Copy Link
Add to Bookmark
Report
40Hex Issue 10 File 004
40Hex Issue 10 Volume 3 Number 1 File 004
ARCV Busted!
by DecimatoR
Many of you who read this mag know of the ARCV, and most likely
know Apache Warrior, the president of the group. In December and January,
the ARCV members were raided by Scotland Yard officials, and had their
computer equipment confiscated. Apparently, the bust was triggered not because
of the virus writing they did, but because of the method they allegedly used to
transport their creations to their friends in other countries. A contact in
England recently filled me in on the events which led to the bust of the ARCV.
Apparently, a few of the ARCV members were calling long distance by use of a
beige box (a device which allows tapping into phone lines to make unauthorized
calls) and they got caught. This led to the confiscation of their computer
equipment. The two who were arrested apparently cooperated with the police,
and further examination of the confiscated equipment proved that not only had
the police caught people making fraudulent phone calls, but they also caught
the leaders of a large virus writing group. Further investigation resulted in
more arrests of other ARCV members. Had the group not been phreaking their
calls, chances are they would not be in the fix they are today. Please note,
however, that there have not yet been any trials in the arrests, and the ARCV
members have not been proven guilty.
The following articles were posted on UseNet, and tell the story, although all
but one fail to mention the fact that illegal phone calls, and NOT virus
writing was the key factor in the arrests. Only after the first arrests were
made did the police pursue the avenue concerning virus authorship.
--------------
From "Computing", Feb 4, 1993:
Apache scalps virus cowboys
"Police raided the homes of suspected computer virus authors across
the country last week, arresting five people and seizing equipment.
"The raids were carried out last Wednesdau by police in Manchester,
Cumbria, Staffordshire and Devon and Cornwall.
"Scotland Yard's computer crimes unit co-ordinated the raids under the
codename Operation Apache.
" A spokeswoman for the Greater Manchester Police said: 'The
investigation began in the Mancheter area following the arrest of the
self-styled president of the virus writing group in Salford last
December.'
"Police would not reveal the man's name, but said he had been released
on bail.
"Last week's raids led to the the arrest of a further two people in
Manchester. Three other suspects were also arrested in Staffordshire,
Cumbria and Cornwall.
"PCs and floppy disks were seized in all the raids.
"All those arrested have been released on police bail pending further
investigations."
--------------
From the EFF.TALK newsgroup of Usenet:
"Police have arrested Britain's first computer virus-writing group
in an operation they hope will dampen the aspirations of any potential
high-tech criminals.
Four members of the Association of Really Cruel Viruses (ARCV) were
raided last Wednesday in a joint operation in four cities co-ordinated by
Scotland Yard's computer crimes unit.
The arrests in Greater Manchester, Cumbria, Staffordshire and
Devon and Cornwall, bring to six the members of the group that have been
tracked down by police. Two others, also writing for ARCV, were arrested
a month ago in Manchester.
This six are thought to have written between 30 and 50 relatively
harmless viruses....
--------------
From a reposting of an unidentified newspaper, dated 4 February 1993:
UK Virus Writers Group Foiled by Scotland Yard
British police have arrested four members of a virus-writing group that
calls itself the Association of Really Cruel Viruses (ARCV).
The Scotland Yard Computer Crime Unit coordinated the raids carried out
on suspects in Greater Manchester, Staffordshire, Devon, and Cornwall.
The arrests last Wednesday, January 27, bring to six the number of ARCV
members found by police, after they initially arrested one caught
"phreaking" in Manchester in December. ("Phone phreaking" is the illegal
practice of obtaining free use of telephone lines.) The arrests were
made under Section 3 of the Computer Misuse Act, which prohibits
unauthorized modification of computer material, said Detective Sergeant
Stephen Littler. The suspects, who cannot be identified at this stage
under British law, have been released on bail pending inquiries and may
face further charges.
