Interview with Stormbringer February 2001 by diediedie. This old schooler coded some nice things back in the days.. -------------------------------------------------------------- Tell us a bit about yourself, hobbies, music, etc. Well, these days I'm a professional software engineer, mainly focusing in computer vision and systems programming. My hobbies include electronics, coding (useful stuff generally), traveling around, and drinking lots of wine and stolichnya. As far as music, it depends on the mood. My tastes run from artists like Loreena McKennitt and Mary Jane Lamond to Switchblade Symphony and Metallica. I still pull out stuff like Rob Zombie, Iron Maiden, and King Diamond on long coding sprees. Danzig's Black Aria is another favorite, and Enigma's first album or two make great "zone" music. How did you get your handle? Is there a specific meaning behind it? I started out as Black Wolf, which I'm still rather partial to. No special meanings, 'cept I like wolves. I choose the handle "Stormbringer" (from Michael Moorcock's Elric series of books) as a one-shot thing for Ludwig's virus writing contest, and it ended up sticking. Also went by Jesus Christ of the Trinity, but then that's another story. If you're the Messiah and you know it clap your hands! How and when did you start out with computers? I've had a computer for almost as long as I can remember. The first one I wrote programs on was a TRS-80 Color Computer with 16K of RAM that my parents got. I remember hooking it up to my tape deck and messing with the treble until it could load the programs - that was fun. Learned Basic on it, and messed with Peek and Poke a lot. It wasn't until high school that I started really coding, though - picked up C and 80x86 asm when I was around 14. Which programming languages do you know and which ones do you prefer using? Most days now I use C++. I also find occasional use of C and 80x86 assembler for low-level code and optimized routines. Aside from that, I dabble in whatever the language du jour is - Perl, Java, shell, whatever. Only ones I really haven't learned much appreciation for are Haskell and Lisp - they rarely fit the way I think through a project. How do you layout your source? Whiteboards and/or graph paper are my general first step. Sitting in a coffee shop (preferably one that doesn't know what a Frappuccino is) with a few books, some paper, and a pen usually gets the best results for me. Once I've figured out most of the details of what I want to do, I'll do a high level design. I've used Rational and DOME, but honestly still think paper is best for most projects with one to five coders. After that, it depends on the project. Sometimes I start with the high-level stuff (a GUI, simple functionality) and code down. Other times, especially if there are some high risk or high complexity portions of the code, I'll code bottom up in at least those sections to ensure they work as planned. Since I'm mainly a C++ coder these days, I'm a big fan of seperating code out into the old one file = one class style. I probably overkill on the comments unless I'm on an unreasonable deadline, but I've found that it makes maintenance far easier later regardless of who is doing it. Besides, I started out on code disassembling viruses, so comments come pretty naturally. How and why did you start out with virii? Back in the day they were a kind of "black magic" in the computer world. You could only get viruses either by being infected, or by finding one of the underground VX BBS's. I got hit by Stoned, and decided to disassemble it and learn assembler at the same time. Then, at one point the moderator of a Fido network went on vacation or something and a bunch of VX'ers posted their BBS numbers to the virus channel. I called one up, and began downloading viruses to disassemble, then would upload the disassemblies to get credit to download more viruses. During that time I also wrote cures for various viruses that would show up. Eventually I saw one of them, my disassembly of Trident's CLUST virus, published in Urnst Kouch's Crypt Newsletter. That was my entrance into the real "scene", and me writing for Crypt. I mainly experimented with things, like "Black Wolf's File Protection Utilities" and such and got a pretty good grip on the techniques. When Ludwig had his "First International Virus Writing Contest" I entered a couple of viruses under the name Stormbringer, and won. I met the P/S guys on IRC soon after, and the rest is history. Anyway, on why... Viruses were not commonly known about, and the information that was available was hard to get - it gave them a certian mystique. Once I had started, it also gained me some notoriety which I have to admit I appreciated at the time. And, of course, I was very interested in programming in general - viruses were the way I choose initially to learn low level system programming. It was a game to me, an intellectual excercise to bypass all current methodologies of protection and do something "new". There was also a level on "one-upmanship" between virus writers at the time that kept me going. I had no intention of my viruses actually hitting the wild. What (virus-)groups are you/have been a member of? Phalcon/SKISM and the Trinity (of Revelations, the one with only one issue ). Are you active in other scenes, or have you been? Not active in any scenes since '95 or before, although I keep an eye on them. I cracked a few encryptions with some friends (Word Perfect Office and the like) and hacked around a bit back then. I occasionally show up incognito at a hacker convention though. Are there irl people that know of