Feeds

Unemployed virus writers take heart

The Music Biz want you

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

The recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything, writes George Smith, SecurityFocus columnist.

Nowhere Man, please listen, the recording industry has a job for you. The pay is good, the work easy and exciting, ripe with opportunity for someone creatively adept at clandestine dirty tricks.

Nowhere Man was an American virus-writer -- vintage 1992 -- who "invented" the Virus Creation Lab, one of the first widely-distributed programs to automate the production of malicious software. It was full of smirking computer hotfoots, none difficult for the anti-virus industry to counter, but ideal for turning a cyberspatial tenderfoot's afternoon into a hair-pulling good time.

Conceptually, it was perfect for a recording industry "exploring options," as the New York Times obliquely put it last week, for "overwhelming [music] distribution networks with potentially malicious programs that masquerade as music files."

Included with the Virus Creation Lab were the Nowhere Utilities, a set of "tools" to be used in plaguing software pirates, the feeble-minded, people in the wrong place at the wrong time and the avaricious with the electronic equivalent of free poisoned chocolate candies.

"They were for taking down lamers!" Nowhere Man laughed ten years ago.

Some were designed to create waste-your-time dummy files called "fakewarez"; Madonna would have certainly liked them. Others took advantage of file compression to create seemingly small archived binaries which expanded to system-crashing Brobdingnagian size when expanded, a stunt that still worked on some electronic file scanners a couple years back.

Other techniques disguised old viruses or patched code so that the use of a program would corrupt or erase data.

Taken singly, they were merely annoying. But in the aggregate they were enablers of escalating hostility.

Using Nowhere Man's software in 1992, I quickly made a virus called Heevahava, the name being a Pennsylvania Dutch pejorative for a simpleton, colloquially -- a farmhand given the job of harvesting sperm from a bull. "A more malicious program, dubbed 'freeze,' locks up a computer system..." wrote the Times of "industry options" to fight piracy. Heevahava locked up the machine, too, and could even be custom-tailored to display an annoying message, perhaps like: "Only Heevahavas steal music. Stop thief or else!"

New Dog, Old Tricks

What I learned was that there's no real line between mildly annoying disruption -- the industry's spin on these anti-piracy measures -- and pure overt and aggressive malice. It's too easy, even alluring once you're neck deep in it, to go from jamming up the computer and causing a reset to making the machine impossible to start without a trip to the doctor. Rationalizing such action as justified by circumstance is an even simpler task.

Imagine something like imposing a "cursed disk" fault. A few years back you could diddle the system sector of a Windows machine so that the PC could not even be started from a bootable diskette without some very specialized knowledge on the nature of the induced error.

Caught in a sweat, it was easy to persuade the afflicted that the hard disk had failed completely even though everything on it was unharmed. Ha-ha-ha, so funny. You shouldn't ha' ripped that Linkin Park CD, pally. Now you've learned your lesson.

The industry knows this type of conduct is contemptible. So do the media defender firms hired to develop and deploy the dirty work. One can just imagine the briefings on plans and "plausible deniability" already -- smug but clueless suits buying hogwash about how some allegedly sanitary enforcer technology will thrash the guilty and restore profits through fear and intimidation in a couple quarters.

Virus-writers never enjoyed any good publicity from working on code that could be used to devil pirates. No certificates of merit were handed out; it wasn't worth any money.

The entertainment conglomerates will find out that investing in the reinvention of virus-writer ideology and applications earns them more grief than satisfaction. They'll be ripped off by the firms they have commissioned because it is easy to overcharge for the work, the fruit of it being technical swill reproducible by chimpanzees. And then they will find that they have to keep it secret lest the more reptilian actions leak, and present public relations catastrophes.

Nowhere Man was just a kid and he outgrew his underground hobby. But the new nowhere men stand ready to poke rock and roll fans in the eyes with electronic sticks. That's real progress.

© SecurityFocus logo

Related stories

RIAA attacking our culture, the American Mind
Madonna's borderline MP3 tactics
Like a virgin: Madonna hacked for the very first time

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?