Faces Behind the Masks by Sara Gordon - this interview was featured in "Secure Computing" magazine in August through November 1994 =============================================================================== (the following is the text which appeared before the interview - this was *not* written by Ms. Gordon) "Who are they? Why are they doing it? Virus authors have been seen as paranoid, secretive, anti-social but are they? In this article two legendary virus authors give their reasons for doing what they did." "One of the perennial questions is why do they do it? Often asked at conferences and seminars, ordinary folk want to know why virus authors write viruses. The desire to understand - as some sort of process to build effective defences against viruses - is very strong. This month sees the start of a series in which Sara Gordon interviews two legendary figures in the virus community. One of the difficulties in understanding viruses, virus authors and the virus community is the inherent secrecy and paranoia of its population. However, the anti-virus community does communicate although it is always via e:mail on the Internet - never directly. As with the interview with the Dark Avenger printed in Virus News International last year, Sara Gordon has taken considerable care to establish that the respondents are genuine. Sara Gordon is herself a professional in the area of Cyberspace - a collective term for all on-line systems. Pseudonyms taken by virus authors are meant to conceal their true identity. They are also a means of donning another character - typical of the sort of thing done by fantasy-games players (although this is not to suggest that such games players are involved in nefarious activities). Names like Dark Avenger, Hellraiser, Black Baron and Lucifer Messiah give a certain presence to what are just ordinary folk. Current research indicates that most virus authors are adolescent males. As with other habitues of on-line systems many live out an existence which is alotgether more exciting - swashbuckling, even - than their more humdrum lives in real life. Another aspect of interviewing members of this community is that the communication is always written. Some of the respondents' writing skills (and this is not meant to be a derogatory) are not that high and so they tend to come across less well than they would, for example, in a telephone interview. To some extent the on-line community has tried to short-cut some of the deficiencies of the medium by introducing symbols which indicate the tone of the written comment. These are called emoticons of which the sideways smiley :) is the most common. Virus writing is widely regarded as an anti-social, and in some quarters illegal, activity. We take a neutral position for the purpose of this series of interviews. While it may be more comfortable to adopt the moral high-ground, it does not actually contribute to the solution." ============================================================================== Lucifer Messiah: the name is chilling, but the man behind the mask is one of the most decent people I have ever spoken to. Hellraiser: more demonic images of youth gone mad? He too has proven to be a bright and charming young man. These two have more in common than their satanically-inspired aliases. Both are members of virus writing groups; both have written and allegedly distributed computer viruses. There is, however, one difference. Lucifer Messiah writes viruses and is now affiliated with PCScav, a computer 'research' group based in Canada. Hellraiser, a member of the Phalcon/Skism virus writing group, says he has stopped writing viruses. My introduction to Lucifer Messiah, who also uses the alias Chris Boyd, came about this year. I have known Hellraiser for approximately two years. They have had similar experiences, but have taken radically different paths. Why is one still writing viruses, while the other has left it all behind? I decided the best way to find out was to ask them. Here are some insights into the minds of these two individuals. Q: People are always curious as to why a virus writer writes viruses. I have found there are no 'simple answers', but if you had to give one 'reason' what would it be? Lucifer: The intrigue of coming up with new technologies. I enjoy making the computer do what it isn't supposed to be able to do. Hellraiser: All throughout my life I have been involved with the negative side of my pastimes. For instance, when I was younger I was an heavily into art, but instead of doing my work on a canvas with oils - I did it on a wall with spray paint. Naturally when it came to computers I once again found myself on the 'dark side'. Instead of writing utility programs and such, I started writing viruses. Instead of calling BBS systems I started hacking into computer systems. It is best wrapped up by saying - I find it much easier to accomplish negative actions, than positive - thus my drive for writing viruses. Q: At what age did you become involved with computers (not viruses). Can you describe your initial experiences with computers? How were you taught; by yourself, or by an instructor, parent or friend? Lucifer: 14 years old. I got a Vic 20 at the Yule. They boot up in Basic, so I learned from that. The magazines were very helpful. I got some Tandy I think not too long after that. I took Computer through high school as well. Hellraiser: I would have to say around the age of 13 or 14. That Christmas, I got my first home computer, an Atari XE with 8Kb of RAM! After begging my parents for two weeks I got a storage device for it (a data cassette drive) to save all of my Basic programs. There wasn't much to do on the system, being as how I had no software - much less a modem. So I typed in hundreds of lines of Basic code (10 lines of Basic code, hundreds of data statements) from magazines like Compute. I started to learn Basic myself off these examples, and in no time I was good enough to scare the hell out of my neighbors' little brother with an incredible War-Games simulation (the fact there was a thunderstorm that day that really added to the effect). All the great XE action ended abruptly when I smashed the damn thing in a fit of anger after I couldn't load the Space Invaders game [I] blew eight dollars on. After the XE days my only contact with computers was at school. I worked with such relics as the TRS-80, Apple IIE, and the original IBM PC in high school (I am