If you're in a chair like this, or something like this, when I say dead, you say cow! Dead! Cow! Dead!
Cow! When I say dead! It won't get any better than this. This evening full of positive madness, youthful vipers, vigor, and freedom in Las Vegas will be the pinnacle of a strange cult that has changed the history of hacking, digital technology, and cybersecurity. Shaggy-haired geeks brought a multi-billion-dollar Goliath, the Microsoft Corporation, to its knees.
It's the year 1999. Most likely, your PC is running Windows 95 or 98. It's all clear and logical. Even grandma would understand. That's why these are the most widely used operating systems in the world at the time.
And then you receive an email. And in the email, there's an innocent executable file. Seems harmless enough, but now your computer is no longer just yours. It's been infected with back orifice. Officially, it's a remote administration tool.
But in reality, it's malware that exploits our built-in vulnerability in the operating system. And now everything on your PC is no longer just yours. The hacker can copy files, even delete them.
If he wants to, he can simply destroy the system. And you might be the last to know about it. However, those who wrote the software had no intention of harming hundreds of thousands of users around the world.
On the contrary, they wanted to warn the most influential tech corporation about critical vulnerabilities in their operating system. Sometimes, to make someone listen, you need to burn everything to the ground. This video was created by Sumsub, the verification platform.
We make the digital world people-friendly, yet secure. Meet Kevin Wheeler. In five minutes he will take the stage at the DEFCON Hacker Convention.
He could easily pass for a participant in a wrestling show. Interestingly, his nickname is quite wrestler-like, Grandmaster Rat. And his task is similar. To energize the crowd, to put on a show.
However, the audience is nothing like wrestling spectators. Dressed in this attire, Kevin stepped onto the stage at the DEFCON 99 conference for programmers and hackers. But this guy knows what he's doing. The performance is meant to draw media attention to the new version of a utility created by hackers from the Cult of the Dead Cow, an organization that Kevin founded more than 10 years ago.
Bo, as the program is called, is kryptonite against Bill Gates'all-powerful corporation, and it will change the world of software. However, Grandmaster Rat wasn't always so bold and shocking. The mid-80s, Lubbock, Texas. Kevin Wheeler, what today would be called an Omega, was a quiet, friendless teenager, surrounded by the conservative evangelical community of Lubbock, Texas.
He had already been a fan of the church, watched war games multiple times and was actively seeking like-minded individuals online. Back then, the network was nothing like the modern internet. Patience and enthusiasm were a must. The main mode of communication and information exchange were bulletin board systems or BBS. They had a simple text-based interface where users navigated menus and forums using keyboard commands, connecting through modems over phone lines, Users would dial into a BBS and then could download files and participate in text-based games.
Each BBS was a community hub, often organized around interests or geographic location. It was like D&D, but at the dawn of the computer era. Through these BBS, Kevin Wheeler found kindred spirits, those who would become the foundation of one of the most famous hacker groups. Kevin Wheeler, BBS User It was just so exciting that there was this, yeah, that's funny, there was like this underground.
Kevin Wheeler, BBS User There's stuff going on and people hacking stuff and messing with things that the other mags weren't talking about. Because yeah, it was really exciting to see that. And then gears started turning, you know.
They started with freaking. At that time, it was a popular blue box, an electronic device that generated tones to mimic those used by phone companies to control calls. There's no way you're going to pay for that. You can't afford it.
And if you're doing it... legit on your parents'line, I mean, they're going to kill you next month. The new organization needed a name.
Of course, it had to be a cult. But a cult of What? Texas, slaughterhouses, cow horns everywhere as decor, hence, cult of the dead cow. Mysterious, dangerous, with a touch of humor. CDC is pretty much a social club, or at least New Hack is a place for this sort of social club.
And rather than having bake sales or smoking cigars and handling brandy snifters, we work with computers and networks. Membership was by invitation only. The audience, not recognized by society underdogs, obsessed with various utopian ideas, rejecting current morals and societal norms. For example, they rejected proper spelling and intentionally mangled grammar.
Sound familiar? To understand how much the early cult was about more than just free phone calls, you can look at the history of group member Franklin Gebe. His real name is Bill Brown.
He connected with board administrators in 1986, and his first contribution to this cult was a psychedelic quasi-religious text called the Book of Cow. Delving too deeply into the contradictory ideology of the early cult is pointless. It was as idealistic as it was contradictory. The state will disappear. and an era of universal prosperity will dawn, with self-organizing communities of people striving for the common good.
At the beginning of the 90s, the cult was doing different tricks. But that's not all. Their activities began to scale up.
