----------------------------------------------
                          | Interview with Becky Worley, TechTV reporter |
                          |       by Gigabyte [Metaphase VX Team]        |
                          |                                              |
                          |                   May 2003                   |
                           ----------------------------------------------


I think sometimes it's nice to look at things in another way. Not through the eyes of a virus writer, virus collector,
hacker or something alike, but of someone who gets to deal with viruses in a totally different way.
As you may remember, in the previous issue of this zine, I interviewed Sarah Gordon, and this time, I talked to Becky
Worley. She works for TechTV, in TechLive, a nightly 1/2 hour magazine show about technology.
Becky also told me you're welcome to e-mail becky@techtv.com with any feedback or thoughts on anything mentioned in the 
interview.

And here we go..

- First of all, when did you start reporting about security, hacking and
such and what was your motivation to do so?

In 2001,  I was hosting a computer help and how-to show, "Call For Help"
on TechTV . Our news show, TechLive wanted to do some of our content for
their show.  Since viruses are the most consistently evolving element of
computer how-to, they seemed like a fitting subject.  I began doing a daily
segment called Security Alert to keep people abreast of new viruses, scams,
and ways to stay safe: patches, techniques, and software.


- Which topics do you find the most interesting?

The social engineering used in viruses: what psychological methods are
being used to hook victims.  (actually this brings up an interesting
question-  what do you guys call the people who double-click executable
virus files? - victim, dumb- ass, subject???? I digress... )

I think virus social engineering is an incredible indicator of global
consciousness, e.g.  Shakira worm, World Cup soccer virus, 9/11 World Trade
Center photos, SARS info, Avril Lavigne.

- Did your PC ever get infected with a virus? If so, which one(s), how
did you react, were you angry, and how did you solve the problem?

I haven't gotten any viruses in the last 5 years.  I keep thinking how
embarrassing it would be to get infected.  But then again so many
techniques employed by skilled virus writers take the user out of the
equation; circumventing the need for double-clicking an attachment through
software holes and network vulnerabilities.  I am a nut about patching my
software,  I use an AV scanner, have firewalls installed, and I try to scan
everything I download off P2P networks. But I am lazy or forgetful just
like everyone else, so I'm sure I could get a virus even though I'm
supposed to know better.


- Ever got hacked?

Part of why I like writing for the masses about technology is that I'm not
pretending to be an uber-geek.  I am a knowledgeable computer user, but my
network at home is not elaborate, I don't have any websites up except for
the one I use for school (I'm getting a Master's degree at Stanford in a
program called Learning Design and Technology.  It's through the Computer
Science and  Education departments, and it aims to "better use tech to
teach" and "teach tech better."

I also try to keep a low profile, (is doing an interview with a virus
writer's zine a good idea if you're trying to keep a low profile?).  I
write about viruses, I try to help people avoid infection, but I'm not
pointing fingers at specific people.  I think releasing viruses into the
wild is destructive, but innovating code is a form of invention. If you use
a worm to install a key-logging, data-stealing trojan then I consider you a
bad guy.  If you figure out how to breach security measures in Internet
Explorer with a proof-of-concept virus, then I think you're doing a service
for the greater good.  Nothing's exactly black and white, though.  I just
know I'm trying to help people like my mom save time and energy staying
free of viral infection.

So the answer is no I haven't been hacked, although TechTV, my employer has
had its fair share of attacks.

- How many hackers, vxers (virus writers and collectors) and alike have you
spoken to?

Well I guess it depends on how you define hackers.  Let me start by
answering the question honestly. Not enough.

But some would say these count:: Adrian Lamo, Kevin Poulsen, Kevin Mitnick,
Steve Wozniak, Linus Torvalds,  Gigabyte, the Deceptive Duo.

This is a really good question: unlike traditional TV reporting, viruses
and security issues make it tough to offer people on both (all) sides a
chance to speak about the issue.
For example.  A prominent businessman is accused of embezzling money from a
large corporation.  As the TV reporter assigned, I have 2 hours before my
deadline to get soundbites from the businessman (or his lawyer), the
Prosecuting attorney, and the wronged party (the company from whom the
money was embezzled).  I can look up all their phone numbers and set up
shoots to get comment if they all want to talk.
That would be a lead story in a newscast- you get 4-5 hours total to make
it happen including contacting and setting up interview subjects, doing the
shoot, writing the piece, voicing the track, and editing the final product.
That story would get 1 minute and 30 seconds of air time.
For the security reports I do, I have 45 minutes- tops to put together a
report about a new trend or virus.  This includes writing a web article.
In the end, this item will only get  25 seconds of air time in the show.
This is just a very small part of my job.
The constraints of maxed out reporters and hard to find virus writers makes
getting clear, well-rounded perspectives difficult.  As a cop out, I feel
the code sometimes speaks for itself.  That's the comment I try to infer
from either the writer or the person who seeded the virus.


- How many have you met in real life and who?

Kevin Poulsen, Kevin Mitnick, Steve Wozniak, Linus Torvalds, Adrian Lamo
(like I said earlier, not enough)

- When you first went to interview such a person, did you go there with
the idea you were going to talk to some kind of 'criminal'? Explain.

Not at all, except for the deceptive duo-  they knew they were pushing the
bounds of criminality. Others in my list are fairly mainstream.

- Has your opinion changed?

I would make a horrible prosecuting attorney because I'm sure people have
reasons for everything they do.  But I will repeat my belief that releasing
a virus in the wild is destructive.  Putting viruses in the hands of other
people who will release it into the wild seems equally irresponsible.

