Memories of Sub7
Back in 1998, Cult of the Dead Cow released this revolutionary hacker tool called Back Orifice. Despite its dumb interface, it was fun to play with and I used it to jump into random home computers all over the world, mostly just exploring a users files. About a year after that is when I found a similar program called Sub7.
Sub7 was amazing. Not only did it have a nice, clean interface, it allowed me to do amazing things to random computer users, like see whatever their webcam could see, listen to their room through their microphone, watch their screen, control their mouse, type on their keyboard, change their Windows themes, open and close their CD tray, make official-looking alert boxes pop up on their screens, play sounds for them to hear, flip their screen upside down, reboot their computer, and so much more. I had a blast with this program for a year or two. I never infected a computer with the server software myself – I just scanned IP ranges that I found from users on IRC and from email headers. Nearly every IP range I scanned would find at least 1 computer to “hack” into.
I was surprised one day when my redneck neighbor Tom told me that he had been doing the exact same thing, finding infected computers and spying on them with Sub7. We became pretty good friends after that and regularly exchanged lists of infected computers with each other. I taught Tom to do more than just spy on users by actually having some FUN with them.
At the time, everyone used either Windows 95 or Windows 98. I created several kinds of “theme” packs for each system and uploaded files whenever I got into a new system. It would change a few of their key system sounds to silly things like farts or other annoying noises. It also changed their startup screen and their shutdown screen. Instead of seeing only the words “Windows 95” on bootup, they would see added text which made it say something like, “A hacker has infected your Windows 95 machine and has complete control over everything you do! Have a nice day!” The shutdown screen displayed something similar. I had other screens that were a little more subtle, but I can’t remember what many of them said. I made at least one set of them that advertised phonelosers.org, thinking it would be great if people started emailing me because phonelosers.org hacked their computer. Surprisingly, these systems wouldn’t usually disappear from my list of infected machines immediately after I uploaded these images. Either they didn’t care or they just didn’t know what to do about it.
I built my collection of mp3 music with Sub7. I think at the time the only way to get pirated music was from Usenet. We didn’t have Napster or Limewire or torrents back then. There were FTP sites and IRC channels to get music from, but I just wasn’t into piracy enough to bother with all that. But when I started finding mp3 files of popular music on peoples’ computers, I began slowly downloading them on my speedy 56k modem. This, of course, slowed down their internet connection to unbearable speeds. Sometimes they would log off in the middle of my download and I would end up with an incomplete song, something I wouldn’t notice until I was listening to music and it would stop playing before the song finished. It was a fun way to build up a music collection though. And it was a really sad thing when I’d find a computer full of mp3 tunes that I really wanted, but they would log off before I could take it all and I’d never find them again.
I won’t even get into all of the personal data I found on peoples computers, but there was a ton of it. I read financial documents, letters to friends and family, diaries and telephone books. I remember reading this incredibly long journal that a guy was writing in Microsoft Word, detailing his sadness and feelings over the divorce he was going through. I popped up a window on his screen one night that looked like a standard Windows alert box, telling him to hang in there and it would all get better soon. I bet he was confused to have his computer try and console him.
I did something to about 10 users in Bend, Oregon that I’m not too proud of. I deleted all of their files. At the time I was involved in a battle with Tannest and she worked at her brother’s Internet Service Provider in Bend. So I would regularly scan the IP ranges for her ISP (BendNet) and when I found an infected one, I would log in and delete pretty much the entire hard drive. I would leave most of the Windows directory intact so that their system wouldn’t actually crash. Then I would pop up an alert box titled BendNet Services. It would read, “You are currently more than 30 days past due on your internet bill. We have removed all of your computer files and will not return them until your bill is paid in full. Thank you for using BendNet internet. -Tannest.” I used her real name, of course. I’m sure she had a tough time convincing the angry users that stormed into her office that they weren’t the ones responsible for deleting all of their files. I seriously felt bad about doing this to people, but the hilarity of pissing off Tannest outweighed the guilt so I kept doing it. After awhile I could never find infected BendNet users anymore, so I always wondered if Tannest started scanning for them herself so she could contact them and fix their machines before I got to them.
