back to article WikiLeaks doc dump reveals CIA tools for infecting air-gapped PCs

WikiLeaks has published online more top-secret documents it has obtained from the CIA describing the agency's hacking tools. This time the dossier details software codenamed Brutal Kangaroo that agents can use to infect targets' air-gapped computers with malware. The documents, originally written on May 11, 2015 and revised on …

Gold badge
Thumb Up

Hacked the snack machine and stole $4K of goodies.

Proper BOFH behavior.

Allegedly.

27
0
Anonymous Coward

Re: Hacked the snack machine and stole $4K of goodies.

They do say the only difference between criminals and the police is the uniform.

37
2
Anonymous Coward

Re: Hacked the snack machine and stole $4K of goodies.

"They do say the only difference between criminals and the police is the uniform."

Poacher turned gamekeeper and vice versa. That theme ran through "Red Dragon" and the other Hannibal Lecter stories.

7
0
Silver badge

Re: Hacked the snack machine and stole $4K of goodies.

Criminals would say that.

3
17
Silver badge

Re: Hacked the snack machine and stole $4K of goodies.

Not just a hackable machine, but lousy financial controls in place as well.

How many times was the thing restocked without adequate income from it?

17
0
Anonymous Coward

Re: Hacked the snack machine and stole $4K of goodies.

Sounds like these CIA guys were formerly at MIT.

1
0

Re: Hacked the snack machine and stole $4K of goodies.

Judging by the prices in our office machines, once.

20
0
Silver badge

Re: Hacked the snack machine and stole $4K of goodies.

> How many times was the thing restocked without adequate income from it?

How many times were decent, hard-working service technicians sacked on suspicion of theft because the CIA office staff were, of course, above suspicion?

7
0
Anonymous Coward

Re: Hacked the snack machine and stole $4K of goodies.

One day I found that a snack machine had given me a Mars bar without accepting my money. Went to the catering manager to pay for it. She had noticed a discrepancy in recent tallies - but hadn't twigged that the Mars bar slot had accidentally been set to zero cost.

1
0
Silver badge

FFS

If you believe you've assembled the A-team of hackers - and you don't believe they'll pick on your rip-off vending machine..

..just fire yourself.

32
0
Silver badge

"Suspicion Deflection"

Oh if only they'd named it "Drop Bear" then they could believably claim it was one of them Asian nation states!

(Yeah, yeah, I know, but the American public wouldn't remember 'continents' ...)

10
2
Silver badge

Re: "Suspicion Deflection"

Name already taken - by the embedded ssh server build. The one used by OpenWRT.

3
0
Silver badge
Joke

Re: "Suspicion Deflection"

Damn right it's taken!

1
0
Silver badge
Gimp

Air gap with Windows gateways, you say (imply)

A real air gapped network has another device in between with no network access, doesn't run anything mainstream but is capable of scanning files and copying them from one media to another. Tripwire etc is involved and most of it is mounted read only.

The data on the secure side is converted to plaintext and is retransmitted, again, via two semaphore operators in a tunnel with the doors closed at each end during transmission. The final bridge is the recipient semaphorist typing into a TTY.

Wifey has started using something called "wifi" to get her docs and photos on our home LAN - apparently security is fine but inconvenient. The pigeons serving the offsite backups are starting to show signs of flagging under the sudden onslaught of data. I may have to upgrade to albatrosses to carry the new high capacity coded message canisters.

26
2
Joke

Re: Air gap with Windows gateways, you say (imply)

When you do upgrade, make sure you use a pointless albatross - less wear and tear on its feet.

5
0
Silver badge

Re: Air gap with Windows gateways, you say (imply)

Have you tried swallows? I hear they're fast.

4
0
Silver badge
Happy

Re: Air gap with Windows gateways, you say (imply)

Would that be an African or a European swallow? And will that change post-Brexit?

12
0
Anonymous Coward

Re: Air gap with Windows gateways, you say (imply)

unladen?

5
0
Gold badge
Big Brother

"pointless albatross"

What do you know about pointless albatross?

It's not even ready for release yet.

4
0
Anonymous Coward

Re: Air gap with Windows gateways, you say (imply)

Pelicans have more bandwidth.

5
0

Re: Air gap with Windows gateways, you say (imply)

You should check out RFC1149, the updated version with QoS, RFC2549, and the IPv6 update, RFC6214.

1
0
Silver badge

Re: Air gap with Windows gateways, you say (imply)

unladen?

Wasn't he killed a while back?

5
0
Silver badge

Re: Air gap with Windows gateways, you say (imply)

I may have to upgrade to albatrosses to carry the new high capacity coded message canisters.

Pelicans. http://s.hswstatic.com/gif/pelican-1.jpg

0
0
Bronze badge

Re: Air gap with Windows gateways, you say (imply)

"... via two semaphore operators in a tunnel ..."

I frequently refer to bad network connections having "two squirrels with semaphore flags in the data path." I had no idea the use of that technology was so wide spread!