your vx 'career'? Anyone that read the PC World or Rolling Stones articles, saw the television news interviews, or kept tabs on the virus scene at the time is fully aware of who I am. I've told previous employers as well when there was going to be publicity to avoid problems. My friends knew, even back then. And of course, I stood up in front of the entire AV industry and told them who I was. Which virii have you written and which ones do you like most? Almost every virus I wrote was either a test of some new trick or some tongue-in-cheek joke. I'm kinda partial to Jump.466, although Hermanni was the only AV to recognize why it was called that to my knowledge. Shifting Objective was one that I was proud of back then, as although it really lacked finess in its methods it was the first .OBJ infector. Crucifixion probably got the best ratings, and CorporateLife had some neat tricks (some of which I must say I thought of after looking at Musad Khafir's DOS1 virus). Dark Angel liked my BATVIR enough to make fun of me with BLAH. Of course, the greatest achievement of all of us back then was PLuRG. Have you ever released any of them in the wild? If so, how? One thing that a lot of people mistake with me is that I was entirely "VX" then became a "traitor" or something and went AV. Under the name Stormbringer, long before quitting writing viruses, I wrote several AV programs to clean up other people's messes that had made it into the wild. Things like ISMBRVR for removing stealth MBR viruses, and KillSMEG for detecting/removing Pathogen and Queeg. I never intended my viruses to get into the wild - it was a game for me, and a way to improve my programming skills and technical knowledge. At any rate, KeyKapture2 did make it into the wild, which is why I quit after helping the guy clean it up. I've been told it has made additional appearances from time to time, but I've never had any of the other accounts verified. As far as I know, that would be the only one, and it's never made the WildList. Were they destructive? What constitutes a destructive virus? No, they didn't have nasty payloads, but yes they could cause inadvertant damage and considerable lost time. KeyKapture2 would eventually fill a drive with keystrokes, assuming you typed a *lot*. Just about any virus in an environment it's not wanted though is destructive. Just look at all the time wasted these days on such lousy macro viruses. Anyone who's held a real job in a company with an internet connection knows that a lot of time is wasted on "harmless" viruses. I've had to spend several evenings and weekends fixing stuff when some clueless user in accounting clicks on an attachment - times when I had much better things to be doing. Are any of your virii in the wild? I doubt any of them are anymore, although as I said earlier one got out at least once. What is your view about destructive payloads? What's the point? If you're doing it for the love of technology and an interest in the workings of a system, then obviously destructive payloads make no sense. It changes the action from the naive negligence of a curious teenager to a criminal act of wanton destruction. If you're doing it to "bring down the system", then you don't know enough about the "system" or life in general. Destructive viruses have never nor ever will "bring down the system". What they will do is cause some student, researcher, or professional to loose a considerable amount of time and effort, possibly causing them to fail a class, loose a grant, or loose a customer. You have to take responsibility for the damage you cause, and realize that the people damaged are real people - not just some faceless company. I've dealt with people that were in tears because some virus messed up their system to the point that they couldn't work on it, and they had work due the next morning that was critical to them. And you can't blame the victim for being too stupid to understand viruses. Each person has his/her own specialties - it's like blaming a heart attack victim for being too stupid to perform heart surgery on him/herself. Viruses, when released into the wild, cause damage to real people. Destructive payloads cause even more. How do you name your virii? I always named them in some way related to what they did. E.g. Crucifix had the crucifixion joke in it, Shifting Objective did .OBJ infection, etc. For the most part, the AV community kept the names - a bit of confusion on the Pro-Alife vs. Rescue virus, but the rest stuck. What are your favourite e-zines? 40Hex of course ;) I've been out of reading them often for a while, but VLAD, 29a, and Phrack were good to pass the time. This one's pretty good too... wait... who am I being interviewed by? Oh yeah... Matrix rocks ;) What are your favourite viruses and why? PlayGame.2000 will always be a classic. Casino is good to show just how cruel a virus can be. Blah was a masterpiece of insanity. Hybris is quite impressive, but of course PLuRG will always be the ultimate. Beware of PLuRG! What are your favourite AV's and why? I generally use F-Secure. It's got two of the best engines in it (Frisk's and Kaspersky's) and is kept updated. When it has bugs, they aren't the "oops - we deleted your hard drive" style everyone has come to love and expect from Network Associate's products, and are generally remedied quickly. The old pre-NAI Dr. Solomon's was always good - shame to watch that one get muddled, and Norton's has gotten better than it used to be at least. There's something lacking though in the pure scanner solutions these days for corporate protection. For a home computer, I can protect it using