News: Analysis & Commentary: THE INTERNET
NOW ANY HACK CAN BE A HACKER
A bit of free software is giving computer-security experts fits
Just when computer users are recovering from scare stories about security holes in E-mail programs--and suppliers are finishing fixes to plug them--here comes an even more worrisome problem. On Aug. 3, a hacker group known as the Cult of the Dead Cow began distributing Back Orifice, a program that can wreak havoc on PCs running Windows 95 and 98. Once installed, the software makes it possible for an outsider to see what's on the screen, read keystrokes (passwords or credit-card numbers, for example), and install or delete programs. So far, the group claims 50,000 copies of the free program have been downloaded from its Web site. "This is a breathtaking tool," says Susan B. Levy Haskell, a computer security manager at the University of Minnesota. "It's going to nail Corporate America to the wall."
Worse, it's a breakthrough in easy-to-use hackware. Computer-security experts say the software is as simple to use as any Windows program and turns the novice into an instant--and potentially dangerous--hacker. That raises concern that insider attacks, which already account for some 70% of computer crimes, could become far more likely. "You've just made a lot more people capable," says Patrick Taylor, director of marketing for Atlanta-based Internet Security Systems Inc."SUBSTANTIAL DAMAGE." What's behind this nefarious development? The Cult of the Dead Cow says that it released Back Orifice to raise awareness about security problems with Microsoft Corp. programs. "Back Orifice will force Microsoft to sit up and take notice," says Deth Veggie, a member of the group who says his real first name is Luke.
Microsoft is taking the program seriously. The software giant has 300 employees trying to secure all its software products and is working with security companies to devise ways to detect the Back Orifice software. As Edmund Muth, Microsoft's product manager for security, concedes: "This is the kind of software that could produce very substantial damage to someone's computer if it were installed."
And installing this software isn't so difficult. Computer security experts say the program--which is remarkably tiny--can be hidden within an attachment to an E-mail message. Once the unsuspecting recipient clicks on that file, Back Orifice installs itself and can begin transmitting information back to the sender.
Various security holes--including the recently disclosed problems with E-mail programs from Netscape Communications, Microsoft, and Eudora--can also be used to sneak the software onto a machine. Experts say that software patches released to fix bugs in the E-mail programs, for example, will prevent hackers from exploiting the programs' flaws to install Back Orifice. But, they warn, many companies are slow to incorporate software fixes, while others ignore updates altogether. "How you get this installed is actually quite easy," says Drew Williams, manager of the InfoSecurity SWAT team for Axent Technologies Inc.
Computer-security companies are developing antidotes. The program can be detected by scanning computers for a communications line that may be open and sending data. Regardless, experts warn that it's dangerous to open E-mail from people you don't know. "If I don't know what it is, I don't open it," says Charles C. Palmer, manager of IBM's network security group. For now, that may be the best safeguard.By Ira Sager in New York