Season 1 / Episode 1
Ghost in the Machine
Cybercrime is one of the most notable threats we face as computer users nowadays. But it wasn’t always so. Those of us who’ve been working with computers long enough may remember a time when computer viruses were much more benign, and virus authors were usually just bored computer geeks, and not members of a sophisticated, well-organized crime syndicate. Join us in exploring the world of early viruses, the precursors to the types of malware we know all too well today.
Born in Israel in 1975, Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast, Making History, with over 9 million downloads as of June 2017.
The author of 3 books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Graham Cluley is an award-winning security blogger, researcher, and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.
Stephen Cobb has been researching computer security and data privacy for 25 years, advising companies, consumers, and government agencies on the protection of sensitive data and systems. Cobb has been a CISSP since 1996 and currently leads a San Diego-based research team for security software maker ESET. He is also working on an MSc. in Criminology at the University of Leicester in England.
The global accounting firm PricewaterhouseCoopers conducted a survey regarding financial crimes. They found that cybercrime is the second most reported financial crime among its clients. According to the FBI, more than 3 billion dollars were either stolen or extorted from businesses or from individuals just in 2015. Cybercrime is one of the most notable threats of the current age.
But it wasn’t always like this. The older ones among us may remember a different time when computer viruses were much more innocent and the virus authors were usually bored computer geeks and not members of some sophisticated, well-organized crime syndicate.
We are launching the Malicious Life podcast because we are fascinated by the world of cyber crime and would like to share with you the stories of how it evolved and became one of the biggest threats to today’s society.
In the upcoming episodes, we will track the changes that took place in the world of cyber-crime. We’ll talk about the early hacker culture of the 1970s and 80s, and the subsequent rise of viruses in the 1990s. Next, we’ll discuss e-mail spam, and how it transformed cyber-crime from a small-time, opportunistic crime – to a bonafide business model. We’ll talk about botnets, DDoS attacks, and hacktivists – and finally, about the latest and perhaps the greatest cyber-threat: ransomware. We’ll expose the human and financial powers operating under the surface, which has made cybercrime what it is today.
Our story begins with a friendly game.
Robert “Bob” Thomas was a software engineer at Bolt, Beranek, and Newman, also known as BBN- a civilian company that was, during the 60s and 70s, a sub-contractor of the US army. Thomas was working on an idea that we know today as Distributed Computing- the ability of several computers, connected by a network, to work together towards a common goal by sharing information between them. The year was 1971 and computers had only just became connected to each other, so Thomas’ work was truly “cutting edge” at the time. He told me of his work in an email exchange some years ago:
“At the time, I was working on an ARPA-sponsored project focusing on innovative uses of the network. We were using a previously developed air traffic control (ATC) simulation program. We had the notion that we could run a very large simulation by using different computers to simulate different ATC areas. As anyone who has used a PC knows, computers fail from time to time and work is lost. So I got interested in the possibility of moving an executing computer program from one computer to another without interrupting the ongoing operation of the program, at least to the extent that to an external observer nothing had happened. I had some thoughts on how this might be done, but before trying those ideas out on the ATC simulator, which was a relatively complex program, I decided to build a much simpler program that performed a very simple task–printing a file to a console.”
The software Thomas wrote was able to create a copy of itself on another computer, and then delete the previous copy- so it would appear as though it “jumped” from one computer to the next. This was a truly innovative idea, one that had never been tried before – at least as far as Bob Thomas was aware. But then again, a lot of what Thomas and his team members did back then was innovative. For example, Thomas developed the first distributed file system that allowed programs on one computer to modify files on another computer. His team created the first e-mail system that could send pictures and audio files as attachments. So as you can imagine, Thomas had no reason to think that it would be this simple program, of all programs, that would earn him a place in technology’s hall of fame.
Thomas tinkered with his simple ‘jumping’ software, and in a moment of silliness added to it a single line of text that would be displayed on the console every time it jumped computers: “I’m the Creeper- catch me if you can!” It was this line that gave the software its name – the Creeper.
The Creeper did turn out to be useful, and the team at BBN did end up implementing its novel technique in the ATC simulator. But important as that was, that’s not the reason why I’m telling this story.
