Learning from Hackers

The 2nd Black Hat Briefings security convention was held in Las Vegas a week or so ago, and just like last year, it was a weird, surreal mix of hackers, phreaks and corporate suits and ties. The suits paid $1,000 each to have the hackers tell them about the security holes in their products and networks. On reflection, that's a lot cheaper than hiring a consultant to do a security audit, isn't it? Especially since the hackers speaking at the conference are also among the highest paid security consultants around - and probably worth every penny.

The real fun began the day after Black Hat, though, when Def Con started. This sixth gathering of "Hackers, Phreaks, Hammies, Virii Coders, Programmers, Crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, Artists, the Criminally Insane and the Hearing Impaired" is a lot more like what you'd expect a gathering of the legally challenged to be. Leisure activities included "Spot the Fed" and "Spot the Screenwriter" contests (winners got T-shirts). Speaker topics included major computer crimes from the past year; tools of spying such as dead drops, semaphores and cut-outs; hacking the travel industry; a two-year effort in massive multimodem war dialing; and "Hacking the Big Iron - Security Issues in Large Unix Environments."

One of the announcements at Def Con was "BackOrifice," a hacker's bag of tricks from The Cult of the Dead Cow. BackOrifice is a product euphemistically described as a remote Windows administration tool. BackOrifice allows the user to control and monitor computers running the Windows operating system over a network. It includes a keyboard monitor to trap password entries; an HTTP server to allow uploads and downloads of files to and from a machine on any port using any HTTP client; and a packet sniffer that allows easy monitoring of network traffic.

BackOrifice also allows connection redirection, in which connections are bounced off one machine to any other machine on the Internet, thus hiding the actual source of the connection. It can be attached to another executable, just like a virus, and will install itself when the application is run. But BackOrifice won't show up in the Windows task list, so the user has no way of knowing it's running.

I can't decide if BackOrifice is really a hackers' tool or something the FBI (or the National Security Agency) commissioned to find ways around privacy and security issues. Could the entire hacker community be just a front for the government?

Kearns, a former network administrator, is a freelance writer and consultant in Austin, Texas. He can be reached at wired@vquill.com.