Wikileaks Docs Show How the CIA Allegedly Infected Offline Computers
It seems that more and more information continues to come to light regarding hacking � not
just by your average hacker, but by the CIA and other government agencies, too.
Now, WikiLeaks documents have revealed how the CIA infected offline computers using air-gap
hacking.
Air-gapping refers to a security measure that involves isolating a computer or network and
preventing it from establishing an external connection.
Being segregated in this way, devices cannot connect wirelessly or physically with other
computers or network devices, making them virtually immune to remote hacking.
Classified military networks, the payment networks responsible for processing credit
and debit card transactions for retailers, or industrial control systems that operate
vital infrastructure � these are examples of networks that typically use air-gapping.
Maintaining security requires such networks to remain on internal networks that aren�t
connected to the company�s business network.
This ensures intruders can�t enter the corporate network by way of the Internet and weasel
their way into sensitive systems.
But sometimes, as is being revealed by WikiLeaks, there�s a way around an air-gap. Wikileaks
recently published a series of alleged CIA documents showing how the CIA�s malware
was designed to infect these types of targets.
The exposed documents reveal how the CIA has continued to develop its own hacking tools,
apparently to get into devices such as smart TVs and Internet routers.
Called Brutal Kangaroo, the tool suite�s components consist of various components including:
Drifting Deadline, a thumbdrive infection tool;
Shattered Assurance, a server tool responsible for automated infection of USB drives), Broken
Promise, a post processor that evaluates collected information; and Shadow, the main persistence
mechanism.
�Brutal Kangaroo is a tool suite for targeting closed networks by air gap jumping using thumbdrives,�
one of the documents notes. The 11 files in question come from the CIA�s Engineering
Development Group, and allegedly span from 2012 t0 2016.
According to the documents, the CIA gets around air-gapped computers by first remotely installing
a piece of malware on a system connected to the internet called the �primary host.�
Next, an unaware user plugs the infected USB into an air-gapped computer unavailable to
the CIA. The malware then works to send any data back to the CIA once it�s plugged into
the primary host again.
The project sets up its own �custom covert network� in the air-gapped computers once
the malware has infected a target.
Here, the CIA is given access to files for collection. It can also survey the victim
machines, launch its own executables, delete a predetermined list of files, and more.
As the leak notes, there�s a section of the user guide that reveals problems that
certain antivirus products have against the CIA malware.
For instance, Symantec�s product is said to create a pop-up when the malware tried
to automatically run.
A court filing from earlier this year revealed that the Department of Justice may have mistakenly
confirmed the credibility of the CIA documents.
In February of 2015, the FBI took over Playpen, a dark web child pornography site. During
this time, it utilized a network investigative technique � a piece of malware � to try
to expose the site�s users.
While the investigation resulted in hundreds of arrests, it also generated dozens of court
cases across the U.S. regarding the legality of the warrant used to authorize the hacking
operation, along with the source code of the tool used to hack computers.
Hacking undoubtedly remains a controversial subject, and while it can be useful in exposing
dangers to society, it also raises serious ethical issues about the value and safekeeping
of our privacy.
Không có nhận xét nào:
Đăng nhận xét