hinting [at] my age). About all I did was program little junk programs in Basic, and mess around the machine code. Nothing spectacular. It was a few years later that I was able to use a computer again, when my father brought home a new 286 clone. To top it off, the thing had a 1200 bps modem. From then on I have become a true computer hacker (in the good and bad sense of the word). Q: What different operating systems did you learn, and in what order did you learn them? Lucifer: I started with Basic. The Vic 20 doesn't really have an operating system. After that, whatever the name of the Tandy operating system was. There no such thing as DOS yet. Maybe it was a hybrid CP/M. In school, it was AT&T UNIX all along. I never used DOS until 3 years ago. I don't really like it. Hellraiser: I have to say that DOS was the first full O/S that I learned, which I taught myself. Later on I picked up UNIX by hacking into systems and just playing around. I played with VMS for a small amount of time but found it very boring. And lately I have been learning the new GUIs - OS/2 and Windows/NT. All of which I taught myself. Q: What different languages did you learn, and in what order did you learn them? Lucifer: I started programming in FORTRAN. I hated it. I hate math! Then Pascal and C came along, and I was in heaven. When I learned about assembly, I stopped programming in Pascal altogether, and only sometimes in C. I also use APL, the different varieties of AWK, ummm, Lisp, a little COBOL. I'm not showing off. This is what we had to learn in school. Hellraiser: As I mentioned above - Basic was my first language. Much later on (when I got a PC) I picked up Pascal and started writing cool little utilities and BBS doors. When the whole virus thing came into play, I knew I had to learn ASM, and fast. So that was the next step. After I stopped coding viruses, I picked up C. At this time I am learning C++. Q: What is the highest level of education you have completed? Lucifer: 3 years of college. Hellraiser: I left college after two years for financial reasons. Q: Do you plan to go further in school? If you do, why? If not, why not? Lucifer: No. I'm 27 years old! I may take the odd night [school] course. I've been enjoying the presentations put on by Intel, and that sort of thing. I guess that's an education. Hellraiser: If I could, I would at the drop of a dime. The problem is I don't have the money for it. Plus I have a life and responsibilities. Right now and I would find it very hard to drop them all to go back to school. Let's just say the only way I might get back into school is if I come into a lot of money real quick. Q: What person, non virus writer (non computer related), do you have the most respect for. Lucifer: My mother, I guess. She's really cool. Hellraiser: I would have to say, my mother. She has been though a lot of strife over the years, a large portion of which is my fault. Yet she still stays happy and positive. I could never be that way. Q: What person, non virus writer (non computer related), do you have the most disrespect for? Lucifer: Bob Rae/Kim Cambell/Brian Mulroney. They are all actually incarnates of each other. They are a 'collective', each branching from past lives as hedgehogs with brains the size of peas. Hellraiser: I can't pick just one person so I have to say politicians, because they get away with so much stuff; stuff that would have me or you in jail for life. When they get caught all they get is a slap on the wrist. If I bounced hundreds of checks where would I be right now? Q: Now, what person computer related (non virus writer) do you have most respect for? Lucifer: You. Just kidding. Do I get more brownie points? I used to respect Peter Norton because he had the coolest software, but he has been really slipping. His latest books leave much to hope. I really respect Bill Gates. I don't necessarily like his DOS, but I sure like what he has with it! $$$$$$ Hellraiser: That's a tough one. The problem is I can not think of anybody computer related I have a tremendous amount of respect for. Don't get me wrong I have respect for a lot of people in the field, but I can't pinpoint anyone in general. Q: What person, computer related, but still non-virus writer, do you have most disrespect for? Lucifer: Ross Greenberg. Where does he get his facts from? He is so full of it! Hellraiser: I would have to say Bill Gates. I know he has accomplished a lot for himself, and he is a person that should be admired, but I just do not trust him. I don't like the way he makes billions off poorly-made products that sell just because of the name Microsoft. It's like the emperor's new clothes, and Bill is very naked. Q: What virus writer do you have the most respect for? Lucifer: None, really. I don't like to lick boots. I find Dark Avenger's ideas to be grand, but his programming is sloppy. Perhaps the guys from Trident. Their Cruncher viruses were much smaller than Cohen ever imagined. Hellraiser: No doubt, Dark Angel. Not only is he a good friend, but he's is a very smart person. What really makes me respect him is his willingness to teach. That aspect is very rare for a virus writer. Q: What virus writer do you have most disrepect for? Lucifer: All of NuKE. Hellraiser: Rock Steady. This guy knows about as much as I did two years ago and he never stops bragging about how great he is. He's sort of the 'Bill Gates' of the virus world. He controls lame people with hype for lame product. I hate this guy. Q: Can you describe for me your initial (first) experience with a virus writing group. This does not have to be the first group you joined or created or worked with or for. I mean, the first time you ever heard of a group, please tell me your impressions as you remember them. Please be as specific as possible. Lucifer: I played around with a Scandanavian hacking group. I don't want to get into details about that scene. They aren't just a hacking group, as you know. You probably heard what they did at NASA three years ago. A guy I went to school with in Sweden showed me computer virus. It was the Stoned. The whole concept of it blew me away. My second contact was with the Ontario virus. I wrote a new version of it. You already know that story. I was hacking on the telephone way before I ever learned about viruses. I don't do that anymore, though. It's too scary. Hellraiser: It had to be long before I actually knew anything about the computer underground. I was writing (hacking) viruses on my own at the time. Then one day I was on a BBS, Patti Hoffman's VSUM. Wow! A listing of all known viruses. The thing that really got me was the name Rabid kept showing up. Being at the time I couldn't tell a good virus from a bad one, I thought these guys [were] awesome. That is what got me into the group thing. It wasn't until much later that I figured out that they were a bunch of lamers. ============================================================================== "How did it all start? Whose idea was it initially? What is the philosophy of the group? In this second article the two legendary virus authors, in their indepth interview with Sara Gordon, throw further light on their reasons for doing what they do - or did." "One of the perennial questions asked of virus writers is why do they do it? The interview recorded below tries to get under the skin of two notable figures from the virus community. A serious difficulty when it comes to understanding viruses, virus authors and the virus community is the inherent secrecy and paranoia of its population. However, the anti-virus community does communicate although invariable via e:mail on the Internet. Sara Gordon has conducted a series of on-line interview with two self-confessed virus authors, Lucifer Messiah and Hellraiser." ============================================================================== Q: If you are part of a group now [which you are, I think :)], please tell me as completely as possible how you got involved with the group. Such as, met via modem, met in person, went to school with, etc.. Lucifer: At the start, there was no group. It was just a bunch of guys who liked to hang around. We usually were in some kind of trouble or another. Did you ever see the movie Clockwork Orange? We wanted to be like droogies. We got into telephone hacking. The group actually formed around that. We all had computers. Remember this was in school, too. Really, i didn't my own computer at first with them. Me and another guy split costs because we lived near each other. Soon we had names. All my friends always called me Lucifer Messiah. I am a religious type of person. People were always afraid of me because I always wear black, and have very long hair. This was not normal then, with leather and studs. They called me Lucifer first. When they found that I was not a Satanist, they called me Jesus. I had a sweater with a hood, so I used to act like it. Some people called it my satanic robe, and others my Jesus clothes. Now it is Lucifer Messiah. Blodigt Kors got his name because that was his rock band name. It means bloody cross. He was (the) Satanist not me! There is another guy called Jackal. He helped out with forming a group. We were looking for chaos. Chaos was hacking, phreaking and viruses when they came. Three years ago I moved to Canada because of my job. I work with networks. I kept the group going. I met SCEB, who is Supreme Commander Electro-Brainwave. He's a weird kind of guy who everybody thought was a copy. He looked like a lawyer, and enjoyed changing his accent to a new one every day. He is a phreaking big time. The two of us put ANARKICK SYSTEMS together. We stayed close with the group in Sweden. There were about ten of us here, and 15 over there. the viruses that SCEB and I write never had names in them until the Ontario thing happened. Now we put AS on everything. Last year the group in Sweden got busted really bad. ANARKICK SYSTEMS is now just a fragment, and we just get together now and again to talk about new technologies, and show off our new codes and ideas that we create. Most of what we do is not released, and that is probably good. Hellraiser: Well, here is the whole story. When I was going to college I met up with a few people who were interested in computers. None of which knew anything about the underground, myself included. We would sit in the computer lab and do stupid things like hacking into the Novell network and read people's papers. We added a menu system to the school's network, which upon entering the right password would let you play games and look at nasty GIFs. Anyway, we started getting in to games and stuff. One of the guys got a copy of a game off his friend at home. It seems that this game was infected with the Jerusalem-B virus. Now I didn't figure this out till one day about a month later(during spring break) I noticed my Turbo Debugger would not run. I called Borland (cause I bought the thing, I was not and never will be a warez dOOd) and explained the error. They had no idea, so I asked if it could be a virus, and they said it was a possibility. Wow! A virus of my very own. So I hung up with Borland and got right on my local PD BBS and downloaded the latest McAfee virus-Scam. Sure enough, all over my hard drive was Jeru-B! Most people would be P.O'd right about now but I was very happy. To cut this part short this is around the time I started learning how viruses worked. When I got back to school I told all my buddies that I created a virus. They were liked "Wow!" So we played around with the hacks that I made. None of the others knew jack about programming so I could tell them anything I wanted. The next thing you know we decided to start a group, well I decided that we start a group. I don't really think any of these people cared much - we weren't at the time real computer hacks but non-the-less we started a (unnamed) group. That summer I really started calling BBS systems a lot. As it usually goes I started picking up numbers for 'underground' BBSs. I called a few local ones and all they had to offer were cheap warez and junk along those lines. There was one good UNIX board however, that was running Citadel. Which if you don't know is a primarily messaged based system. They had one area called 'hack' where there were messages on hacking. So one day I popped the big question, "How do yu write a virus?" What I didn't realize at the time was 'hack' does not always mean 'hack' (as in criminal). Needless to say I was scorned by the whole outfit on that system, but they kept me on. A couple of days later I got some mail on that BBS that said - "Youlike viruses? Call Landfill 914-HAK-VMBS". WOW! Could this be, a virus BBS? So I called it right after getting the mail and yes it was true, they did have viruses. The problem was I had to upload viruses to download viruses. Damn. That Whale viruses in VSUM looked sick, and this guy had it. So