420 lines
17 KiB
Plaintext
420 lines
17 KiB
Plaintext
--------------------------------------------------------------------------------
|
|
INTERVIEW WITH JOHN TARDY / TRIDENT / THE NETHERLANDS
|
|
--------------------------------------------------------------------------------
|
|
|
|
Give me a short description of who you are?
|
|
|
|
- I am called John Tardy, born somewhere in the beginning of the 70ties.
|
|
|
|
From where did you get you handle, John Tardy?
|
|
|
|
- In the beginning of time, I was fascinated by certain death metal
|
|
groups like Deicide and Obituary. The lead singer of the band is
|
|
John Tardy and has a hell of a voice. I wanted to adapt his name to
|
|
the underground also. If you know the first group, you know my handle
|
|
when I was young (and more childish than you can imagine. That Nazi-
|
|
virus was just nice compared to my first ones. They were insane).
|
|
|
|
When did you discovered the world of computers?
|
|
|
|
- I think I was almost 10 years old, but I heard of PC's when in 1990 I
|
|
had my first PC...
|
|
|
|
How long have you been active in the scene?
|
|
|
|
- At the end of 1991, I wrote my first virus, but using another handle...
|
|
|
|
How did you came into the virus business?
|
|
|
|
- That's a nice confusing question. When I first got struck by a virus
|
|
myself, I was convinced of the menace of it. I wanted to kill these
|
|
things that ruined my PC. So I wanted to write a scanner or another
|
|
antivirus toolkit. I contacted several persons in The Netherlands,
|
|
including the author of TbScan, but they pulled me off. I wasn't
|
|
thrustworthy and so on... Then I read a document from Vesselin
|
|
Bonthev, about the Virus Exchange BBS's. You could only get a virus
|
|
from them if you wrote one yourself, he said. So I did....
|
|
|
|
What part(s) of the underground do you think needs improvements?
|
|
|
|
- Hmm, I don't know... I like it how it is now...
|
|
|
|
Positive/negative aspects of the scene?
|
|
|
|
- People promising they will release a super virus (targetting all kinds
|
|
of files), or a superb virus creation toolkit, but you won't see it
|
|
in years. Better bring it out first and then boast about it... You saw
|
|
and heard of TPE only when it was out...
|
|
|
|
Have you been involved in any other group that TridenT?
|
|
|
|
Yes, before I went to PC I was a demo coder and musician, but as it is
|
|
extremely difficult to get good information on PC about these things,
|
|
it's easier to write a virus.
|
|
|
|
Who started/created TridenT?
|
|
|
|
I did, together with Bit Addict. We thought it would bring more fame
|
|
if we worked together. Later we contacted the other people now in
|
|
TridenT.
|
|
|
|
What's the groups goal?
|
|
|
|
- Hmmm, that's not really an easy one... We want to be known (which now
|
|
is the case), but we all have our personal goals also. I want to have
|
|
the fuzz cleared around the antivirus writers. If they were more open
|
|
to me, I didn't make a virus or even founded TridenT... I would be a
|
|
researcher then... I can't do that now, because of my history as a
|
|
virus writer, so I'll have to go on and on and on (blame them! Cartel
|
|
isn't good!)
|
|
|
|
How many people are you?
|
|
|
|
- About 7 or so... It can vary...
|
|
|
|
What's their handles?
|
|
|
|
- In alphabetical :
|
|
Bit Addict
|
|
Dark Helmet
|
|
DarkRay
|
|
John Tardy
|
|
Masud Khafir
|
|
Some are missing, but that's better for them, I think...
|
|
|
|
Do all of them program, if not, what's the others job?
|
|
|
|
We _only_ have coders, or should be... We don't have any hackers,
|
|
phreakers or that type of guys in our group, because of the lack of
|
|
interest in that.
|
|
|
|
Who are the "leading/head-persons" in the group?
|
|
|
|
- Hmmm, let them speak for themselves, but I am only the founder, but
|
|
not the best programmer of the bunch. Bit Addict is surely the best
|
|
and Masud Khafir is on a second place, but we are not used to things
|
|
as "ratings", because we share the same interest.
|
|
|
|
What's your position in it?
|
|
|
|
- I founded it (as said before (a few times)) and I code some things.
|
|
That's all. Nothing special... Well, sometimes I searched a new member
|
|
and pulled him into this (like Masud, Dark Helmet, etc.)
|
|
|
|
How is TridenT (currently) organized?
|
|
|
|
- It was very well organized (own mailing system, etc.), but now we are
|
|
in a total void and it will take some time to recover, but I think
|
|
in a few months it will be better, or TridenT will not be here
|
|
anymore, as we all don't have very much time to write viruses
|
|
anymore, so... Wait and see...
