[ISN] Hacker can't hide from his past

[InfoSec News]

http://news.zdnet.com/2100-1009_22-5536822.html

By Robert Lemos 
CNET News.com 
January 14, 2005

For five years, Czech student Marek Strihavka programmed computer 
viruses as part of the underground group 29A. 

A twist of fate, however, has led the former virus writer to take a 
job stopping digital pests like those he used to create. About a year 
after leaving 29A, which takes its name from the base-16 
representation of 666, the 22-year-old resident of Brno in the Czech 
Republic became the main developer of Zoner Software's antivirus 
system. 

Now Strihavka finds himself under attack. The Czech police have raided 
his home and confiscated his computer equipment as part of an 
investigation into the Slammer worm. In addition, some antivirus 
companies are attacking Zoner for hiring a known virus writer. 

In an interview with CNET News.com, the man who used to be "Benny" 
claims that he never took part in spreading his programs on the 
Internet and maintains that virus writers contribute to online 
security. 


Q: Why did you join a virus-writing group like 29A? What is the 
purpose of the group? 

A: The purpose of 29A has always been technical progress, invention 
and innovation of new and technically mature and interesting viruses. 
29A distances itself from virus-spreading, since 29A always tried to 
act as a security group, not any cybergang, as has been portrayed in 
the media. 29A just wants to share ideas with others, and source code 
is a way of expression. 

People that (have known me for) some time know very well that I've 
always distanced myself from spreading (viruses) and that I never did 
such a stupid thing. I am not member of 29A anymore, since I try to 
orient myself on my work, which I like as much as virus writing.


How many viruses have you coded? What sort of projects did you pursue 
and why? 

A lot. I don't know the exact number. But I always tried to come up 
with something new, never seen before. I coded viruses for platforms 
that were considered infect-resistant. I found some satisfaction in 
programming, just because I like logical and abstract thinking. This 
is not about any sort of "cyberterrorism." 


Do you think that coding viruses has any ethical or moral 
implications? 

Writing technically new and innovative viruses is like writing 
exploits for new programs. Coming up with new ideas advances the 
Internet, since it becomes more prepared against real attacks. I don't 
see anything wrong with saying, "Hey! This can be abused! There is a 
bug! You are not prepared for this!" without doing a single cent of 
real damage. 


What has made you stop coding viruses? Do you still view the virus 
underground in the same way? 

I am still the same. I am still interested in computer security, but 
now from the other side. I'm trying to fight viruses by finding better 
ways of detection. I am glad that I can use the skills I achieved by 
studying viruses in practice and real life. 


Antivirus companies frequently say that no virus writer should ever 
have a job in security. What are your views of this opinion? 

That is funny. Why? Just because a lot of skilled virus writers 
already have jobs in the antivirus industry. I don't want to cause any 
problems to my friends, so I won't give concrete examples. But believe 
me, this is just marketing theater for customers--the truth is a bit 
different. 

In any event, who else should code antivirus programs? Who else has 
the experience and technical skills for fighting viruses? Some 
antivirus firms say that I have no moral right to do it, but...almost 
all ex-members and current members of 29A are employed in the 
antivirus and information technology security industry. 


What sort of work do you do for Zoner? Has your virus-writing 
experience made your programming better? 

I take care of ZAV (Zoner Antivirus) core--this means all those 
low-level functions for scanning, unpacking, emulation, heuristics, 
ZAV database maintenance and new detection patterns. 

Since elementary school, I have been interested in computer viruses, 
and I focused on computer security. So I think I am the right person 
to program antivirus. 


Should virus writers and releasers be tolerated on today's Internet? 
Does your answer depend on how the Internet has changed or the 
virus-writing community? 

I think that source code is just a form of expression, and this should 
be legal, since freedom of speech is protected. I never spread any of 
my viruses, and I always thought doing so to be a stupid act. All that 
I am interested is a programming--nothing else.

The Internet is changing, and spammers and phishers should not be 
tolerated, of course. But people from 29A--and others who are only 
studying, publishing and not releasing self-replicating programs--are 
the last people that cause any real or virtual damage and should not 
be persecuted.