-------------------------------------------------------------------------------- INTERVIEW WITH JOHN TARDY / TRIDENT / THE NETHERLANDS -------------------------------------------------------------------------------- Give me a short description of who you are? - I am called John Tardy, born somewhere in the beginning of the 70ties. From where did you get you handle, John Tardy? - In the beginning of time, I was fascinated by certain death metal groups like Deicide and Obituary. The lead singer of the band is John Tardy and has a hell of a voice. I wanted to adapt his name to the underground also. If you know the first group, you know my handle when I was young (and more childish than you can imagine. That Nazi- virus was just nice compared to my first ones. They were insane). When did you discovered the world of computers? - I think I was almost 10 years old, but I heard of PC's when in 1990 I had my first PC... How long have you been active in the scene? - At the end of 1991, I wrote my first virus, but using another handle... How did you came into the virus business? - That's a nice confusing question. When I first got struck by a virus myself, I was convinced of the menace of it. I wanted to kill these things that ruined my PC. So I wanted to write a scanner or another antivirus toolkit. I contacted several persons in The Netherlands, including the author of TbScan, but they pulled me off. I wasn't thrustworthy and so on... Then I read a document from Vesselin Bonthev, about the Virus Exchange BBS's. You could only get a virus from them if you wrote one yourself, he said. So I did.... What part(s) of the underground do you think needs improvements? - Hmm, I don't know... I like it how it is now... Positive/negative aspects of the scene? - People promising they will release a super virus (targetting all kinds of files), or a superb virus creation toolkit, but you won't see it in years. Better bring it out first and then boast about it... You saw and heard of TPE only when it was out... Have you been involved in any other group that TridenT? Yes, before I went to PC I was a demo coder and musician, but as it is extremely difficult to get good information on PC about these things, it's easier to write a virus. Who started/created TridenT? I did, together with Bit Addict. We thought it would bring more fame if we worked together. Later we contacted the other people now in TridenT. What's the groups goal? - Hmmm, that's not really an easy one... We want to be known (which now is the case), but we all have our personal goals also. I want to have the fuzz cleared around the antivirus writers. If they were more open to me, I didn't make a virus or even founded TridenT... I would be a researcher then... I can't do that now, because of my history as a virus writer, so I'll have to go on and on and on (blame them! Cartel isn't good!) How many people are you? - About 7 or so... It can vary... What's their handles? - In alphabetical : Bit Addict Dark Helmet DarkRay John Tardy Masud Khafir Some are missing, but that's better for them, I think... Do all of them program, if not, what's the others job? We _only_ have coders, or should be... We don't have any hackers, phreakers or that type of guys in our group, because of the lack of interest in that. Who are the "leading/head-persons" in the group? - Hmmm, let them speak for themselves, but I am only the founder, but not the best programmer of the bunch. Bit Addict is surely the best and Masud Khafir is on a second place, but we are not used to things as "ratings", because we share the same interest. What's your position in it? - I founded it (as said before (a few times)) and I code some things. That's all. Nothing special... Well, sometimes I searched a new member and pulled him into this (like Masud, Dark Helmet, etc.) How is TridenT (currently) organized? - It was very well organized (own mailing system, etc.), but now we are in a total void and it will take some time to recover, but I think in a few months it will be better, or TridenT will not be here anymore, as we all don't have very much time to write viruses anymore, so... Wait and see... Have you got any contacts with other virus-groups/programmers? - No, I do not... I have to call much more then and I have a slight problem regarding phone-bills ;-) And I don't want to phreak... Can anyone ask for membership, or are you a "private" group? - Well, we never had anyone asking to come in... If we saw a very good virus, I tried to trace the person who wrote it down and contacted him and asked him if he wanted to join... If you see it that way, I think it's a little bit private... What does it take to join up? - I honestly don't know. If we saw a good virus (like coffeeshop or gotcha!), we contacted the person. If people are far too willing to join, I have to think twice... You've programmed a lot of polymorphic things, and one of them is the TPE, what comments have you received about it? - Well, you can better ask if we don't get any comments... Ask Frans Veldman how he is doing detecting TPE 1.4... Silence... Ask any other AV-writer. Only a very few can detect it reliably and even more engines are popping up... Will you continue to "upgrade" it or is it a finished project? - Ask Masud, he wrote it, but I think he is bored yet with it. He now knows how to write such an engine and the challenge is taken, so he goes on to the next challenge (Virus_For_Windows_1.4 