Rootkitties
"I dedicate this book to my beloved cat — Exploit"
Ethymology
All rootkitties are exploits, but not every exploit is a rootkitty. The name comes from the software's very nature, exploiting vulnerabilities to gain root privileges. Rootkitties are creatures born from a mixture of incompetence in the vulnerability field and high competence in exploiting flaws. They require no food to survive but will gladly devour one's access to a device they are fed with.
Physiology
Rootkitties are very often formed from a symbiosis of several Zero-day vulnerabilities, worms and some spice enchantments, e.g., obfuscation, encryption. There is no general structure that connects all of the rootkitties. Each can be treated as a separate case since it strongly depends on the type of vulnerabilities making its vital parts. Attempts were made by forming game/tactics analogy as described, e.g., in an Anonymous article:
"You have two cities: A and B but no fuel to get on the road. Think of the first vulnerability as finding some — enough to get you somewhere but not all the way through (usually). The trick is to pile several vulnerabilities that can be chained together. Some smarter solutions may have a backup plan when vulnerabilities are patched."
Subspecies
Rootkitties are generally divided into two species, depending on their area of competence. When encountering a rootkitty, one often has but a blink of an eye before they go rampant. Fortunately, cybersecurity researchers developed a screening test, which can be rounded up to a single question: "what do you enjoy messing around with most: hardware or software?" The answer then redirects the informational pipeline accordingly to minimize (or, in rare cases, eliminate) the damage.
Hardware rootkitties
It's terrible and maybe critical. It's not your fault, yet the rootkitty will take it all on your personal computer, smartphone or nuclear centrifuges. You have irreversibly lost control over your device, and if you so much as try regaining it, the kitty will render it an expensive paper weight. You cannot do anything about it since the problem is the device. I mean, Intel processors have a flaw that enables people to siphon your data. And how many people would replace their processors? Did I mention that not all hardware is thoroughly tested?
Software rootkitties
Not bad, but consider yourself unlucky. Have you lost credentials, money, or 10GB of pictures? Once they are used, the device ceases to be considered safe and should be thought of as belonging to the rootkitty or their owner. The device could be claimed back, but it requires knowledge of the action, which is not always available after the spell is cast. After all, there can be more than one user with root privileges. There is still hope in cleaning the device and installing a new software bundle. Rejoice; you have been given a clean start.
Why-not-both?! a.k.a. 'Yes rootkitties'
You're screwed, and big time. Your data is already on the other side of the globe; the connected accounts are being hijacked while you obliviously send a picture of your cat dressed up as a goose. Once the process is done, the device will self-destruct in 3, 2, 1...
Accomplices to the evil maids
Rootkitties can often accompany the Evil maids — a rare case of "hacker ninja", who tamper with the device left unattended to gain access to the information stored/streamed from the device.
Stuxnet - the hero among rootkitties
The famous Stuxnet was a rootkitty who partook in a Dutch collaboration to take down nuclear centrifuges at the beginning of the 21st century. A handful of zero-days and worms in their toolset enabled the operation "Nuclear sunset" to proceed fast and smoothly.
ZeroAccess - the foe of Windows users
The infamous ZeroAccess was once deemed the most powerful rootkitty. Feeding on human ignorance, it disguised as a copy of a popular game, Elder Scrolls V: Skyrim. Over several months it took control over two million computers around the globe before finally being defeated in 2031.
Comments