home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
bbs_file_lists
/
viraut3.txt
< prev
next >
Wrap
Text File
|
1997-07-27
|
15KB
|
519 lines
THE BLACK BARON
THE SAD TALE OF CHRIS PILE'S 15 SECONDS OF FAME
In mid-November 1995, the English trial of virus-writer Chris Pile
ended with a bang after months of stops and starts when the 26
year-old Devon man was sent away for 18 months as punishment for
spreading and inciting others to distribute the SMEG computer
viruses, programs of his design.
It was a depressing tale that stretched over a year, from
Pile's arrest and the confiscation of his computer by New Scotland
Yard's computer crime unit in 1994, to his conviction in Crown
Court in mid-1995, to the inevitable sentencing which sent him up
for a year and a half stint in an English bighouse the same
week when many others in computerland where trotting out shiny new
wares at ComDex in Las Vegas.
During the case, Pile admitted to five counts of unauthorized access
to computers to facilitate crime and five of unauthorized
modifications of computer software between 1993 and April 1994. He
also confessed to a charge of inciting others to spread viruses.
The English newspaper The Independent referred to Pile, known
briefly as the Black Baron in the virus underground, as a "'mad and
reclusive boffin' who wreaked havoc on computer systems by spreading
[viruses] . . . across the world . . ." [Webster's New World
Dictionary informs readers "mad boffin" is Brit slang for "mad
scientist."]
The Times asserted Microprose had been struck by one of Pile's
SMEG viruses and estimated that it lost 500,000 pounds in business
and wasted 480 man hours checking files for Pile's replicating code.
Another company, named Apricot, was claimed to have been closed while
clearing a third of its machines from a Pile-written virus
infection.
In America, Dr. Alan Solomon - developer of the UK-based Solomon
Anti-virus Toolkit (S&S International), worked the news of Pile's
downfall into a presentation given by his firm at ComDex in Las
Vegas, Nevada. The following week, Graham Cluley - a colleague and
employee of Solomon at S&S, privately remarked on the Compuserve
on-line service that the severity of Pile's sentence surprised him.
Treatment of Pile, an unemployed self-taught programmer, by the
English press was slightly reminiscent of the US media's portrayal of
Kevin Mitnick. For the press, Pile was writ large as a young
cyber-madman bent on corrupted programming that resulted in
computer data damage escalating into the millions of dollars. Worse,
his code was said to be in the hands of shadowy criminal arch-fiends
in the US and Europe. Mitnick, of course, had been attributed with
cartoonish superhuman malevolence by the US media, a man dangerous
enough to bring down the Internet, steal the Christmas card list from
your computer and/or break into military computers controlling
NORAD.
English newspapers repeatedly reprinted the activation message from
Pile's SMEG.Pathogen virus. "Your hard disk is being corrupted
courtesy of PATHOGEN! Programmed in the U.K. (Yes, NOT Bulgaria!)
[C] the Black Baron 1993-94. Featuring SMEG v0.1: Simulated
Metamorphic Encryption Generator! 'Smoke me a kipper, I'll be back
for breakfast.....' Unfortunately some of your data won't!!!!!"
Only superficially baleful and menacing, the message was a mixture of
quote from an English TV show named "Red Dwarf" and the stereotypical
gloating anti-style of previous virus writers too numerous to count.
For The Independent Pile was the "most famous" of virus-writers and
the "most dangerous" of a small band of them working in England. The
Independent exaggerated when adding further that Pile's viruses,
called SMEG.Queeg and SMEG.Pathogen, were "the two most sophisticated
ever written." This was probably surprising news even to the anti-virus
software developers interviewed for the Black Baron stories. Indeed,
Alan Solomon's "Virus Encyclopedia," a compilation of technical notes
on computer viruses gives them a page a piece, neither much more nor
less than the hundreds of other entries in the book.
Pile's viruses, however, had reached "criminal elements" working in
Northern Ireland, the US, and Germany, according to the Independent.
