Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Unveils CIA Implants That Steal SSH Credentials From Windows, Linux PCs (thehackernews.com)

Posted by BeauHD on from the remote-entry dept.

An anonymous reader quotes a report from The Hacker News: WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy -- implant for Microsoft Windows Xshell client, and Gyrfalcon -- targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu. Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server.

5 of 140 comments (clear)

  1. Illegal by Anonymous Coward · · Score: 5, Informative

    I thought hacking was illegal under the computer crimes and abuse act?

    1. Re:Illegal by Anonymous Coward · · Score: 5, Insightful

      It's also illegal for the government. But they just look the other way like any good tyrant would. The way law works is to either take specific rights away from citizens by saying "thou shalt not X" (for example you will not break into someone's computer and steal information), or to grant specific rights to governments by saying "The government can X" (you can break into someone's computer and seize information IF YOU HAVE A WARRANT).

      Unfortunately governments over time adopt the attitude that they are allowed to do things if it's not prohibited by law. That is completely wrong. It's the citizen who is allowed to do anything that's not prohibited by law. Government requires law to grant them the right to do anything, otherwise they can't do it. But when you just ignore the law anyway because you know no one will prosecute you, or you can just pull out the "National Security" card...

    2. Re:Illegal by rtb61 · · Score: 5, Insightful

      For foreign governments, still very much so and according to the US government, a declaration of war, as they have stated repeatedly. According to the US Government's own big fat fucking mouths, when they hack your countries network, they have committed an act of war and should face the consequences. It would seem according to the US Governments own stance, that the US government should be publicly rebuked by the United Nations for committing acts of war all over the world, as defined by the US government.

      --
      Chaos - everything, everywhere, everywhen
  2. So... by Anonymous Coward · · Score: 5, Informative

    FTA

    BothanSpy is installed as a Shellterm 3.x extension on the target machine and only works if Xshell is running on it with active sessions.

    The user manual for Gyrfalcon v2.0 says that the implant is consist of "two compiled binaries that should be uploaded to the target platform along with the encrypted configuration file."

    You need an attack vector to implant the malware.

  3. There's no security hole here by Anonymous Coward · · Score: 5, Informative

    The manual says, "Upload the files to the target using whatever means available."
    This is something an agent puts on an already-compromised machine.