Ask George Smith e-mail: webmaster at dick destiny
Etc.
And so you haven’t sent it around because of the name and no one wants to really know about the nastier issues in writing viruses, anyway, because it’s so boring. It’s against Iran, too, and they deserve it. Better than bombing them.
Laundered and sanitized at GlobalSecurity so everyone will think you’re OK and your boss won’t get nervous when he spies on it.
Permalink Comments off
North Carolina GOP heevahavas haved passed law essentially declaring global warming isn’t happening because they say so. What else could we get them to pass because science needs debunking?
How ’bout bringing back the flatness of the world? Did you know it’s a scientific conspiracy to deny the Earth is the center of solar system too? We should also reinvigorate alchemy so people can be free to believe, if they just find the right stone, they will be able to transmute lead into gold. That will fix the economy.
Next, they could rule that dinosaurs lived with people thus clearing the way to make The Flintstones instruction material for high school biology. That will chase off the Darwinian vermin.
From the wire:
With hardly any debate, the state Senate on Tuesday nixed global warming restrictions on the state’s coast.
Lawmakers passed a bill that restricts local planning agencies’ abilities to use climate change science to predict sea-level rise in 20 coastal counties. The bill’s supporters said that relying on climate change forecasts would stifle economic development and depress property values in eastern North Carolina.
The bill has sparked outrage in some circles … Despite the controversy, it has repeatedly cleared every hurdle in the GOP-led legislature. In the Senate on Tuesday, the only comments were a few brief remarks in favor of the measure as a victory of common sense over alarmist research.
Two Southern states have made it clear they want nothing to do with the idea of global warming.
A day after the North Carolina state senate passed a bill requiring science on rising sea levels to be ignored, Virginia lawmakers allowed a study on its coastline to begin on the state’s dime only after all references to climate change or global warming were removed from its funding proposal.
Looking to address flooding and encroaching sea water on the coast, Virginia lawmakers recommended a scientific study on the problem. When state Sen. Ralph Northam pushed the study through the legislature in February, he met resistance from Republicans who didn’t want any reference to “sea level rise” or “climate change” in its language.
“(State Rep. Chris Stolle) said ‘This isn’t going to work with “sea level rise” in there, it’s not going to go anywhere if we don’t change it’,” says Northam.
Stolle told The Virginian-Pilot those were “left wing-terms” …
And why is the Democratic Party having its convention in North Carolina? What platoon of fools think this state is going for the president in November?
Foreign readers and Americans who are not nuts will note, once again, that your country can’t say it’s a leader in anything except the quality of obstinate homegrown stupidity when half its political leadership is an enemy to science.
It also looks like there’s a disconnection of the scientific community. It knows the Republican Party is insane from top to bottom, that the insanity is contagious and that there is nothing to be done.
So they have gone silent. Which seems sensible. After all, what is actually to be done when newspapers report this as matter of fact, and all one can expect is language like “the bill has sparked outrage in some circles … “?
Go to Hell leftist commie scientists.
For those about to rock against the global warming hoaxing, we salute you!
Permalink Comments off
It had to happen. Hamburger and steak are moving toward being only for swells. And why not?
If the cattleman can lift prices, capitalize on shortage, and sell to countries like China where the government will help pay a higher price for it, it’s the free hand of the market, right?
The U.S. cattle herd has shrunk to the smallest since three years before Ray Kroc opened his first McDonald’s Corp. (MCD) hamburger stand, reducing supply and raising prices even as domestic demand sinks to a two-decade low.
Beef output in the U.S., the biggest producer, will drop for a third year in 2013 after drought destroyed pastures, forcing farmers to cull herds to the smallest since 1952, government data show …
Record beef prices predicted for this year by the Livestock Marketing Information Center, a 57-year-old research group based in Denver, may mean higher costs for retailers and restaurants …
Smaller breeding herds mean that calf production in the U.S. has declined for 16 straight years to the lowest since 1950, the University of Missouri’s Plain said. That could mean the highest prices ever, said Plain, who has studied the industry for three decades …
U.S. beef consumption is forecast by the USDA at 11.359 million tons, the lowest since 1993, partly as people eat more pork …
And why am I, and we, eating more pork? Because it’s cheaper and the 99 percent took a 40 percent hit on its capitalization, starting in 2007.
Forty six million people also know food stamps go farther when beef’s not on the menu.
The logic of stomping on the poor and the one-paycheck-away-from-being-broke class until they have even less money is inescapable.
You get to sell less and less stuff to people who can’t afford it, shrink your resources, hire less help, push up your prices for the 1 percent, sell less and less stuff to people who can’t afford it, shrink your resources, hire less help, push up your prices for a smaller number …
I hear there’s real market potential in ketchup and molasses over shredded recycled cellulose.
Permalink Comments off
From a review of a show in Peoria:
Before the show, Nugent was backstage with a cane, on the mend after knee surgery.
It sucks getting old. And few suck more at it than Nugent.
From his weekly column at the WaTimes:
The president is a radically racial polarizing person. As I recall, he was supposed to be the great uniter when instead he has been the worst racial divider ever in the White House.
I don’t believe in government redistribution of citizen’s earnings. Like Mao, the president does, as he told Joe the Plumber. I believe in wealth creation through individual hard work and sacrifice, and that government should simply stay out of the way of job-creating, entrepreneurial free-market addicts. The president believes just the opposite. His class warfare tactics are anti-free market, anti-success and anti-American … Welfare advocates Richard Cloward and Frances Fox Piven taught you well, Mr. President.
Ted Nugent watches Glenn Beck. Like the rest of the Tea Party, it’s only reason he knows the name of an old lady, Frances Fox Piven, who Beck regularly demonized on Fox News for an article she wrote with her husband, now dead, when Nugent was about 18 and playing “Journey to the Center of the Mind” in the Amboy Dukes.
Beck regularly cast her as a person with a plan to collapse the economy of the United States and the perversity of that is well-described here at an article in the New York Times.
