ZDEE699@ELM.CC.KCL.AC.UK (10/27/89)
This message is being sent to both RISKS and VIRUS lists.
Apologies to those who receive both digests.
I was well shocked in finding-out that there was actually a virus
running on the Apple II family of computers ! Where could the
LODE RUNNER virus have infected such a small machine, with no
integrated hard disk, and the possibility of rebooting the machine
quickly by using a simple sequence of control codes ? (open-apple-ctrl-
reset ). In FRANCE, of course !
The Apple II did very well in France. It is very widely used
over there. This success, like in the U.S.A., triggered a large
market for pirated copies of programs.
I have been an Apple II owner since 1982. It is absolutely amazing
how many copies of programs went around since that time. I guess that
virtually every program for this type of computer was available as a
pirated copy in France. This is because of the following:
1. There are laws about unlawful software copying, but they are very hard to
enforce. In addition to that, it is extremely difficult to find the
originators of the software. ie: The "top" pirates are well hidden,
and if the police was to catch every person who copies a program,
then they'd probably have to prosecute virtually *any* computer user !
2. Most software was copied and "exchanged" against other software, a bit
like a one to one swap. Commercial pirate factories were discovered in
Lyons a few years ago. There, the programs were deprotected, copied, and
then protected again, and sold to customers for a fraction of the price.
The pirates were arrested and heavily fined (and given a prison sentence).
SOME SORT OF COMPETITION
There were many independent groups of pirates. The average age was
16-22 years old. All of them were experts at Apple II's Disk Operating
System. The most "advanced" of these "crackers" were the CCB. CCB for
"Clean Crack Band". From the number of programs that they have
cracked, they seemed to spend their days and nights cracking games and
software. Some French magazines and newspapers wrote articles and
interviews with them. They even went on national French TV. Of course,
they were in hiding; a bit like drug dealers, really. The quality of
their "work" was unbelievable. The program was as good as new, only it
had their name in the presentation page. Often, they added pretty
graphics, and additional options in some cases. In fact, it looked as
though they had completely re-written the program entirely. At the
end of 1985, I think, they renamed themselves, the SHC, "Solex Hack
Band". (A Solex used to be a cheap moped at the time) They hacked a
few French Computers by using dial lines; they did one "Hacking"
direct, on TV, showing the journalists how vulnerable computers were.
Since that time, I don't know what happened to them.
OTHER GROUPS
There are a lot of other groups of pirates around France. The CCB
were based in Paris (according to the press), and the two most famous
members of this group called themselves: Aldo Reset, and Laurent Rueil.
Other groups include:
- - Johnny Diskette: this name was used by many anonymous pirates who had
formed some kind of club in Paris, where they had competitions (!)
on who would be the fastest to unprotect a disk.
- - BCG (Baby Crack Gang): funny name. They seemed to like Karateka games.
- - CES (Cracking Elite Software): They added features to games from time
to time.
- - Chip Select and the Softman: These pirates went as far as including a
digitised picture of themselves wearing dark glasses and saying:
"I am Chip Select". A Certain Eric IRQ (Interrupt Request) was also
part of this group.
- - Mister Z (Geneva): These were Swiss pirates, but for some reason, they
were sending copies to French crackers, telling them to change the
title page that they had made-up. It was some kind of competition of:
"We can protect this program; can you unprotect it ?"
- - MAC (Marseilles Association of Crackers): group based in Marseilles.
- - P.Avenue Nice: and this one is in Nice...
These groups deprotect the software. Once deprotected, it can be
copied very easily using a normal copy program. Most copying goes-on
in large computer centres, where machines can be used free of charge.
There is no supervision there, and no control on what goes-on. Somes
places are popular just because it is such an easy way to get hold of
any program for no charge (well... just the cost of a diskette). Since
1987, though, the shops are more careful since they could be held
responsible for what happens on their machines.
HIDDEN INFO
If you use a track/sector disassembler, you can see the information on
the tracks of the disk displayed as ASCII characters. Often crackers would
converse between themselves in this way. Software is copied through a
string of intermediaries, and the messages can therefore be passed this way.
It is impossible to know if there is some hidden information on the
disk if it is not analysed by using a track/sector disassembler.
It is therefore very easy to hide other programs within the disk, whether
they are games, or even viruses !
IN CONCLUSION
So in fact, considering the level of expertise that these crackers have,
it would be very easy for them to hide a virus within a floppy disk,
which would be triggered by the actual program. I am talking here about
the APPLE II computer, but I am sure that other computers (including PC's)
have their "expert" crackers, who no doubt, would be very happy to write
viruses/worms/trojan horses/time bombs etc.
Why do they do it ?
My idea is that they do it for "fame", just to see other people talk
about "their" virus. Any suggestions ?
Olivier Crepin-Leblond, Computer Systems & Electronics,
Electrical & Electronic Eng., King's College London
Disclaimer: My own views. Any comments/flames/congratulations welcome !