Computers
Read books online » Computers » Approaching Zero by Paul Mungo (bts book recommendations .txt) 📖

Book online «Approaching Zero by Paul Mungo (bts book recommendations .txt) 📖». Author Paul Mungo



1 ... 22 23 24 25 26 27 28 29 30 ... 40
Go to page:
It is the classic relationship between a cop and

his adversary: hatred, tinged with a measure of respect.

 

On several occasions, Vesko says, he has tried to smoke out the virus writer.

Once Vesko announced that he had carefully analyzed two viruses attributed to

the Dark Avenger: the Number of the Beast and Eddie. He said that, in his view,

they could not possibly be the work of the same writer. One was clever, the

work of a professional, the other sloppy, the work of an amateur. Furthermore,

he said that he intended to present his evidence at a lecture that would be

held in Sofia. He guessed that the Dark Avenger would appear, if only to hear

what Vesko had to say about his programs.

 

The meeting was well attended, particularly for a cold Friday night in early

December. Vesko presented his evidence. Number of the Beast, he said, was

obviously written by an extremely skilled specialist whose style contrasted in

every way with the poor quality of Eddie. He watched the audience during his

presentation, Vesko says, looking for someone who might be the Dark Avenger;

during the questions and discussion afterwards he listened for anyone defending

the programming of Eddie. He saw and heard nothing that gave him any clues.

 

But two days after the lecture he received a letter from the Dark Avenger.

According to the letter, the virus writer had attended the meeting. Vesko

published his comments in the magazine Komputar za was. “The author of the

Eddie virus is writing to you,” the Dark Avenger began. “I have been reading

your pieces of stupidity for quite a long time but what I heard in your lecture

was, to put it boldly, the tops.” The virus writer went on to complain about

Vesko’s critique of his programming skills. Then he added:

 

“I will tell you that my viruses really destroy information but, on the other

hand, I don’t turn other people’s misfortunes into money. Since you [get paid

to] write articles that mention my programs, do you not think I should get

something?”

 

Virus writing is not a lucrative field. The Dark Avenger had once before

alluded to getting paid for his skills, in a message to a local bulletin board

operator, when he had suggested, none too hopefully, that “maybe someone can

buy viruses.” So far as is known, he has never sold any of his bugs.

 

In 1990 Vesko put together a psychological profile of the Dark Avenger, a

compilation of all the known facts about him: his taste in music, his favorite

groups, his supposed interest in the Princess of Wales, his need for money and

so on. From his letter Vesko gleaned he had been a student at Sofia University

and, from sarcastic remarks he had made about Vesko’s engineering degree, that

he was either a mathematics or science student (there is a traditional rivalry

between engineering and the other two faculties). He sent the profile to seven

former students at the university, asking if they knew anyone who fitted the

criteria. All seven replied, Vesko says, and all seven mentioned the same name-

-that of a young man, then twenty-three, a programmer in a small, private

software house in Sofia.

 

Vesko didn’t turn him in. Even had he wanted to, there was little point:

writing viruses is not illegal in Bulgaria.

Chapter 6 HACKING FOR PROFIT

Inevitably there are people in the computer underworld who use their skills to

make money—legally or illegally. Hacking into suppliers to steal goods, or

looting credit card companies, has become established practice. But there seems

to be little commercial potential in viruses—unless it becomes part of a scam.

 

In December 1989 the first such scam appeared. The virus was used as a

blackmail weapon to frighten computer users into paying for protection. Jim

Bates, a freelance computer security consultant, was one of the first to

examine the blackmail demand delivered on an apparently ordinary computer

diskette. He had received a call earlier that day from Mark Hamilton, the

technical editor of a British computer magazine called PC Business World. Mark

had sounded worried: “There’s apparently been a trojan diskette sent out to PC

Business World customers. We don’t know anything about it. If we send you a

copy, can you look into it?”

 

Jim runs his little business from his home in a commuter suburb ith the

misleadingly bucolic name of Wigston Magna, near ~icester, in the English

Midlands. Though he had other work to at the time, he agreed to “look into it”-

-which meant, effecvely, disassembling the bug. It would be a timeconsuming

task. “What does it do?” he asked.

 

“We don’t know. It may be some sort of blackmail attempt.”

 

To Jim, the concept of viral blackmail sounded unlikely. As far as he knew, no

one had ever made a penny out of writing virUses. It was said that if there was

any money in writing bugs, Bulgaria would be one of the richest countries in

Europe; but instead it remained one of the poorest.

 

At 5:30 that afternoon, December 12,1989, the package from PC Business World

arrived. As promised, it contained a diskette, of the sort sent out to the

magazine’s readers; it also contained a copy of a blue instruction leaflet that

had accompanied the diskette.

 

Jim examined the leaflet closely. “Read this license agreement carefully [and]

if you do not agree with the terms and conditions … do not use the

software,” it began. It then stated that the program on the diskette was leased

to operators for either 365 uses at a price of $189, or the lifetime of their

hard disk at a price of $389. “PC Cyborg Corporation,” it continued, “also

reserves the right [sic] to use program mechanisms to ensure termination of the

use of the program [which] will adversely affect other program applications.”