The members of ARCV used PCs to write viruses, which they shared via a
bulletin board operated by one suspect in Cornwall. The police
confiscated hardware and software, which is being studied by virus
experts to determine how many viruses were written and what the viruses
were intended to do, Littler said. The British anti-virus community
became aware of ARCV through the group's own publicity efforts, such as
a newsletter that it had uploaded to various bulletin boards in the
U.S., according to Richard Ford, editor of the monthly "Virus Bulletin,"
which is published in Abingdon, Oxon, England. The newsletter was
described in detail in the November, 1992, issue of "Virus Bulletin."
"To the best of my knowledge, none of their viruses are in the wild, out
there spreading," said Ford. "But they have been found on virus
exchange bulletin board services, and we've had reports of them being
uploaded rather widely in the UK." ARCV claims, in its newsletter, to
have links with PHALCON/SKISM in the U.S. and other virus writers in
Eastern Europe. "The world is a very small place when you've got a
modem, or are on the Internet," Ford said. The newsletter invites new
members to join even if they are not virus writers but prefer other
"underground" activities such as hacking and phreaking. It also betrays
ARCV's fears of being perceived as nerds (a term not used in Britain)
saying, "Now the picture put out by the Anti- Virus Authors is that
Virus writers are Sad individuals who wear Anoraks and go Train Spotting
but well they are sadly mistaken, we are very intelligent, sound minded,
highly trained, and we wouldn't be seen in an Anorak or near an Anorak
even if dead." (Anorak is the British word for ski jacket.)
ARCV has already failed at one of the objectives mentioned in its
premier newsletter issue, which said, "We will be dodging Special Branch
and New Scotland Yard as we go."
--------------
The following is a summary of Britain's Computer Misuse Act 1990, which
deals with computer crimes:
Summary of Computer Misuse Act 1990:
{ heading }
...
1 -(1) A person is guilty of an offence if-
(A) he causes a computer to perform any function with intent to secure
access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the
function that that is the case.
(2) The intent a person has to have to commit an offence under this secton
need not be directed at -
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
{ up to 6 months prison, or a medium scale - level 5 - fine, or both}
2 {similar - but access with intent to commit or facilitate further offnces}
3 -(1) A person is guilty of an offence if-
(a) he does any act which causes an unauthorised modification of the contents
of any computer; and
(b) at the time when he does the act he has the requisite intent and the
requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite is an intent
to cause a modification of the contents of any computer and by so doing-
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any comp
(c) to impair the operation of any such program or the reliability of
any such data.
(3) {similar clause on direction of intent to section 1}
(4) For the purposes of subsection (1)(b) above the requisite knowledge
is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an
unauthorised modification or any intended effect of it of a kind
mentioned in subsection (2) above is, or is intended to be, permanent
or merely temporary.
{ such damage not to be within the terms of the Criminal Damage Act 1971 unless
physical damage is caused }
{ In magistrates court - up to 6 months prison or maximum fine or both}
{ In Crown court up to 5 years prison and/or unlimited fine}
{ sections on Jurisdiction - Act applies as long as there is a significant
UK connection - either accused or target computer was in UK}
{ lots of further legal details - no way am I typing in all that!}
14. { search warrant to be issued by a judge, not just a magistrate}
15. { Extradition attempts possible for offences unders sections 2 or 3
conspiracy to commit such, or attempt to commit section 3 offence}
{ more verbiage}
17. {lots of definitions - Computer is _not_ formally defined anywhere
in English Law}
{Definition of Access - seems to cover anything you could think of
doing with a computer}
{defiitions of unauthorised - again rather wide}
{ ... }
(10) Refences to a program include refences to part of a program.
--------------
There ya have it. I personally would like to wish Apache Warrior, Ice-9,
and the rest of ARCV luck in the upcoming legal mess they face. I was sorry
to hear about the bust of the group, but even sorrier when I found out that
some of the members were arrested solely because they had a hand in virus
production. When you commit fraud, you are breaking the law, and yes, you
should be held accountable for your actions. I tend to have the opposite
point of view when it comes to authoring a virus, however. Simply writing code
should never be illegal. Spreading, yes, but writing? No. Unfortunately, the
"powers that be" don't always see it as I do.
--DecimatoR
