Humans historically, have proven very good a coming up with new ways to destroy things. The capacity of weapons to destroy and the distance from which to be able to do so have evolved. From sticks and rocks to dropping bombs from thirty thousand feet, from spears and arrows to missiles capable of destroying entire cities from across oceans. We have entered a new frontier of warfare with new targets for new types of weapons, that weapon is code and the new targets are the devices dependent on that code. We depend on those devices to power our computers but also to get the power we are so dependent on and have the water we drink come out of our faucet. More below the fold...
I manage IT for a small business with 130 workstations and ten servers and my job sometimes gives me a glimpse into a new frontier of warfare. It could be called cyber warfare but I like code warfare because that is in essence what it is, code attacking vulnerabilities in code to obtain a desired destructive outcome. You may ask how in my job for such a small organization can I see the future of warfare? The answer is rootkits, of which I currently have two living on isolated and powered down boxes in my server room. Wikipedia give a good definition of a rootkit as
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.
Having encountered several rootkits recently a coworker in my department sent me an excellent article in Vanity Fair recently on Stuxnet and it's use to attack Iran's nuclear enrichment program.
As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as Michael Joseph Gross reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.
The article is long, but is a truly fascinating look into the present and future of code warfare, the entire article called
A Declaration of Cyber-War
The article goes into how a specific target was sought out and found, once done so it injected itself, and hid itself through rootkit technology. What is truly scary is that your computer could already have been used in a cyber attack and you would not even know it. The excerpt below illustrates this, it is from an article called Protect Yourself From Cyberwarfare & Rootkit Threats
Cyberwarfare attacks pose a growing and little understood threat. Internet users think nothing about surfing the internet superhighway through virtual battle zones with only their mouse for company. Most people never forget to secure their doors at night but the same individuals will leave their computer ports open when they are out surfing the net. The internet respects no borders and can take the user into dangerous territories infested with malware. No one is safe from these internet malware threats and these virtual terrorists use multiple methods. They piggyback on our existing infrastructure and bandwidth to invade our privacy and security in our own homes and offices without our knowledge.
Hundreds of cyberwarfare attacks on military systems and government infrastructures are reported daily. A botnet is a network of infected computers, called zombies, which can be used for sending out spam, mounting denial of service attacks, stealing personal information, cyber terrorism, etc. Computer botnets are facilitated by rootkit infections.
Cyberwarfare is an enormous threat around the world, as an enemy can cripple our economy using malware such as rootkits which were virtually undetectable until now. Power stations, highways, offices, hospitals, etc. are all vulnerable to a cyberwarfare attack. It is estimated that over 50 million computers worldwide are infected with botnets.
Hacker tools are becoming cheaper and easier to obtain and rootkits allow hackers to bypass normal security controls and remain undetectable. Rootkits are used to infect zombies to create botnets. A rootkit will capture personal information, while creating a back-door into the system to alter files, processes, or tools to escape detection. As rootkits become more powerful, common, and difficult to detect they can be widely used in combination with social malware techniques to attack a large number of computer systems in a relatively short period of time. Rootkits not only download updates to themselves, but also virus payloads that they install inside their encrypted folders to avoid detection.
Rootkits are hard to find, that is their purpose, they are not the payload, only a way of hiding the payload. It can take hours to get them to reveal traces of themselves, one has to look for symptoms and behaviors that they may be on a system and generally use a variety of tools to try to get them to reveal traces of themselves. It is generally accepted in the IT community that once one is a rootkit is discovered the compromised system can never be fully trusted again. If I see one, I disconnect the power to the system and disconnect from the internet until I have the time to reformat the hard drive, destroying all data on it.
Unfortunately our dependence on technology has allowed code to have a massive destructive capability. It is not the future, it is now and your computer may already be an unwilling participant in attacks capable of unknown devastation. I am not trying to frighten anyone or be an alarmist, I am only trying to point out that the code wars are here, welcome to the future, it is scary.