Malicious Life Podcast: The Jerusalem Virus Part 1

Malicious Life Podcast: The Jerusalem Virus, Part 1 Transcript

It may be hard to believe, but the concept of “anti-virus” is only just over 30 years old now. The first ever documented case of an anti-virus software was created in early 1987 by Ber nd Fix, a German hacker, in order to defeat a .com-infecting virus called “Vienna”. 1987, you could say, was when anti-virus was born, because this new approach to information security would go on to be invented separately, multiple times over, in different countries around the world that same year. This brings us to the subject of today’s episode of our show.

Later that same year, a threatening virus was discovered at the Hebrew University of Jerusalem. The program, it appeared, had the ability to delete a computer’s worth of data at whim. Scholars and researchers in Israel at the time were intrigued and concerned, and knew they had to do something. Nowadays, though, the story of this virus has much less to do with the damage it caused than the good it ushered in. This virus was nicknamed the “Jerusalem” virus, and it happened to trigger a series of events that would culminate in something very rare: the birth of an entire national industry.

A Real Life Computer Virus
Yuval Rakavi was toying with computers since age five. When Yuval reached adulthood, he enrolled in the computer science program at Hebrew University in Jerusalem. While a student, he also ran a tiny software company with his friend and fellow student, Omri Mann. While at the university, Yuval reconnected with two old friends of his: Eli and Nir Barkat. Yuval and Omri took the advice, hiring Eli and Nir to the team. They would name their company “BRM”, after the initials of each of their names–B, Barkat, R, Rakavi, M, Mann.

Still, all BRM had at its onset were a few technically gifted engineers, and a business leader. They didn’t even really know what to make. Happy music ends That was, until one fateful day in November of 1987, when the phone rang in Yuval’s room. Yuval got up and nearly ran all the way to Omri, to witness something they couldn’t quite understand, but understood the gravity of. Every time Omri ran a file on his computer, this odd program he didn’t recognize got larger and larger in size. It was as if just by using his computer, Omri was feeding this strange beast. What could it possibly be?

It was while they sat together and looked over the program’s code that the two computer science students recalled an article they’d seen not so long before, sent to them by a member of their department’s faculty. It was a groundbreaking article from Dr. Fred Cohen: a pioneer in Information Security who was the first to analyze computer viruses from a mathematical point of view. It was then that the two students realized what they had on their hands: a real-life computer virus, in action.

On The Verge of Bankruptcy
As Yuval, Omri, Eli and Nir were just getting their company moving, Ofer Ahituv, only a few tens of miles away, was on the verge of losing his.

Ofer founded his software company, “Iris”, all on his own a decade prior. At its peak, Iris was a thriving organization employing dozens of workers. In more recent years, though, major debt and insufficient sales threatened the company with bankruptcy, and forced Ofer to lay off his employees en masse. By November of 1987, Iris was down to just three employees total, including Ofer himself. Ofer became so desperate that he contemplated taking out a second mortgage on his house, before friends and family stepped in to convince him how foolish a move that would have been.

Ofer wasn’t as natural a technology enthusiast as Yuval and Omri. Growing up in the ‘70s he’d studied violin, and continued that track through college. Knowing the financial pitfalls of a music career, he decided he’d dual-major in math. As all Israelis of a given age are, Ofer went to the Israeli Defense Force after school, and while there was tasked with the production of statistical reports for military use. The creation of these reports was done, at that time, with the help of mainframe computers common to the times.

Leveraging the technical acumen he’d built up while enlisted, and abandoning a career as a professional violinist, at age 28 Ofer founded Iris. Iris’ primary product, fittingly enough, was a software designed for producing statistical reports. Ofer had written the program himself, which worked on the smaller personal computers that began to be sold around Israel around this time.

Iris’ flagship product was a market success, selling to large and small corporations, and even the IDF where Ofer first learned the skills to build such a program. The company hired more employees, and developed their product line to incorporate encryption and infosec-related products.

