U.S. Allowed Computer Users Access to Virus Codes : Technology: Officials say it is impossible to tell if Treasury’s possibly risky action resulted in any damage.

For more than a year, computer virus programs that can wreak havoc with computer systems throughout the world were made available by a U.S. government agency to anyone with a home computer and a modem, officials acknowledged this week.

At least 1,000 computer users called a Treasury Department telephone number, spokesmen said, and had access to the virus codes by tapping into the Treasury’s Automated Information System bulletin board before it was muzzled last month.

The bulletin board, run by a security branch of the Bureau of Public Debt in Parkersburg, W. Va., is aimed at professionals whose job it is to combat such malicious destroyers of computer files as “The Internet Worm,” “Satan’s Little Helper” and “Dark Avenger’s Mutation Engine.” But nothing blocked anyone else from gaining access to the information.

Before the practice was challenged by anonymous whistle-blowers, the bulletin board offered “recompilable disassembled virus source code”--that is, programs manipulated to reveal their inner workings. The board also made available hundreds of “hackers’ tools”--the cybernetic equivalent of safecracking aids.

They included “password cracker” software--various programs that generate huge volumes of letters and numbers until they find the combination that a computer is programmed to recognize as authorizing access to its contents--and “war dialers,” which call a vast array of telephone numbers and record those hooked to a computer.

The information was intended to educate computer security personnel, according to Treasury spokesmen. “Until you understand how penetration is done, you can’t secure your system,” said Kim Clancy, the bulletin board’s operator.

But with this information, relative amateurs could create new viruses, according to software writers.

“I am dismayed that this type of activity is being condoned by an American governmental agency. I am extremely disturbed by the thought that my tax money is being used for what I consider unethical, immoral and possibly illegal activities,” wrote an anonymous whistle-blower quoted in Risks Forum, a Silicon Valley-based electronic “magazine” where debate has raged on the issue since it surfaced last month.

“That’s like leaving a loaded gun around and people saying: ‘It’s not my fault if someone picks it up and shoots himself in the head with it,’ ” said Paul Ferguson, a computer consultant upset by the Treasury Department’s practices.

Treasury officials have little idea who has dialed up the bulletin board and what has been copied out of it, spokesman Peter Hollenbach said. Hence it is impossible to judge if any damage has been done.

Hollenbach and some computer professionals minimize the risk, saying the software on the bulletin board was acquired through the computer underground in the first place, and thus has always been available to miscreants with sufficient contacts, tenacity and skill.

“Hackers don’t go to the Department of Treasury to get their hacking tools,” Clancy said.

The Treasury Department became enmeshed in this controversy because it is one of the most intense users of computers in the federal government. All the billions of dollars of Treasury securities are handled, through the Bureau of Public Debt, on computer networks, Hollenbach said.