Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Kill switches coming to iPhone, Android, Windows devices in 2015
Still deploying 11n Wi-Fi?  You might want to think again
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab
10 Hot Hadoop Startups to Watch
Server makers rushing out Heartbleed patches
Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test
Net neutrality ruling complicates US transition to IP networks
6 Social Media Mistakes That Will Kill Your Career
Canonical's new Ubuntu focuses on the long haul
4 Qualities to Look for in a Data Scientist
Big bucks going to universities to solve pressing cybersecurity issues
Mozilla appoints former marketing head to interim CEO
Box patches Heartbleed flaw in its cloud storage systems
Obama administration backs disclosing software vulnerabilities in most cases
6 Amazing Advances in Cloud Technology
Collaboration 2.0: Old meets new
Data breaches nail more US Internet users, regulation support rises
With a Wi-Fi cloud service, Ruckus aims to help hotspot owners make money
How to get Windows Phone 8.1 today
Secure browsers offer alternatives to Chrome, IE and Firefox
10 Big Data startups to watch

Hacker group Cult of the Dead Cow tries to convince world its Back Orifice tool is legit

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

LAS VEGAS - At the Defcon hacker convention in flood-ravaged Las Vegas, nineteen members of the Cult of the Dead Cow hacker group cavorted on stage to officially launch Back Orifice 2000, their latest software tool for taking control of Windows-based corporate networks.

It was a bizarre parody of a software vendor's product launch. Grandmaster Rat howled out a cruel imitation of Martin Luther King's historic "I have a dream" speech as he screamed "I have been to the mountaintop!" Amid shrieking sound effects and videos, he chanted "Hallelujah!" and by the end of his rant, he was gripping his crotch with one hand and saluting his audience with the other.

But that, of course, was just the warm-up act. Dildog, the software's main author, took the mike to reel off all the supposed new improvements that Back Orifice 2000 has over its trojan horse predecessor, Back Orifice, which was unveiled at last year's Defcon. A trojan horse lets an attacker secretly monitor or take control of network resources once it is installed on the target device.

The first Cult of the Dead Cow hacker tool was aimed at controlling Windows 95 and 98, "so it only ended up being widely used by home PCs," Dildog suggested. But Back Orifice 2000, which he called "almost a complete rewrite from the ground up," is "for corporate America" because it includes NT and TCP/IP support, not just UDP, so the user "can talk over all kinds of networks."

The new version is said to weigh in at just 113K, under the previous version's 160K footprint. Now equipped with multiple-user log-ins so several people can use it at one time, it lets you control the user's mouse, keyboard and files, and even shut down and uninstall the HTTP server, either through manual control or a timed automated intervention.

"It looks like a thread of other executables running," Dildog explained as he demonstrated an early version of it to the hundreds of hackers, government spies, security analysts and media packed into the stifling, overcrowded hall at the Alexis Park and Resort.

Back Orifice 2000 is designed to be fully open and extensible so that third-parties can easily build programs that offer new ways for the software to get loaded onto networks and manipulate user data. For instance, the tool today can take NT passwords and automatically dump them into the L0pht password-breaking program.

Back Orifice 2000 uses varying encryption strengths up to Triple-DES to hide itself. The Cult of the Dead Cow members claim antivirus software will have no effect against it because it will can constantly morph to look like something else. One Cult of the Dead Cow member, Tweetyfish, suggested that only intrusion-detection would have a chance to spot and eradicate it.

In an astonishing assertion, the Cult of the Dead Cow insists that Back Orifice 2000 is not just a tool for hackers - they claim it is a legitimate network management tool that should be used by network professionals.

"It's just like other tools that cost a whole lot of money, such as Symantec's PCAnywhere or Microsoft's SMS," claimed Dildog. As a sign of its good intentions, Cult of the Dead Cow plans to release the source code for Back Orifice 2000, and will sue anyone that steals this code to make a commercial product of their own. Dildog acknowledged that releasing the source code would also help the hacker group fix any bug problems in Back Orifice 2000.

Last Saturday, Cult of the Dead Cow tossed out half a dozen CDs with Back Orifice 2000 on it to the audience clamoring for it. One security vendor, Internet Security Systems, says one of its employees attending Defcon managed to grab one, and found known computer viruses on it - alongside the Back Orifice 2000 program.

Stripped of the computer viruses, the CD's content is now being reviewed extensively by industry experts as the final version of Back Orifice 2000 is expected to be posted online early this week.

"We wouldn't classify this as an administration tool, we'd classify it as a backdoor," says Chris Rowland, ISS' director of the X-Force, the group at ISS that swings into action when security threats are spotted. "It's developed to maliciously and stealthily install itself on a server."

The ISS RealSecure intrusion-detection product has just been upgraded to recognize and eradicate Back Orifice 2000 and network-based attacks. Other vendors are also working along the same lines.

One Cult of the Dead Cow member, Sir Dystic, says he is developing his own intrusion-detection antidote for the code he helped create. Security vendors say they expect him to sell it.

Senior Editor Ellen Messmer covers security and related issues for Network World.

Winn Schwartau is a security maven, writer and speaker. His recent book "Time Based Security," creates a new paradigm for measuring and quantifying security in any network. His hit books include "Information Warfare" in all three editions. He owns, the worlds' biggest site for security and information warfare. His team provides extensive security consulting on three continents. In addition, he is a popular, inventive and exciting speaker a boon to any event. Winn can be reached at or (727) 393-6600.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.