💾 Archived View for spam.works › mirrors › textfiles › virus › lminterv.iew captured on 2023-06-16 at 21:03:20.
View Raw
More Information
-=-=-=-=-=-=-
Faces Behind the Masks
by Sara Gordon
- this interview was featured in "Secure Computing" magazine in August
through November 1994
===============================================================================
(the following is the text which appeared before the interview - this was
- not* written by Ms. Gordon)
"Who are they? Why are they doing it? Virus authors have been seen as
paranoid, secretive, anti-social but are they? In this article two
legendary virus authors give their reasons for doing what they did."
"One of the perennial questions is why do they do it? Often asked at
conferences and seminars, ordinary folk want to know why virus authors
write viruses. The desire to understand - as some sort of process to
build effective defences against viruses - is very strong. This month
sees the start of a series in which Sara Gordon interviews two legendary
figures in the virus community.
One of the difficulties in understanding viruses, virus authors and the
virus community is the inherent secrecy and paranoia of its population.
However, the anti-virus community does communicate although it is always
via e:mail on the Internet - never directly.
As with the interview with the Dark Avenger printed in Virus News
International last year, Sara Gordon has taken considerable care to
establish that the respondents are genuine. Sara Gordon is herself a
professional in the area of Cyberspace - a collective term for all
on-line systems.
Pseudonyms taken by virus authors are meant to conceal their true
identity. They are also a means of donning another character - typical
of the sort of thing done by fantasy-games players (although this is not
to suggest that such games players are involved in nefarious
activities). Names like Dark Avenger, Hellraiser, Black Baron and
Lucifer Messiah give a certain presence to what are just ordinary folk.
Current research indicates that most virus authors are adolescent
males. As with other habitues of on-line systems many live out an
existence which is alotgether more exciting - swashbuckling, even - than
their more humdrum lives in real life.
Another aspect of interviewing members of this community is that the
communication is always written. Some of the respondents' writing
skills (and this is not meant to be a derogatory) are not that high and
so they tend to come across less well than they would, for example, in a
telephone interview. To some extent the on-line community has tried to
short-cut some of the deficiencies of the medium by introducing symbols
which indicate the tone of the written comment. These are called
emoticons of which the sideways smiley :) is the most common.
Virus writing is widely regarded as an anti-social, and in some quarters
illegal, activity. We take a neutral position for the purpose of this
series of interviews. While it may be more comfortable to adopt the
moral high-ground, it does not actually contribute to the solution."
==============================================================================
Lucifer Messiah: the name is chilling, but the man behind the mask is
one of the most decent people I have ever spoken to. Hellraiser: more
demonic images of youth gone mad? He too has proven to be a bright and
charming young man.
These two have more in common than their satanically-inspired aliases.
Both are members of virus writing groups; both have written and
allegedly distributed computer viruses. There is, however, one
difference. Lucifer Messiah writes viruses and is now affiliated with
PCScav, a computer 'research' group based in Canada. Hellraiser, a
member of the Phalcon/Skism virus writing group, says he has stopped
writing viruses.
My introduction to Lucifer Messiah, who also uses the alias Chris Boyd,
came about this year. I have known Hellraiser for approximately two
years. They have had similar experiences, but have taken radically
different paths. Why is one still writing viruses, while the other has
left it all behind? I decided the best way to find out was to ask
them. Here are some insights into the minds of these two individuals.
Q: People are always curious as to why a virus writer writes viruses. I
have found there are no 'simple answers', but if you had to give one
'reason' what would it be?
Lucifer: The intrigue of coming up with new technologies. I enjoy
making the computer do what it isn't supposed to be able to do.
Hellraiser: All throughout my life I have been involved with the
negative side of my pastimes. For instance, when I was younger I was an
heavily into art, but instead of doing my work on a canvas with oils - I
did it on a wall with spray paint.
Naturally when it came to computers I once again found myself on the
'dark side'. Instead of writing utility programs and such, I started
writing viruses. Instead of calling BBS systems I started hacking into
computer systems. It is best wrapped up by saying - I find it much
easier to accomplish negative actions, than positive - thus my drive for
writing viruses.
Q: At what age did you become involved with computers (not viruses). Can
you describe your initial experiences with computers? How were you
taught; by yourself, or by an instructor, parent or friend?
Lucifer: 14 years old. I got a Vic 20 at the Yule. They boot up in
Basic, so I learned from that. The magazines were very helpful. I got
some Tandy I think not too long after that. I took Computer through
high school as well.
Hellraiser: I would have to say around the age of 13 or 14. That
Christmas, I got my first home computer, an Atari XE with 8Kb of RAM!
After begging my parents for two weeks I got a storage device for it (a
data cassette drive) to save all of my Basic programs. There wasn't
much to do on the system, being as how I had no software - much less a
modem. So I typed in hundreds of lines of Basic code (10 lines of Basic
code, hundreds of data statements) from magazines like Compute.
I started to learn Basic myself off these examples, and in no time I was
good enough to scare the hell out of my neighbors' little brother with
an incredible War-Games simulation (the fact there was a thunderstorm
that day that really added to the effect). All the great XE action
ended abruptly when I smashed the damn thing in a fit of anger after I
couldn't load the Space Invaders game [I] blew eight dollars on.
After the XE days my only contact with computers was at school. I
worked with such relics as the TRS-80, Apple IIE, and the original IBM
PC in high school (I am hinting [at] my age). About all I did was
program little junk programs in Basic, and mess around the machine
code. Nothing spectacular.
