KEY POINTS:
For a young man who has been described by a seasoned cyber policeman as bordering on genius, Owen Walker's immediate prospects are bleak.
Extradition to the United States is a distinct possibility for the software whiz who was bullied at Mercury Bay Area Primary, home-schooled from age 13, and five years later finds himself the centre of attention of FBI and Dutch investigators.
It's alleged the solitary, sensitive teenager - revealed by his mother as having Asperger Syndrome- is the creator of malware considered to be among the most sophisticated seen.
Malware is short for malicious software such as viruses, adware (advertising software) and spyware (software which spies on you). Undetectable by existing firewalls and anti-virus software, Walker's program is alleged to have been used by cyber criminals ranging from vandals and saboteurs to virtual bankrobbers in the United States and is part of a Dutch investigation of an adware scam in Europe.
Cyber crime, in the US in particular, carries hefty sentences.
Case in point: Ryan Goldstein, a 21-year-old student accused of using a botnet (robot networks, collections of computers that have been compromised by malware) to cause a relatively minor crash of Pennsylvania University's server (4000 students and staff were denied computer access) and conspiring to launch web attacks against several chatrooms he was barred from.
Although the FBI told the Weekend Herald his intrusions caused only an estimated $5000 damage and was "in the nature of destructive nuisance attacks", if convicted Goldstein faces up to five years' jail and a fine of US$250,000 ($322,000).
Goldstein, a student known by the login name Digerati, was significant in another way.
He began a trail that eventually led the FBI to Whitianga, New Zealand, and to Walker, who is suspected of having created the malware and to have conspired with Goldstein.
University staff first alerted the FBI's Philadelphia office after finding hacker software on a server at the School of Engineering and Applied Sciences.
The server crashed on February 26, 2006, after receiving 70,000 requests from other computers over a four-day period to download a program which turned out to be a target package for a hacker-controlled botnet.
The program turns infected computers into virtual zombies manipulated by hackers, known as bot-herders, who can use them to send spam email, mount internet attacks or such other crimes as deploying programs known as key-stroke loggers that can steal passwords and other banking information from users and send it back to the bot-herder.
Goldstein's charges relate to a crude form of cyber attack called Distributed Denial of Service (DDoS) attacks, in which thousands of zombie computers overwhelm the target server by flooding it with fake internet traffic.
But in order to launch such an attack, the slave computers must each download targeting instructions and other malware. Since botnets can contain a million or more computers, the downloads generate very heavy traffic, requiring a large-capacity server to handle it. The indictment filed in Goldstein's case appears to indicate the intention was not to crash the university's server but to hijack it to use as a "mothership" to guide the botnet.
A statement by the US Department of Justice says Goldstein is alleged to have crashed the server "while he was attempting to work with another individual to launch [DDoS] attacks against other servers on the internet using botnets".
According to reports in the US, Walker was named in the indictment as assisting Goldstein.
Maarten Kleintjes, manager of the New Zealand Police national electronic crime laboratory, explains that bot-herders are unlikely to have powerful enough computer systems themselves to control a million other computers, and so control their botnet by sending commands via hijacked "motherships", usually powerful machines belonging to big businesses or universities that can handle thousands of simultaneous connections.
The Pennsylvania University incident prompted the FBI to launch an investigation called "Operation Bot Roast", with Walker's botnets at its centre. The FBI says the investigation revealed more than US$20 million of "economic loss" to victims and more than one million compromised computers.
Investigations of the activities of "Digerati" led to Goldstein, to "AKILL" (a nom de guerre taken from the "automatic kill" command used to knock unwanted participants off chat channels), Walker's cyber ID. Authorities are not commenting on how they were tracked but both IDs were known in chatrooms frequented by hackers from which their IP (Internet Protocol) addresses may have been available. Companies supplying IP addresses hold details of the individual they are assigned to.
Kleintjes confirmed that investigators knew details about Walker, including his age, well before executing the search warrant.
In a separate investigation, the Dutch watchdog, Independent Post and Telecommunications Authority (OPTA), also traced AKILL to Walker. His malware is suspected to be being used in adware schemes that has infected 1.3 million computers.