|
|
|
|
Have you got any contacts with other virus-groups/programmers?
|
|
|
|
- No, I do not... I have to call much more then and I have a slight
|
|
problem regarding phone-bills ;-) And I don't want to phreak...
|
|
|
|
Can anyone ask for membership, or are you a "private" group?
|
|
|
|
- Well, we never had anyone asking to come in... If we saw a very good
|
|
virus, I tried to trace the person who wrote it down and contacted him
|
|
and asked him if he wanted to join... If you see it that way, I think
|
|
it's a little bit private...
|
|
|
|
What does it take to join up?
|
|
|
|
- I honestly don't know. If we saw a good virus (like coffeeshop or
|
|
gotcha!), we contacted the person. If people are far too willing to
|
|
join, I have to think twice...
|
|
|
|
You've programmed a lot of polymorphic things, and one of them is the
|
|
TPE, what comments have you received about it?
|
|
|
|
- Well, you can better ask if we don't get any comments... Ask
|
|
Frans Veldman how he is doing detecting TPE 1.4... Silence... Ask any
|
|
other AV-writer. Only a very few can detect it reliably and even more
|
|
engines are popping up...
|
|
|
|
Will you continue to "upgrade" it or is it a finished project?
|
|
|
|
- Ask Masud, he wrote it, but I think he is bored yet with it. He now
|
|
knows how to write such an engine and the challenge is taken, so he
|
|
goes on to the next challenge (Virus_For_Windows_1.4 or an OS/2
|
|
virus).
|
|
|
|
How many strains/mutations can it produce?
|
|
|
|
- Euh.... I never counted it... It was sufficient to see the routines,
|
|
and I couldn't find many similarities.
|
|
|
|
Eventhough polymorphic engine's are a great thing, not many people
|
|
seems to use them? You have any theorie why then don't?
|
|
|
|
- Yes, find one cloaked with the engine, find 'em all... If they broke
|
|
the polymorphic code, all viruses using it are known...
|
|
|
|
Which is the best polymorphic engine around today?
|
|
|
|
- I like TPE 1.4 a lot... DMU (included with the Mirror virus) is also
|
|
nice. It's not very complicated, but it's very small (under 1K). The
|
|
Multiple Encryptor of Dark Angel (DAME) is very nice, escpecially the
|
|
double word encryption... Comment : Make them overlapping...
|
|
|
|
Have you aver thought of/are currently releasing some sort of
|
|
electronic magazine (text/executable/hardcopy)
|
|
|
|
- We thought of it, but after a long(!) discussion in our net, we
|
|
decided not to do it. There are so many mags now, why writing one more
|
|
with debug scripts and sources of viruses. There's enough study
|
|
material. We planned to make a hypertext engine for writing viruses,
|
|
but that will take a while, as the programmer of it is lazy (he said
|
|
it himself!).
|
|
|
|
Are you into other things such as hacking and phreaking aswell, or just
|
|
viruses?
|
|
|
|
- Now only viruses...
|
|
|
|
Do you have some network connection (some sort of e-mail or something)?
|
|
|
|
- Well, we have our private TridenT network, but I had a connection
|
|
on email, but I think I am sorta locked out...
|
|
|
|
Can you name a few viruses/engines that members of TridenT have
|
|
written?
|
|
|
|
- Yes, for example : Pogue, PlayGame, TPE, Mirror, Circus Clusters,
|
|
Cybertech, Servant, Thunderdome, Civil War, Weirdo, Horns of Jericho,
|
|
Flue, April30, Bit Addict (the non-destructive ones), OW 0-10,
|
|
New Creeping Death, Smile, Yeah and many, many others.
|
|
|
|
Which of them have you written yourself?
|
|
|
|
There are many... I guess around 60 or so... But the most known are
|
|
Circus Clusters, Servant and OW 0-10. Some other viruses like deicide
|
|
are the be known as myne, but it's not with this name and I don't
|
|
want to be assosiated with the old name anymore.
|
|
|
|
Which one was the hardest to write?
|
|
|
|
- Circus Clusters was an interesting experiment, and I had a little
|
|
trouble making the virus stable enough (which you could see in an
|
|
old crypt newsletter, I made it up for you in a newer one).
|
|
|
|
Do you have any sort of company or law-enforcement who are trying
|
|
bust TridenT?
|
|
|
|
- I guess so, we have released an awful lot of viruses in a relatively
|
|
short time, so I wouldn't be suprised if CRI or so are watching us
|
|
carefully, but I think we aren't illegal in any way. I never released
|
|
my viruses in the wild, only as source or in an archive accompanied by
|
|
a message and/or source code.
|
|
|
|
If so, are they a real threat or just "childish"?