Ray Tomlinson, Bob Thomas’ team member, was an excellent programmer and a visionary: he is the man who invented Email as we know it today. Tomlinson’s reaction to Thomas’s humorous challenge is what made the Creeper famous. He wrote his own software that could also move between computers in the network – and once it came across Thomas’s Creeper – it erased it. Keeping with the tongue-in-cheek attitude, Tomlinson named his program The Reaper.
Tomlinson and Thomas played a few rounds of The Creeper Vs. The Reaper – but that was about it. Both turned their attentions to other things – and forgot about. As Thomas describes it –
“If I recall correctly, Reaper always managed to kill off Creeper. I never took the time to modify Creeper to protect itself or be evasive. Even if I had, I’m not sure it would have been able to evade Reaper. Ray is very skilled, probably the best programmer I’ve known. I think after a few runs the novelty of this wore off. Ray and I carpooled for a while several years after Creeper, and I don’t recall we ever talked about it during our commutes.”
But the Creeper and the Reaper were not entirely forgotten. Years went by, and the story of these two programs traveled through word of mouth. As the story was told and retold by engineers in hallway conversations and coffee breaks, it inevitably changed. Important details were omitted, unimportant details became central or exaggerated, and eventually, the story became an urban myth, not much different than Bigfoot and the Chupacabra.
During the 1980s, the Canadian mathematician Alexander Dewdney wrote a regular column for the Scientific American called Computer Recreations. This column dealt with mathematical riddles and challenging mind games and was very popular among readers.
In 1984, Dewdney came across an interesting rumor that was circulating among the computer enthusiasts of the day. The rumor told of a mysterious incident that occurred in a secret BBN facility sometime in the early 70s. A computer virus created by a BBN engineer, so the story went, somehow got out of hand and created so many copies of itself, that it became a danger to the stability of BBN’s computer network. All attempts at destroying the virus failed, and there was no other choice but to have another engineer create a new, more powerful virus, that was sent after the first virus, and the two battled it out in the silent depths of BBN’s network until the dangerous virus was eliminated.
In other words, in the 10 or so years that had passed since the real events took place in BBN’s lab, the friendly competition between Thomas and Tomlinson became a Sci-Fi thriller. You can almost imagine Arnold Schwarzenegger playing the part of Ray Tomlinson. No wonder Dewdney doubted the rumor’s truthfulness. But still, something in the fundamentals of the story about 2 independent pieces of software running a kind of chase to the death inside the darkness of a computer network, a real-life Tron film, was appealing for Dewdney and ignited his imagination.
The Skepticism Towards Viruses
To appreciate Dewdney’s curiosity, we should take a closer look at what the experts knew about computer viruses. A computer virus, by definition, is a malicious program capable of self-replication. The idea of self-replication, by itself, wasn’t new at all: computer scientists as far back as John von Neumann in the 1940s theorized that we could build a machine capable of creating copies of itself. Early examples of self-replicating software can be found as early as 1961. But while self-replication was obviously possible – most computer experts at the time still were very skeptical regarding the actual existence of computer viruses.
Graham Cluley, a security analyst and one of the first antivirus developers in the early 90s, describes the sentiment among computer experts toward computer viruses.
“I think I believed that they existed and I know that seems a crazy thing to say. But at the time, there was a lot of myth about computer viruses. Some people I think actually was—you know, way back then, in the late ‘80s and early ‘90s, I think it was Peter Norton himself who said that viruses were an urban myth like the alligators in the New York sewers, and about 18 months later, Symantec released the first version of Norton antivirus. So there were a lot of people who simply didn’t believe they exist. They thought this is all just hype. “
Peter Norton, the father of the famous Norton anti-virus, was not alone in his doubt: another computer expert said in a newspaper interview that he was “more concerned about being hit by a meteor” than by a computer virus.
