CyberWire Daily - remote access Trojan or RAT (noun) [Word Notes]
Episode Date: November 11, 2020As we are not publishing in observance of Veterans Day, we thought you might like to check out a couple of episodes of our weekly Word Notes short form podcast that comes out on Tuesdays. Check it out... and subscribe today! From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called “The Cult of the Dead Cow,” or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zsc a.k.a. Oxblood Rufin, A as in Ada, a.k.a. Lady Ada, and T as in Tweetyfish.
Definition
From the intrusion kill chain model, a program that provides command and control services for an attack campaign.
Example sentence.
Many hackers don't develop their own rats.
Instead, they use commodity rats that they purchased off the dark web
or found at open source materials.
Origin.
While the first ever deployed RAD is unknown, one early example is a program called BackOrifice, made famous by the notorious hacktivist group called the Cult of the Dead Cow, or CDC.
BackOrifice was written by the hacker Sirdistic, a.k.a. Josh Bookbinder, and released to the public at DEF CON in 1998.
bookbinder and released to the public at DEFCON in 1998.
Context. The Trojan in the name implies that rat developers generally try to hide the malware on the compromised system inside other programs or disguised as other programs. The reference
refers to the famous fakeout in the classic story told in the Odyssey, where, in the siege of Troy, the Greeks built a giant wooden horse, hid soldiers inside,
left it as a gift outside the gates of the city, and appeared to sail away.
The Trojans pulled the horse into the city, and that evening, the soldiers snuck out,
opened the city gates, and let the Greek army,
which had sailed back under cover of night, destroy the city and end the war.
In his cybersecurity canon Hall of Fame book, The Cult of the Dead Cow,
Joe Min sums up the hacktivist group this way.
The more powerful machines become, the sharper human ethics have to be.
The combination of mindless, profit-seeking algorithms, dedicated geopolitical adversaries,
and corrupt U.S. opportunists over the past few years have taught us anything. It is that serious
applied thinking is a form of critical infrastructure. The best hackers are masters
of applied thinking, and we cannot afford to ignore them.
Likewise, they should not ignore us.
We need more good in the world.
If it can't be lawful, then let it be chaotic. Hey, everybody. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me. So you know exactly what's been done. N2K at checkout. The only way to get 20% off is to go to joindelete me.com slash N2K and enter
code N2K at checkout. That's joindelete me.com slash N2K code N2K.