Comments on: Rootkits in Corporate Espionage

by: isaac

Sun, 26 Oct 2008 21:47:26 +0000

soy estudiante universitario y mi proyecto de grado hacer una herramienta anti-rotokit bajo el lenguaje c++, me gustaria saber si alguien pude ayudarme con este proyecto , gracias

by: Anti Rootkit Blog » Blog Archive » Rootkit used in Vodafone Phone Tapping Affair

Thu, 12 Jul 2007 16:46:15 +0000

[…] We have all heard about Rootkits and how they are aimed mainly at normal users of Windows XP and Linux. I have written about Rootkits in Corporate Espionage and how custom designed and targetted Rootkits will allways be hard to spot. They are carefully created using undocumented features within the system kernel. If only the creator knows then who can find it? Now if this rootkit is used for one unique purpose, installed on one system, then the chances of it being found soon after it’s installation are small. This is exactly what happened in what is known as The Athens Affair. […]

by: steo

Sat, 27 Jan 2007 01:50:20 +0000

Richard,

thanks for the post. Very interesting indeed. It seems that any sort of intent and knowledge of rootkits can spell trouble for whoever gets targeted.

It actually reminds me about the guy who worked as a programmer for a software company who was writing a poker related program. He installed a rootkit to hide a password retriever for all the poker players who installed the software. He was a bogus programmer working for a legit company. He would then sit around an online poker table with players he had logged on make them lose all their money to him….clever….but not enough….

The link to the post is http://www.antirootkit.com/blog/2006/05/17/rootkit-software-infects-gamblers-computers/
Thanks again Richard,
regards
Steo

by: Richard

Sat, 27 Jan 2007 01:17:00 +0000

On the subject of corporate espionage and rootkits, I have experienced a situation that is far more widespread in scale and capability. Bootstrap rootkit code written into the manufacturers hardware that will create a back door upon computer rebuild and OS re-installation. This creates the ‘inside out hack’ that puts the intruder behind a corporate firewall, and from there a position can be built.
Imagine a failed OEM computer manufacturer in Latin America that was basically a money laundering front company, imagine what level of system knowledge an OEM would receive, and how that could be farmed out to malicious code writers to create devious software tools used in an international money laundering and corporate fraud network. Just how sophisticated a suite of espionage orientated malware can be written using the cash flow from a company with a peak USD250m market capitalisation using Latin American pay scales?
Imagine a set of coding objectives that include out-pacing law enforcement to ensure criminal organisational survival?
Then spin the technology off into corporate espionage applications for corporate fraud and other financial scams.
I would venture that companies and users of mainstream IT are in fact very vulnerable, and a bigger effort should be made to recycle end user experiences, corporate and personal, to put the option of privacy back in the hands of the user, large or small.
It is also worth considering the fact that Windows XP is going to be around for a while yet, and that protecting the integrity of that software and enhancing its security as is is very important for corporate customers.
A standalone operating system boot disk that can test the integrity of hardware and installed software without being subject to rootkit stealth techniques might be a very useful tool for Administrators.
Simple things for simple problems - make sure the memory overhead on chipsets that can range between 2mb and 8mb is filled and not fillable by flash utility - that is where companies are going to need to be protected.