OUTLAW COUNTRY | New Vault 7 Release Targets Linux

in #wikileaks7 years ago (edited)

A kernel module that creates a hidden netfilter table on Linux targets conceals itself from admins and users.

outlaw-country-header.jpg

OutlawCountry


Today Wikileaks released yet another set of documents from their Vault 7 CIA leaks. This latest publication reveals the tools used by the CIA to target and infect Linux (open source operating system) based computers. Once infected the computer or computers will redirect all outbound network traffic to CIA command & control servers. The documentation below describes it in a bit more detail:

System Overview and Description
OutlawCountry consists of a kernel module that creates a hidden netfilter table on a Linux target. With knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules.
Assumptions and Constraints
OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x. This module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

Outlaw-abvs.jpg

Outlaw-diagram.jpg

There is little evidence in the document that describes the methods used to compromise targeted computers with this malware but as we know from previous Vault 7 releases it could be done in any number of ways.

I've have a feeling this is the last publication from the 1st part of Vault 7. I get this feeling because Wikileaks released Elsa, a geo-location malware for WiFi-enabled devices, yesterday and now Outlaw Country today. Usually they leave it about a week between releases. They've also hinted to Media ops which is part 2 of Vault 7 being released on July 4th, American Independence Day.


---


Related post:


FORTIFIED

Steemit | Gab

THANK YOU FOR READING

- If You Would Like To Help Me Make More Great Original Content Please Consider Up-Voting and Re-Steeming -

Sort:  

Thanks! I'm struggling for words.. Just.. No one, or no place is safe.

I guess we just need to reinstall our entire software stack every day.

This is why I will never own a car with software. My current ride is a 1980 VW pickup with mechanical fuel injection. Ugly, but the CIA can't mess with my fuel efficiency.

Thanks!

Edit: oh yeah, resteemed.

Thank you.

Maybe this is why cowboys ride horses.

Nice one @valued-customer...VW classic!

This is so fucked though, Linux / Apple / Microsoft... all compromised. wtf

Well, this is why we can't have nice things. =/

Resharing @phibetaiota
Thank you for the contribution.
~The Management

Imgur

Thank you as always my friend.

Oh shit, not Linux!!! You failed us penguin!

Just wanted to let you know, Part 7 of my cryptology series: Key Management is out!
https://steemit.com/cryptocurrency/@digicrypt/cryptology-series-part-7-key-management
Next one up will be quantum cryptography!

Yes thank you kindly. Always appreciate your posts.

Coin Marketplace

STEEM 0.25
TRX 0.20
JST 0.035
BTC 95284.46
ETH 3462.33
USDT 1.00
SBD 3.49