They created DIY media, which still exists on the internet. They gathered a fanbase and engaged in what they call hacktivism. They even released music. Unusual for a hacker group, isn't it? But the most significant thing, in the mid-90s, the cult merged with the hacker group The Loft.
Essentially, they were a few tech-savvies and computer enthusiasts who came together to share knowledge and research vulnerabilities in existing systems. It turns out that I had ended up getting most of the Loft guys their first daytime jobs. I liked them, so I wanted to do nice things for them. And, you know, we were all technically like-minded, and they started to invite me to certain areas.
And, you know, The Loft, you know, kind of had more. One of the founders of Loft was Peter Zatko, much, and it was him who would play a significant role. Remember him.
The guys rented an old warehouse in southern Boston and turned it into their laboratory, called Loft Heavy Industries. Unlike many hackers at the time, they didn't hide their faces and real names. In the rented loft, anything went on, not just related to hacking. The outsiders were living their best lives like rock stars.
Parties, alcohol, substances, and girls. Everyone called each other by their nicknames. Dr. Vegetable, hair doctor, professor.
I spent 30 plus years of, like, you know, finely honed instincts to avoid saying this, but my name is Luke Benfai. I am the head of operations and information security at Cloud IQ Limited in the UK. The cult and the Loft eventually found each other and became essentially one organization.
Loft can be said to have become the official, respectable branch of CDC. If you gentlemen would come forward. We're joined today by the seven members of the Loft hacker think tank in Cambridge, Massachusetts.
Due to the sensitivity of the work done at the Loft. They'll be using their hacker names of Mudge, Weld, Brown Oblivion, Kingpin, Space Rogue, Tan, and Stefan. Why the hackers on this video are in the suits, what they talk about, and how angry the congress is, we'll tell you later on.
By the mid-90s. the personal computer and internet access were no longer exclusive to large corporations, Wall Street tycoons and geeks. The hypertext transfer protocol and the mosaic graphical web browser in 1993 allowed the internet to move beyond simple messaging.
PCs became relatively affordable, compact and most importantly, increasingly user-friendly. The favorite marketing trick was, even your grandma can figure it out. Bill Gates and and Microsoft played a huge role in this. In the mid-decade, they released the revolutionary Windows 95 and 98. A huge number of noobs went online, thinking they had entered a safe digital space, when in reality, they found themselves in the jungle as defenseless prey. You know, it's relatively safe.
Well, it's not. There was this guy, Josh Buchbinder, also known as Sir Distig. Technically, he was not a member of the CDC, but he got to know the cultists at conferences and communicated with them extensively.
It didn't take him long to realize that the new Windows was suffering from a birth defect that any technically inclined person could exploit. Essentially, Windows 95 and Win 98 inherited versions 3.11, which in turn was a graphical overlay on MS-DOS. Microsoft deemed it unnecessary to build differentiation of access rights into these operating systems.
They pointed to Windows NT as the corporate solution, saying if you need different user privileges, that's where to go. But in the standard mass-market Windows, anyone launching the OS was by default treated by the environment as an administrator. And Buchbinder saw that in essence, To take control of any machine in the world connected to the network, it was enough for an experienced user to install just one program. At that time, people very poorly understood the danger of viruses.
Windows 95 and 98 had no automatic update system, firewall or embedded antivirus. This meant that known vulnerabilities could remain for months or years. And the computer was vulnerable to viruses.
And many users didn't understand why they needed antivirus on their PC. So the CDC realized, the most popular operating systems in the world, used by millions, were essentially defenseless against hackers. Perhaps Microsoft subordinates already understood that no patches could solve the problem. The system was initially built with a defect.
It was necessary either to recall the product, which would cause terrible financial and, most importantly, reputational losses, or to pretend that nothing terrible could happen. That's what Microsoft did. It took Josh Buchbinder a myriad of sleepless nights and countless joints to write the first version of the program, that later became known as Back Orifice.
When Bo was ready for release, internal debates took place within the CDC. Not everyone supported the release of that software. They feared the consequences.
But the majority of the founders gave the green light. By the way, Josh himself feared legal consequences and personally contacted an FBI officer, asking him what would happen if he published this tool on the internet. The officer first said, I wouldn't do that, and it's not technically illegal. But Josh checked one last time to be sure.
So, I'm good? He asked. You're good, the agent sighed. Then people have absolutely no protection. And that's the awareness that we're trying to raise.
It's really frustrating that nobody has actually come up with a decent solution for it. Now let's take a closer look at Back Orifice through the eyes of people in 2024. We could have just turned on old videos with a detailed analysis of the program, but they either have the picture far from the already familiar HD quality, Or they sound like this. We decided to go the hard way.