From the Times:
Her name has become a kind of shorthand for “enemy??? on Mr. Beck’s Fox News Channel program, which is watched by more than 2 million people, and on one of his Web sites, The Blaze. This week, Mr. Beck suggested on television that she was an enemy of the Constitution.
Never mind that Ms. Piven’s radical plan to help poor people was published 45 years ago, when Mr. Beck was a toddler …
Two years ago, from a Nugent column, on how he’s been menaced by the alleged plots of an old lady:
[I] previously have been the target of [the Democratic Party’s] vicious personal lying attacks and smear campaigns straight out of the playbook of Richard Andrew Cloward, Frances Fox Piven and Saul Alinsky.
So, once again, for those who think I’m too mean and unfair …
Permalink Comments off
On the “Rock of Ages” movie, from the Chicago Tribune, excerpted:
Oh, that something Satanic might actually have crawled into “Rock of Ages” at some point. When Tipper Gore formed the Parents Music Resource Center, she wasn’t gunning for Quarterflash and REO Speedwagon, just two of the whitebread bands whose songs are featured here. It’s akin to making a movie about people trying to suppress gangsta rap, and then filling the soundtrack with cuts by PM Dawn and DJ Jazzy Jeff and the Fresh Prince.
Whether you have fond memories of songs like “I Want to Know What Love Is” and “Every Rose Has Its Thorn” or you’re inclined to change stations when they pop up on the radio, the karaoke versions offered up by “Rock of Ages” are ear-punishers.
It’s a movie that passes off mainstream pop as being somehow dangerous, reaching its crescendo at the end when, after rejecting a New Kids-ish boy band, “Rock of Ages” delivers its thunderous climax with Journey’s “Don’t Stop Believin’,” a song that’s been so castrated by pop culture that it’s a grade-school sing-along.
This is what the reviewer means …
Saw Journey perform it. The band was never much of an example of testosterone in stadium rock but even they couldn’t have imagined how Glee would amplify its sissy quality for the sake of stirring nerds into a frenzy of panty-wetting.
Can you tell which of these Broadway renditions is the most wuss? It’s hard.
You can count there being no end to the hypocrisy of the US national security complex, “the self-licking ice cream cone.”
It looks in the mirror, sees its own menacing face, grins and runs screaming that it’s seen someone else preparing to attack.
So now we have the news of the US virus war program being used to justify the argument that others, Iran included, are readying cyberattacks on us. Digital 9/11s.
It takes a special kind of low and shady character to do this so smoothly. And a special lousy mainstream press not to point it out.
The revelation that the United States used a computer virus to damage Iranian nuclear facilities has added urgency to a push in Congress for cybersecurity legislation.
Top administration officials, such as National Security Agency Director Keith Alexander and Homeland Security Secretary Janet Napolitano, have long argued that the nation is at risk of suffering a devastating cyber attack …
Paul Wolfowitz, a former Deputy Secretary of Defense under President Bush, said he hopes the news of the attack would “put some added urgency” on Congress to pass cybersecurity legislation.
“Maybe it will raise awareness,” Wolfowitz said. “I hope we don’t have to wait for the cyber-equivalent of 9/11 before people realize that we’re vulnerable …”
“I hope the urgency with which we must treat cybersecurity issues is becoming clear to policymakers,” Rep. Jim Langevin (D-R.I.) said. “Putting aside the anonymous sources in that story, we know that foreign adversaries are developing capabilities to harm us and our interests in cyberspace. We must be proactive in strengthening our cyber defenses now, before a major attack, and this requires comprehensive cybersecurity legislation.”
Yes, it takes mucho gall to twist the American virus war against Iran around until it’s a convenience for claims that others are about to launch “devastating” attacks and that we should immediately beef up cybersecurity.
It’s so rotten to the core the eyes water just scanning it.
As for Paul Wolfowitz, he’s certainly a man for the job. Everyone will remember (although the Hill chooses not to recover the ground) he was one of the disgraced architects of the pre-emptive war to find the non-existent WMDs in Iraq. His name, as it turns out, is not to difficult to find associated with the praiseworthy description — “war criminal” — through Google.
“He is a bad man,” said one e-mail to yours truly today.
Further:
[Adam Segal], a fellow at the Council on Foreign Relations, said the attack may actually undermine the moral authority of the U.S. government.
“If the U.S. is trying to get the owners of critical infrastructure to agree to certain standards for security, and it turns out we’re creating the malware to attack it, it becomes slightly more difficult,” he said.
Slightly more difficult is a bit of an understatement. The situation is untenable and I’ll explain why.
Our national malware writers have created an environment where the
objective is to discover and keep secret security vulnerabilities so that they may be exploited in ongoing and future attacks. This is anathema to the international computer security model which spends considerable time and money researching and finding holes so they can be patched.
You can’t have both operations existing side by side. It’s indefensible and a conflict of interest. However, arms manufacturing companies have no problems with such things. They will only be too happy to provide defense and offense at the same time, with one operation discovering flaws and keeping them secret and another operation, allegedly, doing the opposite.
But, internationally, how can you trust such a business? You can’t.
The anti-virus companies know this. So do most computer security companies, I would think. In fact, at the beginning of the a-v industry, and I’ve written about this, there was always a suspicion among a hard core of conspiracy minded people that the anti-virus industry wrote viruses to help grease its business. It did not although one minor company did hire the hacker who wrote the virus that knocked the US Secret Service’s network off-line in 1993 to write cures for his viruses.
And I’ll get to this, as an addendum, in a little bit.
This defines the problem with writing viruses for the military.
The US academy has been charged with training people in computer security and it is these programs which will furnish graduating students, some of whom may be hired by arms manufacturers/contractors to write malware. In fact, they have probably already trained people presently working in the US virus war program.
In such cases the computer security academics will be put in the same hard position as anti-virus companies. Some of them will know they have readied people who are producing state-sponsored malware.
Maybe some will be OK with it. But some will find it ethically troubling just as many scientists don’t want money from DARPA because they believe it will largely result in things that make the world a worse place.