or an OS/2 virus). How many strains/mutations can it produce? - Euh.... I never counted it... It was sufficient to see the routines, and I couldn't find many similarities. Eventhough polymorphic engine's are a great thing, not many people seems to use them? You have any theorie why then don't? - Yes, find one cloaked with the engine, find 'em all... If they broke the polymorphic code, all viruses using it are known... Which is the best polymorphic engine around today? - I like TPE 1.4 a lot... DMU (included with the Mirror virus) is also nice. It's not very complicated, but it's very small (under 1K). The Multiple Encryptor of Dark Angel (DAME) is very nice, escpecially the double word encryption... Comment : Make them overlapping... Have you aver thought of/are currently releasing some sort of electronic magazine (text/executable/hardcopy) - We thought of it, but after a long(!) discussion in our net, we decided not to do it. There are so many mags now, why writing one more with debug scripts and sources of viruses. There's enough study material. We planned to make a hypertext engine for writing viruses, but that will take a while, as the programmer of it is lazy (he said it himself!). Are you into other things such as hacking and phreaking aswell, or just viruses? - Now only viruses... Do you have some network connection (some sort of e-mail or something)? - Well, we have our private TridenT network, but I had a connection on email, but I think I am sorta locked out... Can you name a few viruses/engines that members of TridenT have written? - Yes, for example : Pogue, PlayGame, TPE, Mirror, Circus Clusters, Cybertech, Servant, Thunderdome, Civil War, Weirdo, Horns of Jericho, Flue, April30, Bit Addict (the non-destructive ones), OW 0-10, New Creeping Death, Smile, Yeah and many, many others. Which of them have you written yourself? There are many... I guess around 60 or so... But the most known are Circus Clusters, Servant and OW 0-10. Some other viruses like deicide are the be known as myne, but it's not with this name and I don't want to be assosiated with the old name anymore. Which one was the hardest to write? - Circus Clusters was an interesting experiment, and I had a little trouble making the virus stable enough (which you could see in an old crypt newsletter, I made it up for you in a newer one). Do you have any sort of company or law-enforcement who are trying bust TridenT? - I guess so, we have released an awful lot of viruses in a relatively short time, so I wouldn't be suprised if CRI or so are watching us carefully, but I think we aren't illegal in any way. I never released my viruses in the wild, only as source or in an archive accompanied by a message and/or source code. If so, are they a real threat or just "childish"? I think they could be a real threat, not only for us, but for censoring the whole scene. That would be very bad. I am not so worried for myself, but more about the fact that the antivirus business has become a very awful thing with CARO which wanted to set up a murky database and hunt people down. Have you ever had any trouble in the group with the result of kicked member(s)? - No... Sometimes we have a discussion getting around, but it's only a matter of time before it dissolves. No one ever has been kicked out and only will be if he can be really dangerous to other members. Do you call a lot, and if so how (phone/internet etc.) - I used to call a lot, but when momma saw the phone-bill, I have to stay put.. I didn't call any board since a month and it will take some time before I can begin again... (Gotta pay first). Do you have any couriers that spread your products around? - Well, if you mean uploading viruses to unsuspecting users, I must say "NO". Only interested people can get it from us. We used to drop it on "Arrested Development" on that time, but are now using another base that will be much more informative (no hard feelings, AD!). What do you think about the laws against h/p/v that has arrived lately? It's a very sad business. What I want to do on _my_ computers is no ones business. If I want to release a virus on my system, who's to say I may not? And giving source code to someone to see how a virus works, is _that_ illegal? They're just plain textfiles! Other people compile and release them, it's not my responsibility. They can also watch and say "This is nice" and then throw it away. The laws in The Netherlands are vague and not very specific. These laws would also make virus researchers illegal if they send samples to eachother. What do you think about various news-papers thinking us as nerds? Have a good laugh at them. I just wear hair curlers in my beard and a condom on my nose in order to ward off radiation (hello Dr. J. Popp! (Aids Trojan)). No let them think their way, I think my way. Has the scene in any way influented on your real life? No. I'm absolutely schizo! In real life I am ...