Copy Link
Add to Bookmark
Report
40Hex Issue 12 File 004
40Hex Number 12 Volume 3 Issue 3 File 003
[Not so] Recently, the AIS BBS was shut down because of an anonymous
letter which stated that the AIS BBS contained and distributed virus
source code and helped system hackers develop and test malicious
programs. Now, I had been a member of AIS BBS for quite awhile, and it
is true that there was virus source code available. The first question
I want to ask is:
"Who uploaded these viruses?"
Hackers uploaded them. To my knowledge there weren't that many
hackers on AIS BBS. The majority of the users were people in the
computer and computer security industry. By being exposed to virus
source code and hackers in general, they would be able to do their job
better and more effectively. The anonymous person who complained about
AIS BBS clearly didn't do enough research, because if he had, he would
have realized that the people who he was worried about obtaining viruses
already had them. I would guess that over 90% of the underground
material on AIS BBS was contributed by hackers. Which brings me to my
next question...
"Why did hackers willingly give away their 'secrets' to the people who
have always been viewed as the enemy?"
The main reason the hackers on AIS BBS contributed to the system was
the friendly environment for them on AIS BBS. An important fact about
almost all hackers is that for the most part they are just like every
other person out there. They aren't evil computer geniuses trying to
destroy everyone's vital information. When logging into AIS BBS, a
hacker was not assaulted by rude messages, was not refered to as
a criminal, but was instead greeted as a fellow computer enthusiast. Of
course people wanted advice from hackers, who better to secure a
computer system then one who spends countless hours trying to penetrate
them.
"Are there, or have there ever been other systems like this?"
There have been several attempts to achieve a BBS that bridged the
gap between hackers and computer security professionals. The first one
I had ever heard of was called Face to Face. I am not too sure on the
success of this BBS, I only know that it wasn't that great. On my BBS,
Landfill, I also attempted to allow the security folks to interact with
computer hackers and virus writers, with a message base called 'Security
and the Security Impaired'. This forum allowed both sides to speak
their mind about a variety of issues, including Van Eck devices (TEMPEST),
suggestions for the improvement of currently insecure systems, and in
one example, virus writers helped one system administrator with a
rampant case of the Maltese Amoeba virus by displaying all of the
pertinent information and characteristics of the virus. Another system
called Unphamiliar Territories also has a message base with similiar
information that is still up and running today with a substantial amount
of success!
"Who protects us if our protectors are aiding the enemy?"
The Bureau of Public Debt has little to do with protecting our
country, and in regards to viruses, there is no agency who can protect
you from viruses. There is however a way you can protect yourselves.
It is through awareness that you can protect your data from the damages
incurred by malicious intent. The same awareness that the Bureau of
Public Debt was trying to make publicly available on AIS BBS. Before
the government did it, everyone else had already done it. This fact may
alarm some people, but I would estimate that there are well over 200
other systems in the United States alone that currently distribute virus
code to people who very well could end up distributing it to other
people without their consent. I am a tax paying citizen of the USA, and
I know I would rather hear that we spend a couple hundred dollars
educating the public on computer viruses then hear about the thousands
of dollars in damage done by miscellaneous computer viruses that hit
companies and wipe out all their data. By closing down AIS BBS, the
door for virus writers to obtain virus source remains wide open, while
the people who could find the information valuable, if not necessary for
their jobs, just had the only door open to them slammed shut and locked,
maybe forever. It is hard to tell who hurts us more - Those who make it
harder for computer users to protect themselves, or those who sit in
blind ignorance.
-> GHeap