high-level collusion involving big industrialists and politicians" may also make some utilities cautious about challenging the politically powerful.
In the end, what may work best in changing Indian attitudes about power theft is a combination of simple changes in technology and the enlistment of community and religious leaders' support. A June 13 article in the Indian Express noted that in Godhra, India, the local power company laid PVC-covered cables to defeat the hook-and-wire method of pilferage, and installed pole meters to measure power disbursement from each pole. But the company also initiated a dialogue in communities to build support for change, and found religious leaders who were willing to speak about the issue. In his sermons at a local mosque, one maulvi [i.e., an Islamic religious cleric or teacher] "explained to people how bad theft is from [a] religious point of view. Some other religious leaders also pitched in and told people that if they do namaz [defined as the five daily prayers by Muslims to Allah] after washing hands with water obtained through power theft, it wouldn't be heard by Allah . . . ."

Snakes on a Train

A brief article in the Japan Times provides a cogent reminder of how even the most advanced nations can find unexpected vulnerabilities in their infrastructures. Last Saturday morning, a rat snake made its way into a railway transmission substation in Wakayama Prefecture. When the snake touched a live wire and was electrocuted, the short-circuit reportedly caused a power outage that resulted in the cancellation of 12 train runs and the stranding of about 350 passengers for a couple of hours.