Information Virus
Back Orifice Back Door
There have recently been accusations that the Back Orifice windows GUI
client contains code which reports the results from subnet scans via
http to www.netninja.com. As the sole author of both the server and the
client, I should know better than anyone else what is in the code. I
have attempted to answer some questions concerning these issues:
Is this possible?
It would be very easy to code either the client or the server to send
any information it wanted to any address on the internet. Since the client
is already listening on a UDP port (to receive responses packets from the
servers) it would also be possible to implement all the functionality
of the BO server in the client. With a simple port scan, you could
determine the port the client is listening on and send commands.
Is this likely?
Making a tcp connection to a static address is not very sly. It would
be very easy to determine who the information is being sent to (in this
case, supposedly www.netninja.com) and being the known publisher of this
well known piece of software that did this, we would probably be getting
into legal issues, and definitely ethical issues.
President Clinton issued Executive Order 13088 back on June 9, 1998,
which creates basic trade sanctions, freezing of Yugoslavian
assets, etc...
As expected the Treasury Departments Office of Foreign Assets
Control issued 73 licenses for exemptions to the order. These
where reported in a Letter
to Congress and they included such things as overflight fees
for commercial airliners, for aid organizations to do their
business there, diplomatic transactions, etc... Normal stuff.
The Excutive
Order 13121 issued on April 30, 1999 changes the first order
removing the provision for exceptions. But it also : "prohibits
exports or reexports, directly or indirectly, from the United
States or by a United States person, wherever located, of goods,
software, technology, or services to the Federal Republic of
Yugoslavia (Serbia and Montenegro)." Clinton summarized these
changes in this letter to Congress dated May 1, 1999.
Now this could be interpreted to include prohibitions on providing
telecommunications services like Internet connectivity. If you're
an ISP in the US, and you sell bandwidth to someone who resells
bandwidth to a Yugoslavian ISP, it would appear that you would be
covered by this order and would be prevented from providing this
service.
However, the International Emergency Economic Powers Act, whose
text is available here
and here,
seems to indicate that the President DOES NOT have authority to
regulate the following: "postal, telegraphic, telephonic, or other
personal communication, which does not involve a transfer of
anything of value". This can be interpreted to include Internet
access.
Of course all of this only effects the United States. The
European Union may enact their own sanctions.
OK, now the legal stuff is out of the way.
It would seem that this whole thing started when Loral Space & Communications, one
of the biggest US satellite communication firms, had informed
Belgrade provider "Informatika" that they would stop Internet
services for all Yugoslavia providers who are linked to providers
in the USA. They claimed that the decision was based on a
Presidential Order from Bill Clinton. (It should be noted that
this information comes from Yugoslavian ISPs)
Some reports have indicated that Loral Space & Communications has
now decided not to disconnect Yugoslavia from the Internet,
because of the protests from around the world that followed the
announcement.
Other reports say that Loral Space
& Communications is currently in negotiations with the
Treasury Departments Office of Foreign Assets Control in an
attempt to correctly interpret the law.
Even other unconfirmed reports indicate that UUNET was informed by
the State Department last Thursday that all commerce to the
republic of Yugoslavia was to be terminated. We have been unable
to confirm this report.
It would be unfortunate if eye witness reports and first hand
accounts where silenced from the war zone. They say that all is
fair in love and war. Wait, has there been an official declaration
of war?