0
0
Silver badge

Re: Air gap with Windows gateways, you say (imply)

What flavour is that albatross?

0
0
Silver badge

Re: Air gap with Windows gateways, you say (imply)

Pelicans. http://s.hswstatic.com/gif/pelican-1.jpg

An example of RFC1149 encapsulation at work: https://www.youtube.com/watch?v=phUs2kIGY9M

0
0

Amazing

Sophisticated malware that crosses an air gap...

you mean like a...

VIRUS?

3
1
Anonymous Coward

Re: Amazing

Yeah , an air gap pc has to catch a disease the old fashioned way!

" target computer that is set up to autorun its contents and is using Windows 7 as an operating system and running .Net 4.5"

Is that likely? surely everyone has autorun shut off by now?

Surely we've realised its just another of microsoft's hacking APIs (along with hiding file extensions) , even if we cant understand the completely retarded thinking that put them there

8
0
Anonymous Coward

Nope...

Organization's PCs have wee stickers over the USB sockets.

We're safe.

NEXT!

6
0
Silver badge

Re: Nope...

I work in a school. The USB ports are safe because they all have chewing gum in them.

11
0
Silver badge

Re: Nope...

"

I work in a school. The USB ports are safe because they all have chewing gum in them.

"

Besides which there is no room for a virus - the HDD is filled with porn.

2
0
Silver badge
WTF?

Who comes up with these silly application names?

Cowboys or spooks?

Sorry; same, same...

4
0
LDS
Silver badge

Re: Who comes up with these silly application names?

Usually in those environments names are designed to be as random as possible, using a given vocabulary. The idea behind is the names shouldn't tell much about what they refer to (of course, their documentation would have to stay secret...), so just referring to them by name doesn't deliver useful information.

More or less like many Linux application names :-P

7
0

Re: Who comes up with these silly application names?

I think they have the opportunity to tweak them or try again with the name generator. Brutal Kangaroo jumping from machine to machine with impunity. That's just poetic.

I wonder what Honest Politician would do? Probably doesn't exist yet.

4
0
Anonymous Coward

Re: Who comes up with these silly application names?

"Usually in those environments names are designed to be as random as possible, using a given vocabulary."

There was the story (apocryphal?) of a major broadsheet newspaper's crossword in 1944 containing the answers "Overlord", "Omaha", "Utah" etc. As this was just before D-Day the security services became very concerned and visited the crossword compiler on suspicion he was a German spy.

The man was a school teacher. It transpired that some of his pupils helped him with suggestions for words to which he fitted clues. As children they had reasonably free access to the nearby US army camp and its bonuses of chocolates etc - a part of the temporary accommodation of the large invasion forces. The boys saw these relatively unusual words written on boards and fed them back to their school master as crossword answers.

2
0
Anonymous Coward

Who watches the watchers?

Yet again government agents abuse any tool/law they get their hands upon.

These are supposed to be people we trust to act with integrity but it is clear that until greater power is balanced with greater punishment then they will continue to abuse whatever they are trusted with.

8
1
Silver badge

Re: Who watches the watchers?

Nothing wrong with THIS abuse - these are the guys their country pays to go and get info from ANOTHER country and/or attack another country by messing with its infrastructure, planting fake news, etc. The goal is to do it by any means necessary short of causing a war (unless they have been tasked with causing a war).

Like it or not, that is a the job of the externally facing secret services - CIA, GRU, MI6, etc. They are paid to fight dirty so that we do not fight "clean" on the battlefield according to the Geneva Conventions. Historically, they have been massively overdoing it on both sides and it is long overdue for them to be reigned in exactly because of that - a dirty cloak and dagger war can always spill out in the open and become clean and nobody wants to do that.

7
0
Anonymous Coward

Re: Who watches the watchers?

@ Voland's right hand

How do you know what they have been up to, what is clear is that if they robbed the vending machine and no one came forward to pay then they clearly are not acting within the law but as common thieves.

I am not niave about the need to counter foreign attacks but at the same time either they are supervised and the theft was condoned or they are allowed to do what they like with zero oversight.

These guys were not behind enemy lines they were in the country they are supposed to be protecting, if they have no respect for their own country's laws or citizens (who paid for stolen goodies) then why are they trusted with that country's secrets

8
0
Silver badge

Re: Who watches the watchers?

How do you know what they have been up to,

I know more than I would have preferred to know. I have multiple granduncles who have worked for one of the "firms" and I know about some of their older "handywork" which is now past its classification "window" (lots of it is still not published, it officially does not exist, just no criminal penalty if you happen to know about it without having the relevant clearance).

As far as the morals of the staff employed by the CIA, GRU, MI6, Mossad, etc, you get both sides of the coin. People who do it for their country and people who you would rather not meet in a dark alley. Both of them have little respect for the law as their job is to break the law to get the work done.

