IT held hostage between Microsoft, hackers
- 10 July, 1999 22:00
A difference of opinion concerning the Windows security model between Microsoft and The Cult of the Dead Cow (cDc), an independent group of hackers and programmers, has resulted in the cDc releasing Back Orifice 2000 (BO2K).
Launched at the DefCon show in Las Vegas this weekend, Back Orifice 2000 gives users the ability to access any Windows NT machine remotely, which in turn could be used to create a security breach.
For IT managers, this presents a number of potential problems.
"These tools scare me. They can be used for industrial espionage or information loss where information can be stolen without us knowing about it," said a security manager for a Fortune 50 oil company who wished to remain anonymous.
"We are concerned because these tools let you set up a hacking location somewhere on the network or somewhere inside the firewall and do whatever you want," he added.
In addition to releasing Back Orifice 2000, the cDc group released open-source code and a set of utilities intended to provide more control over file and registry access as well as network-administration-specific plug-ins for Back Orifice, according to cDc group members.
At last year's DefCon, the cDc and a member code-named Sir Dystic released Back Orifice as a program that, once activated, can provide remote access to Windows 95 and 98 client machines.
The cDc insists that it has released the tool only as a remote administration tool for Windows NT networks.
"We're making this a useful tool, but because of Microsoft's approach to network security and Windows security, they make it a big problem," said a cDc member code-named TweetyFish. "[Microsoft] tries as hard as they can to hide the complicated stuff from the users and the administrator. By doing that, they end up obscuring what the computer is really doing and when that happens you leave yourself open to all kinds of problems."
Microsoft contends that the tool is malicious and targets users more than it targets Microsoft technology.
"It is a tool that is built with the sole purpose of targeting and attacking users, not the technology," said Jason Garms, lead product manager for Windows NT security at Microsoft. "It relies on users being tricked into installing it, in which case it leaves users vulnerable."
"This tool in no way, shape, or form exploits any security vulnerability in the NT system," Garms added. "If there were, we would fix it and that would put an end to Back Orifice."
By releasing open-source code for BO2K, some security vendors fear that cDc has made this tool usable as a delivery mechanism for viruses or malicious code, but the group denies responsibility for any damage that may be done.
Microsoft Corp., in Redmond, Wash., is at www.microsoft.com. The Cult of the Dead Cow, in San Francisco, is at www.cultdeadcow.com.