In other words, the US has created an untenable situation for itself. It has cultivated a poison tree and wants everyone else to trust the fruit.
Once again, we are shamed by the national security infrastructure and our leadership for reasons of short term, short-sighted, often just plain venal business gain.
This is hardly new. Unfortunately it’s been the on the record of standard behavior for the last dozen years, at least.
And now to addendum from The Virus Creations Labs.
After Priest wrote a virus that knocked the US Secret Service’s network off-line in 1992 he was hired by a minor anti-virus firm.
Here it is, excerpted.
Programming the Satan Bug computer virus in 1992 had turned out to be richly rewarding for Priest. Not only had it made him immediately recognized in the computer underground, he was also feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.
But the most interesting fallout from the Secret Service visit was a job offer from a small anti-virus company called Norman Data Defense Systems, said Priest. A director at the company wanted the virus programmer to come to work for them, starting in the summer of 1994, after the hacker finished high school.
Priest said they were interested in his opinion about the use of virus code in anti-virus software. Such code wasn’t copyrighted, so it was fair game.
Priest thought this was a bad idea. Too much virus code, in his opinion, was crappy anyway, so why would anyone want to use it? But Priest said he would think about the job offer.
By May 1994, a different Priest virus called Natas — that’s Satan spelled backwards, haw-haw — had cropped up in Mexico City, where, according to one anti-virus software developer, it had been spread by a consultant providing anti-virus software services. Through ignorance and incompetence, the consultant had gotten Natas attached to a copy of the anti-virus software he was using, sort of like some scrap of dog dirt you have neglected to scrape from your shoe.
However, like most of Priest’s viruses, Natas was a bit more than most software could handle. The software detected Natas in programs but not on itself or another critical area of the machine where the virus also took up shop. The result was tragicomic.
The consultant would search computers for viruses.
The software would find Natas!
Golly, the consultant would think, “Natas is here! I better check other computers, too.”
And so, the consultant would take his Natas-infected software to other computers where, quite naturally, it would also detect Natas as it spread it around and could not remove it fully from new, formerly uninfected computers!
Natas had come to Mexico from Southern California. The consultant frequented a computer underground bulletin board system in Santa Clarita which stocked Natas. He had downloaded the virus, perhaps not fully understood what he was dealing with, and a month or so later uploaded a desperate plea for help with Priest’s out-of-control program. You could tell from the date on the electronic cry for help — May 1994 — when Natas began being a real problem for him in Mexico.
Back in San Diego, Priest was still being interviewed on the telephone by people from Norman anti-virus. They were concerned that Priest might leak proprietary secrets to competitors after hiring so it was a must he be absolutely sure of the seriousness of his potential employment.
By the end of the interview, Priest thought he didn’t have much of a chance at the job, but by July he’d accepted an offer and moved to Fairfax to begin working for them. Paradoxically, this was the same company that had removed Priest’s Satan Bug virus from the US Secret Service’s crippled network.
But what was Priest working on at the anti-virus company?
“A cure for Natas,” he laughed softly one afternoon in late July, 1994, in telephone interview from the company office. Looking over the virus once more, Priest sardonically concluded that his disinfector made it clear the hacker had made Natas a little too easy to remove from infected systems.
By the end of the summer things were ending badly. Another manager at the anti-virus company, unsurprisingly, didn’t like the idea of the hacker working for the company, Priest said. And when management representatives arrived from the parent corporation in Norway on an inspection tour and were appraised of Priest’s status at a meeting, the hacker heard, they were also not warmed upon learning a virus writer was on staff. Officially, said Priest, there was no reaction, but in reality, the hacker felt, the atmosphere was deeply strained.
Jack Lewis, one of the Secret Service agents who had interviewed the hacker after learning he was the author of the virus that had knocked over the agency’s network, had contacted the anti-virus company to set up a luncheon date with the hacker to discuss more technical issues, Priest said.
However, the luncheon eventually fell through. The Secret Service, said Priest, thought it might be construed as a conflict of interest. Unknown to him at the time, the agency had also started spying on his comings-and-goings in Fairfax.
The entire business relationship of a famous virus writer at an anti-virus company proved totally unworkable. Paranoia escalated, trust was impossible. Priest was a hot potato. He was eventually let go.
Permalink Comments off
After 20 years of national leaders and various experts making hay and fortunes on warning about others gathering to attack the US with cyberwar, what’s the sound when the US is exposed as the now most famous virus-writing machine for attacking others? Crickets.
Well, that’s only a small bit of it.
There’s still no shortage of politicians and arms developers/national security company profiteers going before Congress to warn of the deadly cyberthreat to the nation.
You can smell the stench of their hypocrisy everywhere. It is impossible to shame them although Kaspersky’s public dissection of the Flame virus appears to have caused its US handlers to pull the plug on it. But for how long?
A sampling from the Cyberwarhawks tab at Cryptome:
“We are being attacked in cyberspace now and we need to respond now. Our enemies would enthusiastically welcome to further postpone this bill in favor of more ‘process.’ — Sens. Lieberman, Collins, Rockefeller and Feinstein.
“We have spoken a number of times in recent months on the cyberthreat … that it is imminent and represents one of the most serious challenges to our national security since the onset of the nuclear age sixty years ago … We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time. We do not want to be in the same position when cyber-9/11 hits — it is not a question of whether this will happen, it is a question of when … — Michael Chertoff, Michael McConnell, Paul Wolfowitz, Michael Hayden.
[Readers will note the presence of McConnell, well known for ginning up fear of cyberwar for the benefit of the cyberdefense business he fronts at Booz Allen Hamilton as well as Paul Wolfowitz, one of the famous architects of the Iraq War disaster.]
As a leading cybersecurity provider of the federal government we recognize that cyber attacks one of the greatest threats to our national and economic security … — Northrop Grumman, arms manufacturer
The U.S. military is placing too much emphasis on defense against cyber attacks when it should be developing offensive cyber capabilities, according to Sen. John McCain.