It was a few years later that I was able to use a computer again, when
my father brought home a new 286 clone. To top it off, the thing had a
1200 bps modem. From then on I have become a true computer hacker (in
the good and bad sense of the word).
Q: What different operating systems did you learn, and in what order did
you learn them?
Lucifer: I started with Basic. The Vic 20 doesn't really have an
operating system. After that, whatever the name of the Tandy operating
system was. There no such thing as DOS yet. Maybe it was a hybrid
CP/M. In school, it was AT&T UNIX all along. I never used DOS until 3
years ago. I don't really like it.
Hellraiser: I have to say that DOS was the first full O/S that I
learned, which I taught myself. Later on I picked up UNIX by hacking
into systems and just playing around. I played with VMS for a small
amount of time but found it very boring. And lately I have been
learning the new GUIs - OS/2 and Windows/NT. All of which I taught
myself.
Q: What different languages did you learn, and in what order did you
learn them?
Lucifer: I started programming in FORTRAN. I hated it. I hate math!
Then Pascal and C came along, and I was in heaven. When I learned about
assembly, I stopped programming in Pascal altogether, and only sometimes
in C. I also use APL, the different varieties of AWK, ummm, Lisp, a
little COBOL. I'm not showing off. This is what we had to learn in
school.
Hellraiser: As I mentioned above - Basic was my first language. Much
later on (when I got a PC) I picked up Pascal and started writing cool
little utilities and BBS doors. When the whole virus thing came into
play, I knew I had to learn ASM, and fast. So that was the next step.
After I stopped coding viruses, I picked up C. At this time I am
learning C++.
Q: What is the highest level of education you have completed?
Lucifer: 3 years of college.
Hellraiser: I left college after two years for financial reasons.
Q: Do you plan to go further in school? If you do, why? If not, why not?
Lucifer: No. I'm 27 years old! I may take the odd night [school]
course. I've been enjoying the presentations put on by Intel, and that
sort of thing. I guess that's an education.
Hellraiser: If I could, I would at the drop of a dime. The problem is I
don't have the money for it. Plus I have a life and responsibilities.
Right now and I would find it very hard to drop them all to go back to
school. Let's just say the only way I might get back into school is if
I come into a lot of money real quick.
Q: What person, non virus writer (non computer related), do you have
the most respect for.
Lucifer: My mother, I guess. She's really cool.
Hellraiser: I would have to say, my mother. She has been though a lot
of strife over the years, a large portion of which is my fault. Yet she
still stays happy and positive. I could never be that way.
Q: What person, non virus writer (non computer related), do you have the
most disrespect for?
Lucifer: Bob Rae/Kim Cambell/Brian Mulroney. They are all actually
incarnates of each other. They are a 'collective', each branching from
past lives as hedgehogs with brains the size of peas.
Hellraiser: I can't pick just one person so I have to say politicians,
because they get away with so much stuff; stuff that would have me or
you in jail for life. When they get caught all they get is a slap on
the wrist. If I bounced hundreds of checks where would I be right now?
Q: Now, what person computer related (non virus writer) do you have most
respect for?
Lucifer: You. Just kidding. Do I get more brownie points?
I used to respect Peter Norton because he had the coolest software, but
he has been really slipping. His latest books leave much to hope. I
really respect Bill Gates. I don't necessarily like his DOS, but I sure
like what he has with it! $$$
Hellraiser: That's a tough one. The problem is I can not think of
anybody computer related I have a tremendous amount of respect for.
Don't get me wrong I have respect for a lot of people in the field, but
I can't pinpoint anyone in general.
Q: What person, computer related, but still non-virus writer, do you
have most disrespect for?
Lucifer: Ross Greenberg. Where does he get his facts from? He is so
full of it!
Hellraiser: I would have to say Bill Gates. I know he has accomplished
a lot for himself, and he is a person that should be admired, but I just
do not trust him. I don't like the way he makes billions off
poorly-made products that sell just because of the name Microsoft. It's
like the emperor's new clothes, and Bill is very naked.
Q: What virus writer do you have the most respect for?
Lucifer: None, really. I don't like to lick boots. I find Dark
Avenger's ideas to be grand, but his programming is sloppy. Perhaps the
guys from Trident. Their Cruncher viruses were much smaller than Cohen
ever imagined.
Hellraiser: No doubt, Dark Angel. Not only is he a good friend, but
he's is a very smart person. What really makes me respect him is his
willingness to teach. That aspect is very rare for a virus writer.
Q: What virus writer do you have most disrepect for?
Lucifer: All of NuKE.
Hellraiser: Rock Steady. This guy knows about as much as I did two
years ago and he never stops bragging about how great he is. He's sort
of the 'Bill Gates' of the virus world. He controls lame people with
hype for lame product. I hate this guy.
Q: Can you describe for me your initial (first) experience with a virus
writing group. This does not have to be the first group you joined or
created or worked with or for. I mean, the first time you ever heard of
a group, please tell me your impressions as you remember them. Please
be as specific as possible.
Lucifer: I played around with a Scandanavian hacking group. I don't
want to get into details about that scene. They aren't just a hacking
group, as you know. You probably heard what they did at NASA three
years ago.
A guy I went to school with in Sweden showed me computer virus. It was
the Stoned. The whole concept of it blew me away. My second contact
was with the Ontario virus. I wrote a new version of it. You already
know that story.
I was hacking on the telephone way before I ever learned about viruses.
I don't do that anymore, though. It's too scary.
Hellraiser: It had to be long before I actually knew anything about the
computer underground. I was writing (hacking) viruses on my own at the
time. Then one day I was on a BBS, Patti Hoffman's VSUM. Wow! A
listing of all known viruses.
