The real ‘Gatekeeper’ software?
by subacati
I 1995 we were introduced to Angela Bennett and her run-in with the people behind 'Gatekeeper', a backdoor trojan masquerading as a system security software! :left: .
We thought it was just a movie…. …
In the movie "The Net", a group of criminals manage to convince a lot of people, including many government and public service institutions, to install their 'hacker proof' security software. But this software turns out to be a scam. Instead of preventing hacking, it actually allows these criminals full access to every system that has it installed. Systems that include Police, hospitals and even customs and immigration. :insane: .
Many people dismissed this as been implausible on the grounds that it would be impossible to dupe that many people.
A Canadian company, Absolute Software, has found a way to do exactly that however! They have convinced computer manufacturers to embed a backdoor trojan in the bios used in their laptops! :insane: .
This trojan, once activated, will attempt to contact their server on a regular basis. Once it makes contact, it will essentially ask their server if all is in order and await further instructions. Absolute Software then has the power to instruct this trojan (which they call Computraceยฎ) to erase data or disable the laptop. They can also gather forensic data from wifi, 3G or even ethernet connections to locate the laptop! :left: .
I brief explanation of how this system works is available on their website here. :awww: .
Now, this sounds like a great idea untill to consider that they are breaking the law in many countries! This product is a security device (bios is considered hardware] and their service is a security service! This means that for them to legally sell, install or maintain this product in South Africa, they must be a registered Security company. Registered, that is, with PSIRA. PSIRA is the regulator of all non-governmental security services in South Africa. ( read this)
Now, to be rgistered, they would actually have to have a registered business in South Africa. But, of course, they are only registered as a business in Canada. And, as far as I have been able to ascertain, they are only registered as a software company, and not as a security company! :insane: .
And they are soliciting South African citizens as clients as can be seen in this thread! :irked: .
But the really scary part is that the backdoor component that is embedded in the bios is already there when you buy the laptop, whether you want it or not! and there is no way to remove it short of hacking the bios, which could brick your laptop! :insane: .
This company has no respect for the laws of the countries they operate in. If a client, who is not resident in Canada, has a grievance against them, they have no legal recourse and can take no action against them. This company is operating outside the jurisdiction of the countries where they're flogging their wares and their customers have no protection from them whatsover.
But, of course, you don't need to use their service right? Sure, but you can't stop them from using it against you either! because, just like Gatekeeper, it's on your computer just waiting to be used against you! :insane: .
disclaimer: This article represents my opinion and is in no way a reflection of the integrity of Absolute Software or it's affiliates
subacati 
We have bought a new Toshiba laptop. I checked on their web site – the link you provided – and they say that all Toshiba laptop models has a little piece of their software already installed in BIOS. And that goes for all Toshiba models.For all tracking business to work, customer needs to buy the commercial part of software. In case of stolen laptop, all you need is to call them and they will locate, lock or even give you a possibility to erase some data from the hard disk.Not completely illegal, because they have contract with laptop manufacturers, but I don't like it at all :irked:
I don't like it at all. :irked: .It's a potential target for crackers and black hats to use for their own malevolent purposes. :insane: .The good news is that it seems this software doesn't run under Linux. :whistle: .
are you promoting Linux again? :p
Big brother eh? Scary stuff :eyes:
Originally posted by Mr.Scientist:
Somone, somewhere, will make it their mission to gain control of this.
Always Swaer, always. :p .But I still wonder just what the bios component is capable of since that will run before any operating system anyway. :sherlock: .Big Brother seems to be a Canadian as Research In Motion is also a Canadian company. :whistle: .That, Flarin, is half the problem. :awww: .Look what happened in the Sony Rootkit case. :insane: .
I remember the Sony disaster. Sony, however, don't care that I avoid their product(s) as much as humanly possible. The principle of it (the sony rootkit nonsense) is totally unreasonable. We don't need Sony at all, nothing they own or sell is essential – there are always alternate and equally good products for us to buy – they need us – so why piss everyone off? Doesn't make sense.Companies that recognise how valuable co-operation with the consumer is, will rule the Earth.As for RIM! Bah!!! I don't want to work for a company that thinks Blackberries are a good idea. From a tech point of view, they absorb more support resources than all the PCs & laptops put together.
And every bbm passes through Canada. ๐ .
I'm safe then. I don't have a Laptop. I only have 2 fossils that have a resemblance to Desktop computers. Is there any reason why Laptops?Or do they really mean computers PERIOD?
