Tuesday, July 4th., 2017
WikiLeaks Exposes CIA Targeting Linux Users With OutlawCountry Network Traffic Re-Routing Tool
WikiLeaks Exposes CIA Targeting Linux Users With OutlawCountry Network Traffic Re-Routing Tool
Hot Hardwire
Another day, another government spying exploit rises to the surface courtesy of Wikileaks, this time originating from the CIA. This WikiLeaks data dump specifically lets us know of a CIA-engineeredspying tool called OutlawCountry (no space), which, interestingly enough, explicitly targets Linuxusers. You know, those digital freedom loving passionate penguin peeps that appreciate having great control over their computer? But don’t worry, the CIA has targeted Windows users en massein the past as well; absolutely no one has proven safe and they obviously don’t discriminate.OutlawCountry starts out as a Linux kernel module (nf_table_6_64.ko) that gets loaded into the system and subsequently creates a new entry in the iptables firewall configuration. After the deed is done, the original kernel module is no longer needed, so it’s deleted.
Excerpt from CIA’s OutlawCountry guide
What’s not clear at this point, is how the CIA expected to infect computers with this malware. Access to the machine is required, so it seems another exploit would allow an attacker to get in and then elevate to a privileged account to execute the attack. Falling victim to this particular attack, given its implementation, would pose almost no risk being sent as an email attachment, unless it was packaged as a script and still somehow managed to be run with root access.
OutlawCountry is just one of the many CIA leaks that WikiLeaks has released out as part of its Vault 7 series of data dumps, which have had more than a dozen separate leaks since the first back in March of this year.