40hex nº10:(40HEX-10.004):15/03/1993 << Back To 40hex nº 10
40Hex Issue 10 Volume 3 Number 1 File 004 ARCV Busted! by DecimatoR Many of you who read this mag know of the ARCV, and most likely know Apache Warrior, the president of the group. In December and January, the ARCV members were raided by Scotland Yard officials, and had their computer equipment confiscated. Apparently, the bust was triggered not because of the virus writing they did, but because of the method they allegedly used to transport their creations to their friends in other countries. A contact in England recently filled me in on the events which led to the bust of the ARCV. Apparently, a few of the ARCV members were calling long distance by use of a beige box (a device which allows tapping into phone lines to make unauthorized calls) and they got caught. This led to the confiscation of their computer equipment. The two who were arrested apparently cooperated with the police, and further examination of the confiscated equipment proved that not only had the police caught people making fraudulent phone calls, but they also caught the leaders of a large virus writing group. Further investigation resulted in more arrests of other ARCV members. Had the group not been phreaking their calls, chances are they would not be in the fix they are today. Please note, however, that there have not yet been any trials in the arrests, and the ARCV members have not been proven guilty. The following articles were posted on UseNet, and tell the story, although all but one fail to mention the fact that illegal phone calls, and NOT virus writing was the key factor in the arrests. Only after the first arrests were made did the police pursue the avenue concerning virus authorship. -------------- From "Computing", Feb 4, 1993: Apache scalps virus cowboys "Police raided the homes of suspected computer virus authors across the country last week, arresting five people and seizing equipment. "The raids were carried out last Wednesdau by police in Manchester, Cumbria, Staffordshire and Devon and Cornwall. "Scotland Yard's computer crimes unit co-ordinated the raids under the codename Operation Apache. " A spokeswoman for the Greater Manchester Police said: 'The investigation began in the Mancheter area following the arrest of the self-styled president of the virus writing group in Salford last December.' "Police would not reveal the man's name, but said he had been released on bail. "Last week's raids led to the the arrest of a further two people in Manchester. Three other suspects were also arrested in Staffordshire, Cumbria and Cornwall. "PCs and floppy disks were seized in all the raids. "All those arrested have been released on police bail pending further investigations." -------------- From the EFF.TALK newsgroup of Usenet: "Police have arrested Britain's first computer virus-writing group in an operation they hope will dampen the aspirations of any potential high-tech criminals. Four members of the Association of Really Cruel Viruses (ARCV) were raided last Wednesday in a joint operation in four cities co-ordinated by Scotland Yard's computer crimes unit. The arrests in Greater Manchester, Cumbria, Staffordshire and Devon and Cornwall, bring to six the members of the group that have been tracked down by police. Two others, also writing for ARCV, were arrested a month ago in Manchester. This six are thought to have written between 30 and 50 relatively harmless viruses.... -------------- From a reposting of an unidentified newspaper, dated 4 February 1993: UK Virus Writers Group Foiled by Scotland Yard British police have arrested four members of a virus-writing group that calls itself the Association of Really Cruel Viruses (ARCV). The Scotland Yard Computer Crime Unit coordinated the raids carried out on suspects in Greater Manchester, Staffordshire, Devon, and Cornwall. The arrests last Wednesday, January 27, bring to six the number of ARCV members found by police, after they initially arrested one caught "phreaking" in Manchester in December. ("Phone phreaking" is the illegal practice of obtaining free use of telephone lines.) The arrests were made under Section 3 of the Computer Misuse Act, which prohibits unauthorized modification of computer material, said Detective Sergeant Stephen Littler. The suspects, who cannot be identified at this stage under British law, have been released on bail pending inquiries and may face further charges. The members of ARCV used PCs to write viruses, which they shared via a bulletin board operated by one suspect in Cornwall. The police confiscated hardware and software, which is being studied by virus experts to determine how many viruses were written and what the viruses were intended to do, Littler said. The British anti-virus community became aware of ARCV through the group's own publicity efforts, such as a newsletter that it had uploaded to various bulletin boards in the U.S., according to Richard Ford, editor of the monthly "Virus Bulletin," which is published in Abingdon, Oxon, England. The newsletter was described in detail in the November, 1992, issue of "Virus Bulletin." "To the best of my knowledge, none of their viruses are in the wild, out there spreading," said Ford. "But they have been found on virus exchange bulletin board services, and we've had reports of them being uploaded rather widely in the UK." ARCV claims, in its newsletter, to have links with PHALCON/SKISM in the U.S. and other virus writers in Eastern Europe. "The world is a very small place when you've got a modem, or are on the Internet," Ford said. The newsletter invites new members to join even if they are not virus writers but prefer other "underground" activities such as hacking and phreaking. It also betrays ARCV's fears of being perceived as nerds (a term not used in Britain) saying, "Now the picture put out by the Anti- Virus Authors is that Virus writers are Sad individuals who wear Anoraks and go Train Spotting but well they are sadly mistaken, we are very intelligent, sound minded, highly trained, and we wouldn't be seen in an Anorak or near an Anorak even if dead." (Anorak is the British word for ski jacket.) ARCV has already failed at one of the objectives mentioned in its premier newsletter issue, which said, "We will be dodging Special Branch and New Scotland Yard as we go." -------------- The following is a summary of Britain's Computer Misuse Act 1990, which deals with computer crimes: Summary of Computer Misuse Act 1990: { heading } ... 1 -(1) A person is guilty of an offence if- (A) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that that is the case. (2) The intent a person has to have to commit an offence under this secton need not be directed at - (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer. { up to 6 months prison, or a medium scale - level 5 - fine, or both} 2 {similar - but access with intent to commit or facilitate further offnces} 3 -(1) A person is guilty of an offence if- (a) he does any act which causes an unauthorised modification of the contents of any computer; and (b) at the time when he does the act he has the requisite intent and the requisite knowledge. (2) For the purposes of subsection (1)(b) above the requisite is an intent to cause a modification of the contents of any computer and by so doing- (a) to impair the operation of any computer; (b) to prevent or hinder access to any program or data held in any comp (c) to impair the operation of any such program or the reliability of any such data. (3) {similar clause on direction of intent to section 1} (4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised. (5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary. { such damage not to be within the terms of the Criminal Damage Act 1971 unless physical damage is caused } { In magistrates court - up to 6 months prison or maximum fine or both} { In Crown court up to 5 years prison and/or unlimited fine} { sections on Jurisdiction - Act applies as long as there is a significant UK connection - either accused or target computer was in UK} { lots of further legal details - no way am I typing in all that!} 14. { search warrant to be issued by a judge, not just a magistrate} 15. { Extradition attempts possible for offences unders sections 2 or 3 conspiracy to commit such, or attempt to commit section 3 offence} { more verbiage} 17. {lots of definitions - Computer is _not_ formally defined anywhere in English Law} {Definition of Access - seems to cover anything you could think of doing with a computer} {defiitions of unauthorised - again rather wide} { ... } (10) Refences to a program include refences to part of a program. -------------- There ya have it. I personally would like to wish Apache Warrior, Ice-9, and the rest of ARCV luck in the upcoming legal mess they face. I was sorry to hear about the bust of the group, but even sorrier when I found out that some of the members were arrested solely because they had a hand in virus production. When you commit fraud, you are breaking the law, and yes, you should be held accountable for your actions. I tend to have the opposite point of view when it comes to authoring a virus, however. Simply writing code should never be illegal. Spreading, yes, but writing? No. Unfortunately, the "powers that be" don't always see it as I do. --DecimatoR