what did I do? I uploaded my little Jeru hack nd called it SKISM-1, hoping these people would not catch on to what it was. The next day I called the board and BAM! I had 8 file points, the problem was after downloading the 64k Whale file (all strains) I had no file points left. So what did I do? Hacked up another Jeru-B hack and uploaded it. I must mention that while reading some of the messages on the board I kept seeing the name -=Phalcon=- at the end of some messages, at the time I had not idea what it meant. Then late one night I gave Landfill a call. To my surprise while scanning the new files the following text comes up on my screen, "Garbageheap flings a bogger at you". What?!? Oh, the sysop has pulled me into chat. "Hey what's up?," he types. So we got to talking and he mentioned that he was in a group called Phalcon, and that (they) were hackers. I was able to make him think I knew about hacking by agreeing to everything he said about hacking (I am good at 'social engineering'). He asked me if I was in a group and I told him I was in a group called Skism. Skism was what my lame college group would have been called if anyone gave a damn, so I wasn't really lying was I? Over the next week we chatted on-line more and more. He seemed to like me because I was the only one uploading 'zero day viruses'. Then one night we went voice, and that's where it all started. We came to the conclusion that our groups should be joined, Phalcon was hackers and Skism (me) as the virus end. So I agreed and the reset is history (I know, cliche). Over time we started getting good at hacking and coding. Dark Angel came back from his summer job (I wish I could tell you what it was, it would blow your mind) and he started learning ASM. When I went to re-apply for school they told me I couldn't get a loan for semester. So I decided to move out to California for a while and just hang out. Out there I was free from my parents so I could hack a lot easier. I didn't have a computer my first few months so I started to learn the phone system, big mistake. To get off the subject, we started hooking up with a lot of new people. And we recruited some new long distance members. One of which was an ex-Rabid member, Time Lord. When I got a computer out there I started coding viruses again. Dark Angel had gotten really good, really fast. Me and him were in friendly competition for a while. 40Hex (which I forgot to include the origin of, if you want I will type up a paragraph on that subject) had taken off. All the hack/phreak boards wanted to become Phalcon/Skism sites. We officially became a group at this point. Q: Please describe the main philosophy of your group as you see it. Lucifer: Don't ignore technology. We have it, and we must explore it. Hellraiser: The philosophy of the group then was to be the best at what we did and to gain recognition. At least that's the way I saw it. Q: Do members of your group seem to share the same general philosophy? Lucifer: Yes. We are all rather computer obsessive. Hellraiser: I will say it again. I am still a member of the group in an honorary way, I am not active at this time, nor have I been for the past 11 months, nor will I ever be again. Q: Does your group meet in person, or only on the modems/BBS? Lucifer: We meet in person, or we hack to speak for free. Last year the big game was to hack 1800 VMB's. Hellraiser: At the beginning yes, we did. After the great crises (more on that later) I think we all grew up mentally enough to say, "We are our own people." However, that was when the group started to lose cohesion. The core of the group lived in the same 10 mile radius. I lived around 30-40 miles away from them. They met almost every day, because they were friends before being a group. I met with them once every one or two months. We talked almost every day on Landfill, or other local BBSs. When the long distance members came into play we talked on BBSs and conference calls three to four times a week. Q: What is the average age of your group members? Lucifer: 25 and up, except one, who is 21. Hellraiser: Now, around 20. Back when the group first started it was like 17. I was one of the older members (over 21). Q: What activities do you find most to your lking that your group does: hacking, phreaking, partying :), etc. Lucifer: Viruses and hacking. Hellraiser: When I was in the group the thing I liked the most was coding viruses, because it was something not just anyone could do. It gave me a purpose in the group and made me one of the stronger assets. I was the only virus programmer at the origin of the group. Dark Angel was the second. Q: What activities do you find most wrong that your group does? Lucifer: We let ourselves bow to the law. The law is restrictive and oppressive. Hellraiser: I never liked hacking for profit, this was the groups' downfall. Well as I see it the group died after the bust, they are still active, I know. I think hacking for learning or exploration is fine. It is against the law in most cases. I don't see anything wrong with 'harmless hacking' as long as no information is damaged or tampered with. I know your thinking, "How would you like it if someone rifled though your information?" And you are right on that account. Yet I would rather have someone hack into my computer to prove he could do it, than a person who hacks in the spy. Q: Does your group have any specific goals? If so, what? Lucifer: No. We just have fun. We don't even do much as a group any more. Hellraiser: Back then (when I say then, I mean the days when the group was in its glory) the goal was to be the best at what they did. I think now the goal is making money. Not all of us, but if I wanted to I could name two people who are in it for the money. Unfortunately these are the people who will be holding any legal binding to the group's name, so it will look like we all soldout when they start making money off the name. Others in the group are in it strictly for the sport. Dark Angel for one would never do anything virus related for profit. ============================================================================== "What are the beliefs of the authors? Is it moral to write viruses? What do hackers do? In this third installment of Sarah Gordon's in-depth interview with two legendary virus authors, she discusses with them the ethics of writing viruses, and they reflect on their philosophy of telephone phreaking and data destruction." "One of the