NEWLN: UPI Computer Comment NEWLN: (1,000)NEWLN: JOE FASBINDER United Press International
Vesko Bontchev says he has heard the charges before but he does not have an evil alter ego known as the Dark Avenger. But he sees how people could think such a thing.
The authors of a new book, 'Approaching Zero,' published by Random House, note that as Bulgaria's foremost computer virus buster during the Cold War, Bontchev made a living and a reputation by writing about the increasing number of computer viruses coming from the Iron Curtain country. And chief among the virus hackers in Bulgaria is the mysterious person known as the Dark Avenger.
Bontchev has an odd relationship with the Dark Avenger. The viruses created by the mysterious virus hacker have kept him in business, but he has never identified the Dark Avenger -- at least publicly.
And, in fact, 'Approaching Zero' co-author Bryan Clough notes that 'I've talked with him (the Dark Avenger) several times.'
But it was hardly a face-to-face meeting. The exchanges took place anonymously over computer bulletin boards, some of which are devoted exclusively to computer viruses.
Computer viruses are programs that 'infect' computer files by inserting copies of themselves in those files. Posing as non-threatening programs on computer bulletin boards or as parts of other programs that are passed around on diskettes, computer viruses are virtually always damaging in some way.
Clough and co-author Paul Mungo claim that 'cynics have argued that if the Dark Avenger had not existed, it would have been in Vesko's interest to have invented him.'
They contend that 'by 1990, everyone involved in computer security had become aware that something odd was going on in Bulgaria. Increasingly sophisticated and damaging viruses that affected IBM-type PCs were moving into the West, carried on diskette or transferred by electronic bulletin boards.'
The book says 'there were so many reported Bulgarian viruses that one researcher was moved to refer to the existence of a 'Bulgarian virus factory.' the phrase stuck.'
Researching the Bulgarian virus connection wasn't nearly as hard as some people might think.
'I'm English,' says Clough, 'and I speak several European languages, but not Bulgarian. However, English is the lingua franca of computers.'
The origins of the 'Bulgarian virus factory' go back to the early 1980s, when the president of Bulgaria, Todor Zhivkov, decided his country needed to be a player in the field of high technology.
With the resources of the state behind the effort, Bulgaria began building poor copies of IBM and Apple model computers in the 1980s.
While the factories made the computers, the programs needed to make them function had to be pirated. So, the authors say, the Bulgarians began copying Western computer programs, cracking copy-protection schemes all along the way.
'They became more skilled at hacking. In short, they were assimilating all the skills they would need to become first-class virus writers,' says Clough.
One of those people was the Dark Avenger, a virus hacker who still has not been found or at least publicly identified.
Clough says he has 'a pretty good idea' of the Dark Avenger's true identity, but 'it wouldn't hold up in court.'
Bontchev also may know who he is.
Bontchev came to prominence during the boom times in Bulgarian computer hacking. By 1989, Bontchev, an engineering graduate from a professional family, had established himself as the leading writer about computer viruses in the government-run 'Komputar za vas' magazine. One reason he was so successful is that one of the top virus hackers in the country was sending him source code and criticizing his efforts at analysis.
That virus hacker was Todor Prevalasky, who retired in 1989. But computer viruses continued to spawn, grow and mutate in Bulgaria, making their way to the West.
In fact, one of the Dark Avenger's first viruses, a variant called 'Yankee Doodle' would actually play that most American of tunes when it launched its payload in infected computers.
The hacker known as Dark Avenger has been responsible for a series of increasingly complex viruses, including 'Eddie,' 'The Number of the Beast,' and 'Anthrax.' He likes to leave little clues about himself inside the code.
For example, a Dark Avenger virus will have the words 'Dark Avenger' somewhere in the virus. 'P.Diana' also shows up, along with a statement that the virus was written in Sofia. Heavy metal songs and artists feature prominently in the names used inside the viruses, which are often extremely infectious.
One new variant, 'The MutatingEngine,' allegedly can disguise its own code in 4 billion different ways.
And Dark Avenger promises that this is not the end of his efforts. He has been known to log onto computer bulletin boards that specialize in viruses and criticize the efforts of people who try to catch up with him.
One of those people is Bontchev.
At a highly publicized lecture in Sofia, Bontchev argued that the 'Number of the Beast' and 'Eddie' viruses could not have both been written by the Dark Avenger, citing evidences that the coding processses used to make those viruses were very different.
Bontchev reasoned that the Dark Avenger would not be able to resist such a lure. During that lecture and the question-and-answer session that followed, Bontchev looked for clues among the crowd as to who the virus hacker might be.
He didn't discover him, he said, but the Dark Avenger sent a letter later, criticizing Bontchev for his logic during the lecture and for making money on chasing virus hackers.
Bontchev then put together a psychological profile of the Dark Avenger. From his letter, Bontchev gleaned the Dark Avenger had been a student at Sofia University and, from sarcastic remarks he had made about Bontchev's engineering degree, that he was either a mathematics or science student.
He sent the profile to seven former students at the university, asking if they knew anyone who fit the criteria. All seven replied, Bontchev said, and all seven mentioned the same name -- that of a young programmer at a small private software house in in Sofia.
Bontchev didn't turn him in. There would be no point, he said. Virus hacking is not illegal in Bulgaria.NEWLN: (