But to run a program from 99, you need to find equipment from that time. It won't work on modern equipment. So we found a collector of old computers. God bless such people.
Two items were allocated to us for filming. The first one is a Toshiba Satellite P35 with a Pentium 4 processor and 512MB of RAM. At one time, It was considered a powerful gaming laptop, as it was equipped with a 17-inch screen and a powerful audio system.
But for our purposes, this is not important. It will be the attacker for us. The second item is a Compaq Evo N620 on a Pentium M with 256 MB of RAM.
Both of these computers were designed for Windows XP, but to make our demonstration work, we had to install an older version of Windows on them. We combine these experiments into a local network. Let's start the experiment. So, on the attacking computer, we launch the BackOrifice configurator and set up the application that we will send to the victim.
Next, we select the executable file of the BackOrifice server part. We specify the port on which the program will operate. We sent this executable file to the victim's computer in an email. Do you remember it from the beginning of the video?
After the victim launches the back orifice executable file on his machine, we launch the client on the attacking computer and click the connect button. That's it. The connection is established.
Now we can send various commands to the victim's computer. Let's send our victim a short message. We can also run an audio file. Hey, this is Call of the Dead, Cal. Your computer is hacked.
You can do more serious things. For example, delete some important files, and so on, as far as your imagination goes. Roughly speaking, you can say that BO works like modern remote access programs, like Teamviewer. But unlike TV, Orifice doesn't show that it stays in the machine, and the hacker can do whatever he wants with it.
In fact, the hacker had even more rights than the legal owner. Another vivid feature of BO was that anyone with access could essentially watch what was happening, on thousands of infected machines, literally live. Bo users took screenshots of desktops of unsuspecting people and shared them on the internet. There's like, there's sites with screenshots that have like hundreds of screenshots. So there's one, it's someone, yeah, it's someone with their Microsoft money, with Microsoft money open, with their personal finances, and 50 dialogue boxes in front of it that all say, I bet you're wetting your pants right now.
Back Orifice spread through the network like a forest fire. largely due to the low culture of digital security. Without thinking, people downloaded third-party archives from the network, inserted disks and diskettes with malware. Moreover, at that time, antivirus technologies lagged two generations behind malware. But the main thing was that the software was very simple to use.
And in all the 90s, hacking was a secret knowledge accessible to only a few. Then after the release of BO, Any schoolchild could engage in digital hacking. Microsoft remained silent for some time after the BO release, not reacting even when the number of infections exceeded hundreds of thousands. But when the back-RFS pandemic became global, Gates'people acknowledged. There were vulnerabilities in their main product.
The company released patches, and recommended using their corporate product Windows NT, the cult of the dead cow could celebrate and could do some PR. It was Mudge who understood the importance of working with the media. As a rule, hacker groups avoided communicating with the press, but Peter Zatko saw the old media as a platform.
The group even had its own press service that responded to requests from newspapers and radio stations, issuing press releases. I'm Death Veggie. I'm the Minister of Propaganda for the CDC. We were the first hacking group to really try to leverage the media to get messages out there that sort of, you know, we had a list of contacts of people that we would talk to, and we would send out our global domination update to like let them know what was going on, or, you know, both within what we were doing and also things that we thought were important.
The mysterious criminals interfering not only with people's home computers, but also with the main NORAD computing system, were excellent material for journalists. The CDC decided to help explain those phenomena at a level understandable to reporters. But the cultists had their own strategy.
If journalists asked serious questions, they got serious answers. If stupid ones, they ran into the most rampant trolling. Where did you get this thing? It came from space. Perhaps the most memorable episode was the testimony before Congress.
I'm informed that you think that within 30 minutes, the seven of you could make the Internet unusable for the entire nation. Is that correct? That's correct, actually.
One of us with just a few packets. But neither the statements in Congress, nor the hype after the release of the first version of MacOrifice, fundamentally changed Microsoft's attitude to the danger. And in the cult, they set to work on the second version of the program. This time it was written by Christian Rue, aka Dildog. He joined Loft in the late 90s, and immediately became a microstar of the community.
His task was to make the second version of Orifice more open and, let's say, customizable. And he did a great job. Bo, written in C++, supported a modular architecture, and it was possible to connect plugins to it. And most importantly, it was released with open source code, which allowed everyone to explore its capabilities as deeply as possible. The presentation was announced at DEF CON 99, and what a show it was.
When I say dead, you say cow! Dead! Cow! Dead!
Cow! After Kevin warmed up the crowd, he handed the floor to Josh Bookbinder. After all, the idea of the program belongs to him. He was the author of the first version.