“???I am very concerned that our strategy is too reliant on defensive measures in cyber space, and believe we need to develop the capability to go on the offense as well,??? Sen. McCain wrote in remarks appended to the Senate Armed Services Committee report on the FY 2013 defense authorization bill.
“I believe that cyber warfare will be the key battlefield of the 21st century, and I am concerned about our ability to fight and win in this new domain.”
To describe the McCain statement as without clue in light of current events probably doesn’t quite do it enough justice.
Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.
For many years I have seen comment from F-Secure’s Mikko Hypponen in press articles and analyses on the worldwide virus problem.
Not at all prone to exaggeration, Hypponen has always tried to be scrupulously accurate.
For the New York Times, Hypponen had this to say about US virus war:
If somebody would have told me five years ago that by 2012 it would be commonplace for countries to launch cyberattacks against each other, I would not have believed it. If somebody would have told me that a Western government would be using cybersabotage to attack the nuclear program of another government, I would have thought that’s a Hollywood movie plot. Yet, that’s exactly what’s happening, for real.
Cyberattacks have several advantages over traditional espionage or sabotage. Cyber attacks are effective, cheap and deniable. This is why governments like them …
By launching Stuxnet, American officials opened Pandora’s box. They will most likely end up regretting this decision.
Hypponen notes the coincidence of American Stuxnet operation revealed by the Times just days ahead of the Kaspersky analysis linking Flame to it.
To reiterate, this shows the US national security structure has been devoting significant time to the development of cyberweapons while hypocritically warning about the the threat to this country from other cyber-attackers — often for its own benefit, part of what the insiders call “the self-licking ice cream cone.” It uses the arms contractors/war profiteers interested in expanding their cybersecurity business operations.
On the 4th the New York Times, in one of many pieces of Flame, focused on describing the Kaspersky Labs anti-virus business, mostly concerned with the fact that it is Russian and therefore allegedly untrusted by US companies and defense contractors. Left unsaid is that many US defense contractors want the dollars for cyberdefense all for themselves and that home users, for many many years, have had no doubts at all about Kaspersky Anti-virus.
Sean Sullivan, from F-Secure, said: “[Flame is] interesting and complex, but not sleek and stealthy. It could be the work of a military contractor — Northrop Grumman, Lockheed Martin, Raytheon and other contractors are developing programs like these for different intelligence services. To call it a cyberweapon says more about Kaspersky’s cold war mentality than anything else. It has to be taken with a grain of salt.”
[Another anti-virus vendor, the minor Webroot, commented it had isolated Flame virus in 2007 but considered it “unsophisticated.” This type of argument on the features of virus code — whether it’s technically spectacular or not — has been in the anti-virus industry since its inception. Which readers will eventually see as I continue to serialize The Virus Creation Labs online.]
“Antivirus companies are in a not easy situation,” Mr. Kaspersky said. “We have to protect our customers everywhere in the world. On the other hand, we understand there are quite serious powers behind these viruses.”
Even though finding viruses first is usually a boon for antivirus companies, cracking Flame, Mr. Kaspersky said, might hurt his business in one regard. “For the next five years, we can forget about government contracts in the United States.”
From me, GlobalSecurity.Org on June 1:
An anti-virus company may depend a great deal on government contracts. So what to do, what to do, when malware inevitably crawls into non-target computers in non-designated-enemy nations and your analysts and coders have a good idea of who’s behind it?
You develop an antidote and distribute it to everyone. But do you spill the beans? You have a conflict of interest, moral and ethical hazard. Doing the right thing might cost business.
Or if you’re a security company not in the US does it matter at all? You know who’s behind the attacks and you have a nice story to tell based on your pulling apart viruses. Lots of people might want to hear it.
While anti-virus software developers and others are still talking about the difficulty of attribution in virus attacks, there will come a time — just as there has in the past with regards to a handful of other famous virus writers — when they find out who, specifically, is behind the code from a national program. Everyone slips up sooner or later and someone in the international or domestic anti-virus business will have a name, or names. When they get them they should immediately publicize the information.
Permalink Comments off
Putting viruses on the computers of others is a criminal act whether or not those who own the infected computers are popular or unpopular.
Always been this way, always will be. Eugene Kaspersky and the anti-virus industry know this well. Globally, they should triple and quadruple their efforts to expose cyberwar operations. It could be very good for the image and will make for interesting stories. Meting out embarrassment and odium where it is deserved is appropriate.
It might also eventually serve to deter lousy decision-making at the top in the United States. Or at least make it more risk averse. At any rate, it couldn’t hurt.
Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects.
Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame …
Our analysis suggest several important conclusions, which we summarize below:
By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure.
The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.
The module was removed from Stuxnet in 2010 due to the addition of a new method of propagation …
The Flame module in Stuxnet exploited a vulnerability which was unknown at the time …
After 2009, the evolution of the Flame platform continued independently from Stuxnet …
In case you’ve missed the import of it, Kaspersky Labs is rather quickly unraveling key details of the engineering used in the US computer virus warfare program.
And that shows the program has been developing viruses for some time. That cat is now well out of the bag, as I wrote two weeks ago here.
One bit:
Will the worldwide computer security industry work to expose and defeat, say, US cyberwar operations even more vigorously just as it pursues botnets and the work of cybercriminals? Will they now begin to spill the beans when the trail leads right back to a western government office?
Kaspersky Labs is doing all the right things.
It’s also time for whistle-blowers to act. Thoroughly expose US virus war.
Unlike drone war, US virus war is something the global security industry and academy can inhibit.
While it may not be able to stop national virus writing it can reduce the potential return on the attacks while simultaneously making them a political embarrassment and source of damaged reputation.
We should also not overlook the possibility that some in the US anti-virus and computer security industry may either know, or have a good hunch, who is directly behind it. On a name basis.
The global anti-virus/security business, beyond the control of the US government, can also degrade the effectiveness of our virus war by scrutinizing even more closely the networks and computers of obvious targets.
From the wire, the secret action of the US virus war-making operation — trying to cover its tracks:
The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, the Symantec anti-virus company said on Sunday.