perennial questions asked of virus writers is why do they do it? The interview recorded explores what motivates such people. A serious difficulty when it comes to understanding viruses, virus authors and the virus community is the inherent secrecy and paranoia of its population. Sara Gordon speaks with two self-confessed virus authors, Lucifer Messiah and Hellraiser." ============================================================================== Q: Regarding ethics - did you have, at any point in time during your education, specific ethics based classes? If so, when? Lucifer: Yes - a high school course called Man in Society. They don't call it that anymore. Sexist name! Hellraiser: I went to Catholic school for 10 years if you can consider that ethics. The problems is after I saw what hypocrites the Catholics were it kind of turned off 'ethical' behavior for a while. I have lived the past 12 years or so in hell. Back then I could (not) care less about the other people because I hated myself. It is hard to be ethical to other people when you ahve no self respect. Q: Please give me your definition of 'ethical' behaviour. Lucifer: Don't hurt what isn't yours. It is important to leave things as you saw them when you came in. Hellraiser: Ethical behavior to me is caring about other people. If you care about others, your behavior tends to lean towards ethical. Q: Do you think if something is legal to do, it is also OK to do? For instance, it is illegal to kill a bird in the woods. Is it moral? Lucifer: Why would the bird be killed. Was its wing broekn? Head half crushed? There are circumstances where anybody would kill the bird. Hellraiser: To a point yes. As long as people are not getting hurt or ripped off. Some of the laws out there are BS, plain and simple. If you feel in your mind that what you are doing is right, I encourage you to do it. It is the idea this country was built on. Sadly now-a-days laws are being passed to take away peoples rights. Q: Do you ever talk about ethics or if something is right or wrong with your friends? If so, why? If not, why not? Lucifer: We talk in depth about anarchy and various anarchist organizations. Hellraiser: The only person I have had an ethical converstaion with (computer wise) has to be Garbageheap. We both share (somewhat) the same viewpoint on ethics. The context of the conversation related to hacking. We figured if no one was getting ripped off or hurt, it was OK. Q: Have you ever been arrested :) for computer-related crime? If so, what? Lucifer: No. Hellraiser: Yes, I was arrested for theft of services. Put simply I was using a PBX system I should not have been using. Q: Do you feel you were treated fairly by law enforcement officials? Do you feel what you did was illegal and did you expect to be caught? Lucifer: I had a phone book confiscated from me. It had confidential numbers in it. I flaunted it to the wrong person. Hellraiser: I feel I was treated fairly by the D.A. Some of the arresting officers tried to play the "bad cop" to scare me. I knew it was all an act so it didn't bother me. I doubt most of the cops even knew what my crime consisted of. An ignorant cop is the worst kind of cop. My primary concern is how I will be treated by the law in the future. It seems that if you have a criminal record in this country you can never again be trusted. I would like to see how I will be treated next time I get pulled over for speeding, or get caught in the wrong neighborhood. Q: If you expected to be caught, why did you do the act? Hellraiser: I really did not expect to be caught. The PBX was about the most illegal act I performed. I tried to keep a M.O. of not doing anything to cost anybody money. The PBX was a mistake. I only used it a little ($101.92) - I didn't think that was enough to get me caught. I was, of course, wrong. Q: If you did not expect to be caught, why did you think you did not expect to be caught? Hellraiser: It seems that most hackers/phreakers never think they will get caught. No matter how many people they see around them go down, they think - It could never happen to me. Q: There is a trend lately to offer viruses via the Internet. How many places do you know of that do this? Do you think it is responsible? If so, why? If not, why not? Lucifer: There used to be two. Skism's thing went down. PC Scavenger is still here, and will probably stay, because they aren't a virus exchange. They do have a real and legitimate service. Hellraiser: I only know of a couple of places, due to the fact that I am only now getting into the Internet. It is in there (their) legal rights to do so, but I do not think it is responsible. The reason I think this way is I feel viruses should not be given to just anyone. People get hurt as a result of misuses of computer viruses. [Misuses, is there any good use for computer viruses?] Q: What is your impression of anonymous mailers? Do you think they contribute to illegal activities of harassment? Have you ever used one, and would you consider using one? Lucifer: I would never use one. First, I don't use my real name on the Internet. This is because I wanted to be able to talk about computer viruses openly and have people know who I am in the underground. It isn't an entirely fake name, though. It is a pen name I use in a lot of places. Hellraiser: Of course it contributes to illegal activities. On the other hand - is can be a useful asset. With great power comes great responsibility - you can bet any loophole will be exploited for evil. I have been using them a lot over the past week, not for anything bad, just your standard use. I think they make life a whole lot easier. Q: What is your impression of virus exchange bulletin boards (Vx BBSs)? Are you familiar with the study by me which documents that the viruses themsleves do not yet have significant direct impact on users? Lucifer: Most virus exchanges have inferior produce. Lots of garbage, and a lot of lies. They say they do it for one or other reason, but when it comes down to it, it is to just have a bigger collection. Hellraiser: I have two views on Vx BBSs. On the legal side, exhcnaging viruses is currently legal. I am not the one to go against someone's rights. On the moral side, I don't think viruses should be handed out to just anyone. One thing I have to say about Vx BBSs is they (kind of) keep the majority of the viruses out of the wild, despite what people may think. The reason I say this is the majority of