####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 28 Release Date: February 27, 1988 TITLE: Viruses Threatening Era of Computer Freedom FROM: The Chicago Tribune DATE: February 21, 1988 By Christine Winter At George Washington University, students were complaining about data disappearing from their floppy disks. One day it was there; the next it wasn't. Computer programmers in the lab took one of the damaged disks and delved into the complex lines of computer code used to write the programs on it. Translated, the message read: "Welcome to the Dungeon... Beware of this VIRUS. Contact us for vaccination...." Included were two names, an address and three telephone numbers in Lahore, Pakistan. Six months ago, a half dozen small businesses in California started using an accounting software package they got free from an electronic bulletin board sponsored by a local computer store. Everything went smoothly until each of them hit a certain total in accounts receivable; at that point, all their hard disk drives mysteriously erased all their accounting records. In recent weeks in Silicon Valley, several employees at a small company reportedly had their video monitors catch fire while they worked at their PCs. Investigators speculate that the diskettes they were using contained buried commands that changed the cycle speed of certain video functions, causing the monitors to overheat and ignite. Behold the arrival of the computer virus- an electronic scourge that could have the same chilling effect on the free flow of data that AIDS has had on the sexual revolution. A computer virus is simply a small computer program. However, it is designed not to process words or crunch numbers, but to do some kind of damage: to delete data, alter information or destroy hardware. Viruses are written in a computer programming language, a type of code made up of numbers and symbols that gives instructions to the computer "behind the screen." What differentiates a computer virus from any other program, or even any other form of computer sabotage, is this: It gives instruction to attach itself to other, innocent programs and to reproduce itself. The average user would not see these extra characters or lines of programming code on the screen, or understand them if he did. Even a sophisticated programmer would have to go looking for a virus to find it. Another devious feature of a virus is that it is a time bomb. It is designed to do its dirty work later, when some data or even triggers it. A virus recently found at Hebrew University in Jerusalem, for example, was dles on the university's massive network, which included government and military installations, on May 13. It has been decoded and dismantled. Because of those delayed "logic bombs" that are built into most viruses, they are likely to spread among a given user group before they do anything to make their presence known. Today's trend toward connecting computers and sharing information over electronic bulletin boards make viruses more contagious. These electronic bulletin boards are forums where computer users can communicate and trade "public domain" or free software via telephone linkups to commercial public networks. One of the biggest threats to corporations comes from the trend to bring computer work home- where diskettes could be infected by programs that children bring home from school or get from bulletin boards. A virus spreads by burying itself deep within the computer's operating system, which is the set of instructions that tells the computer how to do specific housekeeping tasks. This system must run every time the computer is turned on. The virus then gives commands to make room for a copy of itself on every data diskette, or every program stored on the bard disk in the infected computer. Every time a new diskette is used to store data or copy a program, the virus goes along. When that diskette is introduced into a clean computer, it spreads the virus there too, and so on. Just like a common cold or the flu. "Let's face it, hackers have been breaking into government and university computers for years," said Peter Roll, vice president of information services at Northwestern University [see notes on the article]. "The concept that this is new with viruses is their ability to propagate." There seems to be no such thing as a harmless virus. The virus that hit George Washington University and at least four other East Coast schools is generally described as passive. It was apparently intended to do nothing more harmful than duplicating itself, said Michael Peckman, a programmer-analyst there. But it wreaked unintentional havoc by deleting or damaging data when it made room for itself on student diskettes. "The creator apparently intended just t have some fun, and look at the harm he did," he said. "We had people lose their theses." "The people who write these programs are not pranksters, they're vandals," said Denis Director, president of Evanston-based Director Technologies Inc. His Disk Defender is one of several security products, originally designed to prevent accidental data loss, that are being seen in a different light today. There are some who think the viruses have been overdramatized by the media. Phillip McKinney, a manager at OakBrook-based Thumbscan Inc., a security products company, said there are probably only seven or eight viruses in active circulation in this country. "There's never really been a documented case of industrial sabotage," he said. "This isn't something that is a serious threat to the average corporation on a yearly basiss." en, a University of Cincinnati professor of computer sceince, does not agree that the recent media hype has blown the problem out of proportion. The best known virus episodes have a lot of flash but not much substance, he said. The more successful a virus is, the less likely anyone is to know about it. Cohen, who is generally credited with develping the first computer virus as part of research on computer security for his doctoral thesis in 1983, suspects we are only seeing the tip of the phenomenon. There could be viruses at work in corporate America that may never be discovered, he said. these viruses are much more subtle, and dangerous than "the gross and vulgar ones" that give themselves away by destroying everything. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ The article went on and discussed such things as: - a virus at Lehigh University in Pennsylvania - the virus at IBM's electronic mail service - various programs to protect users against viruses - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Let's face it, hackers have been breaking into government and university computers for years," said Peter Roll, vice president of information services at Northwestern University- Northwestern's computers are at: - (312) 491-7110/3055/3469/3070 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - For more information on compuer viruses, see previous issues of TNS. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ The following series of busts was covered by the news in detail. Here it is from a newspaper article. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Taken from the TULSA WORLD, February 9,1988: Tulsa police and the U.S. Secret Service served search warrants on three Tulsa residents, including two juveniles, suspected of illegally obtaining long-distance access codes, officials said Monday (Feb. 8). The names of the suspects were not released and none were arrested, but criminal charges may be filed after further investitgation, said Tulsa detective Cpl. Ed Jackson. Officials confiscated the computer equipment of the two juveniles, Jackson said. A 17-page list of what is suspected to be MCI Telecommunicatons Corp. access codes was confiscated from the third suspect, he said. A search warrent filed Friday stated the list was in the possession of Shane Gozlou at O.K. Motors, 2901 E. 11th St. Authorities aren't quite sure the list is of access codes yet, since it is written in a Middle Eastern language. After the list is translated with the help of University of Tulsa language experts, it will be sent to MCI officials to determine if the numbers are access codes, Jackson said. The investigation began in January after MCI noticed outside computers were attempting to infiltrate the Tulsa MCI computer to obtain access codes, Jackson said. The warrant states police tdes to O.K. Motors by tracing calls to MCI telephone lines with the help of Southwestern Bell personnel. Computer hackers use illegally obtained access codes to contact computers across the nation without having to pay for the long-distance telephone usage, Jackson said. Computer hacking is a growing problem, officials said. Long- distance telephone companies lose about $500 million annually because of illegally used access codes, said Jerry Slaughter, senior investigator with MCI. The loss incurred because of the three suspected Tulsa hackers has not yet been determined, he said. Most computer hackers are juveniles who are very bright, but usually make below average grades in school, Jackson said. "They're bored with their homework, so they spend all their time on their computer at home," he said. They attempt to obtain access codes because "their parents might get a little upset when they find out they have a $2,000 phone bill," Jackson said. The two Tulsa teens had compiled some unusual information on computer disk, he said. Found in one teen's computer were recipes for Napalm and a Molotov cocktail, he said. Also found during the searches were several credit card numbers, including one to a credit card reported stolen in Tulsa, he said. One of the teens had made 1,650 attempts via computer in a 12-hour period to obtain more access codes, Jackson said. He obtained five working codes. None of the suspected computer hackers knew each other, Jackson said, although two had communicated via computer, using "handles," like citizen's band radio operators. Suspects can face federal charges if caught with 15 or more access codes or one illegal code used to spend more than $1,000, Jackson said. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ .........and another three bite the dust. This is a fairly typical bust. I've seen it played over a hundred times. Now for some things on the article: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Tulsa police and the U.S. Secret Service"- The USSS (United States Secret Service) are usually involved in these busts in some way... as in this case. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "A 17-page list of what is suspected to be MCI Telecommunicatons Corp. access codes was confiscated from the third suspect"- Seventeen pages is quite a long list. I've heard of people having such lists from constant scanning in the past. I've even heard of people having Sprint "bibles" of codes. This isn't very helpful since there is evidence of all the old codes that have been used. It's not wise to have evidence of every code that you every abused. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "The investigation began in January after MCI noticed outside computers were attempting to infiltrate the Tulsa MCI computer"- Again, I've seen this happen over and over again notices that someone has been dialing them over and over again and traces tha call. The time when most scanning is detected is after midnight.. when there usually aren't as many calls.. and suddenly there is one every minute. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Found in one teen's computer were recipes for Napalm and a Molotov cocktail"- Most hackers (even r0dents) have a few g-files on bombs and such. These files have been going around for about four years and are still popular. Most likely, the files that were confiscated were sections from "The Poor Man's James Bond" or maybe an old g-file from Grey Wolf. It's more likely that it is from "The Poor Man's James Bond" because I remember the files and it contained both napalm and molatov cocktails. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Also found during the searches were several credit card numbers"- This probably came from a buffered message containing cards from either a card-scan or some trashing. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TNS Quick/\/otes: ----------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mafia Dude and the rest of TAU has been proceeding with "Operation NightScan". NightScan is a wardialing/scanning operation. Most of it is going on in the 202 NPA (Washington, DC). The results of all this scanning will come out in the form of a g-file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Some other things on Mafia Dude: Currently, all his mail is being scanned by his parents. All his news is coming in from the modem world. Also, Bellcore Systems might be going back up. All of this is uncertain. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Prime Anarchist was arrested for a protest at a CIA recruiting office. They were given three warnings and then arrested. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A company called Mutual Telecommunications Network is just a scam that people should stay away from. It also goes by the name of MTN Communications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - End of the QuickNotes! $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Board List ---------- The following is a list of bulletin boards around the country. The ones with a "*" next to them is where you can find the TNS files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Digital Logic's Data Service.......(305) 395-6906 Sysop: Digital Logic Others There: The Ronz, Lex Luthor Baud: 300/1200 Notes: A Homebase for the LOD/H Technical Journal, phreak/hack, etc. All of the LOD/H TJ files availiable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Pirate-80 Information Systems.....(304) 744-2253 Sysop: Scan Man Baud: 300/1200 Notes: one of the oldest phreak/hack boards around - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Ripco International...............(312) 528-5020 Sysop: Dr. Ripco Baud: 1200/2400 Notes: 96 megs of storage - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pirate Communications..............(206) 362-4008 Sysop: Black Manta Baud: 300/1200 Notes: basic phreak/hack - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Executive Inn.....................(915) 581-5145 Sysop: Argos Co-Sysops: many Baud: 300/1200/2400 Notes: Many different sub-boards - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Works..........................(914) 238-8195 Sysop: Unknown Notes: None - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Forgotten Realm....................(618) 943-2399 Sysop: Crimson Death Co-Sysops: Phrozen Ghost & Epsion Baud: 300/1200/2400 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chaos Shoppe.......................(914) 478-0838 Sysop: Who knows - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Phreak Klass Room 2600.............(806) 799-0016 Sysop: The Egyptian Lover (TEL) Co-sysop: Carrier Culprit Baud: 300 Notes: A bbs for phreak/hack -ducation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Celestrial Woodlands...............(713) 580-8213 Sysop: The Ranger Baud: 300/1200/2400 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Inner Sanctum......................(914) 683-6926 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OSUNY..............................(914) 725-4060 Sysop: Tom Roberts (whatever) Baud: 1200 Notes: OSUNY= Ohio Scientific Users of New York - a very old phreak/hack bbs ... mentioned in Newsweek a lot - homebase for 2600 magazine - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$