Can spying software stays after wiping your HD?

Discussion in 'privacy technology' started by rubberducky, Dec 22, 2009.

Thread Status:
Not open for further replies.
  1. rubberducky

    rubberducky Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    31
    Is there any key logger or some other kind spying software that stays in the system even after you wipe the whole hard drive or physically replace the hard drive?
     
  2. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Well, there are hardware keyloggers which can only be removed physically (they are somewhat hard to spot since most devices are small) . As far as I know it's impossible for a keylogger to "survive" a HD wipe (let alone replacing one).
     
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    Although it's theoretically possible for certain types of specialized malware to infect the memory of certain types of hardware (infecting the bios, the video card, etc.), it's quite a rare occurrence and I've never heard of anyone who actually ran across it.

    There are other ways to create a seemingly persistent security hole. Some require physical presence (hardware keyloggers, hidden cameras, etc.) and others can be done via a variety of targeted online attacks.

    Why do you ask? Are you having trouble clearing an apparent malware infection?
     
  4. rubberducky

    rubberducky Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    31
    Could such hardware be hidden inside a laptop?
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    dsniff on the router.

    Clean the computer all you want. When you reconnect to Inet, all you traffic belong to ?. Man-in the-middle, reinstall malware on system. You pwned.
    Run all the Virtual software you want, all of the sandboxes you want, we be there waiting, watching.

    You will have a big ? on your face, tech minds will be like "GTFO".

    What does it take to fix the above scenario?
    Wipe + reflash router + change IP. Not easy, malware is on both.
     
    Last edited: Dec 23, 2009
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Malware gets into your wireless router?
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    Let's stay firmly planted in current reality and minimize the hypotheticals (yes - some of those hypotheticals are physically possible, but in the absence of some additional information here, they should be considered implausible for the current discussion).

    Rubberducky - is the question a hypothetical or are you assessing a current issue? If the latter, more context is needed.

    Blue
     
  9. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    There is "Bluepill" which is a project started by a few researchers a few years ago that can put rootkits in the BIOS that are undetectable. However, this has nothing to do with the hard drive.

    There is also the possibility that your CPU could have malicious microcode in it. This would allow someone to pwn your computer regardless of the OS used or what security precautions you took. Of course, this would mean AMD or Intel are malicious, which I strongly doubt. However, we will always have to wonder "who watches the watchers." It is not outside the realm of possibility that the NSA has a deal with the chip makers to put backdoors in the code. I doubt this is happening, but there is no way to prove anything.

    We also have to be weary of hardware made in hostile countries like China. I know, for example, that the military will not allow hardware that has not been thoroughly vetted by their own experts to be ran in sensitive arenas. In other words, if they don't have access to all the datasheets and microcode, etc., it doesn't get used. This is to thwart the potential for abuse which can be done by malicious hardware makers.

    But, to answer your question, if you overwrite the entire hard drive, there will be no way malware can survive it. This is assuming you overwrite everything, including HPA areas. This will be easy to do if you use the hard drive's built in secure erase function.
     
  10. duk

    duk Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    28
    In theory malicious code can be inserts on the machine hardware-level (BIOS for example) and can propagate to the boot sectors of hard disk, even if it is changed. But in practice, I don't know whether anti-virus companies have found pests like these in real operation.

    This means that very unlikely to happen that even replacing the hard disk or by wiping whole still remains a malicious software.

    In any case, monitor data traffic and all outbound connections when the computer is in use help in the identification of any malware installed. And make the correct conclusions.
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Google "router rootkit"
    Don't be satisfied with just a spin story, used to manage a public panic, of Cisco IOS.

    Don't think just router zombie, many cable boxes, FiOS, Comcast, Cox, may be as vulnerable.
    Super redundant malware.

    Law enforcement would like it, can monitor all suspects without fear of them being discovered and cleaned.
    Malware authors would like for the same reasons, you pwned.

    What about MITM your Google results? A sort of social engineering technique to hide the attack and make the true threat harder to detect.

    [drama=As the HDD Turns]
    This gives a new meaning to an online poker playing career.
    What would stop someone from installing onto a router and MITM you till you lose. "You can't win!" hits home hard. The loss in the expectation of fairness destroys your confidence in the systems you thought were secure. You become listless in your online poker career, jaded by the reality of being middled. You now just post on forums waiting for the world to catch up to the reality you experienced.[/drama]

    On close inspection this type of exploitation renders securing your PC impotent. Only one question, is it really out there?

    Router compromises became public in 2006. How long has it been leveraged before it was "Discovered"? How many devices are susceptible?
    psybot

    Decide for yourself the threat potential to you.
    Cleaning once infected may not be so simple. Positive detection is another problem. Where is the router Anti-rootkit detector? There isn't one.
    Proving an infection exists on a device for the average computer user is impossible as there are no tools for discovery.

    Where is the WAN Scan?
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that. Good to know. That's definitely above my head.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    How do you monitor outgoing connections?
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That sopunds so outrageous and improbable. But if I did have a router rootkit, what would it while connected to Xerobank?
     
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    "GTFO" :D

    One way to check, Live CD.
    Still redirected, you router infected...snarf snarf!
    Checking for DNS, you in a real mess...snarf snarf!

    As far as the secure vpn stuff, I ask Steve.
    So far, looks like Xerobank is better than no Xerobank.
    Will have to learn more about VPN.
     
  16. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Wiping the drive will overwrite everything on it..nothing will remain. The posts above regarding router rootkits, hardware keyloggers etc will never be a threat to home users as long as all hardware is purchased from a trusted source.
     
  17. onigen

    onigen Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    29
  18. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    in that case whick wiping programs do you guys think is best...
    never [that i know have a problem like that..i regulary used wipedrive and killdisk..
     
  19. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    also the first step after wiping a hard drive should be ..o_O
    installing OS ..and make an image of it.....install antivirus..an run updates.
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Well....yeah....for a keylogger to be inside a laptop, the attacker would need physical access. That goes without saying. But that was the question from rubberducky: "Could such hardware be hidden inside a laptop?" Physical access is usually not too difficult. Especially if you're spying on a wife, boyfriend, neighbor, etc. Protect your computer!! Physical access and it can be game over.
     
Loading...
Thread Status:
Not open for further replies.