Back Orifice 2000
Encyclopedia
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
designed for remote system administration
Remote administration
Remote administration refers to any method of controlling a computer from a remote location.Software that allows remote administration is becoming increasingly common and is often used when it is difficult or impractical to be physically near a system in order to use it, or in order to access web...
. It enables a user to control a computer running the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system from a remote location. The name is a pun on Microsoft BackOffice Server
Microsoft BackOffice Server
Microsoft BackOffice Server was a computer software package featuring Windows NT Server and other Microsoft server products that ran on NT server. It was marketed during the 1990s and early 2000s for use in branch operations and for small businesses to run their back office operations.The small...
software.
BO2k debuted on July 10, 1999 at DEF CON 7 computer security convention in Las Vegas, Nevada
Las Vegas metropolitan area
The Las Vegas Valley is the heart of the Las Vegas-Paradise, NV MSA also known as the Las Vegas–Paradise–Henderson MSA which includes all of Clark County, Nevada, and is a metropolitan area in the southern part of the U.S. state of Nevada. The Valley is defined by the Las Vegas Valley landform, a ...
. It was originally written by Dildog
Dildog
Christien Rioux, also known by his handle DilDog, is the co-founder and chief scientist for the Burlington, Massachusetts based company Veracode, for which he is the main patent holder....
, a member of US hacker group Cult of the Dead Cow
Cult of the Dead Cow
Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas. The group maintains a weblog on its site, also titled "Cult of the Dead Cow"...
. It was a successor to the cDc's Back Orifice
Back Orifice
Back Orifice is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a word play on Microsoft BackOffice Server software.Back Orifice was designed with...
remote administration tool, released the previous year. , BO2k is being actively developed.
Whereas the original Back Orifice was limited to the Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
and Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
operating systems, BO2k also supports Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
. Some BO2k client functionality has also been implemented for Linux
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
-systems. In addition, BO2k was released as free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
, which allows one to port
Porting
In computer science, porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed...
it to other operating systems.
Plugins
BO2k has a plugin architecture. The optional plugins include- communication encryption with AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
, serpent, CAST-256CAST-256In cryptography, CAST-256 is a block cipher published in June 1998. It was submitted as a candidate for the Advanced Encryption Standard ; however, it was not among the five AES finalists. It is an extension of an earlier cipher, CAST-128; both were designed according to the "CAST" design...
, IDEAInternational Data Encryption AlgorithmIn cryptography, the International Data Encryption Algorithm is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard[DES]...
or BlowfishBlowfish (cipher)Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
encryption algorithms - network address altering notification by emailEmailElectronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
and cgiCommon Gateway InterfaceThe Common Gateway Interface is a standard method for web servers software to delegate the generation of web pages to executable files... - total remote file control
- remote Windows registryWindows registryThe Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
editing - watching at the desktop remotely by streaming video
- remote control of both the keyboard and the mouse
- a chat, allowing administrator to discuss with users
- option to hide things from system (rootkitRootkitA rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
behaviour, based on FU Rootkit) - accessing systems hidden by a firewall (the administrated system can form a connection outward to the administrators computer. Optionally, to escape even more connection problems, the communication can be done by a web browser the user uses to surf the web.)
- forming connection chains through a number of administrated systems
- client-less remote administration over IRCInternet Relay ChatInternet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
- on-line keypress recording.
Controversy
Back Orifice and Back Orifice 2000 are widely regarded as malwareMalware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, tools intended to be used as a combined rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
and backdoor. For example at present many antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
s identify them as trojan horses
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
. This classification is justified by the fact that BO2k can be installed by a trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator. System administrators should ignore the alerts when they are using BO2k for administration of their system.
There are several reasons for this, including: the association with cDc; the tone of the initial product launch at Def Con '99 (including that the first distribution of BO2k by cDc was infected by the CIH
CIH (computer virus)
CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows computer virus written by Chen Ing Hau of Travian...
virus); the existence of tools (such as "Silk rope") designed to add BO2k dropper
Dropper
A dropper is a program that has been designed to "install" some sort of malware to a target system. The malware code can be contained within the dropper in such a way as to avoid detection by virus scanners or the dropper may download the malware to the target machine once activated ....
capability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes. The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place. According to the official BO2k documentation, the person running the BO2k server is not supposed to know that it is running on his computer.
BO2k developers counter these concerns in their Note on Product Legitimacy and Security, pointing out—among other things—that some remote administration tools widely recognized as legitimate, also have options for silent installation and operation.