Why were the experts so skeptical towards viruses? Well, we should remember that back in the 60s and 70s, Access to a computer was a right reserved for a privileged few. Computers were very expensive, and operating them required a high level of expertise. Writing software, especially in the time of punch cards, was a long, tedious process that was prone to errors. I remember an older engineer I worked with telling me how he used to carry the hundreds of punch cards that held the software he wrote to the computer room – and how one day he bumped into a door and the box fell from his hands and the cards fell to the floor. The look of horror on his face was apparent even after more than thirty years…
And if writing software was hard, writing a malicious program, which was not only supposed to function correctly but also bypass the defenses and security protocols standing in its way, was even harder. So, why would a skilled and educated software engineer invest their precious time in developing harmful software? Most engineers, researchers, and scientists are law- abiding people, so it was hard to believe that someone would take the time to deliberately develop software that would harm innocent computer users. That was the frame of mind of most of the people involved in the early computer industry, and it explains most of the skepticism towards computer viruses.
That is why Alexander Dewdney found the idea of self-replicating programs doing battle so exotic and fascinating. Although he didn’t believe the story about Creeper and Reaper, it did provide him with the inspiration for a new kind of computer game. Core Wars is a game where computer programs fight one another for control of some memory space. Dewdney and a colleague worked out a relatively simple set of rules that would allow even amateur programmers to design such battle programs and test their programming skills against other programmers.
In a column published in May 1984, the mathematician described his idea in the following words:
“Two computer programs in their native habitat - the memory chips of a digital computer - stalk each other from address to address. Sometimes they go scouting for the enemy; sometimes they lay down a barrage of numeric bombs; sometimes they copy themselves out of danger or stop to repair damage. This is the game I call Core War.”
Dewdney was hoping that his offer would spark the interest of the magazine’s readers and maybe even get some game lovers to play with it- but even he wasn’t prepared for the avalanche of comments and letters that came flowing in from all over the world, making the column one of the most popular ones in the history of Scientific American. In another column published a year later, Dewdney opened with the following statement:
“When the column about Core War appeared last May, it had not occurred to me how serious a topic I was raising. My descriptions of machine language programs, moving about in memory and trying to destroy each other, struck a resonant chord. According to many readers, whose stories I shall tell, there are abundant examples of worms, viruses and other software creatures living in every conceivable computing environment. Some of the possibilities are so horrifying that I hesitate to set them down at all.”
One reader told him of a virus created in 1974 by a young programmer named John Walker. Walker created a game for UNIVAC computers called Animal, which was a digital version of the game 20 Questions- the user would think of an animal and the computer would guess what is was. During the game, the software would create copies of itself inside other users’ folders. Animal was a huge success, and infiltrated almost all UNIVAC computers throughout the world, in a time, let’s not forget, when software was normally sent by mail on magnetic reels.
Another young programmer, a teenager named Rich Skrenta, wrote to Dewdney and told him of a virus he wrote in 1982 for the Apple-II computer – actually, the first ever virus for a personal computer. Skrenta’s virus, called ‘Elk Cloner’, spread itself by way of a floppy disk, and displayed a silly limerick. A reader named Frederic described to Dewdney how he had created a virtual world inside the memory of a computer, in which creatures lived and multiplied, just like bacteria in a Petri dish.
“Like Core War, I set aside a closed, segment of memory in which a creature was simulated by modified machine language. […] The creature was programmed to crawl through its universe eating “food” and creating a duplicate of itself when enough food was accumulated. […] I had an executive program which kept track of who was alive and allocated execution time among the living creatures. I called it the ‘Left Hand of God.'”
A couple of young programmers from Italy explained how they were able to ’relatively easily’ develop a virus for Apple II computers, which, just like Skrenta’s virus, was spread through floppy disks; but unlike the innocent Elk Cloner that displayed a limerick on the screen, their virus was able to delete all the information stored on the computer. The two were terrified with what they had discovered, and finished their letter to Dewdney with the following sentence:
“Now the awful evil of our idea was clear, and we decided neither to carry it out, nor to speak to anybody about our idea.”
Another programmer shared a story with him about the time when she accidentally created a virus which was able to crash the entire company’s computer system.
So why was Dewdney ‘horrified’ from his readers’ stories? Because he realized how easy it was to create computer viruses, and he realized the viruses’ true destructive potential. The assumption that only an expert could develop a harmful computer virus was totally wrong. Amateur programmers could do it too, even teenagers.
