Meet the virus author

1 pm. We are standing in front of a door on a narrow street, waiting to meet the hacker and previous virus author Isak Johnsson. At age 17 he developed and published a stealth technology, without knowing that the very same method would be used 15 years later in the highly sophisticated cyber-weapon Stuxnet – the virus that sabotaged the uranium enrichment facility at Natanz in Iran.

Buzz. No answer.
– Lets try the phone.
No answer. Buzz. Looking up at what we think is the apartment. Buzz. No answer.
– Maybe its the wrong address?
While standing on the other side of the street, looking up, a neighbor opens the door and we quickly run after.

Isak: “When I still was a kid I was working on more educational projects. Questions like; can I make a self replicating program that can spread through other peoples computers without anyone noticing it? It was an intriguing thought that a virus could live on without me. And it did!”

Isak has also studied molecular biology, viruses and performed genetic engineering (on bacteria) at university. The interest runs deeper than hacker graffiti.

“It was always a hard technological challenge, because of the ongoing fight with the anti-virus companies, like David and Goliath. But you were always one step ahead. You act and they react. This has never changed and applies to other kinds of hacking as well.

After a “morning” coffee we continue our conversation.

Isak: “The primary purpose was to be able to spread the virus as much as possible. Not to do any harm to the infected computers, just to spread it. The state-of-art stealth method back then was disinfecting the host program just before the virus scanner read it and infect again when the scanner was done. This didn’t work when write-protection was in effect, disabling stealth in many networks. Another disadvantage was that it that it took time, which could arouse the suspicion of an alert observer. Performance was crucial and the redirection method was much faster. The same was true for size. One non-destructive, memory resident virus I made was just 212 bytes of machine code. Therefore I created a new kind of stealth, named redirection. As far as I know, no previous virus used a similar method. The conceptual virus using it was called Blue Nine, named after the poison used in William Gibson’s cyberpunk epos Neuromancer, [link 1]. This virus returned the original code every time a scanner read the infected sections of the host program. So it looked like the perfect normal program to the virus scanner, but it still was infected. Thus it worked even when the drive was write protected. That technique, I think, has been exploited lately. Probably even in Stuxnet. One unknown source have confirmed this.”

Government leaks confirm that Stuxnet was a joint collaboration between the Israeli cyber warfare unit 8200 and the United States with the goal of stopping Iran’s suspected nuclear weapons program. [link 2] [link 3]

– Do you think “virus” is a positive or a negative word?

Isak: “I think it’s a positive word as I respect all forms of life, but there are viruses doing harm to us as well, as we all know. Viruses are evolving continuously. They have been important for the development of the immune systems in our bodies as well as our computers. They do favors for us. The common cold virus, for instance, may protect us against influenza viruses. This has been suggested by the Swedish Institute for Infection Control [link 4]. This might have saved lives in the latest H1N1 influenza epidemic. It is good that virus evolution happens in small steps, so they suddenly doesn’t make a hyper-jump that wipes us out. This is the reason I think that research about viruses, with computer or human hosts, is important.”


[link 1] A Technical Discussion About the Blue Nine Virus by Conzouler (November 19, 1994)

[link 2] Obama’s virus wars: mutually assured cyber-destruction

[link 3] Cyberattacks on Iran — Stuxnet and Flame

[link 4] Changing the Way the World Thinks about Computer Security


Leave A Comment