The thing that really got me was the name Rabid kept showing up. Being
at the time I couldn't tell a good virus from a bad one, I thought these
guys [were] awesome. That is what got me into the group thing. It
wasn't until much later that I figured out that they were a bunch of
lamers.
==============================================================================
"How did it all start? Whose idea was it initially? What is the
philosophy of the group? In this second article the two legendary virus
authors, in their indepth interview with Sara Gordon, throw further
light on their reasons for doing what they do - or did."
"One of the perennial questions asked of virus writers is why do they do
it? The interview recorded below tries to get under the skin of two
notable figures from the virus community.
A serious difficulty when it comes to understanding viruses, virus
authors and the virus community is the inherent secrecy and paranoia of
its population. However, the anti-virus community does communicate
although invariable via e:mail on the Internet. Sara Gordon has
conducted a series of on-line interview with two self-confessed virus
authors, Lucifer Messiah and Hellraiser."
==============================================================================
Q: If you are part of a group now [which you are, I think :)], please
tell me as completely as possible how you got involved with the group.
Such as, met via modem, met in person, went to school with, etc..
Lucifer: At the start, there was no group. It was just a bunch of guys
who liked to hang around. We usually were in some kind of trouble or
another.
Did you ever see the movie Clockwork Orange? We wanted to be like
droogies. We got into telephone hacking. The group actually formed
around that. We all had computers. Remember this was in school, too.
Really, i didn't my own computer at first with them. Me and another guy
split costs because we lived near each other. Soon we had names.
All my friends always called me Lucifer Messiah. I am a religious type
of person. People were always afraid of me because I always wear black,
and have very long hair. This was not normal then, with leather and
studs. They called me Lucifer first. When they found that I was not a
Satanist, they called me Jesus. I had a sweater with a hood, so I used
to act like it. Some people called it my satanic robe, and others my
Jesus clothes. Now it is Lucifer Messiah.
Blodigt Kors got his name because that was his rock band name. It means
bloody cross. He was (the) Satanist not me! There is another guy
called Jackal. He helped out with forming a group. We were looking for
chaos. Chaos was hacking, phreaking and viruses when they came.
Three years ago I moved to Canada because of my job. I work with
networks. I kept the group going. I met SCEB, who is Supreme Commander
Electro-Brainwave. He's a weird kind of guy who everybody thought was a
copy. He looked like a lawyer, and enjoyed changing his accent to a new
one every day.
He is a phreaking big time. The two of us put ANARKICK SYSTEMS
together. We stayed close with the group in Sweden. There were about
ten of us here, and 15 over there. the viruses that SCEB and I write
never had names in them until the Ontario thing happened. Now we put AS
on everything.
Last year the group in Sweden got busted really bad. ANARKICK SYSTEMS
is now just a fragment, and we just get together now and again to talk
about new technologies, and show off our new codes and ideas that we
create. Most of what we do is not released, and that is probably good.
Hellraiser: Well, here is the whole story. When I was going to college
I met up with a few people who were interested in computers. None of
which knew anything about the underground, myself included. We would
sit in the computer lab and do stupid things like hacking into the
Novell network and read people's papers. We added a menu system to the
school's network, which upon entering the right password would let you
play games and look at nasty GIFs.
Anyway, we started getting in to games and stuff. One of the guys got a
copy of a game off his friend at home. It seems that this game was
infected with the Jerusalem-B virus. Now I didn't figure this out till
one day about a month later(during spring break) I noticed my Turbo
Debugger would not run.
I called Borland (cause I bought the thing, I was not and never will be
a warez dOOd) and explained the error. They had no idea, so I asked if
it could be a virus, and they said it was a possibility. Wow! A virus
of my very own. So I hung up with Borland and got right on my local PD
BBS and downloaded the latest McAfee virus-Scam. Sure enough, all over
my hard drive was Jeru-B!
Most people would be P.O'd right about now but I was very happy. To cut
this part short this is around the time I started learning how viruses
worked. When I got back to school I told all my buddies that I created
a virus. They were liked "Wow!" So we played around with the hacks that
I made. None of the others knew jack about programming so I could tell
them anything I wanted. The next thing you know we decided to start a
group, well I decided that we start a group. I don't really think any
of these people cared much - we weren't at the time real computer hacks
but non-the-less we started a (unnamed) group.
That summer I really started calling BBS systems a lot. As it usually
goes I started picking up numbers for 'underground' BBSs. I called a
few local ones and all they had to offer were cheap warez and junk along
those lines.
There was one good UNIX board however, that was running Citadel. Which
if you don't know is a primarily messaged based system. They had one
area called 'hack' where there were messages on hacking. So one day I
popped the big question, "How do yu write a virus?" What I didn't
realize at the time was 'hack' does not always mean 'hack' (as in
criminal).
Needless to say I was scorned by the whole outfit on that system, but
they kept me on. A couple of days later I got some mail on that BBS
that said - "Youlike viruses? Call Landfill 914-HAK-VMBS". WOW! Could
this be, a virus BBS? So I called it right after getting the mail and
yes it was true, they did have viruses. The problem was I had to upload
viruses to download viruses. Damn. That Whale viruses in VSUM looked
sick, and this guy had it.
So what did I do? I uploaded my little Jeru hack nd called it SKISM-1,
hoping these people would not catch on to what it was. The next day I
called the board and BAM! I had 8 file points, the problem was after
downloading the 64k Whale file (all strains) I had no file points left.
