WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.

Leveraging stupidity

[Rick+Schumann]

If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices.

If you work at a company that has an air-gapped private network for security reasons and you actually do this, then you are a moron and deserve to be fired. I've worked for a defense contractor. We were all trained to not do stupid things like this; basic OPSEC.

A word to the wise:

[Gravis+Zero]

Never create a weapon that you wouldn't want to fall into the hands of your worst enemy... because it will.