Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com)

Posted by BeauHD on from the open-window dept.

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.

8 of 74 comments (clear)

  1. Damn by DontBeAMoran · · Score: 4, Interesting

    Once again, no love for macOS, Linux and BSD.

    --
    #DeleteFacebook
    1. Re:Damn by Anonymous Coward · · Score: 5, Funny

      Dude, RTFM. all you have to do is:

      ls -l /dev/disk/by-path/ and find the stick's device.
      mkdir /tmp/usb
      mount [device node from first step] /tmp/usb
      cd /tmp/usb
      sudo ./ciamalware.sh

      They do have Linux support. It's not that hard.

  2. Leveraging stupidity by Rick+Schumann · · Score: 4, Insightful

    If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices.

    If you work at a company that has an air-gapped private network for security reasons and you actually do this, then you are a moron and deserve to be fired. I've worked for a defense contractor. We were all trained to not do stupid things like this; basic OPSEC.

    1. Re:Leveraging stupidity by 93+Escort+Wagon · · Score: 2

      We were all trained to not do stupid things like this; basic OPSEC.

      Yes, and yet we're all aware of hacks successfully targeting defense contractors, and Chinese war planes which strikingly resemble next-generation American designs. I wonder how they got the plans?

      I'm sure RSA trained their employees not to do "stupid things like this" too, and yet they managed to get thoroughly owned several years ago.

      People do stupid things all the time - even people who've received proper training. Yes, they deserve to be fired... but at that point the damage is done.

      --
      #DeleteChrome
    2. Re:Leveraging stupidity by Minupla · · Score: 2

      I'm sure RSA trained their employees not to do "stupid things like this" too,

      To be fair, the RSA attack had less to do with a user making a dumb mistake and more a case of poor architectural choices (critical data on the same network as a low-level user, insufficient network segmentation, and honestly, there should have been an airgap between the RSA key secrets and the HR person whose system was compromised, or the admin user's workstation that the attack escalated too.

      All that having been said, it was a VERY sophisticated attack by a well funded actor, and likely would have occurred in spite of countermeasures eventually (at the end of the day, if you're a well funded state actor, 'kinetic' (to use the favored euphemism) options are available when the cyber options prove ineffectual.

      If you're interested this account is, as I understand it from other sources, fairly accurate:

      https://www.slideshare.net/Kun...

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    3. Re:Leveraging stupidity by chihowa · · Score: 2

      Yeah... you're not describing an airgapped network.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  3. A word to the wise: by Gravis+Zero · · Score: 4, Insightful

    Never create a weapon that you wouldn't want to fall into the hands of your worst enemy... because it will.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:A word to the wise: by AHuxley · · Score: 2

      Ex staff, former staff, contractors, other nations staff, other random people in other trusted governments. Cults and faiths placing their staff deep into gov/mil.
      The politics of trusted staff.
      The staging servers that interesting people finally noticed..
      The use of plain text and no crypto so contractors can make profits working on gov networks.
      Too many secrets is now too many contractors.

      --
      Domestic spying is now "Benign Information Gathering"