Hacker News new | ask | show | jobs
by commentzz 3576 days ago
I feel the use of 'backdoor' here is misleading.

The software described would usually be classified as an Advanced Persistent Threat [1] or Rootkit [2] Backdoor [3] usually refers to methods to sidestep authentication added by the vendor.

  1: https://en.wikipedia.org/wiki/Advanced_persistent_threat
  2: https://en.wikipedia.org/wiki/Rootkit
  3: https://en.wikipedia.org/wiki/Backdoor_(computing)
4 comments
walrus01 3576 days ago
Many commenters are pointing out that one possible definition of a rootkit is something that elevates privilege, but does not necessarily have network communications functions or a command and control server. But in recent times, almost all modern rootkits seen in the wild have some form of network control functionality.
link
woodman 3576 days ago
A rootkit isn't for privilege escalation - you need root before you can install the rootkit. This is typically obtained through a privilege escalating exploit, the rootkit is for maintaining access and masking the attack.
link
stronglikedan 3576 days ago
I've heard the term "backdoor" used for a long time before "rootkit" or "advanced persistent threat", so it may be a generational thing.

From https://en.wikipedia.org/wiki/Rootkit:

> The modified compiler would detect attempts to compile the Unix login command and generate altered code that would accept not only the user's correct password, but an additional "backdoor" password known to the attacker...This exploit was equivalent to a rootkit.

From https://en.wikipedia.org/wiki/Advanced_persistent_threat:

> Establish Foothold – plant remote administration software in victim's network, create net backdoors and tunnels allowing stealth access to its infrastructure.

From https://en.wikipedia.org/wiki/Backdoor_(computing):

> A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote access to a computer, or obtaining access to plaintext in cryptographic systems.

I read all of that as a backdoor being an umbrella term, of which one type is a rootkit, and APTs create backdoors, perhaps of a type other than rootkit (e.g. net backdoor).

link
lawnchair_larry 3576 days ago
Nope, wrong. Backdoor has been in use for this since long before the silly "APT" acronym was coined.
link
callesgg 3576 days ago
Not misleading, incorrect.
link