SoBig & It's Variants: Investigation Pointing to "9/11 Event"

Northeast Intelligence Network

29 August 2003: SoBig Update: Two Different Stories

The Washington Post is reporting that an arrest of an 18 year-old, reportedly accused of writing one version of the damaging "Blaster" infection, is imminent. Source Link: It would be wide to pay close attention to the wording of this article.

Meanwhile, Critical clues to impending terrorist attacks could again go unnoticed, according to an article by Computer World. Source Link:,10801,84435,00.html In yet another accounting of the SoBig worm, it was announced by US Justice Department officials that a worm or virus has dramatically slowed 15,000 computers at 300 U.S. attorneys' offices around the country since last Friday evening. Source Link:

In short, expect the announcement of the arrest of a teenager who will be identified as the person behind the latest SoBig version or a variant of the same. However, the FBI is continuing its investigation as computers continue to become "infected." The impending arrest might be of a computer-savvy teenager who managed to figure out parts of the SoBig worm or a variant, and in a copycat style, launched a similar program. It continues to be the position of the Northeast Intelligence Network that the worm is simply one component of a larger and more sophisticated convergence of events times to coincide with the second anniversary of 9/11.

27 August 2003: SoBig Update

Evidence continues to mount to suggest SoBig is a very significant and imminent threat to the operational infrastructure and the economy of the United States. Computer security experts are still trying to determine the "motive" of the programmer or authors who created the malicious program, which has been described as "the fastest spreading computer virus of its kind." The malicious program has been found on the computers of various companies, public and private agencies such as Federal Express, AOL Time-Warner, Starbucks, as well as in the state operated computer networks of New Jersey, Pennsylvania and North Carolina.

The FBI, RCMP (Royal Canadian Mounted Police), and investigators within the Department of Homeland Security are joining forces in an attempt to "track down" the origin and identify those behind the program. In addition, they are actively seeking the assistance of the public to track down and contain this "virus."

Despite a recent minor success that prevented a more malicious portion of the SoBig program from deploying, the worm is growing faster than ever. "Media reports that the worm has been contained by the latest series of patches or "fixes" are disproportionately optimistic at best," according to Douglas Hagmann, Director of the Northeast Intelligence Network. "It would be prudent to look at the whole picture by the intelligence community, and possibly consider that the SoBig program is only one aspect of an attack on a larger scale." Terrorists have readily admitted that one of their primary targets is our economy. "Considering that we are engaged in an asymmetrical war against terrorism, why not use 'bytes rather than bombs' to attack our economy and our infrastructure?"

According to computer security experts, the person or people behind the SoBig program have continuously attempted to covertly place a number of programming tools onto millions of computer networks worldwide that would permit unfettered access to the data on the computers and within the networks, and also provide a method of deploying such a huge amount of email messages that it could potentially result in the largest and most effective DoS (Denial of Service) attack ever experienced. The results could be catastrophic if not stopped in time. And when is the worm next scheduled to deploy it's payload? September 11th. Coincidence?


26 August 2003-- Government Computer News: "...speculated that whoever has released and rereleased Sobig is doing so with a purpose, not just seeking bragging rights. “The motive behind the Sobig worm is apparently different from others....”

26 August 2003-- IT Web: 30% [20 Million] Computers in China Infected