So what did I do? Hacked up another Jeru-B hack and uploaded it.
I must mention that while reading some of the messages on the board I
kept seeing the name -=Phalcon=- at the end of some messages, at the
time I had not idea what it meant. Then late one night I gave Landfill
a call. To my surprise while scanning the new files the following text
comes up on my screen, "Garbageheap flings a bogger at you". What?!?
Oh, the sysop has pulled me into chat.
"Hey what's up?," he types. So we got to talking and he mentioned that
he was in a group called Phalcon, and that (they) were hackers. I was
able to make him think I knew about hacking by agreeing to everything he
said about hacking (I am good at 'social engineering'). He asked me if
I was in a group and I told him I was in a group called Skism. Skism
was what my lame college group would have been called if anyone gave a
damn, so I wasn't really lying was I?
Over the next week we chatted on-line more and more. He seemed to like
me because I was the only one uploading 'zero day viruses'. Then one
night we went voice, and that's where it all started. We came to the
conclusion that our groups should be joined, Phalcon was hackers and
Skism (me) as the virus end. So I agreed and the reset is history (I
know, cliche).
Over time we started getting good at hacking and coding. Dark Angel came
back from his summer job (I wish I could tell you what it was, it would blow
your mind) and he started learning ASM. When I went to re-apply for school
they told me I couldn't get a loan for semester. So I decided to move out to
California for a while and just hang out. Out there I was free from my
parents so I could hack a lot easier.
I didn't have a computer my first few months so I started to learn the phone
system, big mistake. To get off the subject, we started hooking up with a
lot of new people. And we recruited some new long distance members. One of
which was an ex-Rabid member, Time Lord.
When I got a computer out there I started coding viruses again. Dark Angel
had gotten really good, really fast. Me and him were in friendly competition
for a while. 40Hex (which I forgot to include the origin of, if you want I
will type up a paragraph on that subject) had taken off. All the hack/phreak
boards wanted to become Phalcon/Skism sites. We officially became a group at
this point.
Q: Please describe the main philosophy of your group as you see it.
Lucifer: Don't ignore technology. We have it, and we must explore it.
Hellraiser: The philosophy of the group then was to be the best at what we
did and to gain recognition. At least that's the way I saw it.
Q: Do members of your group seem to share the same general philosophy?
Lucifer: Yes. We are all rather computer obsessive.
Hellraiser: I will say it again. I am still a member of the group in an
honorary way, I am not active at this time, nor have I been for the past 11
months, nor will I ever be again.
Q: Does your group meet in person, or only on the modems/BBS?
Lucifer: We meet in person, or we hack to speak for free. Last year the big
game was to hack 1800 VMB's.
Hellraiser: At the beginning yes, we did. After the great crises (more on
that later) I think we all grew up mentally enough to say, "We are our own
people." However, that was when the group started to lose cohesion.
The core of the group lived in the same 10 mile radius. I lived around 30-40
miles away from them. They met almost every day, because they were friends
before being a group. I met with them once every one or two months. We
talked almost every day on Landfill, or other local BBSs. When the long
distance members came into play we talked on BBSs and conference calls three
to four times a week.
Q: What is the average age of your group members?
Lucifer: 25 and up, except one, who is 21.
Hellraiser: Now, around 20. Back when the group first started it was like
17. I was one of the older members (over 21).
Q: What activities do you find most to your lking that your group does:
hacking, phreaking, partying :), etc.
Lucifer: Viruses and hacking.
Hellraiser: When I was in the group the thing I liked the most was coding
viruses, because it was something not just anyone could do. It gave me a
purpose in the group and made me one of the stronger assets. I was the only
virus programmer at the origin of the group. Dark Angel was the second.
Q: What activities do you find most wrong that your group does?
Lucifer: We let ourselves bow to the law. The law is restrictive and
oppressive.
Hellraiser: I never liked hacking for profit, this was the groups' downfall.
Well as I see it the group died after the bust, they are still active, I
know. I think hacking for learning or exploration is fine. It is against
the law in most cases.
I don't see anything wrong with 'harmless hacking' as long as no information
is damaged or tampered with. I know your thinking, "How would you like it if
someone rifled though your information?" And you are right on that account.
Yet I would rather have someone hack into my computer to prove he could do
it, than a person who hacks in the spy.
Q: Does your group have any specific goals? If so, what?
Lucifer: No. We just have fun. We don't even do much as a group any more.
Hellraiser: Back then (when I say then, I mean the days when the group was in
its glory) the goal was to be the best at what they did. I think now the
goal is making money. Not all of us, but if I wanted to I could name two
people who are in it for the money. Unfortunately these are the people who
will be holding any legal binding to the group's name, so it will look like
we all soldout when they start making money off the name. Others in the
group are in it strictly for the sport. Dark Angel for one would never do
anything virus related for profit.
==============================================================================
"What are the beliefs of the authors? Is it moral to write viruses?
What do hackers do? In this third installment of Sarah Gordon's
in-depth interview with two legendary virus authors, she discusses with
them the ethics of writing viruses, and they reflect on their
philosophy of telephone phreaking and data destruction."
"One of the perennial questions asked of virus writers is why do they do
it? The interview recorded explores what motivates such people.
A serious difficulty when it comes to understanding viruses, virus
authors and the virus community is the inherent secrecy and paranoia of
its population. Sara Gordon speaks with two self-confessed virus
authors, Lucifer Messiah and Hellraiser."
==============================================================================
Q: Regarding ethics - did you have, at any point in time during your
education, specific ethics based classes? If so, when?