The demonization and denunciation of Pile was unusually harsh in
light of the fact that prosecution witness Jim Bates commented to
Crypt Newsletter that UK authorities were uninterested in sending
officials overseas to collect evidence on the SMEG viruses in the
United States because a guilty verdict had been arrived at by
mid-1995.
Bates was the prosecution's point man in the case against Pile. He
was, perhaps, the most experienced for the job, having played a
starring role in another famous U.K. computer crime case - the
prosecution of Joe Popp for the AIDS Information diskette extortion
scheme - in 1991.
In late 1989, Jim Bates was among the first to examine software
called the AIDS Information Trojan. The AIDS Info Trojan, as it
became known, was used as part of a computer blackmail attempt
launched by Popp, an erratic scientist living in Cleveland, Ohio.
Popp had concocted a scheme to extort money from PC users in Europe.
It involved the programming of a software booby-trap that masqueraded
as a database containing information on AIDS and how to assess an
individual's risk of contracting the disease.
The database, as one might expect, was trivial and contained only the
barest information on AIDS. However, when an unwitting user installed
the software, the AIDS Information Trojan created hidden
directories and files on the computer while hiding a counter in
one of the system's start-up files. Once the count reached 90, Popp's
creation would encrypt the directory entries, alter the names of files
with the intent of making them inaccessible and present the operator with
a message to send approximately $200 to a postal drop in Panama City for
a cure reversing the effects of the program. The AIDS Information Trojan
came with a vaguely menacing warning not to install the software if one
didn't intend to pay for it at once.
Popp mailed 20,000 sets of the trojan on disk to users in Europe,
apparently subscribers to a now defunct magazine called PC Business
World. The plan quickly fizzled but Bates was among the first to
analyze Popp's AIDS software boobytrap and supplied technical reports
on it to English authorities.
The disks were eventually traced back to Popp and New Scotland Yard
began a lengthy process of extraditing him to England to stand
trial for computer blackmail in connection with the disks, a
battle which took almost another two years. Bates was flown to
Cleveland during this time to present evidence in court which
persuaded American authorities to hand over Popp for extradition
to London. Bates also analyzed Popp's original AIDS Information
Trojan software, source code and a program which was evidently
intended to reverse the effects of the logic bomb, thus
regenerating a victim's data.
However, instead of going smoothly, the Popp trial became a source of
controversy. It was claimed the Cleveland man was unfit to stand
trial because he began wearing a cardboard box over his head, making
it impossible to determine whether he was legitimately non compos mentis
or merely shamming. As a result, Bates said to Crypt, Popp was
declared a "public disgrace" by the court and ejected from the
country. In England, this is an unusual classification which,
apparently, allows the case to remain open, the purpose being - on
this occasion, according to Bates - to discourage by intimidation
the authoring of books or a publicity tour of talk shows in the
United States by the defendant. At the time, it was difficult to
tell if Bates was being serious or facetious.
Chris Pile, unlike Joe Popp, appeared not to be flat crazy. Plus,
his computer viruses worked too well. It didn't take much work to
scare the uninformed with them. And Pile's legal defense team was
unable to muster the kind of sophisticated defense necessary to
mitigate Jim Bates' expertise.
For Pile's prosecution, Bates furnished collection and evaluation
of evidence relating to the spread of the Pile/SMEG viruses and
damages attributed to them.
Pile, said Bates, had attached a SMEG virus to a computer game and
uploaded it to a bulletin board system in the United Kingdom. The
virus writer had also targeted the Dutch-made Thunderbyte anti-virus
software, initially by infecting one of the company's anti-virus
programs distributed via the shareware route. After examining
software and source code for Pile's computer virus encryption
engine, named the SMEG, Bates also maintained Pile had invested
a great deal of time in fine-tuning subsequent editions of it
so it specifically generated computer virus samples opaque to
the Thunderbyte anti-virus scanning software. This, Bates
said, indicated an pro-longed effort and intent aimed at ensuring
the spread of the SMEG computer viruses.
Although there has been little unusual about this habit of virus
writers since 1993, it surely must have seemed remarkable
techno-magic to the English Crown Court. The judge treated it so.