the viruses being made today are uploaded directly to BBSs, not put out "in the wild". If it weren't for virus exchange boards, the only way to spread viruses would be though the wild, leaving more people to get infected. The one major flaw with this theory i that the viruses will be downloaded. Now the average virus collector adds the virus to his collection and leaves it at that, but there will always be that one person who uses a virus for no good. As for your study, I am unfamiliar with it. Q: Have you heard other things about this study, such as it was used to try to close Vx BBSs? If so, did you believe this? If you did, why? If not, why not? Lucifer: Oh, I've heard a lot about you :) Not that much with substance. Just stupid name calling and you being a narc. I don't care. I don't listen to BS when it doesn't have proof. It is easy to dislike people you don't know. Hellraiser: N/A Q: What do you see is the main problem virus writers such as NuKE have with anti-virus programmers, educators, etc.? Lucifer: Their big mouths, thier complete disrespect for others. That's the problem I see. Bontchev seems very indifferent, but they still say bad stuff abut even him. He is not anti-virus. Anti-BS maybe! Hellraiser: I see the whole concept behind Nuke as a giant gimmick. They want everyone to think they are the bad-ass virus writers, so they must be the AVs sworn enemy. The thing that they do not realize is that by publicly fighting these AV people they are making them (the AV people) look better. They have to realize that the AV people are the ones making the money here. What is Nuke getting out of it? Fame? No I doubt that. If viruses writers wanted to really piss off AV people they would stop writing viruses. Nuke just plays the role, that's all. Q: What is your opinion of groups such as NuKE? Do you think they are ingaged in destructive behaviour, or do you feel they are posers? Lucifer: Read their source codes. Of course they are in it for malicious reasons. Besides, the more malicious they are, the more notorious they become. Would you please shine a little more light over here?? - just kidding. Hellraiser: N/A Q: Have you always felt the same way? If not, what changed your mind? Lucifer: Yes. Ever since I heard of a virus group called KNULL. That's Swedish for fuck. They had it stand for something (K for crack... etc.). They dried up after 2 virus outbreaks. Hellraiser: I have always felt the same way. Rabid on the other hand, were involved in destructive acts - I know this for a fact. Nuke are harmless. Q: How do you feel about the deliberate destruction of data? Lucifer: Stupid and foolish actions. Irresponsible. That isn't what hacking is all about. Hellraiser: Two years ago I would have laughed if you told me one of my creations wiped out a somebodies information. Today I am in a different frame of mind. Losing data is _not_ funny whether it's a companies payroll or Grandpa Smiths Windows directory. Nobody likes to lose data. Q: What is your philosophy on telephone phreaking? Lucifer: I recently changed my mind on that one. My friend got an $1,800 phone bill that he didn't make. I don't like that kind of phreaking. For blue boxing, I'm all for it. Hellraiser: I feel the glory days of phreaking were the only days of true phreak-dom. Using a toll fraud device back in the 60's or 70's was harmless. You were ripping Ma Bell off for a $3.00 call that in reality cost about three cents. Now-a-days it is a totally different story. Today phreaking is more of a white collar crime, than a harmless hippie prank. Businesses and everyday people are losing _big_ money on PBX and Calling Card fraud. A lot of "phreaks" of today do not realize that. Phreaks are dead, long live the phreaks! Q: Do you think most virus writers that you are acquainted with are intentionally destructive? Lucifer: Yes. Hellraiser: The ones that I know, do not do it to destroy. The only targets of destruction my contacts have targeted are warez boards, and this was a long time ago. The majority (large majority) of virus coders I know do it to show off what they know. I don't think to many of them realize that people will get hurt somewhere up the line if that new virus they wrote gets out. You always hear the excuse, "Well my virus does not wipe data", which is just that, an excuse. All viruses are destructive. All viruses corrupt files that people do not want tampered with. Even that cute little message, "V-MAN Has infected you system!", is in my eye, destructive. Q: Do you feel that viruses should be made available to anyone that wants them, with no respect to their motive, intent, or capability to handle them? Lucifer: No. Hellraiser: No I do not. But the reality is that they always will be available to anyone who wants them. It's kind of like drugs. Do you think passing a law to ban the availability of viruses will stop Vx boards? Pirated software is quite illegal, yet it seems every area code has six or seven warez boards. Even if a law was passed against virus exchange, the trade would not die. I doubt the feds would do anything about it after initial 'example' cases. One thing I learned is the feds could (not) careless about anything except monetary loss. How many warez boards get busted every year? Two? Plus the only warez boards that get busted are the ones that charge for membersship (Rusty and Eddies, etc.). In an ideal world, I would never want to see an irresponsible person handle a virus. But this is not an ideal world. ============================================================================== "In this last instalment of Sara Gordon's in-depth interview with the two legendary virus authors, she discusses with them the perception of the media with regard to virus writers and hackers - they disclose which virus writer has most influenced them and how" "A serious difficulty when it comes to understanding viruses, virus authors and the virus community is their inherent secrecy and paranoia. However, the anti-virus community does communicate although invariably via e:mail on the Internet. Sara Gordon has conducted a series of on-line interviews with two self-confessed virua tuhors, Lucifer Messiah and Hellraiser. A knee-jerk reaction to virus authors is that they should be "flogged", or suffer some other seriously unpleasant punishment. Simply talking to them is regarded by some elements of the anti-virus community as subversive. In this final part of Sara Gordon's interview, we