|
|
|
|
I think they could be a real threat, not only for us, but for
|
|
censoring the whole scene. That would be very bad. I am not so
|
|
worried for myself, but more about the fact that the antivirus
|
|
business has become a very awful thing with CARO which wanted to
|
|
set up a murky database and hunt people down.
|
|
|
|
Have you ever had any trouble in the group with the result of kicked
|
|
member(s)?
|
|
|
|
- No... Sometimes we have a discussion getting around, but it's only a
|
|
matter of time before it dissolves. No one ever has been kicked out
|
|
and only will be if he can be really dangerous to other members.
|
|
|
|
Do you call a lot, and if so how (phone/internet etc.)
|
|
|
|
- I used to call a lot, but when momma saw the phone-bill, I have to
|
|
stay put.. I didn't call any board since a month and it will take
|
|
some time before I can begin again... (Gotta pay first).
|
|
|
|
Do you have any couriers that spread your products around?
|
|
|
|
- Well, if you mean uploading viruses to unsuspecting users, I must say
|
|
"NO". Only interested people can get it from us. We used to drop it
|
|
on "Arrested Development" on that time, but are now using another
|
|
base that will be much more informative (no hard feelings, AD!).
|
|
|
|
What do you think about the laws against h/p/v that has arrived lately?
|
|
|
|
It's a very sad business. What I want to do on _my_ computers is no
|
|
ones business. If I want to release a virus on my system, who's to say
|
|
I may not? And giving source code to someone to see how a virus works,
|
|
is _that_ illegal? They're just plain textfiles! Other people compile
|
|
and release them, it's not my responsibility. They can also watch and
|
|
say "This is nice" and then throw it away. The laws in The Netherlands
|
|
are vague and not very specific. These laws would also make virus
|
|
researchers illegal if they send samples to eachother.
|
|
|
|
What do you think about various news-papers thinking us as nerds?
|
|
|
|
Have a good laugh at them. I just wear hair curlers in my beard and
|
|
a condom on my nose in order to ward off radiation (hello Dr. J.
|
|
Popp! (Aids Trojan)). No let them think their way, I think my way.
|
|
|
|
Has the scene in any way influented on your real life?
|
|
|
|
No. I'm absolutely schizo! In real life I am ...#^#%$#@ and then it's
|
|
like a switch is pulled over and I am John Tardy of TridenT. Sometimes
|
|
it's like there are two persons in me, and can't even remember what
|
|
virus I actually wrote... Luckily enough it's for me to switch over,
|
|
so I don't need any doctor or something like that. I think everyone
|
|
has two persons in him, but they opress the other side. Quite
|
|
interesting, but not in this issue.
|
|
|
|
Whould you feel guilty if one of your viruses made damage to a
|
|
hospital?
|
|
|
|
- Yes. For me it's only to get other viruses to research or for learning
|
|
the inner tricks of DOS. If by some programming fault of mine a person
|
|
in a hospital gets a lethal injection, I would be terribly sorry
|
|
indeed, because that's never what I wanted.
|
|
|
|
Do you see any differences between the scene now and a couple of years
|
|
ago (concerning the underground part of course)?
|
|
|
|
- No, but I do hear a lot more of more people. The first groups that
|
|
were then very young (and childish) are now grown up (Phalcon/Skism)
|
|
and have become very talented programmers. Now the new groups are
|
|
popping up (Immortal Riot) and are just behaving like Nuke in the
|
|
beginning. But that's a stage we all have to pass.
|
|
|
|
Which virus-magazine do you think is the best available nowadays?
|
|
|
|
I read 40Hex with pleasure and reading score is high. The Nuke
|
|
Infojournal contains a lot of rubbish for me (I am not interested in
|
|
phreaking) and it's a pain for me to download it.
|
|
|
|
Which virus-group/programmer do you admire/like?
|
|
|
|
- The best programmer I've ever seen is Bit Addict. He doesn't make a
|
|
virus very often, but when he finally makes one, it's a very nice one.
|
|
In the beginning I admired Dark Avenger, but I didn't like his INT13
|
|
or INT26 routines at all. I must say, he started with the nice ideas
|
|
and the (even) more talented programmers progress on his work
|
|
(mutation engines).
|
|
|
|
Which country is the best virus-writing today?
|
|
|
|
- Well, I don't think it depends on country anymore, because of the
|
|
international virus groups, but I think it's TridenT together with
|
|
Phalcon/Skism that produces the best viruses. Don't understand me
|
|
wrong, but Nuke has a stealth routine which they must alter, because
|
|
it doesn't work if you wanna stealth a virus on a write protected
|
|
disk. Look at "Mirror" of Bit Addict and I think you have a nice
|
|
playground!
