------------------------------ From: Various Subject: The CU in the News Date: January 22, 1991 ******************************************************************** *** CuD #3.03: File 4 of 4: The CU in the News *** ******************************************************************** From: Anonymous Subject: Bulgaria and Computer Viruses Date: 12-20-90 2253EST "BULGARIA'S LEADING HIGH-TECH EXPORT APPEARS TO BE COMPUTER VIRUSES" From the New York Times, by Chuck Sudetic SOFIA, Bulgaria -- Bulgaria has become the breeding ground of some of the world's most lethal computer viruses, programs that are maliciously designed to spread through computer memories and networks and at times destroy valuable stored information like bank and medical records. "We've counted about 300 viruses written for the IBM personal computer; of these, 80 or 90 originated in Bulgaria," said Morton Swimmer of Hamburg University's Virus Test Center, who specializes in diagnosing and curing Eastern European computer viruses. "Not only do the Bulgarians produce the most computer viruses, they produce the best." One Bulgarian virus, Dark Avenger, has infected American military computers, said John McAfee, who runs the Computer Virus Industry Association, which is based in Santa Clara, Calif., and tracks viruses for computer hardware and software companies. "I'm not saying that any super-secure computers have been infected," he said. "But the U.S. Defense Department has about 400,000 personal computers, and anyone who has that many machines has a 100 percent probability of being hit." "It is causing some people in sensitive places a lot of problems," a Western diplomat here said, "and they are very reluctant to admit they have them." "I would say that 10 percent of the 60 calls we receive each week are for Bulgarian viruses, and 99 percent of these are for Dark Avenger," McAfee said, adding the virus has also attacked computers belonging to banks, insurance and accounting companies, telecommunications companies and medical offices. "I've had a lot of calls from Frankfurt," Swimmer said. "One bank was very nervous about it, but I can't reveal its name for obvious reasons." Several experts say the spread of the Bulgarian viruses is less the result of activities by the secret police than it is the consequence of having developed a generation of young Bulgarians whose programming skills found few outlets beyond hacking interventions. A decade ago, this country's Communist leaders decided to make Bulgaria an Eastern-bloc Silicon Valley, Vesselin Bontchev, a Bulgarian computer specialist, said. Bulgarian factories began turning out computers, and the government introduced them into workshops, schools and institutes. Many computers, however, stood idle because people did not know how to apply them or lacked an economic interest in doing so. "People took office computers home, and their children began playing on them," he said, adding that buying a private computer was almost impossible. These children quickly acquired software-writing skills, but had little or no chance to apply them constructively, he said. They began bootlegging copyrighted Western software, especially computer games, by overriding devices written into the software to prevent it from being copied. Then they started altering the operating systems that drive the computer itself. "From there it was one small step to creating viruses that attack files when they are acted on by the operating system," he said. Bontchev estimated there are only about a dozen young Bulgarian computer programmers who have written the viruses that have caused all the trouble. "Computer hackers here write viruses to show who is who in computer science in Bulgaria, to find a place in the sun," said Slav Ivanov, editor of a Bulgarian computer magazine. "The young computer people just don't rank in our society. They don't receive enough money." The average wage of a software writer in Bulgaria is about $30 a month, Bontchev said. One virus designer, however, acknowledged that revenge was also a factor. "I designed my first computer virus for revenge against people at work," said Lubomir Mateev, who helped write a non-destructive virus known as Murphy, which shares many of Dark Avenger's tricks. "Our first virus made all the computers at work send out a noise when they were switched on." Mateev, 23, said he collaborated with Dark Avenger's designer last spring on a new virus that is harder to diagnose and cure because it is self-mutating. "Dark Avenger's designer told me he would take a job as a janitor in a Western software firm just to get out of Bulgaria," he said. Attempts during several months to get in touch with Dark Avenger's creator proved fruitless. For now, Bulgaria's computer virus designers can act with complete legal immunity. "We have no law on computer crime," said Ivanov, whose magazine offers free programs that cure known Bulgarian viruses. "The police are only superficially interested in this matter." Bulgaria's secret-police computers have also been infected, said a well-placed Bulgarian computer expert, who spoke on condition of anonymity and refused to elaborate. Dark Avenger has also spread to the Soviet Union, Britain, Czechoslovakia, Poland and Hungary, Bontchev said, adding, "I've even had one report that it has popped up in Mongolia." "The Dark Avenger is the work of a Sofia-based programmer who is known to have devised 13 different viruses with a host of different versions," Bontchev said. "He is a maniac." Bontchev said he was almost certain Bulgaria's government was not involved with Dark Avenger. "A computer virus cannot be used as a weapon because it cannot be aimed accurately and can return like a boomerang to damage programs belonging to the creator himself," he said. "It can be used only to cause random damage, like a terrorist bomb." Unlike less infectious viruses, Dark Avenger attacks computer data and programs when they are copied, printed or acted on in other ways by a computer's operating system, Bontchev said. The virus destroys information every 16th time an infected program is run. A virus can spread from one computer to another either on floppy disks or through computer modems or computer networks, he said. Many viruses are spread at computer fairs and through computer bulletin-board systems where enthusiasts exchange information over the telephone. Legislation on computer crime will be introduced in Parliament once a criminal code is adopted, said Ilko Eskanazi, a parliamentary representative who has taken an interest in the virus issue. "We are now seeing viruses emerging on entirely new ground in Eastern Europe," Bontchev said. "Things may get much worse before they improve," he warned. "The first law of computer viruses is that if a virus can be made, it will be. The second law is that if a computer virus cannot be made, it will be anyway." +++++++++++++++++++++++++++++++ From: portal!cup.portal.com!ZEL@UNKNOWN.DOMAIN Subject: Mitnick and DEC Conference Date: Thu, 3 Jan 91 20:00:43 PST DECUS Bars Hacker: Meeting attendees focus on security by Anne Knowles FROM: From Communications Week December 24, 1990. Las Vegas-While attendees of the DECUS user group meeting were busy learning about DEC security, an infamous computer hacker was trying to register for the Digital Equipment Computer User Society's Fall 90 Symposium. Luckily for DECUS, the hacker was recognized by show personnel, who refused him admittance. DECUS contacted its lawyers and is now developing a policy for dealing with such situations in the future, said bill Brindley, president of the 30-year old user group. In the interim, the hacker was barred from the meeting. DECUS is the organization for users of Digital Equipment Corp. systems and ne tworks. With 120,000 members worldwide, it is the largest user group of its kind. the group holds seminannual symposiums, week-long events of daily seminars and hourly sessions on mostly technical topics concerning its membership. DECUS had never before been confronted by a hacker attempting to register for one of its symposiums, Brindley said , though an attendee was evicted from the show two years ago when he was discovered hacking. DEC identified this year's hacker as Kevin Mitnick, who is well-known to both DECUS and DEC. He is currently on probation after having been found guilty in federal court of breaking into Easynet, DEC's internal computer network. His probation stipulates that he not enter a networked system or one with a modem, Brindley said. During its symposiums, DECUS supplies networked terminnals for attendee's use. "It would have been logistically impossible to restrict anyone [who had gained admittance to the show] from the systems," Brindley said. The article goes on to other items from this point, but this is the part that deals directly with hacking. ******************************************************************** ------------------------------ **END OF CuD #3.03** ********************************************************************