In an official blog post, Symantec revealed that its command-and-control (C&C) servers had sent an updated directive to the virus, which it termed “Flamer,” designed to remove it from compromised computers.
But the anti-virus researchers have it for good. Sunlight, it appears, can be disinfectant to virus war.
Also of interest — and timely — the serialization of Virus Creation Labs.
Pass it around. Help get the phonies, national security industry parasites and miscellaneous bad people who think national virus-writing is a neat thing out of the popular debate.
Pine View Farm alerts to a column that’s too humorous to pass up, comment on Tea Party-types determined to push a Ron Paul festival at the Republican convention:
Let’s put it this way: Ron Paul is the Libyan air force of presidential candidates. He’s the Washington Generals of the ballot box. He’s the John Carter of the electoral process.
Dud. Bupkes. Zippo. Nada.
Yet the tea party can’t quite seem to take the rejection of the Paul campaign by the body politic. Republican voters would have rather shoved shards of glass up their noses than see Mr. Dithers on the ballot against President Barack Obama this fall.
Thus the tea party has started whining that the Republican National Committee is interfering with their plans for a three-day celebration of all things Ron Paul …
One can only imagine the excitement of a Ron Paul-Unchained event at the fairgrounds.
Day One: Don’t miss a robust taunting of the uninsured terminally ill, followed by the Ben Bernanke dunk tank. Entertainment: Florida Panther scavenger hunt.
Day Two: Revelers gather in the specially built survivalist bunker to exchange conspiracy theories. Be sure to sign up for the Heckling of the Homeless People bus trip. And don’t be left behind for special speaker, End Times beefcake Tim LaHaye. The evening ends with the Black Helicopter Cotillion. Entertainment: Bobbing for bald eagles.
And I had a song for it.
The question remains: How are the Romney people going to keep the rest of the hate crazies in line? It’s not like Paul supporters are the only nuts loudmouthed uncles coming to the party.
Case in point, people like this …
Nugent borrows from North American Indian imagery to communicate with his audience. Just as the Ghost Dance ritual was believed to have the power to lead the Plains Indians out of their dire circumstances in the late 19th century, so too, Nugent declares, will the Great White Buffalo lead us out of our dire economic-political straights …
Nugent performed this song as his encore in a full Indian feather head-dress.
“You and me are the great white buffalo, we are the spirit of the buffalo??? he told the crowd. “I feel the spirit of the buffalo inside of me and we are going to take back the White House this fall.???
Throughout the concert Nugent projected a mythic image of his imagined America. On two separate occasions he told the crowd: “You can’t do this in France, baby. You can only play this kind of music if you’ve got freedom, baby.???
The final act on stage was Nugent and all the members of his band donning WWII G.I. helmets and re-enacting the raising of the flag at Iwo Jima …
This self-proclaimed defender of conservative family values went on to dedicate his “Wang Dang Sweet Poontang??? as a “love song for all the girls??? in which he says: Wang dang, what a sweet poontang/A shakin’ my thang as a rang-a-dang-dang in the bell/Down on the street you know she can’t be beat/She’s so sweet when she yanks on my meat/What the hell …
Concertgoers who tried to reconcile the vacillating value system of Nugent left with a serious case of whip-lash …
From here. Best concert review I’ve read in a good long time.
Permalink Comments off
Now eighteen years old, The Virus Creation Labs, my only book still serves as a slice of history. It’s time to serialize interesting parts of it with new annotation. Today malware creation is worlds away from 1994 when the most successful viruses needed to travel on diskettes and through digital trades on telephone lines, to span the globe. This made the pace of mischief in cyberspace much slower.
However, many things have not changed. Promises and claims made then were as grandiose as those made now. Human nature, as it pertains to corrupted programming, hasn’t changed a bit. The way people look at trouble on computers, the interconnected world and interpret both hasn’t either.
So, in the the beginning…
The book probably wouldn’t exist without the great techno-white elephant of 1991-92, the Michelangelo computer virus. As I’ll get into, the Michelangelo affair was the apotheosis of Paul Fussell’s America: An immense accumulation of not terribly acute or attentive people beaten repeatedly over the head by the cudgel of poorly understood computer technology.
Fussell put it this way: “[Americans are] obliged to operate a uniquely complex technology, which, all other things being equal, always wins. No wonder error and embarrassment lurk everywhere, and no wonder cover-up and bragging have become the favored national style.”
The Michelangelo virus was real. But the nation’s PC’s were not about to lose their datastores to it during the months leading up to March 6, 1992, it’s activation date. At least not in any noticeable way.
Most Americans seemed to figure this out instinctively — after the fact. Skeptics and some computer industry insiders certainly knew in February 1992 the virus would be a bust. But you would never have suspected as much from the panicked cries of software vendors and assorted experts in the computer press and mass media who predicted significant calamity on March 6. Predictably, error and embarrassment there were aplenty after the sixth when less successful anti-virus companies that the one founded by John McAfee turned on the software developer and blamed him for manufacturing the crisis. Bragging was in no short supply, either. USA Today’s technology reporter, John Schneidawind, insisted during an interview that “Everyone’s PC would have crashed” if the press hadn’t sounded the alarm in a timely manner.
Schneidawind attempted to cover himself in glory by comparing the Michelangelo virus threat to the BCCI bank scandal. He weirdly maintained that since the press took a hit for being asleep at the wheel for BCCI, it wasn’t going to happen again for the Michelangelo virus. All the foolishness was summed up by Carl Jensen, a journalism professor and media critic at Sonoma State in California who dubbed Michelangelo virus one of the “junk food news stories” of 1992 in the annual Project Censored Report, “The News that Didn’t Make the News — And Why.”
The Michelangelo debacle ignited a keen interest in me to find out what, precisely, computer viruses were, how they worked, and better, who was writing them. It sent me down the trail to the edge of cyberspace in search of people, who, perhaps not surprisingly, turned out to be pretty much like most Americans, except with an order of magnitude greater interest in the inner workings of the desktop personal computer. Like most of us — there wasn’t a nobleman in the lot. And there were none among the ranks of the anti-virus software developers and security consultants who considered themselves the gatekeepers at a fantasy wall of their own construction, erected between the Wild West of cyberspace and the mannered, sterile environment of safe home and business computing.
