Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday July 08 2017, @09:30AM   Printer-friendly
from the feeling-secure? dept.

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.

Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network.

Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.

Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server.

BothanSpy is installed as a Shellterm 3.x extension on the target machine and only works if Xshell is running on it with active sessions.

[...] Gyrfalcon targets Linux systems (32 or 64-bit kernel) using a CIA-developed JQC/KitV rootkit for persistent access.

Source: The Hacker News

The latest addition to WikiLeaks' Vault 7 cache of CIA tools and documents gives details of tools used by the agency to attack Windows and Linux computers. The BothanSpy and Gyrfalcon projects can be used to intercept and exfiltrate SSH (Secure Shell) credentials.

BothanSpy is used to target Windows, while Gyrfalcon is used for Linux machines, with both working in different ways. A number of popular distros can be hit by Gyrfalcon, including CentOS, Debian, RedHat, openSUSE and Ubuntu, and both tools function as implants that steal credentials before transmitting them to a CIA server.

The leaked documentation for the tools was updated as recently as March 2015, and the file relating to BothanSpy reveals that XShell needs to be installed as it itself installs as a Shellterm extension. There are smatterings of humor throughout the file, with a warning that: "It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets." There is also the introductory quip: "Many Bothan spies will die to bring you this information, remember their sacrifice."

Source: BetaNews


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Snotnose on Saturday July 08 2017, @11:25AM (3 children)

    by Snotnose (1623) on Saturday July 08 2017, @11:25AM (#536493)

    but they've been busy little beavers the past decade or so. Busy evil beavers, but still. Ya gotta admire their work ethic.

    / assholes
    // they could have done wonders in making us all more secure
    /// but noooooooo

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 4, Insightful) by JoeMerchant on Saturday July 08 2017, @12:43PM (2 children)

    by JoeMerchant (3937) on Saturday July 08 2017, @12:43PM (#536508)

    More secure is not their goal.

    Exposure of these exploits will drive greater security in the future.

    Who's your hero here?

    --
    🌻🌻 [google.com]
    • (Score: 2) by JNCF on Saturday July 08 2017, @03:17PM (1 child)

      by JNCF (4317) on Saturday July 08 2017, @03:17PM (#536545) Journal

      In hindsight "BothanSpy" seems like a particularly poor choice of metaphors, given that the plans for it have been from the Empire by the Rebels.

      • (Score: 2) by JoeMerchant on Saturday July 08 2017, @06:17PM

        by JoeMerchant (3937) on Saturday July 08 2017, @06:17PM (#536597)

        The agency created the name, probably somebody in there trying to convince themselves that they were the good guys.

        --
        🌻🌻 [google.com]