Memories of Sub7
Back in 1998, Cult of the Dead Cow released this revolutionary hacker tool called Back Orifice. Despite its dumb interface, it was fun to play with and I used it to jump into random home computers all over the world, mostly just exploring a users files. About a year after that is when I found a similar program called Sub7.
Sub7 was amazing. Not only did it have a nice, clean interface, it allowed me to do amazing things to random computer users, like see whatever their webcam could see, listen to their room through their microphone, watch their screen, control their mouse, type on their keyboard, change their Windows themes, open and close their CD tray, make official-looking alert boxes pop up on their screens, play sounds for them to hear, flip their screen upside down, reboot their computer, and so much more. I had a blast with this program for a year or two. I never infected a computer with the server software myself – I just scanned IP ranges that I found from users on IRC and from email headers. Nearly every IP range I scanned would find at least 1 computer to “hack” into.
I was surprised one day when my redneck neighbor Tom told me that he had been doing the exact same thing, finding infected computers and spying on them with Sub7. We became pretty good friends after that and regularly exchanged lists of infected computers with each other. I taught Tom to do more than just spy on users by actually having some FUN with them.
At the time, everyone used either Windows 95 or Windows 98. I created several kinds of “theme” packs for each system and uploaded files whenever I got into a new system. It would change a few of their key system sounds to silly things like farts or other annoying noises. It also changed their startup screen and their shutdown screen. Instead of seeing only the words “Windows 95″ on bootup, they would see added text which made it say something like, “A hacker has infected your Windows 95 machine and has complete control over everything you do! Have a nice day!” The shutdown screen displayed something similar. I had other screens that were a little more subtle, but I can’t remember what many of them said. I made at least one set of them that advertised phonelosers.org, thinking it would be great if people started emailing me because phonelosers.org hacked their computer. Surprisingly, these systems wouldn’t usually disappear from my list of infected machines immediately after I uploaded these images. Either they didn’t care or they just didn’t know what to do about it.
I built my collection of mp3 music with Sub7. I think at the time the only way to get pirated music was from Usenet. We didn’t have Napster or Limewire or torrents back then. There were FTP sites and IRC channels to get music from, but I just wasn’t into piracy enough to bother with all that. But when I started finding mp3 files of popular music on peoples’ computers, I began slowly downloading them on my speedy 56k modem. This, of course, slowed down their internet connection to unbearable speeds. Sometimes they would log off in the middle of my download and I would end up with an incomplete song, something I wouldn’t notice until I was listening to music and it would stop playing before the song finished. It was a fun way to build up a music collection though. And it was a really sad thing when I’d find a computer full of mp3 tunes that I really wanted, but they would log off before I could take it all and I’d never find them again.
I won’t even get into all of the personal data I found on peoples computers, but there was a ton of it. I read financial documents, letters to friends and family, diaries and telephone books. I remember reading this incredibly long journal that a guy was writing in Microsoft Word, detailing his sadness and feelings over the divorce he was going through. I popped up a window on his screen one night that looked like a standard Windows alert box, telling him to hang in there and it would all get better soon. I bet he was confused to have his computer try and console him.
I did something to about 10 users in Bend, Oregon that I’m not too proud of. I deleted all of their files. At the time I was involved in a battle with Tannest and she worked at her brother’s Internet Service Provider in Bend. So I would regularly scan the IP ranges for her ISP (BendNet) and when I found an infected one, I would log in and delete pretty much the entire hard drive. I would leave most of the Windows directory intact so that their system wouldn’t actually crash. Then I would pop up an alert box titled BendNet Services. It would read, “You are currently more than 30 days past due on your internet bill. We have removed all of your computer files and will not return them until your bill is paid in full. Thank you for using BendNet internet. -Tannest.” I used her real name, of course. I’m sure she had a tough time convincing the angry users that stormed into her office that they weren’t the ones responsible for deleting all of their files. I seriously felt bad about doing this to people, but the hilarity of pissing off Tannest outweighed the guilt so I kept doing it. After awhile I could never find infected BendNet users anymore, so I always wondered if Tannest started scanning for them herself so she could contact them and fix their machines before I got to them.
I also helped a lot of infected people in my local area. After going through their files and figuring out what their ICQ member number was (Remember when we all used ICQ? Ugh, past, I don’t miss you at all.) I would send them a message on ICQ, using my real account, and explain to them that their machine was infected. I’d direct them to a website that contained a program that would remove Sub7 from their computer so that nobody else could hack them. I made a few local friends by doing this, people that I kept in touch with for years afterward and even met some of them in real life.
I could make a user’s modem dial phone numbers by adding standard modem commands to certain files. A few times I would want to know the identity of a computer that I had access to, but I couldn’t figure it out from their files, so I’d command their modem to hang up from their internet connection and call my home. A look on my caller ID box would give me their identity. Once they logged back on, I would remove my phone number. I could set up their systems to automatically dial any phone number I wanted each time they turned on their computer. It sure was tempting to buy a 1-900 number and make computers all over the country dial my number.
It was fun era of pretending to be a hax0r in the late 90’s and early 00’s and I doubt it’ll ever be so easy again. It’s just too bad that I never used Sub7 to pull any truly epic pranks on anyone. I saw other people post webcam shots of computer users looking thoroughly confused at the weird messages popping up on their computer, but I rarely found computers with webcams attached to them. That’d sure be a fun thing to do today with everyone owning laptops that have built-in webcams and microphones in them.