Originally posted by qlue:
Ahhh! NOW we get to the actual premise of the Post … Penguin Promoting.
Laptops are generally not secured physically. They are easy to steal and laptop theft is a major problem especially in the coffee shop districts frequented by Yuppies. :up: .Although there is no reference made to desktops, I see it as only a matter of time before they start including this in desktop bios' as well. :awww: .There is only a slight difference between the bios of a laptop and that of a desktop motherboard with similar specs anyway. So it's possible that this may already be present in some of the more recent desktop systems. (it's just not been advertised)It's also a fairly new practice and the bios component won't be found on many older machines. (and definitely not on your dinosaurs Chuck. :p )I'm also not certain that it doesn't work with Linux. I only know that they don't offer a service for Linux users. But since they in to great lengths to point out that the bios component will persist even if you change the operating system, this does suggest that it could work to a limited extent even with Linux. :insane: .One thing that seems obvious to me though is that the bios component must be active all along since there is no way they could make it so that it only becomes active after you register without also providing a method for a savvy thief to also deactivate it. So, during start-up, and before the bios hands off control to the operating system, this thing is broadcasting data via any means it can find. :insane: .If there is a wi-fi hotspot nearby, or if your laptop is connected to a wired internet connection, then something is been sent out regardless of your operating system. :sherlock: .
Originally posted by qlue:
I KNEW there had to be a positive to why I kept these computers of mine. :lol:However, if all goes well and I don't encounter any unforeseen stumbling block, I should be finally moving on up to my newer, faster, more powerful Dinosaur within the next 7 to 10 days. I set the wheels in motion on Friday.Hopefully that newer Dinosaur computer is just barely still too old to have that pesky Backdoor Trojan.
hopefully! :up: .
It ain't NO movie… Our CIA has a "capture program" that would boggle your mind. :worried:
This is what you mean?
First of all: you don't brick your BIOS when you look into it. If you have a stable electricity grid (!) you can change BIOS brands for one -maybe- without 'bug'. Or you might forget some paranoia about intrusions, except the Windows cohort. This 'anti-theft' software is to my understanding well-known. Now see the methods to recover your lost smartphone… See the way to kill and locate your stolen car… And above all: if you have nothing to hide why being 'afraid' of agencies 'watching' you? The worldwide data-stream is so astronomical that no agency can track everything – why would they? This looks perhaps different while Providers remove ZIP files or HTML codes from your emails, often on request of governments (f.i. in Holland). But if you write "tits" instead of "bits" you really won't find the police at your doorstep for the 'indecency' mailed around…
๐ ๐ :devil:
Originally posted by qlue:
I suppose only option then is to stay off-line ๐
What about those of us who build our own PCs out of high-end components that we buy ourselves? Are Motherboards just built with this software component by default? Or is it the likes of HP and etc. who have this included 'in their product'?And – are we actually talking about bios or uefi??\edit: I realise I could easily just check this out myself, but it's probably of common interest, and thus discussion-worthy ๐
@John:The issue is not about 'agencies' watching us. The issue is that this software can be exploited for criminal purposes. All I have to do to steal sensitive private data from a few corporate executives is set up a server that mimics the function of Absolute Software's control server. Then go to a place where 'Yuppie' types hang out and set up an unguarded 'wifi' hotspot. Using a dns cache with a fake entry dns their control server's url that re-directs to my fake control server I can then hack and have full access to every computer carrying this software that uses my hotspot allowing me to steal private data.The other side of the coin is that non-Canadian clients of Absolute Software don't have the protection of an ombudsman or trade regulator when dealing with a company that is outside of their country's jurisdiction. When you're buying a kettle or photo of (insert random celebrity here) from Ebay, that's just a risk you take. But when you're dealing with a vital component of your security system, that's not good enough.@Flarin:I don't think desktop Motherboards are an issue at all at this point. It's the source of the bios you use that needs to be considered rather than the hardware.UEFI is often referred to as "BIOS" simply because is appears to serve the same purpose from the user perspective. :left: .So the short answer to your question is, we don't know but it's probably UEFI as that specification provides more network options.
Originally posted by Mr Scientist:
…but…the mobo is where the bios resides, in firmware, right?I think each mobo has it's own unique bios, right? It must be here that the 'gatekeeper' is introduced, when the mobo is built….or….???
