Stay Free! Daily: Websites hawk computer viruses

Got a blog tip? Contact us

« NYC Grassroots Media Conference this weekend | Main | Disney's film about venereal disease »

Websites hawk computer viruses

The Wall Street Journal reports that American Eagle Publications is selling a CD called "Outlaws of the Wild West" that it claims contains the source code for 14,000 types of viruses. There are some interesting First Amendment issues at play here; I'm pretty torn myself. American Eagle's advertising ("A fantastic virus collection consisting of 804 major families and 10,000 individual and different viruses for PC's Macs, Unix boxes, Amigas and others!") makes it hard to believe that these products don't actively encourage black hat hackers.... which makes you wonder: if the Supreme Court rules against Grokster, will it make American Eagle liable for any damages its customers cause?

March 31, 2005

VIRUSES: SPREADING TROUBLE

Web Sites Hawk Instructions
On Making Computer Viruses;
Why FBI's Hands Are Tied

By CASSELL BRYAN-LOW and GARY FIELDS
Staff Reporters of THE WALL STREET JOURNAL
March 31, 2005; Page B1

The Web site of American Eagle Publications Inc. has a provocative come-on for the CDs it sells. "The software on this CD-ROM is responsible for having caused literally billions of dollars of damage," goes the teaser for one.

The CD in question, called "Outlaws of the Wild West" and priced at $49.95, contains the source code -- the equivalent of a recipe -- for 14,000 types of viruses, according to the Web site. It also includes virus-writing tools, newsletters about "destructive code" and a database describing how different viruses work.

American Eagle Publications, whose site is registered in Show Low, Ariz., is just one of a number of small, controversial online retailers that hawk do-it-yourself virus kits. Many Web sites even make virus recipes available at no charge.

At a time of mounting public concern about identity theft, "phishing" and other forms of electronic crime, computer-security experts complain that the increasingly brazen proliferation of virus-writing guides is destructive. But, they add, there is little law-enforcement officials can do to fight back.

The reason lies in the law: Publishing source code that can be used to construct viruses isn't illegal. What is illegal, according to the U.S. Computer Fraud and Abuse Act of 1986, is to release a virus with the knowledge that it will harm others. The distinction, lawyers say, is akin to gun ownership: Owning a gun usually isn't illegal in the U.S. unless you use it to kill or rob someone. Thus, virus purveyors aren't feeling much heat.

"There's nothing illegal about putting the code to viruses on the Internet," says Federal Bureau of Investigation special agent Jeff Lanza. The First Amendment right to free speech, he says, means there is nothing that the agency has done or can do to change the law in this area.

It is "extremely frustrating," adds Mr. Lanza. "We have enough people sending viruses through the Net that know how to do it. We don't need neophytes handed a turnkey operations guide."

There are, of course, efforts under way to crack down on Internet vandalism. Companies such as Microsoft Corp. are scrambling to patch the vulnerabilities in their software, and law-enforcement agencies around the globe are stepping up their fight against cyber crooks. In January, a federal judge in the state of Washington sentenced 19-year-old Jeffrey Lee Parson to 18 months in prison for spreading a variant of the so-called Blaster worm, which surfaced in 2003 and shut down computers running Microsoft Windows. But vandals aren't the only worry: Viruses are increasingly being employed as tools for identity theft and to commandeer computers to pump out e-mails hawking pirated goods.

Mr. Lanza says the FBI is aware of some sites that make virus code available but doesn't monitor them. A site may fall under an FBI investigation if a virus unleashed on the Internet is traced back to that site. But even then, he says, you can't hold someone criminally responsible simply for putting the virus recipe into the public domain where others might pick it up.

To make a case that sticks, prosecutors need to prove that a suspect is guilty of intentionally damaging others' computers -- which is what Mr. Parson was found guilty of doing. The government could also potentially prosecute people for posting code if the sites encourage using the viruses to cause harm. But legal experts say building such cases is difficult because prosecutors need to show that the accused was advocating a specific unlawful activity, such as infecting a particular computer.

Still, for security experts like Ken Dunham, a virus specialist at information-security consultant iDefense Inc. of Reston, Va., the unfettered distribution of viruses "is troublesome." Such sites "provide hackers with the tool of the trade and greatly encourage new actors to get involved."

Even well-intentioned efforts by security researchers -- who sometimes publish virus code themselves to demonstrate potential weaknesses in software -- quickly get exploited by people with nefarious intentions, says Stephen Toulouse, a security specialist at Microsoft.