learn more about virus writers and their community." ============================================================================== Q: What do you think of magazines like 40Hex and Crypt and Nuke Info-Journal? Can you compare the content of them and state how you view them with regard to the information presented? Lucifer: Sometimes the articles are very good. Other times they are trash. More often trash. Hellraiser: Being that I am the creator of 40Hex, I will just say that it is an informative magazine. The only thing that separates it from a legitimate publication is the fact that it has virus source in it. I have not read enough Crypt journals to make a honest assessment, however from what I did read it seems to be a close second if not tied with 40Hex as the pro-virus magazine top spot. As for Nuke Info-Journal, I think I have made it clear by now my opinion of Nuke. The magazine has not been stable enough in its views or format to make any other judgment than, it sucks. (Beavis & Butthead would agree, I'm sure). Seriously the Nuke Info-Journal as of late has been filled with so many garbage and 'filler' articles it is unfair to consider it a virus magazine. Q: Why do you use an alias? Where did you find your alias, i.e. how was it chosen? Lucifer: I already explained that one at the beginning [of this interview]. Hellraiser: An alias helps you hide who you are, obviously. Other than that it helps you forget who you are. "I am not John Smith, Comp. Sci. major - I am "The_WarMaster" smasher of lamers!" I got my handle from the movie Hellraiser and the novella The Hellbound Heart by Clive Barker. You may think it is just another horror movie, but it really does have its own myths and a large cult following. The 'heroes' of the story are beings who take pleasure in other peoples suffering. Kind of like virus authors, huh? Is there a connection? I will leave that up to you to decide. Q: How long have you written viruses? Which ones have you written? Lucifer: For about three and a half years now. I've written too many to list. Some were just deliberate hacks to show other people how easy that was. Others were fully my own, or the groups own. Others grought in new technologies. We have a few of those. Hellraiser: I have been writing viruses since mid-1991. For the record the only viruses that were released by me were; Skism-1, Captain Trips, Bad Brains, Marauder, and Shiny Happy - in that order. Q: Have you ever released a virus, intentionally or unintentionally? What was the result? Lucifer: Yes. The 'SBC/KS Test' virus really got around before it was got under control. I didn't relrease that intentionally. I gave it away to an idiot, who's initials are SBC, by the way. Hellraiser: I will not answer this question due to obvious reasons. Q: Have you ever conducted business with any anti-virus product developer? If so, what were the circumstances? How were you treated by him or her? Lucifer: Yes. Only virus trades, though. Most of them are European. Americans are too afraid. Hellraiser: This may not be business as you were thinking, but... I was on a conference call with John McAfee. We called him because at the time he had the number one anti-virus product out. John Markoff from Computerworld was also on the conference. Computerworld did an article about the conference. John was very nice towards us, yet we could see that he has two faces. He would talk openly to us when Markoff was not o, but he played the hard role when the tape was rolling. John introduced us to John Dvorak over the phone. Dvorak seemed like a pretty mellow guy. Yet he seemed more interested in graffiti than viruses. We also had a conference call with Ross Greenburg, creator of Flu-Shot. Honestly I am not sure if he knew we were virus authors. We just told him we would like to interview him for 40Hex magazine. Before I talked to him, I had the impression he was a fool, due to his comments in the documentation for Flu-Shot. To my surprise Ross was an OK guy. I got the impression he was a little sick of his career as a AV person. Q: Please define for me what you think 'research' is. Who is qualified to present themselves as a 'researcher'? Lucifer: Not many are researchers. PC Scavenger is real research. So is Bontchev and Dr. Solly. I don't believe McAfee is, otherwise he'd have a better program. SKISM are a research group. They research viruses to advance them. The Hell Pit is NOT a research BBS...they only trade. Hellraiser: Research, for a Vx BBS, is the same thing as calling a warez board a software rental outfit. It's just a safety precaution to stay out of trouble with the law. A virus researcher in the true sense is someone committed to stopping the spread of computer viruses, or at least someone making money off an AV product. I guess the only people qualified would be people with real (not vaporware, ahem Nuke) AV products in the works. Q: What is your opinion of the following people: John McAfee, Patti Hoffman, Fridrik Skulasson, Frans Veldman, Vesselin Bontchev, Eugene Kaspersky, Cliff Stoll, Rock Steady, Chris Peelter, Erik Bloodaxe, Time Lord, Dark Angel, Aristotle, John Buchanan, Mark Ludwig, Morton Swimmer, Hans Heubner, Eric Corley, Urnst Kouch, Peter Tippet? (Note: This question was asked to discern if the subjects would have any recognition of positive role models.) Lucifer: I just heard of Eugene Kaspersky today. No comment, I don't know him. I like Bontchev. I don't like McAfee because he lies too much. Rock Steady is a pre-pubescent shithead (you'll have to paraphrase that!), Dark Angel is the programmer from hell, his DASBOOT really boots! Aristotle is lame, Mark Ludwig wrote a book on viruses when he didn't know much about them. He's gotten much smarter these days. Urnst Kouch is cool, but he has a heavily inflated ego, Time Lord seems okay, but he is vapourware pro. Patti Hoffman, I like her. She found a really unique way to make money in this virus era. Frans Veldman is hard to talk to. Fridrik Skulasson is cool, especially since he is also Scandinavian. I never say bad things about Scandinavians. Erik Bloodaxe has a bad name in Toronto, who is he? Never saw him before. Solly is cool. I see him on the Internet often. Hellraiser: John McAfee - A man pushing obsolete technology. If john wasn't such a shrewd businessman, he would be out of business. His product was once useful, but with the amount of viruses out there today it is quite useless - as are all