Lucifer: Yes - a high school course called Man in Society. They don't
call it that anymore. Sexist name!
Hellraiser: I went to Catholic school for 10 years if you can consider
that ethics. The problems is after I saw what hypocrites the Catholics
were it kind of turned off 'ethical' behavior for a while. I have lived
the past 12 years or so in hell. Back then I could (not) care less
about the other people because I hated myself. It is hard to be ethical
to other people when you ahve no self respect.
Q: Please give me your definition of 'ethical' behaviour.
Lucifer: Don't hurt what isn't yours. It is important to leave things
as you saw them when you came in.
Hellraiser: Ethical behavior to me is caring about other people. If you
care about others, your behavior tends to lean towards ethical.
Q: Do you think if something is legal to do, it is also OK to do? For
instance, it is illegal to kill a bird in the woods. Is it moral?
Lucifer: Why would the bird be killed. Was its wing broekn? Head half
crushed? There are circumstances where anybody would kill the bird.
Hellraiser: To a point yes. As long as people are not getting hurt or
ripped off. Some of the laws out there are BS, plain and simple. If
you feel in your mind that what you are doing is right, I encourage you
to do it. It is the idea this country was built on. Sadly now-a-days
laws are being passed to take away peoples rights.
Q: Do you ever talk about ethics or if something is right or wrong with
your friends? If so, why? If not, why not?
Lucifer: We talk in depth about anarchy and various anarchist
organizations.
Hellraiser: The only person I have had an ethical converstaion with
(computer wise) has to be Garbageheap. We both share (somewhat) the
same viewpoint on ethics. The context of the conversation related to
hacking. We figured if no one was getting ripped off or hurt, it was OK.
Q: Have you ever been arrested :) for computer-related crime? If so,
what?
Lucifer: No.
Hellraiser: Yes, I was arrested for theft of services. Put simply I was
using a PBX system I should not have been using.
Q: Do you feel you were treated fairly by law enforcement officials? Do
you feel what you did was illegal and did you expect to be caught?
Lucifer: I had a phone book confiscated from me. It had confidential
numbers in it. I flaunted it to the wrong person.
Hellraiser: I feel I was treated fairly by the D.A. Some of the
arresting officers tried to play the "bad cop" to scare me. I knew it
was all an act so it didn't bother me. I doubt most of the cops even
knew what my crime consisted of. An ignorant cop is the worst kind of
cop. My primary concern is how I will be treated by the law in the
future. It seems that if you have a criminal record in this country you
can never again be trusted. I would like to see how I will be treated
next time I get pulled over for speeding, or get caught in the wrong
neighborhood.
Q: If you expected to be caught, why did you do the act?
Hellraiser: I really did not expect to be caught. The PBX was about the
most illegal act I performed. I tried to keep a M.O. of not doing
anything to cost anybody money. The PBX was a mistake. I only used it
a little ($101.92) - I didn't think that was enough to get me caught. I
was, of course, wrong.
Q: If you did not expect to be caught, why did you think you did not
expect to be caught?
Hellraiser: It seems that most hackers/phreakers never think they will
get caught. No matter how many people they see around them go down,
they think - It could never happen to me.
Q: There is a trend lately to offer viruses via the Internet. How many
places do you know of that do this? Do you think it is responsible? If
so, why? If not, why not?
Lucifer: There used to be two. Skism's thing went down. PC Scavenger
is still here, and will probably stay, because they aren't a virus
exchange. They do have a real and legitimate service.
Hellraiser: I only know of a couple of places, due to the fact that I am
only now getting into the Internet. It is in there (their) legal rights
to do so, but I do not think it is responsible. The reason I think this
way is I feel viruses should not be given to just anyone. People get
hurt as a result of misuses of computer viruses. [Misuses, is there any
good use for computer viruses?]
Q: What is your impression of anonymous mailers? Do you think they
contribute to illegal activities of harassment? Have you ever used one,
and would you consider using one?
Lucifer: I would never use one. First, I don't use my real name on the
Internet. This is because I wanted to be able to talk about computer
viruses openly and have people know who I am in the underground. It
isn't an entirely fake name, though. It is a pen name I use in a lot of
places.
Hellraiser: Of course it contributes to illegal activities. On the
other hand - is can be a useful asset. With great power comes great
responsibility - you can bet any loophole will be exploited for evil. I
have been using them a lot over the past week, not for anything bad,
just your standard use. I think they make life a whole lot easier.
Q: What is your impression of virus exchange bulletin boards (Vx BBSs)?
Are you familiar with the study by me which documents that the viruses
themsleves do not yet have significant direct impact on users?
Lucifer: Most virus exchanges have inferior produce. Lots of garbage,
and a lot of lies. They say they do it for one or other reason, but
when it comes down to it, it is to just have a bigger collection.
Hellraiser: I have two views on Vx BBSs. On the legal side, exhcnaging
viruses is currently legal. I am not the one to go against someone's
rights. On the moral side, I don't think viruses should be handed out
to just anyone.
One thing I have to say about Vx BBSs is they (kind of) keep the
majority of the viruses out of the wild, despite what people may think.
The reason I say this is the majority of the viruses being made today
are uploaded directly to BBSs, not put out "in the wild". If it weren't
for virus exchange boards, the only way to spread viruses would be
though the wild, leaving more people to get infected. The one major
flaw with this theory i that the viruses will be downloaded. Now the
average virus collector adds the virus to his collection and leaves it
at that, but there will always be that one person who uses a virus for
no good. As for your study, I am unfamiliar with it.
