4:52 pm PST 14 Jan 97 - The recent denial of service attacks courtesy of the 17-year-old Romanian cracker known as _METAL_ may only be the beginning of a surge in illicit online activity originating from Eastern Europe.

Although illegal in the US, cracking has attracted scant attention from lawmakers in countries such as Romania, Poland, and Hungary. Further, international law is inadequate to deter computer crime.

"I'm afraid that we could expect all sorts of attacks from the Eastern European countries because here there is no law [against computer crime]," said Corneliu Tanasa, system administrator for LogicNet, the Romanian-based Internet service provider from which _METAL_ launched his first attacks.

"I hope the international community (US in fact) will understand from here that they have to push the local governments [in Eastern Europe] to make such laws, not to 'blackhole' us," Tanasa wrote in an email to Wired News.

_METAL_'s attacks began two months ago when he attempted to break into systems run by ISPs throughout Europe. System administrators from these services noted that the assailant originated at a Romanian domain.

A UK-based ISP was broken into during the absence of Andrew Crawford, an IRC system operator, or IRCop, who had been away on his honeymoon. Other IRCops, who knew of Crawford's absence, noticed his logon identity was active and challenged the interloper with personal questions. When _METAL_ wasn't able to give convincing answers, the IRCops suspended Crawford's account.

Crawford's service was brought down three times by _METAL_, who obtained root access and erased the contents of the servers. Crawford and other system administrators then notified Tanasa, who eventually canceled _METAL_'s account.

"Because we didn't want trouble with the hacker we didn't do anything against him as long as we didn't receive complaints from the Internet," said Tanasa.

But trouble came. _METAL_ telnetted to an Undernet server in Sweden, crippling a number of IRC servers. Undernet administrators around the world noticed the attacks and resolved to ban all sites he'd been known to use.

Thus began a vengeful juggernaut which took _METAL_ to other ISPs, including Ventura, California-based FishNet and Milwaukee-based Nap.Net. From these sites, the cracker launched a series of syn flood and ping attacks, disrupting service for as little as 15 minutes and as long as 15 hours for some Undernet servers, said Chris Icide, senior engineer with Nap.Net.

AOL, which Undernet administrators said operates IRC servers, did not suffer any loss of service or downtime from the attack as previously reported.

Security experts, including Richard Powers of the Computer Security Institute, said more attacks can be expected from Eastern Europe because the technology is being installed rapidly in the midst of a society that, as a whole, isn't yet computer literate.