#^#%$#@ and then it's like a switch is pulled over and I am John Tardy of TridenT. Sometimes it's like there are two persons in me, and can't even remember what virus I actually wrote... Luckily enough it's for me to switch over, so I don't need any doctor or something like that. I think everyone has two persons in him, but they opress the other side. Quite interesting, but not in this issue. Whould you feel guilty if one of your viruses made damage to a hospital? - Yes. For me it's only to get other viruses to research or for learning the inner tricks of DOS. If by some programming fault of mine a person in a hospital gets a lethal injection, I would be terribly sorry indeed, because that's never what I wanted. Do you see any differences between the scene now and a couple of years ago (concerning the underground part of course)? - No, but I do hear a lot more of more people. The first groups that were then very young (and childish) are now grown up (Phalcon/Skism) and have become very talented programmers. Now the new groups are popping up (Immortal Riot) and are just behaving like Nuke in the beginning. But that's a stage we all have to pass. Which virus-magazine do you think is the best available nowadays? I read 40Hex with pleasure and reading score is high. The Nuke Infojournal contains a lot of rubbish for me (I am not interested in phreaking) and it's a pain for me to download it. Which virus-group/programmer do you admire/like? - The best programmer I've ever seen is Bit Addict. He doesn't make a virus very often, but when he finally makes one, it's a very nice one. In the beginning I admired Dark Avenger, but I didn't like his INT13 or INT26 routines at all. I must say, he started with the nice ideas and the (even) more talented programmers progress on his work (mutation engines). Which country is the best virus-writing today? - Well, I don't think it depends on country anymore, because of the international virus groups, but I think it's TridenT together with Phalcon/Skism that produces the best viruses. Don't understand me wrong, but Nuke has a stealth routine which they must alter, because it doesn't work if you wanna stealth a virus on a write protected disk. Look at "Mirror" of Bit Addict and I think you have a nice playground! Which virus-group(s) do you think is the best? - TridenT and Phalcon/Skism, as they solely produce nice viruses and don't do any side activities like hacking/phreaking... What do you think about these virus generators, such as VCL and PS-MPC? - Nice, but real virus writers create their own code, but it's nice to see it working and you can sometimes learn from the generated source code. What do you think about such individues as board-crashers? - ~~~+++~~~ ATH0 or simply : hangup! Describe the perfect virus : - A fully stealth virus using polymorphic techniques and various ways of infecting strange types of file to escape total annihilation. (infecting OBJ or NLM's). Read for a perfect description the text Vesselin Bontchev wrote (Possible attacks of a computer virus). Describe the perfect viruscoder : A person that is totally unaware of his other side and can live two lives apart, his dark side and his normal side. Describe the AV-community with a few lines : - I don't like all commercial products, but encourage shareware, as it is also for the normal computer user important to protect their computer. Which AV-program do you think is the best, and why? - I like Thunderbyte, but it has some flaws. I like DEBUG a lot ;-) What do you think about the underground's future? - I don't know how long it will last, but I think the next generations of virus groups will only write Windows NT or OS/2 viruses. Do you know/heard of any new technics coming in the near future? - Yes. I think the new breed of viruses will analyse any type of code run and tries to insert it somewhere in there. With protected mode programming it's possible to stay away from any scanner and control everything. As a result, such virus could infect a .MOD file somewhere halfway if it's contains executable code which is run. Also own compression mechanisms are nice (take Cruncher for an example, but it utilized the Diet algorithm). Any advice to people who want's to learn the basic of virus-writing? - Buy a good book of P. Norton and read some virus mags. It's all you will need nowadays. For excellent ideas read the mail of Vesselin Bontchev. Sometimes without realizing it he gives good ideas... Can you be reached somewhere (on a board/e-mail address/internet)? - No, only a few people can contact me, because my shortage of time... I was on echomail, but I think my account is gone. Something else you wish to say? Well, I'll send you the letter The Unforgiven never seemed to receive and a message to the antivirus community : "If you had helped me in the first place, there wouldn't be a John Tardy or a TridenT. Think that over again and help people who want to support the antivirus community. For me it's too late to return, but other interested users can be helped. Only of this commercial behaviour some people start writing them. Think twice. Big mouths but even bigger fools sometimes." Do you wish to send any greets? - Yes, but the list is very long, so I greet here : Phalcon/Skism, Nuke, ofcourse the rest of Immortal Riot, The Crypt Newsletter staff and Arrested Development. Further greets to all other virus writers who doesn't make destructive viruses. John Tardy / TridenT My last words for now : INCENDERE SUUS DAMNARE SUUS VITA DARE SUUS AD ART VENTUS CAPARE SUUS ET FACERE SUUS FERIRE SUUS PERSICUM CUTIS NUDUS, TURPIS PUTRIDUS, FINDERE. ACERBUS, CRUDUS, RAPTUS, CONTEMPTIO. MORDAX, ATTERERE INFICERE, BILIS. NAM TUUS SCELUS AMABILIS TU LICET PERIRE AD ANTE TU HABERE AEQUUS SIC DOLOR NIL FINIS EGO LIBERARE ART ULTIMUS INIURIA. Ps. The last thing is to read over for the smart ones. Read it and think. Intelligence is our most dangerous weapon.