FlaRin, I could be wrong, but maybe the keyword that Aadil is distinguishing here is Desktop as in a Desktop Motherboard vs. a Laptop Motherboard.
Aadil, you are right, but that peril exists already under Windows where most users run their computers with Administrative rights…A new MoBo often brings its own BIOS preset for it along. You'll need tools to see if that BIOS is clean and not already comprising M$ checksums and other surprises. Re-flashing from the manufacturer's site may clean things. However I assume and claim that chances are remote you'll find something of importance in a fresh BIOS. ๐ :chef:
Yes, Chuck is correct that it is the laptop motherboards that have the compromised 'bios'. :up: .While I expect this system to be ported to desktops eventually, I don't think it will be soon. And even when it is, as John points out, it is easy to get a 'clean' bios for a desktop Mo'bo' :up: .@John:The bios supplied from any given manufacture for any model of laptop that comes with this Computrace ™ agent embedded at the factory, will be the same as the bios that they pre-install. (or an update of that bios)You would have to either 'hack' that bios to remove the Computrace ™ agent, or use a bios that was designed for a completely different machine that you know does not contain the Computrace agent. :insane: .There is a huge risk that a hacked bios could fail altogether rendering the motherboard inoperative. (and this hacking would require a considerable amount of knowledge and skill)And using a bios that was intended for a different machine is a 'potluck' gamble with a very limited chance of success.Asking the manufacturer of the laptop to provide you with a 'clean' bios is a bit like asking a vehicle manufacturer for a 'master' code to disable the factory installed immobiliser in their vehicles.
Hey! Any Modern Hotrodder can get rid of that "immobiliser"! :coffee:
Aadil, you are right. Nothing to add. All is possible, though the space in the BIOS isn't that large. Micro$oft therefor uses an extra track, which causes this annoying phenomenon when installing Linux etc.But it is for me hard to conceive that in the 127 bytes enough code can be hidden to start communicating across internal hardware firewalls… ๐ฅ :knight: :irked: :yuck:
:coffee:
Oooppss…, I found this one….https://www.mylookout.com/and I found that one…. See its final few paragraphs:https://plus.google.com/u/0/114765095157367281222/posts/ZqPvFwdDLPvNow you decide!:cry: :worried: :devil: :p ๐ :yikes:
My phone came with an app called F-secure on it. It kept blocking Operamini so I removed it! :irked: .
Where does the F stand for? F**… or so?:yuck: :doh: :sherlock: ๐ก :down:
Or maybe that's not it? :doh: .
Some people don't know how to spell 'phone' :whistle: .
Take care for hidden persuaders.:cool: :p
I say Jenkins… are you sure this is a native hot tub? :no: :jester:
Be careful with that Carrot, Smithers, for God's sake!!
Good God man! I don't think that's a carrot! :chef:
I can't experience the same problem as Angela Bennett as I'm actually having enough friends who knows how I look like, so hooray for me ๐ But I would be afraid if I've heard about real gatekeeper software, why would governments take that risk if there are suspiciousness about some software, didn't Sandra Bullock teach them anything…
The other day I came across an 'interesting' Yahoo-phenomenon sending an email to a (security business) relation, describing in detail the workings of a virus that easily wipes the hard drive of any Windows computer. Only describing that (!) showed my mail was scanned, not dispatched and returned me a warning for illegal content. So this peeking and poking delves deeper than even I thought. I now wrapped the stuff in a JPG of course, which went through…:lol:
Originally posted by nepmak2000:
Some 'virus scan' software blocks mail that merely contains the word 'virus' ๐ .Originally posted by gyng:
If you ask them they'll say, "That's just a movie. It can't happen in real life!" ๐ .
Silly from them, it's just like saying how some secret agent can't win miss America contest ๐
They ARE watching us! Not just governments either. I am always a little circumspect about what I will admit in public. ๐
I know that my blog has already been discovered by a few friends and acquaintances from Umzinto! ๐ .Mostly, people just want to get us to part with our money, and that is why they watch us! :irked: .
That's why nobody will know when I start experimenting with my bo**s (censure is turned on cause of obvious reasons)…Edit: And no it isn't something naughty…
Yes… obviously! ๐
Explain?:p
Not going to… too dangerous.
๐ ๐ :flirt:
๐
:worried: ๐ :doh:
:confused: ๐ฅ
http://www.latimes.com/business/technology/la-fi-tn-congress-inquiry-google-20120217,0,6681255.story๐ :p ๐
:doh: :coffee: