Eight years ago, Polish hacker Joanna Rutkowska was experimenting with rootkits – tough-to-detect spyware that infects the deepest level of a computer's operating system – when she came up with a devious notion: what if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware?
At the time, a technology known as virtualisation was becoming easier to implement on PCs, allowing anyone to create a miniature OS, known as a virtual machine, inside their main OS. Rutkowska manipulated virtualisation into a mind-contorting weapon called a Blue Pill attack. Without them knowing, her rootkit moved the victim's entire OS into a virtual machine controlled by the hacker, allowing everything the target did to be watched. The victim's digital world would suddenly exist inside an alternate reality, and no amount of antivirus or antirootkit scanning could break the system out of that aquarium. "Your operating system swallows the Blue Pill and it awakes inside the Matrix," Rutkowska wrote in a blog post explaining the trick.
Eventually she honed the manoeuvre so that not even launching another virtual machine inside the Blue Pilled system would glitch the illusion -- her attack supported a dream within a dream.
But as the years passed, no real-world instances of Blue Pill attacks were discovered, even after other researchers developed tests capable of detecting the technique. Rutkowska's explanation? For normal spies and cybercriminals, ordinary rootkits work just fine. "There are still so many places in a Windows kernel to hide traditional malware," she says. "I was as vulnerable as any other user. This was annoying."
So Rutkowska flipped the game. Four years ago her Warsaw-based firm, Invisible Things Lab, developed its own free, open-source OS known as Qubes. It lets users set up a collection of virtual machines on their PC, with a central interface to manage each quarantined system. Users can keep their online activities isolated in one virtual machine while they do their work in another and their banking in a third. (Rutkowska runs about 15.) Open a malicious attachment or click on an infected website and the malware can't break out of that one contaminated container.
Qubes currently works with Linux, though a Windows version is in beta testing. It requires serious geek chops to set up, but Rutkowska is working to make it easier to use and hopes to offer custom versions to corporate users. If it works as promised, even NSA-level exploits would be contained to a single compartment, one that could be evaporated and recreated at will. Recovering from even the nastiest hacker attack could soon be as easy as waking from a bad dream.
This article was originally published by WIRED UK
