Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FCC defends new net neutrality proposal
New iPad rumor rollup for week ending April 23
Dell adds Big Switch to its SDN mix
Google Plus now minus chief Vic Gundotra
Heartbleed prompts joint vendor effort to boost OpenSSL, security
Microsoft Surface Mini seems likely to ship soon
China working on Linux replacement for Windows XP
FCC adds $9 billion to broadband subsidy fund
Raspberry Pi alternatives emerge to fill need for speed
It's now possible to wirelessly charge 40 smartphones from 16 feet away
Ex-FCC commissioner to head CTIA in latest Washington shuffle
Go time traveling with Google Maps
While Heartbleed distracts, hackers hit US universities
Survey respondents shun much-hyped mobile shopping technologies
7 Ways to Advance Your Project Management Career
How Apple's billion dollar sapphire bet will pay off
US to vote on sharp increase in broadband subsidies
iPhone 6 rumor rollup for the week ending April 18
NSA spying revelations have tired out China's Huawei
Arista co-founder may have switch maker by its jewels
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
Verizon: Web apps are the security punching bag of the Internet
/

Hacker group Cult of the Dead Cow tries to convince world its Back Orifice tool is legit

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

LAS VEGAS - At the Defcon hacker convention in flood-ravaged Las Vegas, nineteen members of the Cult of the Dead Cow hacker group cavorted on stage to officially launch Back Orifice 2000, their latest software tool for taking control of Windows-based corporate networks.

It was a bizarre parody of a software vendor's product launch. Grandmaster Rat howled out a cruel imitation of Martin Luther King's historic "I have a dream" speech as he screamed "I have been to the mountaintop!" Amid shrieking sound effects and videos, he chanted "Hallelujah!" and by the end of his rant, he was gripping his crotch with one hand and saluting his audience with the other.

But that, of course, was just the warm-up act. Dildog, the software's main author, took the mike to reel off all the supposed new improvements that Back Orifice 2000 has over its trojan horse predecessor, Back Orifice, which was unveiled at last year's Defcon. A trojan horse lets an attacker secretly monitor or take control of network resources once it is installed on the target device.

The first Cult of the Dead Cow hacker tool was aimed at controlling Windows 95 and 98, "so it only ended up being widely used by home PCs," Dildog suggested. But Back Orifice 2000, which he called "almost a complete rewrite from the ground up," is "for corporate America" because it includes NT and TCP/IP support, not just UDP, so the user "can talk over all kinds of networks."

The new version is said to weigh in at just 113K, under the previous version's 160K footprint. Now equipped with multiple-user log-ins so several people can use it at one time, it lets you control the user's mouse, keyboard and files, and even shut down and uninstall the HTTP server, either through manual control or a timed automated intervention.

"It looks like a thread of other executables running," Dildog explained as he demonstrated an early version of it to the hundreds of hackers, government spies, security analysts and media packed into the stifling, overcrowded hall at the Alexis Park and Resort.

Back Orifice 2000 is designed to be fully open and extensible so that third-parties can easily build programs that offer new ways for the software to get loaded onto networks and manipulate user data. For instance, the tool today can take NT passwords and automatically dump them into the L0pht password-breaking program.

Back Orifice 2000 uses varying encryption strengths up to Triple-DES to hide itself. The Cult of the Dead Cow members claim antivirus software will have no effect against it because it will can constantly morph to look like something else. One Cult of the Dead Cow member, Tweetyfish, suggested that only intrusion-detection would have a chance to spot and eradicate it.

In an astonishing assertion, the Cult of the Dead Cow insists that Back Orifice 2000 is not just a tool for hackers - they claim it is a legitimate network management tool that should be used by network professionals.

"It's just like other tools that cost a whole lot of money, such as Symantec's PCAnywhere or Microsoft's SMS," claimed Dildog. As a sign of its good intentions, Cult of the Dead Cow plans to release the source code for Back Orifice 2000, and will sue anyone that steals this code to make a commercial product of their own. Dildog acknowledged that releasing the source code would also help the hacker group fix any bug problems in Back Orifice 2000.

Last Saturday, Cult of the Dead Cow tossed out half a dozen CDs with Back Orifice 2000 on it to the audience clamoring for it. One security vendor, Internet Security Systems, says one of its employees attending Defcon managed to grab one, and found known computer viruses on it - alongside the Back Orifice 2000 program.

Stripped of the computer viruses, the CD's content is now being reviewed extensively by industry experts as the final version of Back Orifice 2000 is expected to be posted online early this week.

"We wouldn't classify this as an administration tool, we'd classify it as a backdoor," says Chris Rowland, ISS' director of the X-Force, the group at ISS that swings into action when security threats are spotted. "It's developed to maliciously and stealthily install itself on a server."

The ISS RealSecure intrusion-detection product has just been upgraded to recognize and eradicate Back Orifice 2000 and network-based attacks. Other vendors are also working along the same lines.

One Cult of the Dead Cow member, Sir Dystic, says he is developing his own intrusion-detection antidote for the code he helped create. Security vendors say they expect him to sell it.

Senior Editor Ellen Messmer covers security and related issues for Network World.


Winn Schwartau is a security maven, writer and speaker. His recent book "Time Based Security," creates a new paradigm for measuring and quantifying security in any network. His hit books include "Information Warfare" in all three editions. He owns www.infowar.com, the worlds' biggest site for security and information warfare. His team provides extensive security consulting on three continents. In addition, he is a popular, inventive and exciting speaker a boon to any event. Winn can be reached at winn@infowar.com or (727) 393-6600.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.