The story of computer viruses is also a tale at the vaunted apex of the Age of Information, it’s denizens mythical outliers in the new land of Nod — Information Superhighway, that country named by Vice President Al Gore and too many futurologists to mention.
However, this country isn’t much like the pretty pictures painted in the mainstream media, where ill-defined riches information screaming for freedom reward the quick, the clever or the unorthodox mind armed merely with a telecommunications line and a computer. It is, instead, a country that defines the meaning of information glut — data, data everywhere but not a thought to think. It is a world where it’s clear that pushing packets of information from point A to point Z is of little benefit to anyone except those in position to place press releases as media stories-of-the-day. Those who think the United States is on the verge of creating a new utopia where the national product, currency and sole means of reward is data would do well to pay attention …
Like the on-line world today, the characters in The Virus Creation Labs have little real interest in the revitalization of democracy or any other high-minded ideals cited as benefit of electronic interconnectivity, unless you consider the mindless accumulation of binary data a socially invigorating development. More often you’ll find relentless hucksterism, witless gossip masquerading as reason, corrosive vulgarity, petty vendettas, dirty tricks and routine invasions of personal privacy. If The Virus Creation Labs is a new world, you’ll find it bears close resemblance to the old one, only events zip by faster and with more unpredictable ferocity.
A fragment from the code of Michelangelo virus.
[We now jump ahead to deep inside the book and a chapter on one virus writer who became famous for infecting the network of the US Secret Service. Today he would be in his mid-thirties.]
A Priest Deploys His Satanic Minions
Everyone knows the best virus writers hang out on secret bulletin board systems, the bedroom bohemias of the computer underground, right? Wrong. In mid-1992, a 16-year-old hacker from San Diego who called himself Little Loc signed on to the Prodigy on-line service for his virus information needs. The experience was not quite what he expected.
Prodigy [now long gone] had a reputation in 1992 as the on-line service for middle-class Americans who could stand mind-roasting amounts of retail advertising on their computer screens as long as they had relatively free access to an almost infinite number of public electronic mail forums devoted to callers’ hobbies. Since Prodigy’s pricing scheme was ridiculously cheap per hour, it was quite seductive for callers to spend an hour or two a night sifting through endless strings of messages just to engage in a little cyberspace chit-chat.
Into this living-room atmosphere stepped Little Loc looking for anyone to talk with about computer viruses, particularly his idea of properly written computer viruses. Little Loc, you see, had written a mutating virus which infected programs on a system dangerously quickly. If you were using anti-virus software that didn’t properly recognize the virus – and at the time it was written none did – the very process of looking for it on a machine would spread it to every possible program on a computer’s hard disk. While many viruses were trivial toys, the virus — called Satan Bug, was sophisticated enough to pose a real hazard.
The trouble was, Little Loc was dying to tell people about Satan Bug. But he had no one to talk to who would understand. That’s where Prodigy came in.
Prodigy, thought Little Loc, must have some hacker discussions, even if they were feeble, centered on viruses. It was a quaintly naive assumption.
The Satan Bug was named after a Seventies telemovie starring George Maharis, Anne Francis and a sinister Richard Basehart in a race to find a planet-sterilizing super virus stolen from a U.S. bio-warfare lab.
Little Loc had never actually seen the movie, but he’d run across the name in a copy of TV Guide and it sounded cool, so he used it for his digital creation. Satan Bug was the second virus he had electronically published. The first was named Fruitfly but it was a slow, tame infector so the hacker didn’t push it.
A bigger inspiration for Satan Bug was the work of the Dark Avenger, a shadowy Bulgarian virus programmer whom anti-virus software p.r. men and others had elevated to the stature of world’s greatest writer of malware. Little Loc was fascinated by the viruses attributed to Dark Avenger. The Dark Avenger obviously knew how real computer viruses should be written, thought Little Loc. None of his programs were like the silly crap that composed most of the malware stockpiled in the computer underground. For example, his Eddie virus – also known as Dark Avenger – had gained a reputation as a program to be reckoned with. It pushed fast infection to a fine art, using the very process anti-virus programs used to examine files as an opportunity to corrupt them with its presence.
If someone suspected they had a virus, scanned for it and Eddie was not detected but in operation, the anti-virus software would be subverted, spreading Eddie to every program on the disk in one sweep. Eddie would also mangle a tiny part part of the machine’s operating system when it was in action. When this happened, the command processor, the operating shell program, would reload itself from the hard disk and promptly be infected, too.
This put the Eddie virus in total charge. From that point on, every sixteen infections, the virus would take a pot shot at a sector of the hard disk, obliterating a small piece of data. If the data were part of a never-used program, it could go unnoticed. So as long as the Eddie virus was in command, the user stood a good chance of having to deal with a slow, creeping corruption of his programs and data.
Little Loc was a good student of the Dark Avenger’s programming and although he was completely self-taught, he had more native ability than all of the other virus programmers in the more well-known hacking groups.
“[Virus writing] was something to do besides blasting furballs in Wing Commander,” he said blithely when asked about the origins of his career as a virtuoso virus writer.
Accordingly, the Satan Bug was just as fast an infector as Eddie and it, too, would immediately go after the command shell when launched into memory from an infected program. But Satan Bug was very cleverly encrypted, whereas Eddie was not, and it extended these encryption tricks so that it was cloaked in computer memory, a feature somewhat unusual in computer viruses but popularized by another program called The Whale which intrigued Little Loc.
The Whale was a German virus which – theoretically – was the most complex of all computer viruses. It was packed with code which was supposed to make it stealthy — invisible. It was armored with anti-debugging code and devilishly encrypted, designed purely to thwart analysis and flummox anti-virus software developers trying to examine it. They would often mention it as an example of a super stealth virus to mystified science and technology writers looking for good copy.
In practice, The Whale was what one might call anti-stealth.