Marc Zwillinger, a former Department of Justice attorney and currently a partner at Sonnenschein Nath & Rosenthal LLP in Washington, D.C., says law-enforcement officials have discussed whether to push for legislation that would criminalize virus-writing tools. "The problem is that some of the same tools have very legitimate use in the security profession," he says, such as in testing the security of computer systems. For that reason, law enforcement has focused on legislation that makes the activity -- not the technology -- illegal.

For its part, American Eagle Publications acknowledges -- indeed, revels in -- the controversial nature of its wares. "People have gone to jail for writing it," the site says of the contents of its "Outlaws of the Wild West Computer Virus CD-ROM."

But the site argues the CDs it sells are protected under the right to free speech. Among other items it offers is an eclectic list of books, including "Storm Over Show Low," a conservative thriller in which patriotic denizens of the Arizona town fight for their rights against growing government control. The site is registered to Mark Ludwig, the author of several books on viruses. Mr. Ludwig couldn't be reached to comment.

A spokeswoman for the U.S. attorney's office in Arizona declined to comment.

Security experts say it's difficult to estimate how much virus information is sold or distributed online. The code for sale ranges from the out-of-date to the highly sophisticated. But CDs similar to the one sold by American Eagle can be found at a host of small online software retailers, at prices ranging from $15 to $50 per title. A simple Internet search turned up numerous sites selling titles like "Hacker Toolbox," "Master Hacker" and "Virus Creation Lab."

Virus Creation Lab is among the CDs for sale at a site called Beahacker.com. The site's catalog also includes a "Guide to Hacking" CD, which promises tutorials on "email bombs" and "hard drive killers."

That CD also offers how-to information on "keyboard loggers," programs that capture people's keystrokes as they enter them. These have become popular with identity thieves, who steal credit-card and other financial data.

In an e-mail response to questions about its wares, Beahacker.com's administrator said the merchandise is for people who want to test the security of their computer systems. "We notify all clients that we cannot sell the products if they will use the products to commit crimes," said the administrator, who identified himself as Andy Hooda, a 29-year-old Chicago resident and owner of the site.

Among Web sites that make code available free of charge is that of a virus-writing group called 29A. With members in Europe, Russia and Brazil, 29A is notorious in computer-security circles for creating innovative viruses. The group claims that it writes them for the academic challenge of it and generally opposes releasing them. But its site says it doesn't forbid its members from spreading viruses.

Asked how the group responds to those who say it is irresponsible to make viruses easily available, a 29A member from Spain who goes by the nickname "VirusBuster" said in an e-mail: "We ignore them."

Write to Cassell Bryan-Low at cassell.bryan-low@wsj.com1 and Gary Fields at gary.fields@wsj.com2

URL for this article:
http://online.wsj.com/article/0,,SB111222898606193736,00.html

Posted by carrie on 04/04/2005 | Permalink

Comments

Hacking and hacking related material can be found on sites all over the internet ranging from Forums to retail sales of merchandise. There are GOOD and BAD sites that provide a professional service and those which are out for scams and fraud.

The site you mention for example: beahacker.com and Andy Hooda is currently under investigation with the FBI for violations of non-authorised computer and network entry. This person " Andy " Hooda if I may, real name Amin Akbar Hooda is known in the hacking industry for causing trouble ( see chicago2600.net at www.chicago2600.net/2600qc.shtml) harassment and obtaining credit card info and possibly using that data for his own good. Not to mention social hacking. Social hacking is the real problem with today, more so than the actual sitting at a computer and hacking your way into one's computer.

There are many GOOD sites that offer materials for the public to gain an insight as to the tools used for hacking and techniques. With the news coverage these subjects receive today, the influx of people wishing to know how it is done and how to protect against it is growing.

HackersHomePage.com
HackersCatalog.com
Astalavista.com
hnck.net
infosyssec.com
hackers.com
( The Late Spectre-Press.com )

These sites are LEGIMATE sites and just a few that provide these types of products. Not to mention in 2002 when "Andy" Hooda was again interviewed he was 23. Amazing that in three years, Mr. Hooda has aged 6. See link below.

www.computeruser.com/news/02/04/05/news6.html

What really needs to be talked about are the dynamics of social hacking. When someone who is gifted at gaining people's trust over the phone can call and pretend beyond a shadow of a doubt to be someone else to gain information to enter peoples accounts, third party websites and so on.. Our current sy

Posted by: Angie Morrison | Apr 14, 2005 9:20:17 AM

Just about a year ago, a seemingly legit internet cafe opened up in a local shopping center near where I live in Birmingham, AL. It was called iConnect Zone and being a gaming enthusiast, my friends and I signed up. It was located at 701 Doug Baker Boulevard in Lee Branch, if that helps. It seemed pretty legit, with a reasonable $20 starting fee and decent rates to play games LAN with my friends. All of the computers had moderate specs, and the place must have cost a fortune to maintain.
Of course, the manager and friend of all in the cafe called himself Andy Hooda. He told us that iConnect was a new thing and that there was also a cafe in Chicago, where he supposedly just moved from. It seemed like a cool place and we played there probably once a week for a good few months and had a good time.