It is the job of the political control of the agency and whoever gives orders to ensure that the subject of their interests is the enemy and not their own population. Unfortunately, the 20th and the 21st century (so far) are a litany of failures as far as that is concerned. Pretty much all governments have taken a leaf out of the Stalin and Hitler's book and have deployed the secret services (along with their long list of dirty methods) against internal targets.

8
0
Silver badge

Re: Who watches the watchers?

"These are supposed to be people we trust to act with integrity but it is clear that until greater power is balanced with greater punishment then they will continue to abuse whatever they are trusted with."

Oh grow up. You seriously think that no other government in the world is doing this or at least trying to? Its the nature of espionage. And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China? You have to wonder who's funding this supposedly impartial whistle blowing site.

0
1

Re: Who watches the watchers?

Point totally messed.

It isn't against the enemy whoever they may be but against allies and their own people that is the issue. Remember that these tools had been found in the past left laying about in domestic systems by sloppy spooks.

3
0
Anonymous Coward

@ Voland's right hand

"Oh grow up. You seriously think that no other government in the world is doing this or at least trying to? Its the nature of espionage. And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China? You have to wonder who's funding this supposedly impartial whistle blowing site."

"no other government in the world is doing this", they are supposed to act against foreign powers not the people they are supposed to protect. In terms of domestic dissidents then who chooses what is best for our country? if it is a democracy it is supposed to be us.

"And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China?" I don't live in Russia or China but if I did and they were democracies then I would be equally concerned about a group acting against democracy and the law in the country in which I lived.

Given that I did not come from a family "on the inside" then my chances of becoming collateral damage are much higher than yours. I am not niave, I just remember all the deaths reported in the papers of plastic bag over the head self strangulations during kinky sex. All the child abuse and murders that went unpunished and has recently be shown to have been condoned by the authorities. The cost to the people they are presented to be protecting seems somewhat high

If it is against the law then that should apply to everyone in that country, one law for everyone or it is not a law at all. That this reports suggest that there is no effective oversight is most worrying of all, how do we know the next terror attack wasn't for our own good?

1
0
Silver badge

I you're a target, move

a target computer that is set up to autorun its contents and is using Windows 7

Seriously, is that so hard to avoid?

7
0
Anonymous Coward

Re: I you're a target, move

As far as I can tell, it's again a good reason to drop Windows, but it's like the Trump presidency: it doesn't matter how blatant the problem, there will always be plenty of BS merchants seeking to declare anything black of the purest white.

I'm just stating it here so the Redmond downvoters have something to do.

4
1
Silver badge

Re: I you're a target, move

Leaving the standard autorun active would really be kinda stupid this day and age. However, one can rely on the OS trying to read the file structure of inserted media - not having read the source I can only wonder if it would be possible to exploit something there and craft a "file structure" that ends up executing a payload instead...

0
0
Anonymous Coward

Re: I you're a target, move

Leaving the standard autorun active would really be kinda stupid this day and age.

Agree. Now, who does this again and again by default. Hmmm. I think they're from Redmond. Hmmm. No, it escapes me at the moment.

0
0
Silver badge
Thumb Up

Re: I you're a target, move

Leaving the standard autorun active would really be kinda stupid this day and age. However, one can rely on the OS trying to read the file structure of inserted media - not having read the source I can only wonder if it would be possible to exploit something there and craft a "file structure" that ends up executing a payload instead...

It's the driver portion that's the key bit. IIRC "Brontik" (or some similar name, circa 2013) could infect USB sticks in such a way that Windows would load the malware as if it was a driver for the stick. Several times I saw that thing getting past up-to-date AV and past autorun. Was interesting when I finally got a sample of it to play with (before the boss did a hardware wipe of the USB I had it on, involving a blowtorch...), plugged it into something that had only just updated it's av (can't recall which, but was one of the better ones), and the machine was infected despite good AV and all autorun stuff off. Did it to prove to the boss we needed another scanning station that wasn't using a HDD-installed Windows.

Whatever it was, it blew straight past the defences and the machine was infected (had an obvious payload, dropped "porn.avi(hidden.EXE)" onto the desktop (or something like that) among other things, and you could see it happen a few seconds after plugging the stick in but before you got the "your driver was installed correctly" prompt. I know it infected 7 and XP, safe to assume also Vista.

But maybe it was also working on the filesystem as you suggest. However it worked it was damned quick!

0
0
Thumb Up

A new knife?

To anyone who has ever bought a new knife:- What is one of the first things that you cut with it?

Yes, yourself.

(Hence the thumb)

4
0
Silver badge

Re: A new knife?

What is one of the first things that you cut with it?

The packaging it came in. Why would I use my own flesh to test its edge? I stopped doing that when I was 8. Mostly.

2
1
Anonymous Coward

Re: A new knife?

"The packaging it came in. "

Super-sharp Kitchen Devils now come in a blister pack - presumably designed so kids can't pocket the knife in the shop. Unfortunately it is very easy to nick yourself on the knife edge when opening the blister pack - a light touch is enough for a bleeding fine cut.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017