Q: Have you heard other things about this study, such as it was used to
try to close Vx BBSs? If so, did you believe this? If you did, why?
If not, why not?
Lucifer: Oh, I've heard a lot about you :) Not that much with
substance. Just stupid name calling and you being a narc. I don't
care. I don't listen to BS when it doesn't have proof. It is easy to
dislike people you don't know.
Hellraiser: N/A
Q: What do you see is the main problem virus writers such as NuKE have
with anti-virus programmers, educators, etc.?
Lucifer: Their big mouths, thier complete disrespect for others. That's
the problem I see. Bontchev seems very indifferent, but they still say
bad stuff abut even him. He is not anti-virus. Anti-BS maybe!
Hellraiser: I see the whole concept behind Nuke as a giant gimmick.
They want everyone to think they are the bad-ass virus writers, so they
must be the AVs sworn enemy. The thing that they do not realize is that
by publicly fighting these AV people they are making them (the AV
people) look better. They have to realize that the AV people are the
ones making the money here. What is Nuke getting out of it? Fame? No
I doubt that. If viruses writers wanted to really piss off AV people
they would stop writing viruses. Nuke just plays the role, that's all.
Q: What is your opinion of groups such as NuKE? Do you think they are
ingaged in destructive behaviour, or do you feel they are posers?
Lucifer: Read their source codes. Of course they are in it for
malicious reasons. Besides, the more malicious they are, the more
notorious they become. Would you please shine a little more light over
here?? - just kidding.
Hellraiser: N/A
Q: Have you always felt the same way? If not, what changed your mind?
Lucifer: Yes. Ever since I heard of a virus group called KNULL.
That's Swedish for fuck. They had it stand for something (K for
crack... etc.). They dried up after 2 virus outbreaks.
Hellraiser: I have always felt the same way. Rabid on the other hand,
were involved in destructive acts - I know this for a fact. Nuke are
harmless.
Q: How do you feel about the deliberate destruction of data?
Lucifer: Stupid and foolish actions. Irresponsible. That isn't what
hacking is all about.
Hellraiser: Two years ago I would have laughed if you told me one of my
creations wiped out a somebodies information. Today I am in a different
frame of mind. Losing data is _not_ funny whether it's a companies
payroll or Grandpa Smiths Windows directory. Nobody likes to lose data.
Q: What is your philosophy on telephone phreaking?
Lucifer: I recently changed my mind on that one. My friend got an
$1,800 phone bill that he didn't make. I don't like that kind of
phreaking. For blue boxing, I'm all for it.
Hellraiser: I feel the glory days of phreaking were the only days of
true phreak-dom. Using a toll fraud device back in the 60's or 70's was
harmless. You were ripping Ma Bell off for a $3.00 call that in reality
cost about three cents. Now-a-days it is a totally different story.
Today phreaking is more of a white collar crime, than a harmless hippie
prank. Businesses and everyday people are losing _big_ money on PBX and
Calling Card fraud. A lot of "phreaks" of today do not realize that.
Phreaks are dead, long live the phreaks!
Q: Do you think most virus writers that you are acquainted with are
intentionally destructive?
Lucifer: Yes.
Hellraiser: The ones that I know, do not do it to destroy. The only
targets of destruction my contacts have targeted are warez boards, and
this was a long time ago. The majority (large majority) of virus coders
I know do it to show off what they know. I don't think to many of them
realize that people will get hurt somewhere up the line if that new
virus they wrote gets out. You always hear the excuse, "Well my virus
does not wipe data", which is just that, an excuse. All viruses are
destructive. All viruses corrupt files that people do not want tampered
with. Even that cute little message, "V-MAN Has infected you system!",
is in my eye, destructive.
Q: Do you feel that viruses should be made available to anyone that
wants them, with no respect to their motive, intent, or capability to
handle them?
Lucifer: No.
Hellraiser: No I do not. But the reality is that they always will be
available to anyone who wants them. It's kind of like drugs. Do you
think passing a law to ban the availability of viruses will stop Vx
boards? Pirated software is quite illegal, yet it seems every area code
has six or seven warez boards. Even if a law was passed against virus
exchange, the trade would not die. I doubt the feds would do anything
about it after initial 'example' cases. One thing I learned is the feds
could (not) careless about anything except monetary loss. How many
warez boards get busted every year? Two? Plus the only warez boards
that get busted are the ones that charge for membersship (Rusty and
Eddies, etc.).
In an ideal world, I would never want to see an irresponsible person
handle a virus. But this is not an ideal world.
==============================================================================
"In this last instalment of Sara Gordon's in-depth interview with the
two legendary virus authors, she discusses with them the perception of
the media with regard to virus writers and hackers - they disclose which
virus writer has most influenced them and how"
"A serious difficulty when it comes to understanding viruses, virus
authors and the virus community is their inherent secrecy and paranoia.
However, the anti-virus community does communicate although invariably
via e:mail on the Internet. Sara Gordon has conducted a series of
on-line interviews with two self-confessed virua tuhors, Lucifer Messiah
and Hellraiser.
A knee-jerk reaction to virus authors is that they should be "flogged",
or suffer some other seriously unpleasant punishment. Simply talking to
them is regarded by some elements of the anti-virus community as
subversive. In this final part of Sara Gordon's interview, we learn
more about virus writers and their community."
==============================================================================
Q: What do you think of magazines like 40Hex and Crypt and Nuke
Info-Journal? Can you compare the content of them and state how you
view them with regard to the information presented?
Lucifer: Sometimes the articles are very good. Other times they are
trash. More often trash.