Although it was all the things mentioned and more, when run on any machine, The Whale’s processes were so cumbersome the computer would slow to a crawl. Indeed, it was a clever fellow who could get The Whale to consent to infect even one program.
The Whale appeared to be purely an intellectual challenge for programmers. It was intended to mesmerize anti-virus software developers and suck them into spending hours analyzing it. It worked with Little Loc. He was drawn to it, poring over the disassembly of The Whale’s source code.
The hacker even made a version that wasn’t encrypted, pulling out the code which The Whale used to generate its score of mutant variations. It didn’t help. The Whale, even when disassembled, was loathe to let go of its secrets and remained a slow, obstinate puzzle.
Have you gotten the idea that Prodigy callers might not be the perfect choice as an audience to appreciate Little Loc’s Satan Bug?
Nevertheless, Little Loc landed on Prodigy with a thud. He described the Satan Bug and invited anyone who was interested to pick up a copy of its source code at a bulletin board system where he’d stashed it. Immediately, the hacker got into a rhubarb with a Prodigy member named Henri Delger. Delger, was, for want of a better description, the Prodigy network’s unpaid computer virus help desk manager. Every night, Delger would log on and look for the messages of users who had questions about computer viruses. If they just wanted general information, Delger would supply it. If they had some kind of computer glitch which they thought might be a virus, Delger would hold their hand in cyberspace until they calmed down, then tell them what to do. And, for the few who had computer virus infections, Delger would try to identify the virus and recommend software, usually McAfee Associates’ SCAN, which would remedy the problem.
Little Loc was annoyed by Delger, whom he thought was merely a shill for McAfee Associates. Since Delger answered so many questions on Prodigy, he had a set of canned answers which he would employ to make the workload lighter. The canned answers tended to antagonize Little Loc and other younger callers who fancied themselves hackers, too. Prodigy’s liberal demo account policy allowed some of these young callers to get access to the network under bizarre assumed names like “Orion Rogue.” This allowed them to be rude and truculent, at least for a few days, to paying Prodigy customers. These techno-popinjays, of course, immediately sided with Little Loc, which didn’t do much for
the virus programmer’s credibility.
There was often quite a bit of talk about viruses and Delger would patiently furnish much of the information, typing up brief summaries of virus effects embroidered with his own experiences analyzing viruses.
“You’re not a programmer!” Little Loc would storm at Delger.
If you weren’t a programmer, you couldn’t understand viruses, insisted the author of Satan Bug. Little Loc would correct minor technical errors Delger made when describing the programs. In retaliation, Delger would calmly point out the spelling mistakes made by Little Loc and his colleagues. It was quite a flame war. On one side was Little Loc, who gamely tried to get callers to appreciate the technical qualities of some viruses. On the other side was a bunch of middle-aged computer hobbyists who were convinced all virus writers were illiterate teenage nincompoops in need of serious jail time, or perhaps sound beatings.
The debates drew a big audience, including another hacker named Brian Oblivion, whose Waco, Texas, bulletin board, Caustic Contagion, would provide a brief haven for Satan Bug’s author. Little Loc, however, soon found other places that would accept his virus source code. A computer security chat board run by the Department of the Treasury, called the Security Branch system was among them. Little Loc logged on and proffered Satan Bug. The Hell Pit – a huge virus exchange in a suburb of Chicago – had its phone number posted on Prodigy, as was that of one called Dark Coffin, a system in eastern Pennsylvania. Dutifully, Little Loc couriered his virus to these systems, too.
Satan Bug was a difficult virus to detect. Although in a pinch you could find Satan Bug because of a trick change it made to an infected program, you need knowledge of what was beneath the hood on a PC to see it. For all intents and purposes Satan Bug was invisible to anti-virus scanners. And this invisibility persisted for a surprising amount of time despite the fact that Little Loc had supplied the Satan Bug to all the public virus exchanges patrolled by anti-virus industry men.
Little Loc stood apart from other virus programmers who seemed to have little interest in whether their creations made it into the public’s computers. The real travel of his virus around the world would grant him recognition like that of the Dark Avenger, he thought. So he wanted people to take Satan Bug and infect others, period.
Months later, after the virus had struck down the Secret Service network clear across the continent, I asked Little Loc how it might have gotten into the wild in large enough numbers so that it eventually found its way into such a supposedly secure system.
“I’ll tell you this once and only once: Satan Bug had help!” he said, simply.
After his Prodigy debut and before Satan Bug hit the Secret Service, Little Loc was recruited by a virus-writing group called phalcon/SKISM, changing his handle in the process to Priest. Joining phalcon/SKISM didn’t necessarily mean you were going to virus writing conventions in cyberspace with other members of the group, but it was a badge of status signifying to others in the computer underground who required such things that you had arrived, as a virus writer anyway. You might think of it as a virus-writer’s union card.
Since Priest lived on the West Coast, however, and the brain trust of phalcon/SKISM was located in the metro-NYC area, there was little concrete collaboration between the two, especially after Priest racked up a $600 telephone bill calling bulletin boards. Since Priest didn’t hack free phone service, his family had to pay the bill, which effectively cut down on much of his long distance telephone contact with the east and bulletin board systems like Caustic Contagion in Waco, Texas.
Caustic Contagion, for a short period of time, was one of the better known virus exchange bulletin board systems. Its sysop, Brian Oblivion — taken from a character in the movie Videodrome, had an extremely liberal policy with regards to virus access and carried a large number of Internet/Usenet newsgroups which gave callers a semblance of access to the Internet. Caustic Contagion’s other specialty, besides viruses, was Star Trek newsgroups and for some reason which completely eludes me, the BBS’s callers found the convergence of computer viruses and Star Trek debate extremely congenial.
Priest and another phalcon/SKISM virus writer named Memory Lapse would hang out on Caustic Contagion. Quite naturally, Oblivion’s bulletin board was one of the first places to receive the programmers’ newest creations.