|
|
|
|
Which virus-group(s) do you think is the best?
|
|
|
|
- TridenT and Phalcon/Skism, as they solely produce nice viruses and
|
|
don't do any side activities like hacking/phreaking...
|
|
|
|
What do you think about these virus generators, such as VCL and PS-MPC?
|
|
|
|
- Nice, but real virus writers create their own code, but it's nice to
|
|
see it working and you can sometimes learn from the generated source
|
|
code.
|
|
|
|
What do you think about such individues as board-crashers?
|
|
|
|
- ~~~+++~~~ ATH0 or simply : hangup!
|
|
|
|
Describe the perfect virus :
|
|
|
|
- A fully stealth virus using polymorphic techniques and various
|
|
ways of infecting strange types of file to escape total annihilation.
|
|
(infecting OBJ or NLM's). Read for a perfect description the text
|
|
Vesselin Bontchev wrote (Possible attacks of a computer virus).
|
|
|
|
Describe the perfect viruscoder :
|
|
|
|
A person that is totally unaware of his other side and can live two
|
|
lives apart, his dark side and his normal side.
|
|
|
|
Describe the AV-community with a few lines :
|
|
|
|
- I don't like all commercial products, but encourage shareware, as it
|
|
is also for the normal computer user important to protect their
|
|
computer.
|
|
|
|
Which AV-program do you think is the best, and why?
|
|
|
|
- I like Thunderbyte, but it has some flaws. I like DEBUG a lot ;-)
|
|
|
|
What do you think about the underground's future?
|
|
|
|
- I don't know how long it will last, but I think the next generations
|
|
of virus groups will only write Windows NT or OS/2 viruses.
|
|
|
|
Do you know/heard of any new technics coming in the near future?
|
|
|
|
- Yes. I think the new breed of viruses will analyse any type of code
|
|
run and tries to insert it somewhere in there. With protected mode
|
|
programming it's possible to stay away from any scanner and control
|
|
everything. As a result, such virus could infect a .MOD file somewhere
|
|
halfway if it's contains executable code which is run. Also own
|
|
compression mechanisms are nice (take Cruncher for an example, but it
|
|
utilized the Diet algorithm).
|
|
|
|
Any advice to people who want's to learn the basic of virus-writing?
|
|
|
|
- Buy a good book of P. Norton and read some virus mags. It's all you
|
|
will need nowadays. For excellent ideas read the mail of Vesselin
|
|
Bontchev. Sometimes without realizing it he gives good ideas...
|
|
|
|
Can you be reached somewhere (on a board/e-mail address/internet)?
|
|
|
|
- No, only a few people can contact me, because my shortage of time...
|
|
I was on echomail, but I think my account is gone.
|
|
|
|
Something else you wish to say?
|
|
|
|
Well, I'll send you the letter The Unforgiven never seemed to receive
|
|
and a message to the antivirus community :
|
|
|
|
"If you had helped me in the first place, there wouldn't be a
|
|
John Tardy or a TridenT. Think that over again and help people
|
|
who want to support the antivirus community. For me it's too
|
|
late to return, but other interested users can be helped. Only
|
|
of this commercial behaviour some people start writing them.
|
|
Think twice. Big mouths but even bigger fools sometimes."
|
|
|
|
Do you wish to send any greets?
|
|
|
|
- Yes, but the list is very long, so I greet here : Phalcon/Skism, Nuke,
|
|
ofcourse the rest of Immortal Riot, The Crypt Newsletter staff and
|
|
Arrested Development. Further greets to all other virus writers who
|
|
doesn't make destructive viruses.
|
|
|
|
John Tardy / TridenT
|
|
|
|
My last words for now :
|
|
|
|
INCENDERE SUUS
|
|
DAMNARE SUUS VITA
|
|
DARE SUUS AD ART VENTUS
|
|
CAPARE SUUS
|
|
ET FACERE SUUS
|
|
FERIRE SUUS PERSICUM CUTIS
|
|
|
|
NUDUS, TURPIS
|
|
PUTRIDUS, FINDERE.
|
|
|
|
ACERBUS, CRUDUS,
|
|
RAPTUS, CONTEMPTIO.
|
|
|
|
MORDAX, ATTERERE
|
|
INFICERE, BILIS.
|
|
NAM TUUS SCELUS
|
|
AMABILIS
|
|
TU LICET PERIRE
|
|
AD ANTE TU
|
|
HABERE AEQUUS SIC
|
|
DOLOR NIL FINIS
|
|
EGO LIBERARE ART ULTIMUS INIURIA.
|
|
|
|
Ps. The last thing is to read over for the smart ones. Read it and think.
|
|
Intelligence is our most dangerous weapon. |