Hellraiser: Being that I am the creator of 40Hex, I will just say that
it is an informative magazine. The only thing that separates it from a
legitimate publication is the fact that it has virus source in it. I
have not read enough Crypt journals to make a honest assessment, however
from what I did read it seems to be a close second if not tied with
40Hex as the pro-virus magazine top spot.
As for Nuke Info-Journal, I think I have made it clear by now my opinion
of Nuke. The magazine has not been stable enough in its views or format
to make any other judgment than, it sucks. (Beavis & Butthead would
agree, I'm sure). Seriously the Nuke Info-Journal as of late has been
filled with so many garbage and 'filler' articles it is unfair to
consider it a virus magazine.
Q: Why do you use an alias? Where did you find your alias, i.e. how was
it chosen?
Lucifer: I already explained that one at the beginning [of this
interview].
Hellraiser: An alias helps you hide who you are, obviously. Other than
that it helps you forget who you are. "I am not John Smith, Comp. Sci.
major - I am "The_WarMaster" smasher of lamers!"
I got my handle from the movie Hellraiser and the novella The Hellbound
Heart by Clive Barker. You may think it is just another horror movie,
but it really does have its own myths and a large cult following. The
'heroes' of the story are beings who take pleasure in other peoples
suffering. Kind of like virus authors, huh? Is there a connection? I
will leave that up to you to decide.
Q: How long have you written viruses? Which ones have you written?
Lucifer: For about three and a half years now. I've written too many to
list. Some were just deliberate hacks to show other people how easy
that was. Others were fully my own, or the groups own. Others grought
in new technologies. We have a few of those.
Hellraiser: I have been writing viruses since mid-1991. For the record
the only viruses that were released by me were; Skism-1, Captain Trips,
Bad Brains, Marauder, and Shiny Happy - in that order.
Q: Have you ever released a virus, intentionally or unintentionally?
What was the result?
Lucifer: Yes. The 'SBC/KS Test' virus really got around before it was
got under control. I didn't relrease that intentionally. I gave it
away to an idiot, who's initials are SBC, by the way.
Hellraiser: I will not answer this question due to obvious reasons.
Q: Have you ever conducted business with any anti-virus product
developer? If so, what were the circumstances? How were you treated by
him or her?
Lucifer: Yes. Only virus trades, though. Most of them are European.
Americans are too afraid.
Hellraiser: This may not be business as you were thinking, but...
I was on a conference call with John McAfee. We called him because at
the time he had the number one anti-virus product out. John Markoff
from Computerworld was also on the conference. Computerworld did an
article about the conference.
John was very nice towards us, yet we could see that he has two faces.
He would talk openly to us when Markoff was not o, but he played the
hard role when the tape was rolling. John introduced us to John Dvorak
over the phone. Dvorak seemed like a pretty mellow guy. Yet he seemed
more interested in graffiti than viruses.
We also had a conference call with Ross Greenburg, creator of Flu-Shot.
Honestly I am not sure if he knew we were virus authors. We just told
him we would like to interview him for 40Hex magazine. Before I talked
to him, I had the impression he was a fool, due to his comments in the
documentation for Flu-Shot. To my surprise Ross was an OK guy. I got
the impression he was a little sick of his career as a AV person.
Q: Please define for me what you think 'research' is. Who is qualified
to present themselves as a 'researcher'?
Lucifer: Not many are researchers. PC Scavenger is real research. So
is Bontchev and Dr. Solly. I don't believe McAfee is, otherwise he'd
have a better program. SKISM are a research group. They research
viruses to advance them. The Hell Pit is NOT a research BBS...they only
trade.
Hellraiser: Research, for a Vx BBS, is the same thing as calling a warez
board a software rental outfit. It's just a safety precaution to stay
out of trouble with the law. A virus researcher in the true sense is
someone committed to stopping the spread of computer viruses, or at
least someone making money off an AV product. I guess the only people
qualified would be people with real (not vaporware, ahem Nuke) AV
products in the works.
Q: What is your opinion of the following people: John McAfee, Patti
Hoffman, Fridrik Skulasson, Frans Veldman, Vesselin Bontchev, Eugene
Kaspersky, Cliff Stoll, Rock Steady, Chris Peelter, Erik Bloodaxe, Time
Lord, Dark Angel, Aristotle, John Buchanan, Mark Ludwig, Morton Swimmer,
Hans Heubner, Eric Corley, Urnst Kouch, Peter Tippet? (Note: This
question was asked to discern if the subjects would have any recognition
of positive role models.)
Lucifer: I just heard of Eugene Kaspersky today. No comment, I don't
know him. I like Bontchev. I don't like McAfee because he lies too
much. Rock Steady is a pre-pubescent shithead (you'll have to
paraphrase that!), Dark Angel is the programmer from hell, his DASBOOT
really boots! Aristotle is lame, Mark Ludwig wrote a book on viruses
when he didn't know much about them. He's gotten much smarter these days.
Urnst Kouch is cool, but he has a heavily inflated ego, Time Lord seems
okay, but he is vapourware pro. Patti Hoffman, I like her. She found a
really unique way to make money in this virus era. Frans Veldman is
hard to talk to. Fridrik Skulasson is cool, especially since he is also
Scandinavian. I never say bad things about Scandinavians. Erik
Bloodaxe has a bad name in Toronto, who is he? Never saw him before.
Solly is cool. I see him on the Internet often.
Hellraiser: John McAfee - A man pushing obsolete technology. If john
wasn't such a shrewd businessman, he would be out of business. His
product was once useful, but with the amount of viruses out there today
it is quite useless - as are all string scanners.