"I dare say you were looking forward to reading in the computer
press about the exploits of the Black Baron," said judge Jeremy
Griggs to the defendant. "Those who seek to wreak mindless havoc on
one of the vital tools of our age cannot expect lenient treatment,"
he added before sending Pile over for eighteen months.
In the wake of Pile's sentencing, English newspapers continually
exaggerated the virus-writer as an international menace. The Times
of London echoed The Independent's hyperbole, maintaining Pile had
written a "training manual" for virus-writers found "in America and
Northern Ireland where it was being used by criminals."
By nature, the computer underground distributes its technology
quickly, sometimes worldwide in a matter of hours or minutes. And,
indeed, so it was with Pile's virus specimens and his "training
manuals." However, it must have seemed bitterly ironic that absolutely
no one in the computer underground used Pile's technology and advice
in their own efforts, despite the opinions of the British press.
Rather, they become only a few more easily forgotten electronic
curiosities stored on the dark and dusty shelves of virus-writers
roaming the Internet.
Ali Rafati, as part of Pile's legal defense, said his client was a
"sad recluse." The real Pile is difficult to describe in any detail
even though an excessively overwrought and lugubrious "Biography of a
virus-writer" was written about him by a cyber acquaintance and
circulated widely in the computer virus underground in 1994, just
days before he was arrested by New Scotland Yard.
As bombastic as anything written by The Independent, Black Baron's
biography begins:
"In 1969 Neil Armstrong stepped onto the moon. It was a momentous
year for the world. But no-one [sic] at the time paid much attention to
a baby boy being born in a town in southern England. This baby boy
was destined to grow into one of the most infamous computer virus
writers of all time. In 1969 The Black Baron was born!"
Curiously, almost 80 percent of the Black Baron's "biography" is a
reprint of material written by Ross M. Greenberg, a semi-retired
programmer who wrote the Flu_Shot and VirexPC sets of anti-virus
software. The reprint dates from 1988 and contains standard
anti-virus rant and rave, calling virus-writers "worms." One
supposes it could be called mildly irritating by the thin-skinned.
In any case, if the Black Baron's biography is taken at face value,
Greenberg's anti-virus-writer spiel was the seed that formed the basis
of Pile's desire to write viruses as a means toward impressing people.
Black Baron's biography reads (errors reprinted), ". . . when
computers stop attracting social inadequates, but whom I am refering
to the arrogant members of the anti-virus lobby as well as the
nefarious virus authors. But what of the Black Baron? What is he? Is
he a malicious criminal? A computer terrorist? A social inadequate
trying to reassure himself of his own inadequacies through destroying
computer data? I don't [believe] so. I have spoken to Black Baron on
a number of occassions. He is happy to discuss his work, and, at my
request, he has even released a document detailing the design of SMEG.
He doesn't feed on the panic and fear that SMEG viruses such as
Pathogen and Queeg cause. Rather he revels in the embarrasement and
panic which his software causes the arrogant anti-virus writers."
At the time, Pile was unemployed. The "biography" concludes:
"After talking with him, I understand the Black Baron. I feel sorry for
him as well. He is a highly gifted individual who has not been given a
chance by computer society. So he has made his own chance. We all need
recognition. Mainly through employment, but we as thinking machines must
receive recognition for our abilities. Otherwise we sink into melancholy
and paranoida. Black Baron has received his recognition. We, the
society are responsible for the creation of Pathogen, Queeg,
SMEG and all the other computer viruses. We have no one to blame but
ourselves. It is our desire to keep the computer fraternity a closed
club which has alienated so many of our colleagues. By rubbing their
noses in it, so to speak, we have begged for trouble, and like the
inhabitants of Troy, we have received it."
English newspapers reported Pile had confessed to police he had
written the viruses to "increase his self-esteem" and because England
appeared not to have produced any virus writers capable of programming
samples capable of spreading in the real world.
The legal offices of Rafferty and Woodmansea, Pile's legal team were
contacted repeatedly by Crypt Newsletter but could not be reached for
opinion. Surprisingly, a secretary on the end of the phone claimed
they lacked e-mail addresses.
(c) 1996 Crypt Newsletter