WikiLeaks doc dump reveals CIA tools for infecting air-gapped PCs WikiLeaks has published online more top-secret documents it has obtained from the CIA describing the agency's hacking tools. This time the dossier details software codenamed Brutal Kangaroo that agents can use to infect targets' air-gapped computers with malware. The documents, originally written on May 11, 2015 and revised on …
One day I found that a snack machine had given me a Mars bar without accepting my money. Went to the catering manager to pay for it. She had noticed a discrepancy in recent tallies - but hadn't twigged that the Mars bar slot had accidentally been set to zero cost.
A real air gapped network has another device in between with no network access, doesn't run anything mainstream but is capable of scanning files and copying them from one media to another. Tripwire etc is involved and most of it is mounted read only.
The data on the secure side is converted to plaintext and is retransmitted, again, via two semaphore operators in a tunnel with the doors closed at each end during transmission. The final bridge is the recipient semaphorist typing into a TTY.
Wifey has started using something called "wifi" to get her docs and photos on our home LAN - apparently security is fine but inconvenient. The pigeons serving the offsite backups are starting to show signs of flagging under the sudden onslaught of data. I may have to upgrade to albatrosses to carry the new high capacity coded message canisters.
I may have to upgrade to albatrosses to carry the new high capacity coded message canisters.
Pelicans. http://s.hswstatic.com/gif/pelican-1.jpg
Yeah , an air gap pc has to catch a disease the old fashioned way!
" target computer that is set up to autorun its contents and is using Windows 7 as an operating system and running .Net 4.5"
Is that likely? surely everyone has autorun shut off by now?
Surely we've realised its just another of microsoft's hacking APIs (along with hiding file extensions) , even if we cant understand the completely retarded thinking that put them there
Usually in those environments names are designed to be as random as possible, using a given vocabulary. The idea behind is the names shouldn't tell much about what they refer to (of course, their documentation would have to stay secret...), so just referring to them by name doesn't deliver useful information.
More or less like many Linux application names :-P
I think they have the opportunity to tweak them or try again with the name generator. Brutal Kangaroo jumping from machine to machine with impunity. That's just poetic.
I wonder what Honest Politician would do? Probably doesn't exist yet.
"Usually in those environments names are designed to be as random as possible, using a given vocabulary."
There was the story (apocryphal?) of a major broadsheet newspaper's crossword in 1944 containing the answers "Overlord", "Omaha", "Utah" etc. As this was just before D-Day the security services became very concerned and visited the crossword compiler on suspicion he was a German spy.
The man was a school teacher. It transpired that some of his pupils helped him with suggestions for words to which he fitted clues. As children they had reasonably free access to the nearby US army camp and its bonuses of chocolates etc - a part of the temporary accommodation of the large invasion forces. The boys saw these relatively unusual words written on boards and fed them back to their school master as crossword answers.
Yet again government agents abuse any tool/law they get their hands upon.
These are supposed to be people we trust to act with integrity but it is clear that until greater power is balanced with greater punishment then they will continue to abuse whatever they are trusted with.
Nothing wrong with THIS abuse - these are the guys their country pays to go and get info from ANOTHER country and/or attack another country by messing with its infrastructure, planting fake news, etc. The goal is to do it by any means necessary short of causing a war (unless they have been tasked with causing a war).
Like it or not, that is a the job of the externally facing secret services - CIA, GRU, MI6, etc. They are paid to fight dirty so that we do not fight "clean" on the battlefield according to the Geneva Conventions. Historically, they have been massively overdoing it on both sides and it is long overdue for them to be reigned in exactly because of that - a dirty cloak and dagger war can always spill out in the open and become clean and nobody wants to do that.
@ Voland's right hand
How do you know what they have been up to, what is clear is that if they robbed the vending machine and no one came forward to pay then they clearly are not acting within the law but as common thieves.
I am not niave about the need to counter foreign attacks but at the same time either they are supervised and the theft was condoned or they are allowed to do what they like with zero oversight.
These guys were not behind enemy lines they were in the country they are supposed to be protecting, if they have no respect for their own country's laws or citizens (who paid for stolen goodies) then why are they trusted with that country's secrets
How do you know what they have been up to,
I know more than I would have preferred to know. I have multiple granduncles who have worked for one of the "firms" and I know about some of their older "handywork" which is now past its classification "window" (lots of it is still not published, it officially does not exist, just no criminal penalty if you happen to know about it without having the relevant clearance).
As far as the morals of the staff employed by the CIA, GRU, MI6, Mossad, etc, you get both sides of the coin. People who do it for their country and people who you would rather not meet in a dark alley. Both of them have little respect for the law as their job is to break the law to get the work done.
It is the job of the political control of the agency and whoever gives orders to ensure that the subject of their interests is the enemy and not their own population. Unfortunately, the 20th and the 21st century (so far) are a litany of failures as far as that is concerned. Pretty much all governments have taken a leaf out of the Stalin and Hitler's book and have deployed the secret services (along with their long list of dirty methods) against internal targets.
"These are supposed to be people we trust to act with integrity but it is clear that until greater power is balanced with greater punishment then they will continue to abuse whatever they are trusted with."
Oh grow up. You seriously think that no other government in the world is doing this or at least trying to? Its the nature of espionage. And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China? You have to wonder who's funding this supposedly impartial whistle blowing site.
"Oh grow up. You seriously think that no other government in the world is doing this or at least trying to? Its the nature of espionage. And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China? You have to wonder who's funding this supposedly impartial whistle blowing site."
"no other government in the world is doing this", they are supposed to act against foreign powers not the people they are supposed to protect. In terms of domestic dissidents then who chooses what is best for our country? if it is a democracy it is supposed to be us.
"And isn't it odd that wikileaks only seems to stick it to the US security services, where are all the insider documents from Russia or China?" I don't live in Russia or China but if I did and they were democracies then I would be equally concerned about a group acting against democracy and the law in the country in which I lived.
Given that I did not come from a family "on the inside" then my chances of becoming collateral damage are much higher than yours. I am not niave, I just remember all the deaths reported in the papers of plastic bag over the head self strangulations during kinky sex. All the child abuse and murders that went unpunished and has recently be shown to have been condoned by the authorities. The cost to the people they are presented to be protecting seems somewhat high
If it is against the law then that should apply to everyone in that country, one law for everyone or it is not a law at all. That this reports suggest that there is no effective oversight is most worrying of all, how do we know the next terror attack wasn't for our own good?
As far as I can tell, it's again a good reason to drop Windows, but it's like the Trump presidency: it doesn't matter how blatant the problem, there will always be plenty of BS merchants seeking to declare anything black of the purest white.
I'm just stating it here so the Redmond downvoters have something to do.
Leaving the standard autorun active would really be kinda stupid this day and age. However, one can rely on the OS trying to read the file structure of inserted media - not having read the source I can only wonder if it would be possible to exploit something there and craft a "file structure" that ends up executing a payload instead...
Leaving the standard autorun active would really be kinda stupid this day and age. However, one can rely on the OS trying to read the file structure of inserted media - not having read the source I can only wonder if it would be possible to exploit something there and craft a "file structure" that ends up executing a payload instead...
It's the driver portion that's the key bit. IIRC "Brontik" (or some similar name, circa 2013) could infect USB sticks in such a way that Windows would load the malware as if it was a driver for the stick. Several times I saw that thing getting past up-to-date AV and past autorun. Was interesting when I finally got a sample of it to play with (before the boss did a hardware wipe of the USB I had it on, involving a blowtorch...), plugged it into something that had only just updated it's av (can't recall which, but was one of the better ones), and the machine was infected despite good AV and all autorun stuff off. Did it to prove to the boss we needed another scanning station that wasn't using a HDD-installed Windows.
Whatever it was, it blew straight past the defences and the machine was infected (had an obvious payload, dropped "porn.avi(hidden.EXE)" onto the desktop (or something like that) among other things, and you could see it happen a few seconds after plugging the stick in but before you got the "your driver was installed correctly" prompt. I know it infected 7 and XP, safe to assume also Vista.
But maybe it was also working on the filesystem as you suggest. However it worked it was damned quick!
"The packaging it came in. "
Super-sharp Kitchen Devils now come in a blister pack - presumably designed so kids can't pocket the knife in the shop. Unfortunately it is very easy to nick yourself on the knife edge when opening the blister pack - a light touch is enough for a bleeding fine cut.
To anyone who has ever bought a new knife:- What is one of the first things that you cut with it?Yes, yourself.
Immutable law of physics that. Why, you could send it to someone to open on your behalf, on another planet, in a parallel universe, and before it has even cut air you'll be bleeding!
Funniest was someone very carefully handling the blade packet with gloves (one of those ones where you don't need to touch the blade ever).. Blade somehow slipped, dropped onto his bare leg just above the steel cap boots he was wearing, giving himself a small but annoying cut. Blood sacrifice satisfied no one else was cut by that blade
I'm sorry but I didnt need the CIA to tell me that if I want to infect an air gapped pc I have to put my malware on a stick and hope there are enough idiots with autorun still turned on that the malware will make its way over the airgap
The CIA are going to shit a gold brick when they realise there is a way round the "no autorun" hurdle - simply label your malware nakedladys.jpg.exe
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
