When you are fighting a war, you need to be able to use all of the weapons that you have available to you to ensure that you win that war. The government’s outlook on war is no different. When the US government goes to war and they feel that they are at a disadvantage they pull out the next level of weapons to make sure things even out. If the fighting escalates even more then that they again go to the same strategy and pull out the next level of weapons. They do the same thing when it comes to the computer security as well. If they see that they are losing a fight, they will try to take it to the next level to combat it. But unlike the case with normal warfare, the US government does not necessarily have the best weapons stored in their back pocket. So they must take pages from other people’s notebooks so that they are in the game.
The technology that they have been reported to use now is Rootkit technology. When you are talking about malware on the computer a Rootkit is like the nuclear bomb of malware. It is one of the most dangerous pieces that you will see on a computer and also one of the most effective as well. For a black hat hacker once you are able to infect someone’s computer with a rootkit, you know that they are going to have a hard time getting it off. So now that the government has upped the stakes with investing with rootkit technology the gloves are off and we will see how far this really goes. In this article I will go more in depth of what a rootkit is and how it can help the government in its cyber war.
What is a Rootkit?
This is a question that is both easy to answer and hard at the same time. While the basic principles of a rootkit are simple, the different flavors and how they are implemented are quite diverse. To put it simply, a root kit is a software program that allows someone on a remote connection to penetrate inside of a system behind the basic permissions of the operating system.
When you are running your computer, you interface with the hardware through the operating system. The operating system is the thing that keeps you from messing up anything vital that you would not be able to come back from hardware wise. They do this by giving certain level of users certain permissions. Intel and Intel based chips label these levels rings and ring 0 is the deepest that you can get. The normal user of an operating system has a ring that is much higher and it will allow only allow that user to do so many things. What a rootkit is able to do is dig deeper than the usual user interaction with the machine. While the rootkit may not be able to access Ring 0, it will be able to dig deeper than the normal user interaction. It will be able to dig so deep that the operating system itself will not be able to track it. With permissions like this, the root kit is able to do whatever it wants with the computer. This is what makes the program so dangerous. Not only can it see and do whatever it wants on the computer, there is a good chance that you will never even know that it is there.
So why would the government use them?
I think the answer to this is quite obvious. There is no better tool in the tool box when it comes to spying than to get a rootkit into someone’s system. It has been proven that even people with high level access to information only take minor security precautions in making sure that the data is not compromised. So if you are able to get a rootkit into a system like this then you will be able to find out a lot about your enemy. The rootkit will maybe stay on the system for years before anyone is able to find out about it. A government could not only use this technology for cyber wars that it might have but also for spying against other governments in more traditional wars. Most data is kept on a computer these days and having a weapon like this can truly change the tide of a battle.
A rootkit is a piece of software that you are only going to see more of in time. Luckily there are tools that are better able to find them in a system than there was in the past. Even some of your better regarded antivirus tools can find a rootkit these days.