Script Kiddie Deluxe – Using Trojan horses in the 90s to fuck with people and steal their Internet passwords
When I was 15 or 16, I used to nerd out on the Internet. I wasn’t exactly what you call a hacker. I didn’t know how to find bugs in software or write programs to exploit them. But I did have enough technical knowledge to fuck with people over the Net. I was a script kiddie.
It started when my friend showed me how to do a denial of service attack over IRC. Before there were instant messengers, MSN & Yahoo, everyone on the Net used IRC to chat, and the most popular client for PC was mIRC. MIRC 1.7 had a bug that could be exploited with a script called Flash. So any time someone called me a dick in a chatroom, I’d crash their computer and they’d say “arrrgh what’s going on” and freak out. At that point there were no legal precedents for that sort of thing. Basically you could fuck with people and there’s nothing they could do about it.
Windows 95 had a bug. It had a lot of bugs, but one of my favourite ones was this. Say someone goes to a LAN party, and plays Warcraft 2 with his buddies. He has all his 2 gig hard drives shared so they can trade pr0n and warez. He gets back home and dials into the Net. (Remember this is ’97 in Australia and no one has broadband) His drives are still shared. I come along with my port scanner, searching for IPs that have the drive share port open. I add the lamer’s IP to my shared drives file in my Windows folder. His drives are my network places. Pwned.
If they’re read-onlyl, I look through his files and steal his porn. If they’re write-enabled, I add trojan horses to his start-up folder – Netbus, Back Orifice, and later BO2k and Sub7.
BO was cool technically because I could open telent ports that would drop straight to the command line. So I’d sign in and use the command prompt on their PC. Or I could set up a telnet port that would telnet me to another computer, thus hiding my tracks if I was feeling paranoid.
Back Orifice is a funny name, but an appropriate name for a trojan horse or back-door to a computer. I never understood why, but a year after Back Orifice was exposed in the media, Microsoft released a program called Back Office. I guess Microsoft likes to have their programs associated with arses for altogether different reasons.
Once I found a copy of BO running on a corporate computer in the US. All the computers on the network had names like Mars, Tardis, and Gallifrey. I stole all the passwords he used to log in to the corporate system, set up a telnet port to telnet me into their system, signed in, and read all his boring corporate e-mails.
BO could also send dialog boxes to the person using the computer. So you send messages saying “Hey. You’re a retarded!!!” times 1000. Netbus was cooler because it allowed a response from the user: either Okay/Cancel, or a text response.
So I would send “Would you like to install Microsoft Animus, the new Artificial Intelligence software for the common user? Okay/Cancel.”
He clicks Cancel.
“Too bad jackass. Now downloading Microsoft Animus. 2 minutes remain.
“Hello. This is Microsoft Animus. What’s your name?”
“Derrick. Please go away.”
“No, I am currently re-arranging all your files to make them easier to find.”
“What? Don’t do that. Who told you to do that?”
“It’s in my programming and necessary for proper functioning.”
“What? This is ridiculous. Stop it. Actually… since you’re an AI can you help me with a maths problem?”
“No, sorry, I don’t know how to do that.”
“You are a pretty shitty AI.”
“Yeah well what do you expect for free dumb-arse.”
BO2k was cool when it came out. It had a plug-in called Bopeep which allowed you to see what the user had on their screen, move the mouse and make keystrokes. So you could take over completely, make them search for gay porn and stuff.
I remember going to the cDc chatroom on IRC. I said we needed a way to get BO2k widespread so we could have a whole bunch of computers to mess around with. I wanted to attach it to a game, make my own Trojan horse version, have it for download on the web. A cDc member said no, he wanted it to be popular for its legitimate purpose, used as a remote administration tool. Somehow I doubted that was going to happen.
Microsoft shat on it, saying it was a hacking tool. The evidence was obvious – what kind of remote administration tool would need a stealth mode? Microsoft’s competing tool also had an “invisible mode”, and it also cost $300. Of course, it wasn’t released by a group known in the media for making hacking tools.
Sub7 was the piece de resistance. It had webcam access (when hardly anyone had webcams), password checker that returned Internet access codes, and an IRC function. I set up a chatroom on IRC so every time I pwned someone’s computer, either by infecting them myself, or by portscanning and detecting them, the bot would log in to the chatoom, and loudly proclaim its IP and password. After a couple of months I had a small army, and any time I logged in to IRC, there were nine to twelve bots sitting there.
I considered collecting more and doing a distributed denial of service attack on a major website, but I’d get nothing out of it, so fuck that.
One day I got a call from my brother-in-law, who was the administrator for my ISP. He said he’d gotten a call from NetXpress, a major Australian ISP. Someone had been portscanning them, regularly, and it was a customer of his ISP. Maximillion looked through the logs and said “Okay, I’ll talk to the customer myself.” He said I didn’t have to stop scanning, just on NetXpress Ips. Damn. NetXpress was my favourite – it was juice. I always got some from there when I looked. I said “No worries.”
I didn’t stop scanning NetXpress though. I just started using one of the NetXpress passwords I’d haxored. I’d checked it on the NetXpress site, and it was an unlimited account. Most ISPs you paid $1 an hour at the time. I used the shit out of that account, even giving to five of my friends who asked so their parents wouldn’t complain about $100 Internet bills. Probably should have charged them for the password. When NetXpress changed their unlimited account to a 150 hour/month account, I still didn’t stop pushing it. Probably should have spread it across multiple accounts. But what the hell. They never caught me. I doubt they even suspected, except for the guy with the $150 bill at the end of the month, getting charged for over time. Most ISPs have a clause that says your password is your own responsibility anyway, so too bad suckah.
Related Posts:
Comments (5)
BO was cool…. yeah BO was pretty big back then at a LAN party haha.
[Reply]
kurt Reply:
January 4th, 2009 at 10:48 pm
ain’t that the truth
[Reply]
At my high school, every kid had a laptop that was connected to their own high speed wireless network. I was the go to guy for mini addictive computer games and being the curious cat, I set up a trojan program called ProRat and started embedding virus’s into the mini-games I’d give everyone on my USB Memory stick.
The fun began, and during religion class it become normal for 5 kids laptop CD-ROM drives to pop out simultaneously… every 5 seconds. Or perhaps a mass takeover of laptop screens with a black-screen matrix style dialogue where all they could do was reply back to me or switch off their PC.
Anyway, a few people ended up getting the program as well and I decided to stop using it because the risk of getting caught by the I.T department was getting high with each new user. A week after I stopped using it, 2-3 guys got suspended for using the program I had been using. Leet risk detector.
[Reply]
that was a good story and well told
[Reply]
tell us what you really think: “ARRGH HOLY SHIT MY MOUSE CURSOR IS MOVING ON ITS OWN!!!”
[Reply]