Stories
Slash Boxes
Comments

SoylentNews is people

OutlawCountry: Project of the CIA Targets Computers Running the Linux Operating System

posted by Fnord666 on Friday June 30 2017, @06:11PM   Printer-friendly
from the another-day-another-leak dept.

An Anonymous Coward writes:

"Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain."

https://www.wikileaks.org/vault7/#OutlawCountry

-- Leaked Documents :

= OutlawCountry v1.0 User Manual
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/OutlawCountry_v1_0_User_Manual.pdf

= OutlawCountry v1.0 Test Plan
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/OutlawCountry_v1_0_Test_Plan.pdf

Original Submission

 
This discussion has been archived. No new comments can be posted.
OutlawCountry: Project of the CIA Targets Computers Running the Linux Operating System | Log In/Create an Account | Top | 54 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by KiloByte on Friday June 30 2017, @07:59PM

    by KiloByte (375) on Friday June 30 2017, @07:59PM (#533656)

    Peddlers of proprietary drivers keep whining about no binary compatibility for kernel modules. Documentation/process/stable-api-nonsense.rst provides enough non-security reasons "why not". Here we have a security one, although to get full benefits you'd need to actively stop compatibility rather to rely on it being accidentally broken.

    The OpenBSD take on this is to re-link the kernel every boot [theregister.co.uk]. They also decided to drop support for loadable modules [phoronix.com], although that's not really an option if you want to support hotplugging new hardware at runtime.

    --
    Ceterum censeo systemd esse delendam.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2