On another BBS that I was a part of, the sysop would come home from school every day to find his system had crashed. It had simply frozen up and would have to be rebooted. Eventually he found out from someone that there was a bug in that version of that particular BBS. A "\x" typed at the password prompt caused
everything to halt. Key por0ons of the BBS software were written in easily changeable, interpreted BASIC. To remedy the problem I simply added a line after the prompt that would disconnect anyone who tried typing in the dreaded 'Ax." It worked.
I've always wondered about that "\x." Why would such a harmful thing be there? I can't imag-ine the programmer putting it in purposely, unless perhaps it was a means to bother unlawful users of his software. Maybe it was some trap door that had gone awry. Maybe if I had studied the program more I would have figured out its meaning.
Maybe - this is a credible possibility - that bug had been placed there by the person who had given the copy of the software to the sysop, or by the pirate who had first bootlegged it, or by anyone at all along the line. Pirated software travels so rapidly across the country and around the world that literally thousands upon thousands of persons might have had the chance to add the 'Ax" thing and distribute the buggy code. Hey - are you starting to get an idea there? I know I am!
You could either write your own BBS program or alter a currently existing one, with some secret features such as an exit to DOS, or whatever trap doors tickle your fancy. You could put in a line which checks to see if a very obscure and unlikely control code is entered at the login prompt, and if so, highest system access is
gained.
A twist to this tactic is to write or change a terminal program, which you give to the user. When it receives an internal code while connected to your BBS, you gain access to the calling com-puter. For example, a user would be running your special terminal program while calling your BBS. The BBS, would send a code to the
caller's modem, which would allow you to wander around the caller's hard drive. To cover up the fact that you're roaming around in there, entry would have to take place during a long file transfer or, if it is a slow modem, during those time lags between modem action. The terminal program could continue pre-tending to
receive data while you surfed the remote user's drives.
PRODIGY, a graphic-oriented interactive, on-line service, was accused of engaging in a variation on this theme in the summer of 1991. Users were finding personal data buried inside the software that is used to dial up PRODIGY. After complaints and outrage, PRODIGY's senior vice president mailed out a utility to those
concerned, which would erase non-essential data from the service's terminal software. In an accompanying letter he sincerely asserted:
As we have stated publicly and written on-line, the PRODIGY software does not read, collect or transmit to PRODIGY Services Company any information or data that is not directly connected to ur use of the service. We want to assure you yo that we will continue to work to safeguard the privacy of all of our members.
Maybe theirs doesn't do those things - but yourscan!
Years ago, one group of enterprising hackers distributed their own homebrewed, broken termi-nal program for the Macintosh line. The program gave users the convenient option of allowing them to store passwords and other login procedures on disk so that one would never have to worry about forgetting them. The
information was stored in en-crypted form on a hidden part of the disk. The program was developed to "go bad" after several phone numbers and passwords were stored, the hope being that users would send back the disks, and the hackers would end up with a bunch of precious login information.
This should be taken as more theory than actual practice: PRODIGY can get away with requiring users to boot from their software because of the unique graphics and mouse interface provided. Unless you work something like that into your term program, who's going to want to bother in-stalling and learning your software when they are already familiar with one or several commercial packages? In fact, this is what happened to that group of hackers. Initially there was great interest in their terminal program (which they gave away free), but no one wanted to go through the trouble of using it. The problem was, the hackers gave the program out to experienced users who had already developed an intimacy with one or more commer-cial programs. No one needed the hacker's terminal package, and so what seemed to be a great idea net-ted the hackers nought.
As for the first idea - changing a BBS to in-clude trap doors - now that is a viable possibility. There will always be plenty of people looking to set up their own bulletin board system, or who are looking for ways of acquiring new software. Distri-bution is less of a problem than the programirang, especially considering that
you will not only have to interject code for the trap door but, for best re-sults, determine a way to hide that code from inter-ested eyes.
