A Brief History of Cybercrime and Cyberwarfare - The Technical and Social History of Software Engineering

Information Technology Reference

In-Depth Information

Rootkits

The Unix operating system uses the word “root” to describe a privileged account

that could make changes to the kernel. Linux uses the same concept. The word

“kit” implies a collection of tools. When put together, a “rootkit” is a collection of

stealth tools that can invade and change operating systems and software packages

without detection by antivirus packages.

Rootkits are complex and difficult to eradicate. They attempt to acquire admin-

istrative rights to change operating systems and, if successful, they then burrow

into the operating system and take control of its component parts.

Rootkits also have the ability to subvert tools such as antivirus software that

attempt to find and root out viruses and other kinds of malware.

The Sony BMG copy protection scheme from 2005 is described elsewhere in

this topic; the company had secretly inserted a rootkit into music CDs. When the

CDs were played on a computer, the rootkit installed a secret copy of software

that limited access and prevented the CDs from being copied. But the rootkit also

slowed performance and introduced security vulnerabilities into the infected com-

puters.

Another rootkit had been used in 2004 in Greece to wiretap more than 100 mo-

bile phones on the VodaPhone network in Greece. Alarmingly, most of the taps

were on phones used by senior government officials. The taps were removed in

2005, but the identity of the perpetrators was not discovered.

This rootkit was novel in being apparently the first attempt to subvert an em-

bedded device rather than a normal commercial operating system. The infected

system was an Ericsson AXE telephone switching system.

Rootkits are serious threats because, if secretly installed, the operators of the

rootkit can then open doors to many other kinds of malware.

Preventing rootkits from attacking, identifying them when they have attacked,

and removing them from a computer are among the toughest kinds of computer

and software protection in the modern world. Rootkit elimination is too vast a top-

ic for this topic, but it is a topic of increasing importance because rootkits can be

used in cyberwarfare and can possibly subvert military computers as well as civil-

ian computers.

Search WWH ::

Custom Search

Home