Spokeswoman Ewa Walters told the Weekend Herald that during a cyber crime inquiry "into two Dutch enterprises, we ran into the person from New Zealand. That information we handed over to our colleagues from New Zealand."
Walters declined to provide further details because the inquiry was ongoing but an August press release revealed that the malware had been installed on PCs 22 million times and that perpetrators were continuing "to upgrade and distribute their malware"despite being aware of the investigation.
OPTA announced it intended to impose a fine of 3500 euros (NZ$6585) for each day distribution continued.
This implies brazenness but also ingenuity. Says Kleintjes, "the seriousness is well established. We didn't do the search warrant for nothing. We just have to go through the evidence and go through the process."
AKILL's malware is central to Operation Bot Roast, with the FBI delaying the announcement of eight people charged until the day after the search warrant was executed on Walker (his computers were seized, he was arrested, released without charge but remains under investigation).
Of eight people who have appeared in court as a result of Bot Roast, two are men who were jailed for 42 months and 24 months for "bank phishing schemes" in which they electronically transferred "substantial sums" into accounts they set up in the name of a bogus company.
Laws are in place to cope with the global nature of cyber crime. Depending on evidence, Walker could be extradited to face charges in the United States or be prosecuted here.
"If someone starts something that is against the law in New Zealand that has consequences overseas they can be charged; or if someone finishes something that was started overseas that is an offence against New Zealand law, they can be charged," a knowledgeable legal source told the Herald.
Bot-herders are criminals' service providers, says Kleintjes. The going rate for taking a business down for a week was about $500.
He notes that the National Australia Bank was recently hit by denial of service attack and a web-hosting company in Paraparumu was infiltrated by criminals using a botnet. In that instance, a fake survey was emailed to a US customers of finance company JP Morgan, resulting in many divulging "usernames, passwords, card numbers, all the things the banks ask; mother's maiden name, name of your budgie, social security numbers, the lot".
"The information was stored on the server back in Paraparaumu for the crooks from Romania to harvest," says Kleintjes, "That's how organised [internet] crime works." The perpetrators of that scam had not been caught.
That case was an example of the necessity of international co-operation in investigating cyber crime, even when both the perpetrator and victims are overseas. Kleintjes estimates that he speaks to the FBI on average three times a week.
Walker's culpability will probably depend on the evidence found on his computer hard-drives. Creating software subsequently used in crime doesn't necessarily make him a criminal. Kleintjes offers the analogy of someone who has made a new gun. It doesn't automatically follow that he intended to use it for crime, or knew the intentions of others who got hold of it.
* WHEN COPS COME CALLING
The Coromandel teenage computer whiz at the centre of an international cyber crime investigation is probably feeling a bit scared.
Owen Walkerhas remained out of sight since his name became public. His mother, Shell Moxham-Whyte, says the family have been advised to stay quiet.
So how might Walker be feeling?
The Weekend Herald asked a hacker who got in trouble with the law aged 14 and again aged 16 - the second time hacking into the cellphone voicemail boxes of prominent people including Dick Hubbard (Auckland mayor at the time) and Telecom's spokesman, John Goulter. "Knowing he may be facing extradition to the US, I'd probably be s....... my pants, literally."
The hacker says he didn't realise at the time that he was breaking the law.
"While I was doing it, it was a bit of fun ... but when I got the knock on the door at six in the morning with a bunch of burly cops come to take my computers and me away, then it started getting a bit scary."
Maarten Kleintjes, manager of the New Zealand Police national electronic crime laboratory, has specialised in investigating technology crime for 20 years.
He says this about Walker: "You come across only one in your career. It's like someone who is brilliant at singing, like the girl [Hayley] Westenra, like Kiri Te Kanawa."
Walker had a rare talent he could apply for good or bad. "He will come to a crossroads where he will have to decide which way to go."
Time will tell whether Walker reached that crossroads on the morning of November 28, when an FBI agent, accompanied by New Zealand police officers, knocked on the door of his Whitianga home.
