"Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.
The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain."
https://www.wikileaks.org/vault7/#OutlawCountry
-- Leaked Documents :
= OutlawCountry v1.0 User Manual
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/OutlawCountry_v1_0_User_Manual.pdf
= OutlawCountry v1.0 Test Plan
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/OutlawCountry_v1_0_Test_Plan.pdf
(Score: 2) by NewNic on Friday June 30 2017, @07:47PM (3 children)
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 2) by butthurt on Friday June 30 2017, @09:09PM (2 children)
If you have root, you can install this software to enable stealthy, ongoing monitoring (spying). Gaining root is a means and spying is an end.
https://en.wikipedia.org/wiki/Payload_(computing)#Security [wikipedia.org]
(Score: 2) by NewNic on Friday June 30 2017, @09:36PM (1 child)
My point is that this isn't anything new, or particularly interesting. People have developed root kits before. Once you have root, it's game over and just about anything is possible.
I doubt that this has ever been used. Look at my other comments under "Bullshit!". This won't work with almost all CentOS/RHEL systems because it only supports a single kernel version.
The limitations mean that this doesn't show a significant interest by the NSA in compromising CentOS/RHEL systems. This is probably some intern's summer project.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 3, Insightful) by deimtee on Saturday July 01 2017, @03:05AM
Or it was targetted at a specific computer that was known to be running that kernel version.
And once you've written it for that purpose, why throw it away? You might never be able to use it again, but space is cheap and it might come in handy. At the very least it would be easier to convert to other kernels than to start over.
If you cough while drinking cheap red wine it really cleans out your sinuses.