string scanners. Patii Hoffman - Sort of the Bill Clinton of the virus world. Her heart is in the right place, but she has no idea what she is doing. Fridrik Skulasson - A man who has chosen virus research as his career, and he feels has has to make the best of it. He has a good sense of humor, and he really knows how to piss off a virus coder. His product is very well done, although I prefer TBAV. I have a feeling that when the general public becomes enlightened to the power of heuristics, he will have a number one product. Frans Veldman - I do not know enough about him to make a judgement. I will not include people in this category from now on. Vesselin Bontchev - By reading this mans work I sense he is hiding something. Most likely his connection to the Dark Avenger. I believe this man is working with the Dark Avenger, if he is not the Dark Avenger himself. I have never used his products. I guess he is the John McAfee of Bulgaria. Cliff Stoll - A very energetic, if not psychotic man. I read his book and found it somewhat interesting. He is what I consider a 'good' hacker. If he wasn't so good, he would be hacking himself. I would like to sit down and have a talk with him someday. He's a real character. Rock Steady - A fool, plain and simple. See the earlier portions of this interview for some clues as to why I feel this way. Erik Bloodaxe - An old hack, who is living off his past. It's time to move on Erik! I don't know him personally, it's just the impression I get from people like him. Time Lord - A great guy and a good friend. He is one of the few good things that came out of my hacking ordeal. TL must get over his rebellious hacker mode if he wats to move on. He has been lucky so far - I learned luck does run out. Dark Angel - Again a great guy and a good friend. He is a very bright kid and I think as soon as he gets over writing viruses, he will make it big in whatever field he chooses. Aristotle/John B. - A strange, possible schizophrenic/highly manipulative man. I do not trust this guy. John has problems, obviously. First and foremost is that he never grew up. He is still living in the 'I am a menace to society, so watch your back' mode. I can't understand how a grown man, with a wife and kids can act like him. If john had half a brain I would consider him a potential threat. It is a good thing this is not the case. Eric Corley - I met him a few times. He is a true hacker, and will never stop hacking even if it does not involve physical hacking. He shares the same mind state I see in Phiber Optik, Ixom, and others. I can't relate with people like that. Q: What is your primary perception of the media as relates to hackers and virus writers? Why? Lucifer: Oh god, I could write a book. I am very unhappy about most of it. I do like the attention I get when people hear that I'm a hacker. They think I am a god or something. Hellraiser: The media uses hackers and viruses writers to sell papers, that's business. Hackers and viruses writers are always padded out as being some sort of deranged super-genius. They make the public think that hacking into systems takes an incredible skill. In reality and lamer with a UNIX book and a list of defaults can hack into 50 per cent of the systems he or she comes across. The media press on virus writers is always the same, a angry young man sits behind a terminal blasting death metal. Q: Are you aware of the new trend by some virus writers and some a-v people to recreate the myth of Dark Avenger? Do you know who the Dark Avenger is, i.e., not his real name of course, but what his history is? Lucifer: Yes. I know a lot about him. It is more of a myth than anything, because he wasn't anything much, same as Rabid. Lots of distribution, but that's all. Hellraiser: To be honest I know nothing about the Dark Avenger - which is one reason I find him so intriguing. I know nothing of this trend, nor his history. If you told me he was Vesselin Bontchev I would not be suprised. Q: What is your impression of the Dark Avenger's impact on virus writing in the past five years/ Lucifer: False. Plastic. Just another thing to cry about. The MtE was perfect to jolt everybody upright, though. Hellraiser: I have not heard much about him over the last year or so. He was all the rave when Bulgaria was the hot-spot for computer viruses. His smarts for viruses combined with his mysterious identity makes him the number one virus aithor in history. If you asked me two years ago what virus programmer I respected the most, I would say the Dark Avenger. Q: What virus writer has most influenced you at different stages of your virus writing life (can be more than one, more than one time in your life), and how has he or she influenced you? Lucifer: None. Hellriaser: Unknown origins. The only one that actually had any impact on me was Dark Angel. Dark Angel started out learning from me. We were in a friendly competition there for a while. In no time his skill surpassed me [and] he was teaching me. He is a great teacher, and willing to teach. He is the only person I allowed to influence me. Q: Do you think you will ever stop writing them? Lucifer: Yes Hellraiser: Yes, in fact I haven't coded a virus in over a year. I will never code a virus again. Q: Why would you stop writing viruses? What has happened to you, or to the virus writing scene in general, that makes you personally want to stop? Lucifer: I've slowed down considerably. The scene is boring, and I can think up only so many ideas that are my own. Hellraiser: Virus writing is a waste of creative energy. It limits the coder to one set area. On top of this I now realize it is wrong, and can cause people unwanted strife. The person I once was is quite dead, the only way I can move on is if he stays that way. ============================================================================== Conclusion: These young men are representative of the vast majority of virus writers and are, finally, ex-virus writers - they may be involved in shaping the future of computer. The turning away from virus writing is a virus positive trend, and one that will hopefully continue. In my opinion communication is one of the most important methods of dealing with the virus and security threats that we are facing today's global computer environments. A willingness to discuss issues and ideas is the first step we all have to take if we wish to shape Cyberspace, and enable it to become all that it has the potential to become.