Then, things started to take a turn for the worse. Ofer filed suit against a former colleague of his, whom he claimed had copied the code from his flagship statistical reports software to create a competing product. That lawsuit would last nearly an entire decade, reaching all the way to Israel’s Supreme Court. Ofer did end up winning the case, but between attorney’s fees and emotional stress, the victory didn’t hold so much weight. Not only that: the time and energy wasted had seemingly taken a huge toll on his business. Iris’ products began to fall off in quality over time, and customers gradually began moving elsewhere. At the end of it all, all Ofer had was one sales manager, one software engineer, and tens of thousands of dollars worth of debt. Bankruptcy loomed.

“Anti-AIDS”
Let me pause for a moment, to provide some context here.

Have you ever encountered a computer virus, maybe on your own machine? Everybody hates a virus, besides of course the hackers themselves. It’s just so annoying to deal with, and at worst, hugely harmful to your personal data, even your finances. There’s probably never been one person who’s been happy about a computer virus. That would make no sense, right?

But wait: what about a man who has nothing to lose? Whose company is going bankrupt, life torn apart by a bitter legal battle with a former friend, and no prospects or hopes to hold onto? In November of 1987 “Carmel”, a distributor of Iris software in northern Israel, began receiving reports from confused customers, about a strange file growing on all of their computers. Carmel, not knowing what to do themselves, passed the news onto Ofer Ahituv. Ofer gave a copy of an infected disk to the one remaining programmer of his company, the programmer went off on his way, and then came back a few hours later in total astonishment. This, he said, was the first instance he’d ever seen–he, a professional computer programmer–of a software which replicated itself. Ofer and his colleague sat at a computer, carefully reviewing the strange code, trying to understand its mechanisms. Ofer may not have known it that day, but he was about to become the happiest man to ever have contracted a computer virus.

At this point in the story, Ofer and his programmer were two of the handful of people–including the guys at BRM, and a select few other computer professionals–aware that there was now a very real virus spreading all over the country. Ofer took this dire situation as an opportunity, realizing there was now a market for an entirely new software product: something that could get rid of this self-replicating program.

Knowing that the window of opportunity to be first to market would close soon, Ofer and his programmer got down and dirty, conceiving of and building software to counter the virus. But it got more complicated: they’d have to come up with a program that could beat not just this program, but any future variants and iterations of this program. Dramatic music fade out So the two men designed a software that would scan a computer to locate files infected by the virus they’d seen, as well as any similar enough virus that may come in the future.

With the code ready, all they had to do was give their new product a name. Because the word “virus” wasn’t widely used to describe computer programs in 1987, they couldn’t just call their program, you know, “antivirus”. Ofer figured, however, that people did know about the biological AIDS virus. Clearly Ofer wasn’t as talented a marketer as he was a programmer, when he released his brand new product to the market: called “anti-AIDS”. Similar programs to “anti-AIDS” were released around the same time in the U.S. and U.K., but Ofer has claimed that his was the first commercial antivirus in world history. I can’t confirm whether that’s true or not, but what we can assume is that those American and British products probably had much better names.

The Jerusalem Virus
Ofer and his two remaining employees couldn’t have been more timely when, just as they finished designing the logo for anti-AIDS, the story about a new virus threatening Israel’s computer systems broke in the press. It was then that the phenomenon got its name: the Jerusalem virus.

So here we are. At Hebrew University, Yuval and his three friends at BRM are trying to beat the Jerusalem virus. A short drive away, Ofer and his two colleagues are trying to do the same. Citizens around the country are starting to get word of what’s going on. It wouldn’t be long before more copies of the virus would make their way out of the country, and around the globe.

But…what was this so-called Jerusalem virus? What caused it to capture the minds of a nation?

Jerusalem wasn’t the first virus of its kind: computer scientists had seen instances of self-replicating programs years earlier. It also wasn’t the first virus that was designed with the intention of causing damage to host computers: in 1986, Lehigh University personnel encountered a virus that would erase all information on their host disks. That virus caused a commotion at the Pennsylvania-based school but, ultimately, was stopped before it could escape the confines of the campus.