Patii Hoffman - Sort of the Bill Clinton of the virus world. Her heart
is in the right place, but she has no idea what she is doing.
Fridrik Skulasson - A man who has chosen virus research as his career,
and he feels has has to make the best of it. He has a good sense of
humor, and he really knows how to piss off a virus coder. His product
is very well done, although I prefer TBAV. I have a feeling that when
the general public becomes enlightened to the power of heuristics, he
will have a number one product.
Frans Veldman - I do not know enough about him to make a judgement. I
will not include people in this category from now on.
Vesselin Bontchev - By reading this mans work I sense he is hiding
something. Most likely his connection to the Dark Avenger. I believe
this man is working with the Dark Avenger, if he is not the Dark Avenger
himself. I have never used his products. I guess he is the John McAfee
of Bulgaria.
Cliff Stoll - A very energetic, if not psychotic man. I read his book
and found it somewhat interesting. He is what I consider a 'good'
hacker. If he wasn't so good, he would be hacking himself. I would
like to sit down and have a talk with him someday. He's a real character.
Rock Steady - A fool, plain and simple. See the earlier portions of
this interview for some clues as to why I feel this way.
Erik Bloodaxe - An old hack, who is living off his past. It's time to
move on Erik! I don't know him personally, it's just the impression I
get from people like him.
Time Lord - A great guy and a good friend. He is one of the few good
things that came out of my hacking ordeal. TL must get over his
rebellious hacker mode if he wats to move on. He has been lucky so far
- I learned luck does run out.
Dark Angel - Again a great guy and a good friend. He is a very bright
kid and I think as soon as he gets over writing viruses, he will make it
big in whatever field he chooses.
Aristotle/John B. - A strange, possible schizophrenic/highly
manipulative man. I do not trust this guy. John has problems,
obviously. First and foremost is that he never grew up. He is still
living in the 'I am a menace to society, so watch your back' mode. I
can't understand how a grown man, with a wife and kids can act like
him. If john had half a brain I would consider him a potential threat.
It is a good thing this is not the case.
Eric Corley - I met him a few times. He is a true hacker, and will
never stop hacking even if it does not involve physical hacking. He
shares the same mind state I see in Phiber Optik, Ixom, and others. I
can't relate with people like that.
Q: What is your primary perception of the media as relates to hackers
and virus writers? Why?
Lucifer: Oh god, I could write a book. I am very unhappy about most of
it. I do like the attention I get when people hear that I'm a hacker.
They think I am a god or something.
Hellraiser: The media uses hackers and viruses writers to sell papers,
that's business. Hackers and viruses writers are always padded out as
being some sort of deranged super-genius. They make the public think
that hacking into systems takes an incredible skill. In reality and
lamer with a UNIX book and a list of defaults can hack into 50 per cent
of the systems he or she comes across. The media press on virus writers
is always the same, a angry young man sits behind a terminal blasting
death metal.
Q: Are you aware of the new trend by some virus writers and some a-v
people to recreate the myth of Dark Avenger? Do you know who the Dark
Avenger is, i.e., not his real name of course, but what his history is?
Lucifer: Yes. I know a lot about him. It is more of a myth than
anything, because he wasn't anything much, same as Rabid. Lots of
distribution, but that's all.
Hellraiser: To be honest I know nothing about the Dark Avenger - which
is one reason I find him so intriguing. I know nothing of this trend,
nor his history. If you told me he was Vesselin Bontchev I would not be
suprised.
Q: What is your impression of the Dark Avenger's impact on virus
writing in the past five years/
Lucifer: False. Plastic. Just another thing to cry about. The MtE
was perfect to jolt everybody upright, though.
Hellraiser: I have not heard much about him over the last year or so.
He was all the rave when Bulgaria was the hot-spot for computer
viruses. His smarts for viruses combined with his mysterious identity
makes him the number one virus aithor in history. If you asked me two
years ago what virus programmer I respected the most, I would say the
Dark Avenger.
Q: What virus writer has most influenced you at different stages of your
virus writing life (can be more than one, more than one time in your
life), and how has he or she influenced you?
Lucifer: None.
Hellriaser: Unknown origins. The only one that actually had any impact
on me was Dark Angel. Dark Angel started out learning from me. We were
in a friendly competition there for a while. In no time his skill
surpassed me [and] he was teaching me. He is a great teacher, and
willing to teach. He is the only person I allowed to influence me.
Q: Do you think you will ever stop writing them?
Lucifer: Yes
Hellraiser: Yes, in fact I haven't coded a virus in over a year. I will
never code a virus again.
Q: Why would you stop writing viruses? What has happened to you, or to
the virus writing scene in general, that makes you personally want to
stop?
Lucifer: I've slowed down considerably. The scene is boring, and I can
think up only so many ideas that are my own.
Hellraiser: Virus writing is a waste of creative energy. It limits the
coder to one set area. On top of this I now realize it is wrong, and
can cause people unwanted strife. The person I once was is quite dead,
the only way I can move on is if he stays that way.
==============================================================================
Conclusion: These young men are representative of the vast majority of
virus writers and are, finally, ex-virus writers - they may be involved
in shaping the future of computer. The turning away from virus writing
is a virus positive trend, and one that will hopefully continue.
In my opinion communication is one of the most important methods of
dealing with the virus and security threats that we are facing today's
global computer environments. A willingness to discuss issues and ideas
is the first step we all have to take if we wish to shape Cyberspace,
and enable it to become all that it has the potential to become.