Virus Vandalism May Be a Prelude to Computer Crime
I’m sick of viruses.
I’m even sicker of the weasels who program them. Starting at midnight tonight, the so-called Columbus Day virus (also known as the Datacrime virus) will allegedly spring to life to destroy all the hard disk data on thousands of IBM-compatible personal computers.
Picture someone sneaking into your office and torching every item in your files--letters, reports, memos. Everything. Multiply that by thousands and you have computerdom’s equivalent to Hurricane Hugo. This current threat may be just the latest round of media hype, but IBM, AT&T; and the federal government are taking this virus very seriously.
The metaphor is apt: Viruses are little program-lettes designed to make computers sick. They’re spread by computer telecommunications networks and by tainted floppy disks. This isn’t like traditional computer hacking, where people break into systems for the heck of it. Breaking into a system to look around is one thing; planting a virus that destroys people’s work is both cruel and malicious.
To make an analogy, if a teen-age kid takes a car on a joy ride and returns it, he has unquestionably committed a crime, but his intent is clearly not malicious. If, however, our teen jiggered the engine to break down or explode when someone else drove the car, it’s clear that he’s a psycho who should do hard time.
Too many of these creatures fancy themselves as the Jasons, Freddie Krugers and Michael Myerses of software--they think that they’re stars of a digital slasher pic. They mutilate data as mindlessly as their screen idols skewer teens. The computer networks serve as their masks and machetes. And, like their gore-spattered role models, if they don’t get caught, you have to put up with a sequel.
These virus sleazoids raise very important questions about the future of personal computing: Do viruses represent an aberrant phase or an ongoing phenomenon?
“Most people now understand that writing a virus is a genuinely bad thing,” says Clifford Stoll, an astronomer turned network security expert who helped crack a computer-based West German spy ring. “Two or three years ago, it was possible to write a completely innocuous virus. Today, you can’t, because you can’t be sure innocent people won’t get hurt. If a hospital gets a ‘HA! HA! I GOT YOU!’ virus that freezes up its computer, that can have a disastrous impact even though the virus is intended to be innocuous.” You simply can’t know what systems a virus will infect anymore.
My belief is that, as with folks who love slasher flicks, we are dealing with a declining quantity of deviants. The overwhelming majority of computerniks are more intent on demonstrating how clever they are rather than how destructive they can be. Novelty, not perversion, intrigues them. These folks may still be inclined to take a Cray supercomputer for a joy ride if they get the chance. Troublemakers? Yes, but the focus isn’t viral vandalism.
Consequently, viruses are fading as a hot topic among computer cognoscenti. “The virus is pretty much over,” asserts Donn Parker, a longtime computer security expert at SRI International in Palo Alto. “The real question is, what will the next crimeoid be?”
That’s the right question because truly gifted (and dangerous) technoids find virgin technology more intriguing than yesterday’s hack. Parker suggests that “voice mail hacking” may become the the next focus for malicious mischief.
Thousands of companies now rely on voice mail answering systems for eliminating telephone tag and speeding internal corporate communications. It’s not that difficult to get into these systems and eavesdrop on and play back all the messages. Similarly, pranksters can use the technology to “broadcast” messages to all the phones in the company. Parker notes cases of voice mail terrorism where sickos use the knowledge they have gleaned from eavesdropping to broadcast threatening messages to individuals’ phones.
The point isn’t that there are always sickos, it’s that new technologies always invite experimentation. In the 1950s, it was hot-rodding and joy rides; in the 1960s, it was psychedelic drugs; in the 1970s, it was telephone’s blue box bandits, and the 1980s have seen the PC hackers and mini-plague of destructive viruses.
Now it’s obvious that viruses such as Datacrime are slash-and-burn programs. There’s no ambiguity surrounding them. My big fear is that the cleverer computerniks will move into the hazy arena of merry pranksterism and infect systems in ways they might consider clever or elegant.
To wit, suppose this newspaper’s computer system was infected with a virus that randomly deleted the word “not” from news stories and editorials? How about a “Robin Hood” virus that conned ATM machines into spewing out more money than requested after every Nth transaction? Not only would these viruses be difficult to detect, they probably wouldn’t stir the sort of public/media outrage that other viruses do.
For the most part, the sharp computerniks now enforce a code of honor that respects the clever and mischievous hack over the insidious and destructive virus. That is unlikely to change. The real risk is that really clever people will get caught up with how really clever they can be and blur the distinctions between pranks and vandalism. The next 48 hours may tell us a lot about the next few years.