Throwback Thursday: Netbus
Oh man. This was sketchy as f*ck.
Welcome to another post in my “Throwback Thursday” series, where I write about techy stuff from my youth, and my memories of it. This one is a bit more “anecdotey” than most, but I hope you’ll enjoy it.
Netbus. Designed as a “Remote Administration” tool by some dude in Sweden in about 1998, Netbus was actually so much more. Using a simple client-server model, Netbus could be run without installing and would allow you to connect to any PC via LAN or the Internet and, essentially, take full control.
Aside from being able to edit configuration files, start applications, control the mouse and even browse the filesystem and open / copy / download files, Netbus also allowed you to, silently, watch a user using the computer, listen to the audio, and even key log.
Netbus also allowed you to do other, less useful things, such as send messages to the target system as system dialogue popups, open and close CD/DVD drives, swap the mouse buttons and even just quit Windows (back when Windows 98 / ME would drop you back into DOS).
So, why am I writing about it? Well, because in about 2000, I found it and took a copy to school.
Disclaimer: I don’t condone any of the actions I describe below. At the time it was funny because we were young and stupid, but I quickly realised that it was a shitty thing to do. We got away with it because it was so early in the days of the Internet. In fact, just a few years later, I remember reading about students in the USA who were arrested and prosecuted for something very similar. Netbus didn’t quite amount to “hacking”, but it certainly butted right up against it.
Playing with it in our “electronics lab” (a former store cupboard, with 3 PC’s in it), we discovered that the server application could be “hidden” on a target system and started automatically, and silently. Then, across our brand new, very insecure (this was 2000 and until the previous year, all computers at the school had been Acorns – the British home computer, I mean, not the thing that grows on trees…) we had the ability to connect to and mess with any PC we’d installed it on. So, we did. Over the next couple of weeks, myself and a couple of friends managed to install it on about half the PC’s in the school. From there, with just a list of hostnames, we could “spy” on others using these machines.
Over the next few months we would play “pranks” on each other and other students, by sending jokey messages, opening and closing the CD drive, and opening applications. All very high brow stuff, of course. We would even mess about with teachers sometimes, especially the ones who were less tech-savvy, and mostly they’d just be confused and then ignore it.
But one day, while “pranking” a teacher, we happened to be key logging to see if he responded to any of our messages, when he suddenly opened a web browser and logged into his teachers account on a website used for an online course we were studying (the CISCO CCNA, to be exact). Suddenly, and accidentally – I need to stress that – we had access to the answers to all of the assessments.
I wont lie; we immediately saved copies and used them for the next assessment, all of us passing with flying colours – obviously. Now, I can’t speak for everyone, but it was at this point that I started to feel bad about this. I decided that that was the last time I’d use it to cheat on a test, and it was. Whether others did or not, I’ve no idea.
Guilty conscience over cheating aside, it didn’t stop me from still playing around with Netbus for other things. And, so, we continued to “prank” other students for a while until, again, one day we accidentally caught someone’s email password in a keylogger, while we were in the same computer lab. Now, unfortunately, the student had used a rather funny, sexual phrase as his password. Being 17 years old, immature and about as discrete as a kick to the face, we were laughing at it and someone must have said it out loud, as immediately the student stormed over and demanded to know what we were doing. We denied doing anything, and he eventually left. That was a close call.
A few days later, we were back at it again, only this time sending messages to a female student, claiming to be a little man trapped inside the computer – see? Mature. At one point, we suggested that if we open the CD drive, she could dangle her tie in and “we” could climb out. We opened the CD drive and, glancing around to see that nobody was watching, she put her tie into the CD drive. Once again, we erupted in laughter, she assumed (correctly) that we had something to do with it and promptly stormed out.
A day or two later, we were all dragged into the headmasters office. He began talking about cakes, which turned into a (poor) metaphor for “hacking” and “spying” on people via computers. It seemed that someone had reported us. Which was fair.
Now, one thing to know here is that myself and my group of friends, while obviously massive nerds, were also very good students. A couple of them, especially, were top of their year in almost all subjects and destined for big things. And this, I think, is why we avoided any real punishment. Almost.
As the headmaster was asking us to explain what we were doing and why, one of us (we’ll call him George) piped up – “we are sorry, though. We had no intention of upsetting her.”
To which, the headmaster replied, confused, “Her?”… Of course; the complaint had come from the male student we’d pranked, and now George had undermined our “that was the only time we did it” defence.
So, I suppose the point of this post was multifaceted. Firstly, back in the “wild west” days of the early internet / web, IT knowledge and security was pretty lax and “remote admin” tools were aplenty and the opportunities for mischief were abundant.
Secondly, this sort of stuff just isn’t funny. Especially not to the “victims”.
Thirdly, I learned there and then that cheating, while remarkably easy, wasn’t something that sat right with me.
And, lastly, if you are planning some sort of sketchy “caper”, and you’ve got a friend like “George”, keep him well away from it.