Jerusalem was different primarily for one key trait. It was what we’d call a “logic bomb”: activated only if a certain condition is realized. Jerusalem, when activated, would delete all information on its host computer. And it’s condition? That the date be Friday, the 13th of the month.

That just seems cheeky now, doesn’t it? Clearly, Jerusalem’s writer was having a little bit of fun by giving their malicious program a malicious activation date. Researchers took the date seriously, looking back to see if any significant Israeli historical events had fallen on a Friday the 13th of past years. Conspiracies were floated, but none given any credence.

More evidence started to float in that Jerusalem wasn’t as scary as everybody had previously thought, when researchers discovered it was simply a reworked version of a previously known virus, Suriv-3 (“Suriv” being “virus” spelled backwards…as if it couldn’t get any worse). Suriv-3 was, itself, a mashup of two earlier viruses: Suriv-1 and Suriv-2. Those viruses were not designed to destroy any information like Jerusalem was–instead, they were simple logic bombs which, if it were April 1st of the year, would produce the message “April 1, ha ha you have a virus!”

Discovering its connection with the Siruv viruses only opened the field wider for who Jerusalem’s writer could’ve been. Really, any amateur could’ve done the work. Even calling this person a virus “writer” might be a misnomer here–it doesn’t take a genius to change a date and a function in a simple program. Still, the media hype around Jerusalem caused it to spawn a horde of other, equally uncreative spawn, often containing blatant errors. One version of Jerusalem, for instance, changed the activation date of the original program from Friday the 13th to simply the seventh day of the week (that is, the first Saturday after infecting a new machine). What the novice writer of this virus failed to realize is that, in the computer world, counting generally begins not with one, but zero. So a computer program might consider Sunday not day one of the week, but day zero, and Monday day one. Because of this, Saturday would be day six, and the seventh day of a week as understood in computer code simply does not exist. Needless to say, this version of the virus was completely harmless–a bomb that never could go off.

The Birth Of An Industry
The market for a program to combat the Jerusalem virus burst wide open. The rumor that two students at Hebrew University found a cure spread quickly, and Omri and Yuval distributed copies of their program free of charge to anyone who wanted it.

Seeing the hole in the market, other software companies stepped in and created their own anti-virus programs. Carmel, the northern-based distributor for Ofer Ahituv’s Iris products, released their ow n “Turbo AntiVirus”, and a firm called Elyashim, whose two founders were mentors to Yuval Rakavi back in their days at the Israeli Air Force Technical School, devised their own program called “VirusSafe”.

These anti-virus solutions made use of the same technique: scanning computers to identify the unique signatures of known viruses (in this case, primarily, the Jerusalem virus). Scanning for signatures like this does work for relatively simple viruses, but there are obvious longer-term problems with the method. Think about it: every time a new virus shows up in the world, an update to the program has to be written and installed to account for that new signature. Of course, in November 1987 new kinds of viruses weren’t cropping up all that often. It allowed Elyashim, for example, to distribute new versions of their software by using a messenger on a scooter, who went around to customers hand-delivering new discs every few months.

These, listeners, were the good ol’ days of cyber security.

But time would go on and newer, more complex viruses hit the scene. As the new viruses continued to get better, too, the old means of anti-virus would become obsolete. Think about how much time and resource it takes to review the data on each and every file on a computer. Theoretically you could speed up the process by localizing the scan to certain files and not others, but doing so risks the possibility that an unsuspected, sophisticated virus could slip past.

But before all that, even with new products entering the market, the Jerusalem virus was spreading faster than it could be put out. Luckily, there was a man who stood to benefit from the chaos.

In our next episode we’ll pick up the story where we’ve just left off, as Ofer Ahituv’s fortunes change forever, Yuval Rakavi receives an incredible surprise in front of thousands of people, and the Israeli antivirus industry blows up…perhaps a bit too big. I’m Ran Levi–all that to come, next time on Malicious Life.