Each year, I get numerous requests from the media to discuss events surrounding the DefCon hacker conference in Las Vegas. In this story, the Financial Times spoke to me about the role that WhiteHat hackers play in the security community. I am still not a fan of security through obscurity.
Hackers open door to Windows
The Financial Times
Niall McKay reports on Back Orifice 2000, a new version of the software program designed to give unauthorised access to computer systems.
Computer security and anti-virus software vendors flocked to Las Vegas last weekend to obtain a copy of Back Orifice 2000, a new release of the infamous software program used to gain unauthorised access to computer systems.
The software, released by a group of hackers known as the Cult of the Dead Cow, was the highlight of Def Con, the annual hackers’ jamboree. It was attended by 4,000 computer security professionals, hackers, so-called script-kiddies or novices, and federal law enforcement and intelligence officials. There have so far been more than 500,000 downloads of the first version of Back Orifice, which targeted Microsoft’s Windows 95 and 98 operating systems. The software can be downloaded to a computer user’s system without their permission or knowledge.
Security experts believe the new version will pose a significant threat to the corporate world because it targets Microsoft’s “industrial strength” Windows NT operating system and is much more difficult to detect.
The release has sparked a row between the hacker community and Microsoft over the design of popular computer operating systems. Microsoft argues that the program exploits users, not its technology, while hackers argue that this does not matter so long as it provides unauthorised access.
Classified as a “Backdoor” or “Trojan Horse”, the program relies on the ability of hackers to dupe the computer user into installing it on their desktop computer. The most common way to achieve this is to hide it in an e-mail attachment. Once installed it can be used to gain complete control of the user’s system.
“The message here is that computer users need to be aware that they should not accept candy from strangers,” says Jason Garms, lead product manager for Microsoft Windows NT security. “They should update their anti-virus software and never double-click on an e-mail attachment unless they know who it’s from.”
Mr Garms classifies the Cult of the Dead Cow as computer vandals. “It’s amazing that this type of behaviour seems to be acceptable to the public,” he says. “The internet is like the wild west right now and just because it’s possible to create a tool that breaks into computer systems does not mean that it’s permissible.”
However, the Cult of the Dead Cow sees itself as a group of new age computer security evangelists. They do not make any money from their exploits and claim to spend their time breaking into their own computer systems to expose weaknesses in popular software programs.
“Trojan horses are a problem in every operating system,” says the software’s author, whose nickname is Dildog. “It is a design flaw that can only be temporarily solved by anti-virus and security software because once the code is modified it cannot be detected.”
The solution, says Dildog, is to change the way computer operating systems work by either creating a “sandbox” – a secure environment in which to launch applications – or by providing software that lets the user know exactly what an application is doing to their system.
Security industry officials are divided on whether they condone the actions of the Cult of the Dead Cow. Some believe it is irresponsible to distribute the software, while others argue that there are many similar programs available on the internet and only publicity will highlight the problem.
“Their message is valid,” says Chris Klaus, founder and chief technology officer of Internet Security Systems, a security software vendor and consultancy in Atlanta, Georgia. “But their method is deeply flawed. They are making it easy for anybody to break into a computer system.”
And Matthew DeVost, director of intelligence analysis with Infrastructure Defense, a Washington-based computer security company, says hacker groups such as the Cult of the Dead Cow serve a useful purpose in the security industry. “I am not an advocate of security through obscurity,” he says. “If these groups find a weakness then I believe that they should expose it.”
But it has not taken long for the IT industry to fight back. On Monday, ISS said it had decoded Back Orifice 2000’s protocols and encryption algorithms in less than 24 hours, and was rapidly developing counter-measures. Yesterday, Network Associates said its Total Virus Defense line of products had been updated to detect the new software (which is not technically a virus) in e-mail attachments.