Priest’s next virus was Payback and it was written to punish the mainstream computing community for the arrest of another virus writer, an English kid with the ludicrous alias, Apache Warrior, the “president” of ARCV, a rather harmless but vocal virus-writing group in the United Kingdom. The group was undone when a British anti-virus software developer was able to convince New Scotland Yard’s computer crime unit to seize its equipment and software in a series of surprise raids across the country.
Priest’s Payback virus would corrupt the hard disk in retaliation for this event.
Payback gathered little attention in the underground, mostly because few people knew much about ARCV and Apache Warrior in the first place …
All the routines to crash a computer’s hard disk and slowly corrupt data ala the Eddie virus, which Priest had designed a number of his viruses to do, made it clear the hacker cared little for any of the finer arguments over the value of computer viruses as intellectual exercises or potentials for benevolent roaming code. Viruses were for getting your name around, infecting files and destroying data, according to Priest. He just laughed when the topic of ethical or productive uses of computer viruses — such as the study of artificial life — came up.
In any case, by the fall of 1993, after Priest had retired from the Prodigy scene, Satan Bug was generating its own kind of media-fueled panic.
On the Compuserve network, hysterical government employees were posting nonsensical alarums about the virus in the McAfee Associates
virus information special interest group.
“Satan’s Bug” was part of a foreign power’s attempt to sabotage government computers! It was encrypted in nine different ways and was “eating” your data! A State Department alarm had started!
Wherever the information about “Satan’s Bug” was coming from, it was 100 percent phlogiston. Satan Bug was hardly aimed at government computer systems. It did not “eat” anything and although difficult for many anti-virus programs to scan, the virus could be found on infected systems by making good use of software designed to take a snapshot of the vital information on your files and sound an alarm when these changed, which always happened when Satan Bug added itself to programs.
Even more amusing was the suspicion that Satan Bug had been inserted on government computers by some undisclosed foreign country, from whence it originated. I suppose, however, some people might consider Southern California a foreign country.
Priest enjoyed reading these kinds of things. His virus was famous, an obvious source of confusion and hysteria.
About the same time, the Secret Service’s computer network in Washington, D.C., was infected by the virus, which knocked the infected machines off-line for approximately three days. News about the event was tough to keep secret among government employees and it leaked. The Crypt Newsletter, my electronic ‘zine, published a short news piece in its September 1993 issue on the event and reported that the infection had been cleaned up by David Stang, formerly of the National Computer Security Association, but now providing anti-virus and security guidance for a small security/anti-virus firm in Fairfax, northern Virginia.
Priest was not hard to track down. He hadn’t kept his identity and whereabouts much of a secret so Jack Lewis, head of the Secret Service’s computer crime unit, and two other agents flew out to interrogate him in his San Diego home in October of 1993.
Lewis and the other agents gave Priest the third degree. They shook a printed-out copy of The Crypt Newsletter containing the Satan Bug story in his face and did everything in their power to make Priest think he ought to cease and desist writing computer viruses forthwith.
“About the Secret Service, they weren’t too happy about [Satan Bug], and saw fit to pay me a little visit,” recalled Priest ruefully.
The agents wanted to know everything about Priest – his Social Security number, where he’d traveled, even who the 16-year-old worked for. But Priest didn’t work for anyone.
“I’m not quite sure they believed me,” he said. “Apparently, they thought I worked for some anti-virus company or something to write viruses. Plus, they wanted the sources for them.”
The Secret Service men wanted to know, straight from the horse’s mouth, what Satan Bug did. “They said some victims were worried their systems weren’t completely clean because they thought it might infect [text] files,” Priest continued. “I told them it wouldn’t. They also wanted my opinion on things which surprised me, like different anti-virus programs and encryption [code] … I didn’t ask why.
“Jack Lewis also said someone claimed I said ‘All government computers will be infected by December’ or some such rubbish. Apparently, they thought I wrote Satan Bug as a weapon against the government or whatever, I can’t be too sure . . .”
Priest told them no, Satan Bug wasn’t specifically aimed at government computers, but it was hard to tell if the agents believed him. They were trained to reveal little, to be unnerving to those interviewed.
“They just stared,” Priest said, “as they did in response to every question I asked, including ‘what’s your name?’
“I tried – really tried – to act cool, but my heart was pounding like a hummingbird’s.”
The agents were keenly interested in Priest’s other [aliases], all the viruses he had written, which, if any, computer systems he might have spread them on, the names of some phalcon/SKISM members and the structure of the virus-writing group and details of their hacking exploits.
Priest declined to say anything about the identities of members of phalcon/SKISM. “I told them I knew nothing of the hackers and phreakers, and little more than you could pick up from reading … issues of [their electronic magazines].”
Priest was more interested in other secretive agencies within the government. He was keen on stories about deep black intelligence agencies. Perhaps he envisioned himself writing destructive viruses as part of a covert weapons project for one of them.
“Aren’t there any other agencies which would be more interested in what I’m doing?” Priest asked the agents.
He didn’t get an answer.
Eventually, the Secret Servicemen went away with a Priest-autographed printout of the source code to Satan Bug.
Programming Satan Bug had turned out to be richly rewarding for Priest. Not only had it gotten him recognized immediately in the computer underground, it had made him feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.
Priest continued to work on viruses, anyway.
He had just completed Natas, which he’d turned over to the Secret Service and to phalcon/SKISM for publication in that groups electronic computer virus magazine. He also uploaded the virus to a couple of bulletin board systems in Southern California. And he finished a very small, 96-byte .COM program-infecting virus.
There were other things he was working on, too, he added cryptically …
Priest had he had finally been able to videotape “The Satan Bug”
telemovie. He shifted his VCR into replay and turned to look at his computer while it was playing. But the hacker said he still didn’t know what the movie was about when it was over. He had been too busy at the PC to pay attention.
Working . .
Notice of Satan Bug virus on Secret Service network, Crypt Newsletter e-zine, #19.
Old timers may note that portions of the original have been dropped. This has been done for reasons of clarity, technical discussion of programs long gone now and of little interest, and pacing.
Permalink Comments off
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »