40Hex Number 12 Volume 3 Issue 3 File 003 [Not so] Recently, the AIS BBS was shut down because of an anonymous letter which stated that the AIS BBS contained and distributed virus source code and helped system hackers develop and test malicious programs. Now, I had been a member of AIS BBS for quite awhile, and it is true that there was virus source code available. The first question I want to ask is: "Who uploaded these viruses?" Hackers uploaded them. To my knowledge there weren't that many hackers on AIS BBS. The majority of the users were people in the computer and computer security industry. By being exposed to virus source code and hackers in general, they would be able to do their job better and more effectively. The anonymous person who complained about AIS BBS clearly didn't do enough research, because if he had, he would have realized that the people who he was worried about obtaining viruses already had them. I would guess that over 90% of the underground material on AIS BBS was contributed by hackers. Which brings me to my next question... "Why did hackers willingly give away their 'secrets' to the people who have always been viewed as the enemy?" The main reason the hackers on AIS BBS contributed to the system was the friendly environment for them on AIS BBS. An important fact about almost all hackers is that for the most part they are just like every other person out there. They aren't evil computer geniuses trying to destroy everyone's vital information. When logging into AIS BBS, a hacker was not assaulted by rude messages, was not refered to as a criminal, but was instead greeted as a fellow computer enthusiast. Of course people wanted advice from hackers, who better to secure a computer system then one who spends countless hours trying to penetrate them. "Are there, or have there ever been other systems like this?" There have been several attempts to achieve a BBS that bridged the gap between hackers and computer security professionals. The first one I had ever heard of was called Face to Face. I am not too sure on the success of this BBS, I only know that it wasn't that great. On my BBS, Landfill, I also attempted to allow the security folks to interact with computer hackers and virus writers, with a message base called 'Security and the Security Impaired'. This forum allowed both sides to speak their mind about a variety of issues, including Van Eck devices (TEMPEST), suggestions for the improvement of currently insecure systems, and in one example, virus writers helped one system administrator with a rampant case of the Maltese Amoeba virus by displaying all of the pertinent information and characteristics of the virus. Another system called Unphamiliar Territories also has a message base with similiar information that is still up and running today with a substantial amount of success! "Who protects us if our protectors are aiding the enemy?" The Bureau of Public Debt has little to do with protecting our country, and in regards to viruses, there is no agency who can protect you from viruses. There is however a way you can protect yourselves. It is through awareness that you can protect your data from the damages incurred by malicious intent. The same awareness that the Bureau of Public Debt was trying to make publicly available on AIS BBS. Before the government did it, everyone else had already done it. This fact may alarm some people, but I would estimate that there are well over 200 other systems in the United States alone that currently distribute virus code to people who very well could end up distributing it to other people without their consent. I am a tax paying citizen of the USA, and I know I would rather hear that we spend a couple hundred dollars educating the public on computer viruses then hear about the thousands of dollars in damage done by miscellaneous computer viruses that hit companies and wipe out all their data. By closing down AIS BBS, the door for virus writers to obtain virus source remains wide open, while the people who could find the information valuable, if not necessary for their jobs, just had the only door open to them slammed shut and locked, maybe forever. It is hard to tell who hurts us more - Those who make it harder for computer users to protect themselves, or those who sit in blind ignorance. -> GHeap