Slash Boxes

SoylentNews is people

posted by Fnord666 on Friday June 30 2017, @06:11PM   Printer-friendly
from the another-day-another-leak dept.

"Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain."

-- Leaked Documents :

= OutlawCountry v1.0 User Manual

= OutlawCountry v1.0 Test Plan

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday June 30 2017, @07:00PM (3 children)

    by Anonymous Coward on Friday June 30 2017, @07:00PM (#533623)

    Don't most Windows "exploits" rely on the user installing some kind of screen saver or something so they can see some tits? Are there still princes in Africa who need financial assistance? Are there urgent notices from the Federal Department of Needful Revenue Internal Service I need to install a program at the link provided in the email to see?

  • (Score: 2) by Nerdfest on Friday June 30 2017, @07:07PM (2 children)

    by Nerdfest (80) on Friday June 30 2017, @07:07PM (#533627)

    There are still lots of drive-bys.

    • (Score: 1, Interesting) by Anonymous Coward on Friday June 30 2017, @07:35PM (1 child)

      by Anonymous Coward on Friday June 30 2017, @07:35PM (#533641)

      Oh right, I forget that Windows users install software for which each document opened is potentially a program in unto itself.

      I don't understand why exactly Microsoft Office users need a feature like that, but I'm a LibreOffice user when I'm not using LaTeX. Perhaps my use-case is different.

      Microsoft Office users must implicitly trust anybody who would send them documents. Seems a bit insane to me.

      • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @03:48PM

        by Anonymous Coward on Saturday July 01 2017, @03:48PM (#533926)

        By design, what easier way to spread malware through a business? No one thinks a text document would be dangerous (non tech people)