Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
The botnet world is booming
What’s driving this university to IPv6? Going green
Google takes direct aim at Microsoft
Microsoft promises to stymie hackers next week with new patches
Chrome OS spotlights rapidly changing mobile Web environment
IT pros continue to lose jobs
How ending exclusivity agreements would change the telecom industry
How to use electrical outlets and cheap lasers to steal data
EMC distances rival NetApp
Crime lab saves energy costs by turning up heat in the data center
IBM security software masks confidential info
Google Native Client provides hints on Chrome OS gambit
Ericsson signs deal to run Sprint wireless, wireline networks
Verizon helping companies assess application vulnerabilities
Internet's biggest issue? IPv6 transition, new ARIN CEO says
/

Hacker group Cult of the Dead Cow tries to convince world its Back Orifice tool is legit

Today's breaking news
Send to a friendFeedback

Advertisement:

By Ellen Messmer
Network World Fusion, 07/12/99

LAS VEGAS - At the Defcon hacker convention in flood-ravaged Las Vegas, nineteen members of the Cult of the Dead Cow hacker group cavorted on stage to officially launch Back Orifice 2000, their latest software tool for taking control of Windows-based corporate networks.

It was a bizarre parody of a software vendor's product launch. Grandmaster Rat howled out a cruel imitation of Martin Luther King's historic "I have a dream" speech as he screamed "I have been to the mountaintop!" Amid shrieking sound effects and videos, he chanted "Hallelujah!" and by the end of his rant, he was gripping his crotch with one hand and saluting his audience with the other.

But that, of course, was just the warm-up act. Dildog, the software's main author, took the mike to reel off all the supposed new improvements that Back Orifice 2000 has over its Trojan horse predecessor, Back Orifice, which was unveiled at last year's Defcon. A Trojan horse lets an attacker secretly monitor or take control of network resources once it is installed on the target device.

The first Cult of the Dead Cow hacker tool was aimed at controlling Windows 95 and 98, "so it only ended up being widely used by home PCs," Dildog suggested. But Back Orifice 2000, which he called "almost a complete rewrite from the ground up," is "for corporate America" because it includes NT and TCP/IP support, not just UDP, so the user "can talk over all kinds of networks."

The new version is said to weigh in at just 113K, under the previous version's 160K footprint. Now equipped with multiple-user log-ins so several people can use it at one time, it lets you control the user's mouse, keyboard and files, and even shut down and uninstall the HTTP server, either through manual control or a timed automated intervention.

"It looks like a thread of other executables running," Dildog explained as he demonstrated an early version of it to the hundreds of hackers, government spies, security analysts and media packed into the stifling, overcrowded hall at the Alexis Park and Resort.

Back Orifice 2000 is designed to be fully open and extensible so that third-parties can easily build programs that offer new ways for the software to get loaded onto networks and manipulate user data. For instance, the tool today can take NT passwords and automatically dump them into the L0pht password-breaking program.

Back Orifice 2000 uses varying encryption strengths up to Triple-DES to hide itself. The Cult of the Dead Cow members claim antivirus software will have no effect against it because it can constantly morph to look like something else. One Cult of the Dead Cow member, Tweetyfish, suggested that only intrusion-detection would have a chance to spot and eradicate it.

In an astonishing assertion, the Cult of the Dead Cow insists that Back Orifice 2000 is not just a tool for hackers - they claim it is a legitimate network management tool that should be used by network professionals.

"It's just like other tools that cost a whole lot of money, such as Symantec's PCAnywhere or Microsoft's SMS," claimed Dildog. As a sign of its good intentions, Cult of the Dead Cow plans to release the source code for Back Orifice 2000, and will sue anyone that steals this code to make a commercial product of their own. Dildog acknowledged that releasing the source code would also help the hacker group fix any bug problems in Back Orifice 2000.

Last Saturday, Cult of the Dead Cow tossed out half a dozen CDs with Back Orifice 2000 on it to the audience clamoring for it. One security vendor, Internet Security Systems, says one of its employees attending Defcon managed to grab one, and found known computer viruses on it - alongside the Back Orifice 2000 program.

Stripped of the computer viruses, the CD's content is now being reviewed extensively by industry experts as the final version of Back Orifice 2000 is expected to be posted online early this week.

"We wouldn't classify this as an administration tool, we'd classify it as a backdoor," says Chris Rowland, ISS' director of the X-Force, the group at ISS that swings into action when security threats are spotted. "It's developed to maliciously and stealthily install itself on a server."

The ISS RealSecure intrusion-detection product has just been upgraded to recognize and eradicate Back Orifice 2000 and network-based attacks. Other vendors are also working along the same lines.

One Cult of the Dead Cow member, Sir Dystic, says he is developing his own intrusion-detection antidote for the code he helped create. Security vendors say they expect him to sell it.

RELATED LINKS

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

Cult of the Dead Cow Web site

Microsoft's BO2K page

Reaction: Here's what some Fusion users are saying about this article: What do you think? Add your comments to the thread

Tool for attacking NT servers released this weekend: Is your network safe?
Network World, 7/9/99


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.