February 20, 2011 06:13 PM UTC

Government policy and your computer

•  
• by: richardmyers

There are now well over a million malware computer programs — viruses, worms, and trojan horses — in circulation. One perception of computer users: we need computer firewalls and anti-virus software because there are bad people out there. These evil actors are anti-social types who create dangerous software which threatens to infect our computers. Except for rare exceptions — for example, when a “cracker” (a malicious computer hacker) is discovered and prosecuted no one seems to know who creates all of these “malware” programs, or why.

The now apparent reality: computer viruses, worms, and trojan horses are routinely contracted for by major corporations, and the contracts are fulfilled by so-called “security” corporations which cultivate a reputation for protecting computers, but who in fact charge lavish sums for creating programs that may pollute or endanger computers.  

How do we know this? A group of hackers recently engaged in a cyber-altercation with a government contractor/cyber warfare corporate subsidiary by the name of HBGary Federal. Sixty thousand of the company’s emails were copied and made available on the Internet. These emails demonstrate that malware, including the worst sort of software creation — the notorious rootkit — can be routinely ordered by major corporations, for unknown purposes, and virtually without any qualms.

What is a rootkit? It is a software program which infects an operating system at the most basic level. If written correctly, it is extremely difficult to detect. It may be very difficult, if not impossible, to remove. Yet it is designed to provide unknown parties undetectable control over someone else’s computer — perhaps your computer.

What might major corporations use rootkits for? There could be a variety of purposes — spying, commercial exploitation, political intrigue, sabotage, industrial espionage, or even cyber warfare.

The most notorious known use so far was a rootkit-enabled copy protection scheme secretly implemented by Sony Corporation in 2005. It was triggered simply by playing a music CD on your computer, and was only discovered by a security researcher’s rootkit detection program, resulting in a major scandal. Customers just don’t want secret, undetectable programs that gives control to someone else, and which cannot easily be deleted, on their computers.

Another concern: the more programs your operating system must execute, the slower your computer will become!

Yet if it wasn’t for one experienced researcher, we might never have known about Sony’s secret abuse.

It seems that corporations haven’t been inhibited by the Sony backlash. For example, in 2009 HBGary (the parent to HBGary Federal) demonstrated a program for defense contractor General Dynamics which “when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk” and would “cater to a [remote] command and control element.” “As part of the exploit delivery package,” the software will install “a usermode trojan…” They refer to this capability as an “exploit.”

HBGary is just one of many thousands of “security” companies, and perhaps the only company whose internal emails have been posted on the web.

What are the implications? It seems probable that a majority of computer worms, viruses, trojan horses, and rootkits are secretly-developed commercial products, some of which “escape” into the wild, entailing significant data risks, and necessitating an anti-virus expense for millions of users.

In light of the HBGary fiasco, the U.S. Senate has just established a new subcommittee chaired by Senator Al Franken to monitor Internet-related privacy and security issues. Please let your representatives and senators know that computer malware creation should be prohibited or carefully monitored, and that abuses should no longer be tolerated.