[ISN] In virus arrest, a glimpse of a shadowy bunch

From: mea culpa (jerichoat_private)
Date: Mon Apr 05 1999 - 16:07:00 PDT

  • Next message: mea culpa: "[ISN] Mitnick speaks! A rare Q & A with Kevin Mitnick"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.990405170606.29557Eat_private>
    In virus arrest, a glimpse of a shadowy bunch 
    Across the country, young men are found sharing recipes for inflicting mayhem
    on computers. 
    By David Cho
    David L. Smith has been arrested and identified by investigators as the
    man who unleashed Melissa on the computer world, but finding the virus'
    original creators -- members of a society of young hackers cloaked behind
    aliases and trails of code -- will be substantially harder. These hackers
    are likely to be the source, computer experts say, of future, and perhaps
    more dangerous, viruses.
    And it is these virus creators -- some as young as 14 -- that the FBI is
    now pursuing in investigations spanning the country. One member of the
    virus-making community, through his Web site, provided Smith with the
    necessary information to create and distribute his virus, authorities
    The FBI confirmed that it is still investigating the Melissa virus case.
    It is following leads based on information gathered from small Internet
    companies in Florida and Tennessee, according to officials at those
    companies. Considered unwitting hosts to Web sites that contained recipes
    for viruses, the companies are not implicated in creating or spreading the
    viruses, authorities said. 
    Smith, of Aberdeen, N.J., was arrested Thursday night. He was charged with
    releasing the virus, which affected the e-mail accounts of at least
    100,000 computers in its first five days. America Online technicians, in
    cooperation with federal agents, tracked Smith to his Monmouth County
    Through his lawyer, Smith, 30, a freelance programmer, denied any
    wrongdoing.  He was released on $100,000 bail.
    "The computer world is a world where people do things, experimental
    things, just about every day," said Smith's lawyer, Steven Altman.
    "Nothing he did, or intended to do, had a premeditated or wrongful
    Altman described his client as "very upset, scared and nervous. This has
    been a horrible ordeal."
    Even while refusing to release Smith's computer pseudonym, authorities
    said he was not the man behind the pseudonym, VicodinES, who is believed
    to have created the virus that Melissa was based on. VicodinES, taken from
    the name of a narcotic painkiller, frequently appears in online chat rooms
    of the virus-writing community, which calls itself the Virus Exchange.
    The problem with catching virus makers is that they work in a clandestine
    corner of cyberspace, making them difficult to track in the real world.
    They do not trust outsiders to enter into their chat rooms and almost
    never reveal their true identities. They keep their chat rooms closed
    through several techniques, by hiding behind codes or by unleashing
    miniviruses that will shut out unwanted guests.
    One man who has the trust of virus-writing circles is B.K. Delong, a Web
    consultant based in Boston. From listening to online discussions, Delong
    said the Smith arrest had thrown the virus-making community into chaos.
    Closed-door meetings were held in online chat rooms that even Delong was
    not privy to.
    The Virus Exchange, Delong said, basically has two kinds of people --
    those who simply enjoy creating and exchanging virus programs as a
    demonstration of their skills, and those who steal viruses and release
    them into the general population.
    Smith's arrest exacerbated that divide, Delong said. Some "spreaders" were
    so upset that they threatened to release viruses "that could pretty much
    destroy anything on your computer," Delong said. Melissa was relatively
    benign, they said, compared to the havoc they can wreak. 
    The "good" side of the community, though, is trying to redeem its
    reputation, Delong said. In an unusual collective statement, members of
    the Virus Exchange community said that Smith might have created Melissa,
    but he alone could not have been responsible for its rapid spread.
    "The media and investigative authorities should not be so quick to condemn
    the author of the Melissa bug," the statement said. "Instead they should
    be more interested in the person who released the bug which caused the
    spread of the virus. VicodinES has initially been blamed for the creation
    and spread of the Melissa Virus when in fact, he was not at fault."
    Delong added that no one in the community knows for sure whether Smith is
    VicodinES. "It's really hard to tell. He may not be known in the
    community, but then again he may be very well known in it," he said. "It
    all depends on when we figure out his nickname." 
    For investigators, breaking open the Melissa case had the effect of
    bringing at least one hacker -- an unidentified man in his 20s who lives
    near Kingsport, Tenn. -- to the attention of the FBI. Two months ago, that
    man asked a young local Internet company called Global Connection to host
    a Web site for him.
    Dennis Halsey, the CEO and vice president of Global Connection, said he
    did not think anything of the request at the time. In fact, Halsey did not
    require any formal application and never checked to see what the Web site
    was. Neither Halsey nor the FBI would release the man's name.
    The site turned out to be Codebreakers.org -- one of the main places that
    virus creators use to trade code. "We never imagined it to be something
    this big, believe me," said Halsey, who described the man as a computer
    Halsey, who is not implicated in the case, said he knew the man only
    because "it's a small town and everybody sort of knows each other." But
    Halsey thought it was inconceivable that such a young man could be the
    infamous VicodinES or another prominent virus maker. "I'm sure that he is
    not the one who wrote the virus," Halsey said. "I mean, this is a
    multinational organization, there are members everywhere. How could this
    young kid be involved?"
    Cary Nachenberg, the chief researcher at the Symantec antivirus research
    center in Cupertino, Calif., said virus-writing societies, such as
    Codebreakers and VLAD, often drew young men from the most unexpected
    "Typically they are all male, teens to mid-20s, computer literate and too
    much time on their hands," Nachenberg said. "But the good thing is as they
    grow up and find something else to do, they usually stop writing viruses."
    About the same time investigators were questioning Halsey in Tennessee, an
    FBI team in Orlando, Fla., was confiscating a computer server that
    supported SourceofKaos, a Web site authored by VicodinES.
    Investigators have said that Smith downloaded a virus from that site and
    then added his own touch to create Melissa. The server was operated by
    Roger Sibert, who rented it from a small Internet company called Access
    Sibert, whose server was dedicated to freedom of speech and anti-Microsoft
    issues, does not know who VicodinES is, but said he had exchanged e-mail
    messages a couple of times. Sibert added that he was cooperating with
    Meanwhile, Alan McGinn, the president of Access Orlando, said the server
    computer was in the hands of federal agents who believed it had telling
    clues to the origins of SourceofKaos and the identity of the enigmatic
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:54 PDT