BIOS & UEFI Rootkits 101 - Hacking Your Motherboard

PLEASE HELP! My ClimateViewer PC is Dying!

“PLEASE HELP! My ClimateViewer PC is Dying!”Watch this Video on YouTube

Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.

What Can a Rootkit Do?

A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.

What Is a Master Boot Record (MBR)?

What Does the Master Boot Record Do?
A master boot record consists of three major pieces: the master partition table, the disk signature, and the master boot code. Here's a simplified version of the role the master boot record plays when a computer is first starting up:

  1. BIOS first looks for a target device to boot from that contains a master boot record.
  2. Once found, the MBR's boot code uses the volume boot code of that specific partition to identify where the system partition is.
  3. That particular partition's boot sector is then used to start the operating system.

HBGary’s nemesis is a ‘16-year-old schoolgirl’

The WikiLeaks Threat - An Overview by Palan6r Technologies, HBGary Federal, and Berico Technologies

Unmasked - How Anonymous took on a computer security firm, spilled its secrets to the world, and got the attention of Congress - all to keep its own identities a secret. Ars Technica book

The HB Gary Emails “12 Monkeys” - Wikileaks"12+monkeys"

The agenda will be four fold:
  1. Demo 12 Monkeys, for final handoff

  2. Review keyboard emulation on task B, and discuss next steps to fill out the 80k (20k of the 100k has already been consumed)

a. Also, I will look to longer term as I recall there is still an additional 100k on the table) bringing us up to 380k. Based on my last discussion with them, they weren’t planning on dipping into this until Q4, or Q1 though.

  1. Get an update on Project Athena (John Spiller requested we spend some time on this)

  2. Skunkworks (a good couple of hours of sit down time with Shawn & Ben)

The HB Gary Emails “BIOS rootkit” - Wikileaks

From: Roberto Banfi [mailto:]
Posted: Monday 30 March 2009 14.25
Subject: New Rootkit Attack Hard To Kill

Those of Core Security have written a python program to install
a rootkit in the BIOS.
Not bad !!!

Indestructible, badass rootkit BadBIOS: Is this tech world’s Loch Ness Monster? VOTE NOW (2013)

[Heads-up] Now In The Wild: New Super Evil Rootkit Survives Even “Nuke From Orbit” And HD Swap

“Nuke the entire site fom orbit”Watch this Video on YouTube

CIA Vault 7: Projects - Wikileaks

Unified Extensible Firmware Interface Specification

Vault 7: CIA Hacking Tools Revealed

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

Russia’s Sednit Deploys First Firmware-Level Rootkit in the Wild

Top NSA hacks of our computers (USB Hacks)

We've got three devices here: COTTONMOUTH-I, COTTONMOUTH-II and COTTONMOUTH-III, all about compromising systems through USB.

COTTONMOUTH-I is a smart "jacket" around a USB A plug. It monitors what's on the wire and communicates it either wirelessly to other COTTONMOUTH-1 devices or through a covert channel in the USB wire to STRAITBIZZARE software. COTTONMOUTH-II is a USB port with a built-in tap to communicate with STRAITBIZZARE. There is no wireless component.

COTTONMOUTH-III is a COTTONMOUTH-II and a tapped Ethernet port. Like COTTONMOUTH-I it has a wireless capability for communicating with other COTTONMOUTH devices and can talk to STRAITBIZZARE over the wire.

These ports are of the type soldered to the motherboard, and so they have to be installed through an interdiction of the computer or, conceivably, at the factory itself.

The document is dated 8/5/2008.


View this map on ClimateViewer 3D

Related Timeline Entries

Broken Links

If any of the links above do not work, copy the URL and paste it into the form below to check the Wayback Machine for an archived version of that webpage.

Jim Lee, ClimateViewer News
Jim Lee
Creator of ClimateViewer News

“I am forever a Boy Scout, lifetime artist, nocturnal programmer, music is my life, love is my religion, and I am the luckiest husband and father on Earth. I speak for the trees. I have a passion for mapping, magnets, and mysteries.”

About Jim Lee
Previous Post

The History of Ground-based Cloud Seeding Generators

Next Post

NEXRAD Doppler Radar and Chaff Mystery


See pollution, privacy concerns, weather modification & geoengineering experiments, and more. Monitor your world and view satellite imagery in real-time!


We use cookies from third party services (YouTube and Disqus Comments). Read their privacy policies and how you can disable these services by clicking "Privacy Preferences".

Privacy Preferences