Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Network Security Communications Operating Systems Privacy Software The Internet Windows Hardware

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com) 74

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.
This discussion has been archived. No new comments can be posted.

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs

Comments Filter:
  • Damn (Score:5, Interesting)

    by DontBeAMoran ( 4843879 ) on Friday June 23, 2017 @05:06PM (#54678391)

    Once again, no love for macOS, Linux and BSD.

  • by Rick Schumann ( 4662797 ) on Friday June 23, 2017 @05:07PM (#54678403) Journal

    If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices.

    If you work at a company that has an air-gapped private network for security reasons and you actually do this, then you are a moron and deserve to be fired. I've worked for a defense contractor. We were all trained to not do stupid things like this; basic OPSEC.

    • by sconeu ( 64226 )

      How do you get AV updates onto said airgapped machine/network? When I was trying to set up a red network, one of our requirements (out of the DoD manual) was to have AV that was regularly updated.

      Of course, back then, we didn't use USB.... we used CD-R (not CD-RW).

      • by Anonymous Coward

        You used the safest solution - a CD or DVD. If malware were to try and install itself on a CD or DVD, the spin-up would be noticed. Keeping the OS on an image file that is stomped onto the OS partition every night is another way.

        https://www.schneier.com/blog/archives/2013/10/air_gaps.html

    • OPSEC

      Kinda like Manning walking in with a Lady Gaga CD, erasing it, and populating it with shit, and walking out.

      Kinda like Snowden walking in and out.

      Kinda like WikiLeaks getting hold of secret, well-guarded CIA stuff.

      CaptainDork's 1st Corollary: "When it becomes digitized, it's in the public domain."

    • We were all trained to not do stupid things like this; basic OPSEC.

      Yes, and yet we're all aware of hacks successfully targeting defense contractors, and Chinese war planes which strikingly resemble next-generation American designs. I wonder how they got the plans?

      I'm sure RSA trained their employees not to do "stupid things like this" too, and yet they managed to get thoroughly owned several years ago.

      People do stupid things all the time - even people who've received proper training. Yes, they deserve to be fired... but at that point the damage is done.

      • by Minupla ( 62455 )

        I'm sure RSA trained their employees not to do "stupid things like this" too,

        To be fair, the RSA attack had less to do with a user making a dumb mistake and more a case of poor architectural choices (critical data on the same network as a low-level user, insufficient network segmentation, and honestly, there should have been an airgap between the RSA key secrets and the HR person whose system was compromised, or the admin user's workstation that the attack escalated too.

        All that having been said, it was a VERY sophisticated attack by a well funded actor, and likely would have occurr

    • by AHuxley ( 892839 )
      The security services usually have some story about been from head office, another department, security or a contractor.
      A short conversation with management and staff will allow any stranger to use usb sticks as needed.
      The other method is to place usb sticks to be found or swap the usb sticks of trusted staff.
      If a company or government orders a lot of office supplies online from a trusted US brand? That shipment might be a be altered on the way.
  • When there is a will there is a way.
  • ...any computer that can run software isn't secure. Mind blown.
  • by Gravis Zero ( 934156 ) on Friday June 23, 2017 @05:39PM (#54678533)

    Never create a weapon that you wouldn't want to fall into the hands of your worst enemy... because it will.

    • by AHuxley ( 892839 )
      Ex staff, former staff, contractors, other nations staff, other random people in other trusted governments. Cults and faiths placing their staff deep into gov/mil.
      The politics of trusted staff.
      The staging servers that interesting people finally noticed..
      The use of plain text and no crypto so contractors can make profits working on gov networks.
      Too many secrets is now too many contractors.
  • Next time, listen.

    I blame the router and modem manufacturers for this, actually.

    "Oh, what harm could ever come from releasing source code to the Russians, it's not like they would subvert the elections in all Western nations"

    Sure.

    oh, and you should totally trust your anti-virus security to Russian firms too.

    The surprising thing is you've pretty much only realized the tools we designed a few decades ago, until we realized how deeply the Russians had burrowed into you.

  • So they managed to create a network requiring no persistent connections? They should claim their 2 mil prize [slashdot.org]!

  • What if we had a TLA that searched for ways the Bad Guys could Fuck Us Up. Now imagine we had a TLA that searched for ways the Bad Guys could Fuck Us Up, but it turns out our TLA are The Bad Guys.

    This shit needs to stop. Hopefully the NSA and whomever have figured out they aren't the smartest kids in the room and decide to make us all more secure.

    Damn, meds are wearing off and I'm back to reality. Shit, real life really sucks ass.

: is not an identifier

Working...