Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Palm Trojan author sent a ransom note

Rob Rosenberger, Vmyths co-founder
Friday, 8 September 2000 SAY WHAT?!?! AARON Ardiri, the supposedly naïve Swedish college teacher, might be the culprit who attacked Palm users. I don't make this claim lightly.
A University of Gavle employee might be the culprit who attacked Palm users. I don't make this claim lightly.
A quick recap: Ardiri wrote an anti-piracy "research" program to mess up Palm Pilots. Someone unleashed it as a Trojan on the Palm warez community. Ardiri used naïtivity as a shield when he got pegged as the Trojan's author. Antivirus vendors predictably begged Ardiri for a copy of his software. The University of Gavle lecturer demanded $5,000 from one firm, told another vendor he no longer possessed the Trojan, and dismissed antivirus experts as a gang of high-paid virus writers. Trend Micro took Ardiri at face value, telling reporters he "warned authorities about the virus and was working with them on a solution." However, a spokeswoman now confirms Ardiri offered no help at first. Instead, he told Trend he erased every copy of his Trojan. The spokeswoman didn't know if Ardiri displayed a good or bad attitude toward their virus experts. McAfee bigwig Vincent Gullotto confirmed Ardiri's bad attitude and the $5,000 ransom. "Our initial contacts with him did not produce any results. We're not corresponding with him any longer because he wasn't playing nice to begin with." Ardiri even told the IRC #palmchat channel of his ransom demand. "Why should they have it?" he later whined. "I would never give McAfee the 'pleasure' of using this as their cover story to make people buy their software." Another vendor, speaking on condition of anonymity, claims Ardiri told them to shove it because antivirus firms write viruses to stay in business. (Get a clue. Antivirus firms don't need to write malicious software to stay employed — not when Swedish college teachers do it for free.)
Ardiri didn't repent for his wrongdoing — he absolved himself of it.
And it doesn't look like Ardiri "warned authorities" as the media implied. His original alert makes no mention of the fact he wrote the Trojan. It took someone else to expose his role: "I don't know why you bothered [to notify us], since it was you who wrote the 'crack' and started handing it out on IRC." Another user posted an IRC chat log showing Ardiri openly shared the Trojan with others, saying "don't run it, it is for 'bad people' only... [It] may scare people from cracks." Ardiri told IRC users a few minutes later to "delete it, let's not spread it ... [except if you spread it] to people that use fraudulant [sic] credit cards." His deposition cites those IRC chat logs in his defense; he never questioned their authenticity. Ardiri regrets offering the Trojan to others, yet he absolves himself of any real wrongdoing (as seen here in a verbatim rebuttal):
We discussed it, and we decided it was a bad idea to let it out. Thats where it was supposed to stop. But no, someone had to let it out directly into the hands of #pdawarez. That person was not me. I even went to #pdawarez to hind a warning. But, ... too late. Who should *I* trust now? Obviosuly someone I gave it to thought it was a good idea, and pursued it.
Ardiri proclaimed "the rumors about my efforts against the Palm warez community are well know [sic], and yes — I do develop protection schemes that are tedious and/or lethal to those who tamper with them." Yet he insists the Trojan didn't really start out as a Trojan. "It was [originally] designed to setup a device in a state which a future product I was working on would help clean up any redundant data files or preferences in your Palm Computing Device (something like 'CleanSweep' for Microsoft Windows)."
"My efforts against the Palm warez community are well know [sic], and yes — I do develop protection schemes that are tedious and/or lethal to those who tamper with them."
Ardiri made belated overtures to antivirus vendors a few days later. He sent Trend an email pointing out the Trojan's location on the web — and he called his $5,000 ransom note a practical joke in a follow-up email to McAfee. Sadly, he forgot to kiss & make up with the vendor he accused of writing viruses.
I QUESTION ARDIRI'S innocence. Consider the following:
  1. Ardiri admits he develops "protection schemes that are tedious and/or lethal" to the warez community;
  2. Ardiri admits he "originally intended" to unleash the Trojan in the Palm warez community;
  3. Ardiri admits he visited the IRC #palmwarez channel immediately before going to #palmchat, and he further admits to talking about the Trojan in #palmwarez;
  4. Ardiri admits he "rushed" to #palmchat with an "enthusiastic" desire to share his Trojan with others;
  5. Ardiri presents an irrelevant alibi, claiming he "went out for dinner" before learning his Trojan attacked the Palm warez community;
  6. Ardiri throws the guilty man's curve ball by speculating how it's just not his style to "do it this way. Something more of my style would be to..."
My current working theory? I'll bet Ardiri got drunk with glee and detoured from #palmwarez to #pdawarez to feed them the Trojan. Then he rushed over to share it with some pals in #palmchat. A few minutes later he sobered up, decided not to mention his #pdawarez tryst, and asked the #palmchat crowd to erase their copies. The Trojan surfaced, and in a fit of guilt he posted an alert — yet he just couldn't bring himself to admit his role in the affair. Others exposed him, at which point he got deluged by reporters & security experts. He publicly shielded his ego with an immature rationalization, then privately bashed virus experts who wanted to save the world from his beloved research project. Ardiri strikes me as someone who operated entirely on impulse. I mean, come on: he certainly didn't plan any of this! We're talking spontaneous reactions every point along the way. When push came to shove, this guy didn't repent for his wrongdoing — he impulsively absolved himself of it.
"Helpful"? Ardiri sent one antivirus vendor a $5,000 ransom note.
i sing of Aaron hacker Swede
whose warmest Palm recoiled in horror:
an antivirus object-or
"Something more of my style would be to..." Yeah, I'll bet Ardiri's schemes are ever touched with the subtle edge of genius. [Credit where due: the last line comes from an old Marvel comic book.]