It took some years for the computer industry to reach the same realization. Graham Cluley again:
“You have to remember most computers at the time weren’t even networked, let alone on the internet. And so the only way you could catch a virus was from someone handing you a floppy disk and you’re putting the floppy disk into your computer and maybe you’re booting off that floppy disk. So, it would take months and months if at all for a virus to spread around the world by basically sneakernet.”
The “Sneakernet” that Graham refers is simply humans wearing sneakers. The way viruses were transferred was by people physically sharing floppy disks. …And that is a slow way to spread viruses. So, many experts were skeptical towards viruses because they never saw any.
“I remember once we were having a conference and our company was organizing it and there were virus experts from all around the world and we’d say, “Oh, can you give us your slides?” and things like this and they’d give us a USB stick or a floppy disk, and we’d put it into our computers and the antivirus goes “Zoop! Zoop! Zoop!” which say, “Excuse me, Mr. World Famous Virus Expert,” I’m not going to name any names here, “You appear to have given me a virus to—” Back in those days, people were a lot less careful in some cases.”
It was only as the personal computer revolution began to pick up speed and more and more viruses were being created every day, that it became obvious that viruses could and did pose a real threat to computer users. The first wide-spread virus epidemic was that of the Brain virus, also known as the Pakistani virus: it was a virus for PC computers and was written by two Pakistani brothers, who also left their names and telephone numbers in the virus code. The Brain virus was quickly followed by other, now infamous, viruses: Cascade, the Jerusalem virus, Ping-Pong, the Morris Worm and many others. By the early 1990s, dozens of viruses were being discovered on a daily basis.
Some of these viruses, like the Jerusalem virus, were intentionally destructive: we will explore these viruses in more detail in our next episode. Most, however, were benign and even amusing. I remember, as a teenager, being mesmerized by the Ping Pong virus – which was basically just a small white dot bouncing off the screen’s edges – or by Cascade that made the text on the screen fall down to the bottom in a pile of letters. In a world of green text, these viruses were often attractions by their own right. But even these supposedly harmless viruses – weren’t so harmless after all. Stephen Cobb is a senior research analyst at ESET, and was the author of some of the first books on information security back in the late 80s and early 90s.
“When the original PCs came out, they were not even graphics machines. They were text-basis. And it costs you a lot of money to get a graphics monitor and to do pictures. And so, if you had a very basic computer, writing stuff in code was one of the more interesting things you could do with that computer. And if you were writing code, then one of the more interesting things you could do was try and write yourself some self-replicating code.
So in the early ‘90s, the computing landscape was extremely diverse. People were putting together personal computer systems and all sorts of different components and it was extremely difficult to predict if you wrote a piece of code for example for DOS, the early Disk Operating System, what would that code do on a particular machine?
So you had a situation where somebody where somebody would write a piece of code to spread the message “peace on earth” and it would pop up in a message “peace on earth” on a lot of computers but on our computers it would crash them.”
And so, during the 1980s, the computer industry experienced a kind of paradigm shift: from regarding computer viruses as urban myths that, even if they were real, posed no real threat to computer users – to the realization that it is, in fact, rather easy to write malicious code, and have it do real damage to computers, either intentionally or by mistake. As we saw, many of the pioneers in this field were scientists and engineers, experts in their field, who were curious about the idea of a program that could replicate itself. The concept of the computer virus was a part of the computer world almost immediately after the big machines appeared on the technological stage. But it was only when computers left the grasp of big hierarchical organizations and entered the bedrooms of ordinary people that this phenomenon picked up speed and really changed the way we think of computer security.
It seems to me that the virus phenomenon can teach us an important lesson regarding the challenges of the democratization of advanced technology. For example, genetic engineering is considered nowadays an ‘elitist’ field, which requires high levels of skill and expertise, and is dominated by big organizations. Looking back at the example of computer viruses, you can’t help but think about what’s going to happen once genetic engineering technology leaves the science labs and enters our homes. At the very least, it’s food for thought.
In our next episode, we will discuss the motivations of these early virus programmers during the 1980s and 90s. What drove them to write malicious software and what was the relationship between the virus programmers and the information security community at that time? The answer to that final question may surprise you. Finally, we will hear the story of one of the most infamous virus authors of all time – the Dark Avenger.