Hard love: E-mail virus hit in 20 countries

Colin Rose, whose company Buchanan International helps trace illegal activities on the web, says like all criminals, cyber-attackers leave a trail of evidence.

"It's just like a burgling a house. You leave fingerprints."

In order to perpetrate a cyber-crime, an offender's computer has to communicate with a number of other machines to reach its intended target.

At each step in this chain of communications a record of the e-criminal's activity is logged.

With cyber-criminals bouncing their way across the internet, through numerous ISPs and servers, this log of information can be as daunting as it is valuable to detectives.

Broken record

"That's what makes the process so complex. There's so much information everywhere and it's gathering it that's the problem," says Mr Rose.

Hackers leave "fingerprints" in their wake

Mindful that their tracks can be followed with greater ease than many outside the computer world might think, seasoned hackers and virus writers endeavour to obliterate these records.

"It's the same as a burglar trying to rub away their fingerprints at a crime scene. But they never remove them all and you only need one or two."

It is not just the offenders themselves who can hamper an investigation. Information logs of ISPs and servers are "cache records", data retained for a very limited period in case it is needed in the short-term.

"Lots of the information gathered in these logs 'degrades'. You have to get to it in a few days to collect the relevant evidence before it disappears," says Mr Rose.

Finding the source

Fred Cohen, one of the world's leading experts on information protection, says the so-called "Love Bug" will be relatively simple to trace.

"Because of the rapid spread, records will likely still exist on many computers that will indicate the real source of this.

[Cyber-attackers] are foolish enough to think they are smarter than the rest of the world.

Fred Cohen, Sandia National Laboratory

"There are also a large number of leads, including the name in the file and other related information, the feedback mechanism that the virus used to get data back to its (presumed) creator, the places where the virus started to spread."

Other hacking attacks and viruses may present the authorities with a more difficult task.

Leaving traces

Mr Cohen, who works at the Sandia National Laboratory, the US government centre charged with defeating threats to the nation's economic and military security, says every hacking case offers different signposts.

"In many cases, the leads are a few bytes of residual data in a computer somewhere, or a credit card trail, or a tip from one of the perpetrator's friends, or an audit record from a phone company."

The Love Bug left "leads" around the globe

With Sandia's technical staff simulating cyber-attacks using the latest malicious programs downloaded from the internet, the official response to such activities is far more effective than many of those hit by the "Love Bug" might imagine.

"You follow leads and see where they take you. Eventually, you secure the evidence, catch the bad guy, and cart them off for prosecution and punishment," says Mr Cohen.

Mr Rose says catching cyber-attackers is all down to the money and manpower available to throw at a problem.

Making an effort

"If they're slap dash or not very clever, it's quite easy to find a hacker given reasonable resources. The greater the harm done, the more high-profile the attack, then the more effort put into finding them."

Even the most careful cyber-criminal can make mistakes.

President Clinton wants to spend $2bn on computer defence

Mr Rose says an otherwise canny hacker in Singapore was apprehended when a satellite link they were using to route their activities via Thailand and Australia suffered a "freak termination".

"The hacker panicked and got out. If they'd waited they would have had time to erase their tracks."

Mr Cohen, who is credited with creating the first computer virus while a graduate student in the 1980s, says all the hiding techniques in the e-criminal's arsenal can be overcome.

"The thing that makes them catchable is the fact that they are foolish enough to think they are smarter than the rest of the world.

"After all, how smart can you really be if the most interesting thing you can think to do is to harm other people?"