I also helped a lot of infected people in my local area. After going through their files and figuring out what their ICQ member number was (Remember when we all used ICQ? Ugh, past, I don’t miss you at all.) I would send them a message on ICQ, using my real account, and explain to them that their machine was infected. I’d direct them to a website that contained a program that would remove Sub7 from their computer so that nobody else could hack them. I made a few local friends by doing this, people that I kept in touch with for years afterward and even met some of them in real life.
I could make a user’s modem dial phone numbers by adding standard modem commands to certain files. A few times I would want to know the identity of a computer that I had access to, but I couldn’t figure it out from their files, so I’d command their modem to hang up from their internet connection and call my home. A look on my caller ID box would give me their identity. Once they logged back on, I would remove my phone number. I could set up their systems to automatically dial any phone number I wanted each time they turned on their computer. It sure was tempting to buy a 1-900 number and make computers all over the country dial my number.
It was fun era of pretending to be a hax0r in the late 90’s and early 00’s and I doubt it’ll ever be so easy again. It’s just too bad that I never used Sub7 to pull any truly epic pranks on anyone. I saw other people post webcam shots of computer users looking thoroughly confused at the weird messages popping up on their computer, but I rarely found computers with webcams attached to them. That’d sure be a fun thing to do today with everyone owning laptops that have built-in webcams and microphones in them.
It’s still just as easy, but it’s not worth the risks since even pranks are now prosecuted like serious crimes with fairly long prison terms attached.
I know I back up most of my important files to disks, and now stick drives. You can always hope some of those poor saps had back ups ;)
I was more of a Netbus fan, myself.
Strangely enough, the company that bought the Netbus website was headquartered in V ero Beach (http://en.wikipedia.org/wiki/Spectorsoft)
Pleased to find this story from you of all people, RBCP.
In the UK, Sub7 and BO/BO2K were practically a way of life. Because of the slow pace of broadband rollout and the market dominance of a former state telecoms monopoly, most Britfags in the late 90s/early 2000s were stuck on 56k modems using dial-up on a local rate number. And guess what? It was charged by the minute. Admittedly… it wasn’t a fortune but people connecting at peak rates or so could end up with phonebills of Â£100+ a month.
By around 2000, some ISPs like BT Internet began offering a toll free number to access their service – but (at least in the beginning) it was pretty pricey – Â£25+. More than I could afford, especially when I went to college.
People like me would pull up the BT Internet IP range from ripe.net and bang it into some portscanner to look for stuff on port 31337 or wtf Sub7s default port was. Once you found someone on that IP range infected, you’d be able to grab their login/password and access the precious toll free 0800 number. Free Internet! Around the clock!
We all knew that BT Internet’s admins would lock out dial-up accounts being accessed from many different phonenumbers so one of the most important things about finding someone who was infected… was removing the virus so that other people couldn’t get their details and cost you a login.
I managed to keep my place supplied with free Internet throughout college. But it was more than that. My favourite trick was embedding the Sub7 installer into the autorun.exe of a CD copy of Unreal Tournament. Used this a couple of times to play a few pranks on people who had pissed me off. My housemate’s boyfriend used to love hitting the circuit breaker in our house as he left. Lost 2 hours of coursework thanks to him. TBH, the revenge story is more interesting if it’s left to your imagination… (all I discovered was he wanked off to Anna Kournakova fake porn) but I ended up having access to his University email/Unix account.
Whilst I was figuring out what I could do with them, I ended up giving them to some guy on IRC who was gonna show me how to get free printer credits. The guy ended up installing packet sniffers, trojans and pretty much rooting the entire University network from that login. One of the college professors had some relatively popular open source software that he distributed on his University webspace. He even put some sort of backdoor in there. Was all during the vacation period. When we got back, there was a bulletin and everyone had to change their passwords. Never got my printer credits :(
I usually didn’t delete peoples stuff either except for this one time I found a user who was downloading porn of old women and children. I deleted his command.com so his computer wouldn’t boot, hoping he would take it somewhere where they would find his porn collection. I didn’t know enough in my teenage years how to report something like that. I remember giving him a windows popup calling him a sick pedophile.