Suddenly, iConnect closed. Andy told us he was going to buy the vacant shop next to him and he would be closed for a few days to break down the wall and expand. Later, when we were camping out for the release of a console, someone walked around and put fliers where we were sitting that said "iConnect Zone Presents: Red Moon Cafe", located in Vestavia, Alabama. Obviously we were excited to have another LAN cafe around, so we looked into it.
A card was attached that read this:

iConnect Zone Presents Red Moon Cafe
Andy Hooda, President and CEO
Internet Cafe Setup and Management
Hotel Kiosk Setup and Network Service
1919 Kentucky Avenue
Suite 113 Vestavia Hills, Alabama 35216
205-408-5995 205-396-6416(cell)
ahooda@iconnectnetwork.com

We tried to contact Mr. Hooda multiple times to no avail. Only recently have we decided to look further into Andy Hooda, since he seemed to have disappeared off the face of the planet. 205-408-5995 is disconnected and no one answers 205-396-6416.

In closing, my friends and I were not scammed. We were given what we payed for at very reasonable costs for a LAN cafe in a more upscale place. We had our suspicions of scam, but since none of us were missing a lot of money, it didn't cross our mind until recently. We were shocked to find so much on Mr. Amin Akbar Hooda, a hacker and con artist. He knew a lot about computers and ran iConnect rather well.

He did suck at Counter-strike, though.

Posted by: Trevor Staub | Feb 2, 2007 5:32:00 PM

I was supprised to hear this. He was always talking about expanding. He got things like a DDR machine and Xbox 360 on a big screen. When he moved it was very sudden and awkward. I was sad that it left but I didn't think anything was suspicious at the time. I heard something about Coldstone Creamery nearby getting hacked and having Credit Card Numbers stolen, which I have heard was him. Oh well, iConnect was cool, but I wonder what else I'll hear about him.

Posted by: Andrew Brane | Feb 2, 2007 5:57:41 PM

Trevor Staub who posted above and i were frequent visitors to iconnect along with a couple of school friends would go in often. the place was home for us on days when we wanted to do nothing but play wow or cs. It seemed like a realy good deal they had a t1 connect and some pretty good computers with most of the great games. eventualy he got 360's and a ddr station. it was the coolest place to go.

The only problem i had with the place is that it was a common drug hang out. Andy sold and smoked pot on the property and many poeple would go in there to buy axe and refresh their scent. one day when we were all there there were pot leaves on the toilet in the bathroom and a couple of known pot heads from our school were there and appeared high.

iconnect offered great deals on all the gaming they did and andy seemed realy nice.

he always talked of expanding next door and tearing down the wall but one day he was gone and we never heard from him again.

that is untill he put a peice of paper with a business card attached to it in my chair while i was camping for the wii. i didnt see him do it because i had walked away with trevor to go to play games while waiting.

the paper read this

Red moon Cafe and iconnect network present

ps3 buy out
skipping the unimportant part

red moon networks, llc. 1919 Kentucky Avenue, Vestavia hills
Iconnect networks, INC. 701 Doug Baker Blvd, suite 103, Hoover (this was a lie this is were iconnect was before it disappeared)
iconnect zone, LLC. po box 36115 Hoover, Al 35244

Phone numbers listed

Andy 205-365-4251/205-369-6416
Paul 542-1714 (this number was hand written)

Call us toll Free 1-877-233-4225

That last number i found out is the number for beahacker.com

Trevor and our usual gang were wanting to go to the new location this weekend, but we searched it and his name first and found this. When i read it i hoped it didnt realy mean him but things like from chicago hinted to me that it might but when i went to the beahacker.com site and saw the number i knew there was no doubt it was home.

This realy mad me sad that id befreinded a criminal and actualy may have helped fund some of his scemes.

if i can get a copy of the paper and card put in my chair i will post them on photobucket and put the links here for all to see.

Ps. im going buy later to were iconnects new and old locations are suppose to be and checking it out to see what the deal is and ill keep you posted.

Posted by: Ben Reid | Feb 2, 2007 5:59:49 PM

forgot to mention that before hand i called every number at least 4 times before giving up

and that andrew brane did go with us and that yes coldstone creamery was hacked and i think my parents card numbers may have been stolen too.

If this is true i hope he is caught

ps i also changed my site because it was wrong in last post

Posted by: ben reid | Feb 2, 2007 6:06:16 PM