 

So far, Jim thought, it read much like a normal software licensing agreement,

except for the warning that the program might “adversely effect other program

applications.”

 

But farther down in the small print on the leaflet was a paragraph that made

him sit up. “You are advised of the most serious consequences of your failure

to abide by the terms of this agreement: your conscience may haunt you for the

rest of your life … and your computer will stop functioning normally

[authors’ italics].”

 

This, Jim thought, was carrying the concept of a licensing agreement too far.

Licensing software was a perfectly acceptable business practice, as was making

threats that unauthorized users of their products would be prosecuted for

“copyright infringement.” They never threatened to punish unauthorized users by

damaging their computers.

 

Even more unusual, the diskette had been sent out like junk mail, unrequested,

to computer users around Great Britain, inviting them to run it on their

machines. Whoever had distributed the diskettes had obviously purchased PC

Business World’s mailing list, which the magazine routinely rented out in the

form of addressed labels. The magazine had seeded its list with names and

addresses of its own staff, an ordinary practice that allows the renter to

check that its clients aren’t using the list more often than agreed. These

seeded addresses had alerted the magazine to the existence of the diskette. If

the publication had received copies from its seeded addresses, so had some

seven thousand others on the mailing list. And Jim knew that many of these

would have loaded the program without reading the blue leaflet—which was, in

any case, printed in type so small that it was almost unreadable. Anyone who

had already run the diskette, Jim thought, could well be sitting on a time

bomb.

 

Later that evening an increasingly anxious Mark Hamilton phoned again: “We’re

now getting reports that this disk has been found in Belgium, Paris, Germany,

Switzerland, Scandinavia, and Italy. Can you do anything with it?”

 

In fact, Jim was already working on an antidote. He had loaded the diskette on

an isolated test computer in his upstairs office and had discovered that it

contained two very large executable files: an “Install” program and an “AIDS”

program. Jim had previously attempted to run the AIDS file on its own, but

after a few seconds it aborted, displaying the message: “You must run the

Install program before you can use the AIDS program.”

 

He followed the instructions, warily loading up Install. It beeped into life,

the light on the hard disk flickering off and on. When the installation was

finished, Jim looked at the hard disk, using software designed to see all of

the files listed in the computer’s various directories. The software also

allowed him to see any “hidden” files, those generally concealed from casual

inspection to prevent them being deleted accidentally. There are always two

hidden operating system files on a hard disk; but now, after running the

Install program, there was suddenly a whole series of them, none of them named.

 

He decided to have a look at the hidden files, using another

special program. This software went right into the heart of the files,

penetrating the binary code, the building blocks of programs. It presented the

contents on a vertically split screen: the left side displaying the files in

computer code, the right in ordinary text. Jim went through them page by page.

He discovered that the hidden files contained a counter, which kept track of

the number of times the computer was turned on. After ninety startups the

hidden files would spring to life and attack the computer’s hard disk,

encrypting working files and hiding programs. Without access to programs and

data, the system would be unusable.

 

The diskette Jim realized, was a huge trojan horse, a malicious piece of

software that entered a system in the guise of something useful, then unleashed

its payload. In this case the “useful” component was the “AIDS information”

file; the payload was the scrambling of the hard disk.

 

Curiously, Jim found that the program had been written to behave almost like

the real AIDS virus. It was opportunistic, just like its biological

counterpart; it spread its infection slowly; and was ultimately fatal to its

hosts. Whoever wrote the program must have been casually interested in AIDS,

though perhaps he didn’t know a great deal about the subject. Switching to the

AIDS information file, Jim read through the material it offered, which

described itself as “An interactive program for health education on the disease

called AIDS…. The health information provided could save your life…. Please

share this program diskette with other people so that they can benefit from it

too.”

 

The program offered “up-to-date information about how you can reduce the risk

of future infection, based on the details of your own lifestyle and history.”

It required a user to answer thirtyeight questions—sex, age, number of sexual

partners since 1980, medical history, sexual behavior, and so on—and according

to the user’s answers it provided “confidential advice,” most of which was

eccentric and misleading: “Scientific studies show that you cannot catch AIDS

from insects,” and “AIDS can be prevented by avoiding the virus” were two of

the less helpful comments. Others included, “Danger: Reduce the number of your

sex partners now!” “You are advised that your risk of contracting AIDS is so

large that it goes off the chart of probabilities.” “Buy condoms today when you

leave your office.” “Insist that your sex partner be mutually faithful to the

relationship.” “Casual kissing appears to be safe. Open-mouth kissing appears

to be more dangerous. It is that which follows open-mouth kissing that is most

risky.” “The AIDS virus may appear in small quantities in the tears of an

infected person.”

 

The AIDS trojan, as it had quickly become named, also produced a variety of

messages demanding payment for the license. In certain cases, if the computer

was

1 ... 22 23 24 25 26 27 28 29 30 ... 40
Go to page:

Free ebook «Approaching Zero by Paul Mungo (bts book recommendations .txt) 📖» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment