Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it
http://www.theregister.co.uk/2015/07/14/hacking_team_stealth_rootkit/Hacking Team RCS spyware came pre-loaded with an UEFI (Unified Extensible Firmware Interface) BIOS rootkit to hide itself on infected systems, it has emerged following the recent hacking of the controversial surveillance firm.
The stealth infection tactic, which has been revealed through leaked emails arising from last week's hack, meant that the Remote Control System (RCS) agent stayed on compromised machines even if users formatted their drives - or even swapped disks. Although designed primarily for the Insyde BIOS (a popular laptop BIOS) it might also work on AMI BIOS as well, according to security firm Trend Micro.
A PowerPoint from the leaked Hacking Team emails implies that initial infection seems to require physical access to targeted systems. Other techniques may be possible, according to Trend Micro, based on a preliminary analysis of the leaked presentation as well as an examination of a help tool for the users of Hacking Team's BIOS rootkit and other leaked data.
"A Hacking Team slideshow presentation claims that successful infection requires physical access to the target system; however, we cant rule out the possibility of remote installation," writes Philippe Lin, a senior engineer at Trend Micro. "An example attack scenario would be: The intruder gets access to the target computer, reboots into UEFI shell, dumps the BIOS, installs the BIOS rootkit, re-flashes the BIOS, and then reboots the target system."
More at link
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 1524 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (6)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it (Original Post)
steve2470
Jul 2015
OP
ChromeFoundry
(3,270 posts)1. Too bad these people were not applying their efforts...
towards something useful such as curing disease or ways to reduce dependency on fossil fuels.
Sunlei
(22,651 posts)2. I guess all of NSA 'spy ware' has been reverse engineered by now & put to good use by the clever
computer people who have hacked into every system, game and program since the beginning of time.
Decades ago a game developer once said to me, about his Game- hacks Koreans & Chinese always created,
"If you build it, they will come."
jrandom421
(1,005 posts)3. It seems like the solution
is to re-flash the BIOS with the manufacturer's original image or get a new motherboard.