Then Dildog took the stage, presenting the features of the new version. We have something called Motool. This is just the first item here. It actually provides a remote file browser that looks just like the Microsoft Explorer. And it lets you see and manipulate files on the other side, download them, upload them all through your channels.
As a result, this presentation really thrilled the industry. The openness of the code gave hackers around the world the opportunity to work on improving Back Orifice. People are going to take the source code, strip everything out, put it in their own commands that do what they want it to do. But, you know, such is the nature of the beast. The program became even more popular than its predecessor.
And the guys from CDC wouldn't be themselves if they didn't add ideology. After all, at that level, they were already more than just network troublemakers. Tweety Fish, one of the cultists, wrote the Hacker's Code, clearly addressed to new teammates who entered the industry through Back Orifice.
The commandments were roughly like this. Hackers should use their knowledge for the benefit of society, respect the confidentiality of private life, and follow the law as much as possible. It's unlikely that thousands of yesterday's school kids and students who entered the security industry through back orifice strictly followed these imperatives.
But still. It's been a lot of fun to write, and I think you guys should have a lot of fun using it. It's also something that I would honestly like to see being used as legitimately as possible.
Now, I know that the last version of VO, you know, was just the most convenient thing for a charging horse. It really was. By the way, the FBI did open a case against CDC. However, there were no consequences for them, as they had been promised. After such a media callout, Microsoft had to respond.
The corporation released a press statement, acknowledging the problem. However, in this press release, Microsoft insisted that for a hacker to install Bo on your computer, he must have physical access to it, or use social engineering skills to force the victim to do so. But the main thing was that Gates decided to revise the entire approach to the Windows architecture.
The corporation released Windows XP in 2001, burying the 9X line along with its legacy, when they finally switched to the NT architecture. That was a revolution in the world of operating systems. And the cows played no small role in this.
When I say dead, you say cow! Dead! Cow!
Dead! Cow! Another effect was the exponential growth of hacker attacks.
And if there's a bullet, there's armor. Similarly, antivirus solutions started growing exponentially. Companies writing programs against hacking got rich. Hello, old man McAfee.
That's it. Since the early 2000s, studying vulnerabilities has become attractive. And those who heard about Bo went into hacking. But not all hackers wear white hats. Now, for fraudsters, there's a whole industry.
For example, the RAS, Ransom as a Service, business model, where developers of malicious software provide other criminals with ransomware programs and infrastructure for managing them. Crazy, right? In the era of the wild internet, hacker enthusiasts wrote viruses to wipe antivirus companies'eyes.
Developers were interested in trying themselves and showing the vulnerabilities of systems back then. But the era of the Wild West ended. As a tech company that provides ready-made solutions for other companies for client verification, we conduct an internal research on identity fraud dynamics every year.
And the data for 2023, based on our internal statistics, is shocking. The dynamics are growing. For instance, deepfake technology continues to pose a significant threat in the realm of identity fraud.
The widespread accessibility of this technology has made it easier and cheaper for criminals to create highly realistic audio, photo and video manipulations, deceiving individuals and fraud prevention systems. There is no way for us to be 100% fail-proof if we just rely on just one stage of defense. So, our approach is to secure every stage of the user journey through a comprehensive onboarding process. and continuous monitoring without compromising convenience and platform speed. For the user who registers and later uses the platform, the verification process takes a couple of seconds and sometimes is even unnoticed.
Because for us, it's also important to remain fast and user-friendly. And what happened to the cult itself? The era of freedom and merry chaos cannot last forever. Revolutionaries either perish or join the service of the state. After 9-11 and the information protection laws enacted in the USA, intelligence agencies began monitoring hackers much more closely.
However, CDC remained untouched. Perhaps because they were truly white-hat hackers, or because they actively started helping in the search for potential vulnerabilities and threats. Over the 20 years following the legendary presentation in Las Vegas, the cult released several major products.
For example, Scatterchat, a closed encrypted messenger, long before Signal. And just a year ago, back at DEF CON in Vegas, the successors of the cult presented Valid, deliberately misspelled, keeping with tradition. It's a platform and protocol, like Tor, but for creating applications. And the founding fathers themselves did quite well. Perhaps the most interesting life trajectory belongs to Peter Mudge Zatko.
In the mid-2000s, he was He worked at a government computer security lab, and in 2020, he became the head of security at Twitter. First, you deny corporations and the state, then you fight against them, then you join them. The only cult that gains followers not from a young age, but in maturity. But these guys undoubtedly change the world of digital security and attitudes towards privacy. It's scary to imagine what would happen if hackers united by a dead cow were on the docks.
side.