I just see this from the perspective of an average computer user:  if a
victim loses a term paper and flunks a class as a result of a virus, or has
their identity stolen, or fears viruses so much they don't maximize the
incredible potential of their computer and the Internet, I think that's
lame.

- Do you think the general public sees us as criminals? What about
people who have more technical knowledge, do they share the same ideas?

Yes, the general public thinks you are criminals.  The more technical
community probably believes in your criminality even more acutely.
The saying Noblesse Oblige comes to mind: those who have great skills and
talents should use them for the benefit of others.  Good VXers have an
opportunity to do something amazing with their skills.  (I'm starting to
sound like an old-fart.  I should shut up and just tell you about my job-
enough with the message-right?)

- Do you think virus writers are a lot like the stereotype some AVers
(like Graham Cluley) and media describes?

Stereotypes are for the narrow-minded.  And no, I don't think you are all
pimple-faced teens, horny and hopped up on Red-Bull. That being said,
Graham has an opinion and as a member of the media I often quote him.
If VXers had a PR machine like Sophos does, I'd probably be writing about
the fact that AVers are all over-fed corporate nerds using fear to make a
buck in this crappy tech economy.

- Do virus writers and hackers give a paranoid impression, when talking
to media people?

Adrian Lamo is an interesting case here because he chooses his words
carefully, refusing to be shoe-horned into a 10 second, simplistic
sound-bite.  So his paranoia is more about being misrepresented by us
shallow TV people.

- Do you think there's a way vxers can help change the way people think
about them? If so, how?

Not to kiss up to the interviewer, I actually thought Sahay was an unique
experiment.  A disinfecting virus.  Not that the average Joe will be able
to process what was unique, but I thought it was interesting.  Your average
computer user fears viruses and thus, fears virus writers.  They don't have
the time to process the intricacies of who wrote the code, for what
reasons, and how it eventually landed on their PC.  They just fear the code
and the coder.

- Have you met any AVers? If so, are they really the way they behave on
the Internet, and do you think they have very negative views on virus
writers?

I don't know the VX- antichrist Graham Cluely personally.  But Steve
Trilling from Symantec is a great guy.  He used to be a stand-up comedian,
and he's very thorough, professional and helpful.

- Did you actually learn things from all the TechTV reportages you did?
Did hackers and virus writers teach you anything? (technically and/or
socially)

The whole reason why I am a reporter is because I love to learn about new
things.  I get paid to be a student.  I have to admit that it's
intimidating to offer my opinions here because I am not trying to be a
virus expert, not even amongst reporters (there is a whole cadre of guys
that just write about viruses, I can't go as deep so I am much more on the
surface of VX issues).  There are so many people who know more about the
subject than I do; I just have the task of translating what I do learn into
digestible, entertaining, informative blurbs that help people wrap their
heads around the virus (and security) issues at hand.   So I learn all the
time, and sometimes the hard way, making mistakes that are pointed out by
our incredibly knowledgeable viewers.   Each new virus teaches me something
about viruses- Code Red & Nimda about Network shares and DDOS attacks,
Klez about spoofing, Sircam about social engineering, Duload about the use
of P2P networks.

- If you had a son/daughter and he/she would become a good and well known
virus writer, what would you do?

hmm,  I guess it would depend on what she or he did with the viruses and
how they innovated the craft.  There is no doubt in my mind that VXers are
incredibly creative, but I guess you'd have to ask each person why they
release their viruses and what it does for them.  I'd like to know more
about that motivation.  Writing viruses must fulfill you on some level-
why?   Oversimplifying very complex issues fulfills me on some level- why?
I'd have to ask that of my kid to determine whether they were doing
something worthwhile or destructive.  If they were writing a virus that
tried to identify kiddie porn and then erased it off hard drives, I could
get behind that.

- Do you think Microsoft is (partly) responsible for all these virus
outbreaks?

Yes and no.  Microsoft has to do more to release software free of
vulnerabilities.  They also have to make the windows update process less
invasive, more automated.  They need to release software that defaults to
the safest settings and do a better job educating their customers about the
responsibilities of keeping software up to date.

But I will say that Microsoft has come a long way quickly.  I actually
think they are doing a good job handling disclosure issues.  When a
vulnerability is reported to them, they are very quick to respond and
acknowledge the person or organization who discovered the hole.  I have
come across other companies that could learn a thing or two from
Microsoft's struggles.
http://www.techtv.com/news/security/story/0,24195,3417248,00.html

- Which antivirus software do you prefer? Is it working well for you?

I use Norton on one computer, TrendMicro's office scan on another.  I will
say the corporate version of Office scan is much less invasive and seems to
eat system resources less than N.A.V.

- Do you ever read virus related articles or e-zines? If so, are they
pro or anti virus?

- Do you think publishing viruses in e-zine helps keep virus writers
from releasing them into the wild?

- Do you think the wildlist is (partly) responsible for the spreading of
viruses? (for example because virus writers may try to make it into the
list)

- Anything else you'd really like to mention?

I'm not going to answer the above questions for one reason, I'm not the
right person to make that kind of a judgement.  I can tell you how hard it
is to educate people about viruses through the media.  I can explain the
difficulties of condensing the technicalities of a new virus into 25
seconds of copy.  I can give you examples of viruses I have covered because
their social engineering involved a visual I could make into interesting
TV.  Or  point out that innovative viruses without a visual hook often
don't make air.  I could tell you that I don't understand why bright,
talented people would dedicate their energy to the creation of viruses that
ultimately scare newbies away from computing.  But really all I can say is
that I'm on a journey to understand the phenomenon of viruses.
Unfortunately in the main-stream community of television journalists, very
few have the inclination or the time to really understand the viruses that
they report.

Back to index