DEBUG.EXE and by disabling Windows Scripting Host and Word's macros, but for a corporate situation one needs better protection than *any* of the current AV programs offer. I remember when the LoveBug hit a place I was working at their AV software missed it. When I got involved and tried to update the software, the AV web sites were so swamped I couldn't get through - so I had to write my own disinfectant on the spot to get us back online as quickly as possible. There needs to be a way to prevent new viruses from entering companies. Nick Fitzgerald has been championing some methods to do this in alt.comp.virus and at Virus Bulletin meetings for quite some time, and I think he's on the right track. Which persons in the scene do you respect most? The people who are in it for learning and fun. I started out with Trident's Masud Khafir and P/S's Dark Angel as the two people I respected the most in the scene. Made a lot of friends and met a lot of people over time that I could list, but it would get pretty long. Which ones do you disrespect most? People in it for politics (Falc, Aristotle, etc) or just to cause some misguided harm. Some of them are just kids and will learn. Others just need psychiatric help, or at least some heavy shock therapy. What VX technique are you most interested in? I always glance at whatever the "novel" technique of the time is. Mutation engines were interesting at one point, as was full stealth. The whole morphing concept is still intriguing, and Hybris' updating technique is another landmark. What do you think about macro/script virii? For the most part, I think it pretty much removes the learning aspect from the scene. Who *can't* write a macro/script virus? The languages were written so non-technical people could do stuff, and unfortunately now non-technical people can write viruses. It definitely dropped the bar for who can write them - all those people that were endlessly asking how to infect someone with a .asm file can now, thanks to Microsoft's views on security and the line between code and data. There are a few that stand out with some unique ideas and techniques, but for the most part its even worse than the VCL/PS-MPC glut that happened. Can you tell us some more about that VirusBulletin AV meeting you went to? I applied for a job at Sophos, and was completely honest with them about my past. I still maintain that I could have easily gotten hired if I had lied (there *are* ex-virus writers working in the AV, just no openly honest ones), but regardless - they didn't hire me and basically sent me a nasty letter saying how evil I was. I apparently defended myself well enough in the response, as they forwarded the letter to Nick Fitzgerald (then the coordinator of the Virus Bulletin conference and editor of the magazine of the same name) and he asked me to speak at the conference. So I went. Several people were very kind to me, others kept their distance, and of course a few were absolutely venomous towards me. My topic was basically why I could be extremely useful (and no, I wouldn't give out the names of virus writers - a few people asked) to the antivirus industry and should be considered for a job, rather than just catagorically rejected and painted as an evil person. Mr. Bontchev was of course one of the less polite when I spoke, although I managed to pull a nice round of applause at his expense for his efforts. In the end, the one standing reason for them not to hire me that I really couldn't reject was that if any one company hired me, all the others would sick their marketing droids on them "exposing" the fact that I once wrote viruses generating public relations problems for my new employer. They did take a vote, of just the business people outside of the AV industry, as to whether I should be hired by an AV company. I won overwhelmingly. But of course, none of the AV people voted. Only a few said later they would, and on all such cases either they weren't in a hiring position or the offer was forgotten later. On the bright side, I got quite a few complements on the size of my cahonas. One amusing event happened after I spoke. Some guy came up to me with his wife, and accused me of being the reason that he hadn't spent any time at home with his wife and kids for years - he had been trying to save the world from my code. His wife looked so totally embarrassed by his behaviour that I didn't have the heart to rip him as I was initially thinking. I'm glad my life has never been so unhappy as theirs seemed. I have to say, in retrospect, that I'm glad it didn't work out. My salary's higher, and I don't have any chance of getting bought out by NAI ;) But at the time the end result was a lot of disappointment, and quite a bit more press than I might have liked. Do you have any goals VX-wise? If anything, to make people think. Other than that, I'm a bystander. Is there any way you can be reached? Once in a blue moon, I'll be on #virus. Occasionally I'll read/post alt.comp.virus. Emails sans viruses are accepted at wolf@fc.net, but don't expect a quick reply. Any plans in the future as a coder and in general? My career has been going quite well as a coder. I'm expanding my skills and expertise in several areas, playing with cool toys, and generally doing quite well. I've had the opportunity to see a lot of the world because of my career, and am thoroughly enjoying it. Any last words/greets? Greetz to Dark Angel, GHeap, Lapse, Priest, sCryptKeeper, Meta, Qark, Quantum, Antigen, Urnst, HSpirit, Nightmare, God, Sarah Gordon, Hermanni, Ludwig, Knowdeth, Virogen, and a hell of a lot of other people. Beware of PLuRG!