WikiLeaks reveals Brutal Kangaroo program used by the CIA to infect air-gapped computers

[midian182]

WikiLeaks has published more documents revealing the hacking tools used by the CIA. This latest dossier dump includes details on how the agency was able to infiltrate air-gapped computers - machines that hold information so sensitive they are physically isolated and incapable of connecting to other computers or unsecured networks.

The 150 pages of material published by WikiLeaks includes a user guide for the Brutal Kangaroo program that targets closed networks or computers using infected USB sticks. One of its components is Shattered Assurance, a server tool that utilizes the Drifting Deadline malware to infect any USB drives that are plugged into the machine in question. When the affected drive is then plugged into an air-gapped computer, Shadow malware is deployed onto the system.

"When a user is using the primary host and inserts a USB stick into it, the thumb drive itself is infected with a separate malware. If this thumb drive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network.”

"By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange," writes Wikileaks.

The drives were sometimes able to infect machines without the user having to open any files by utilizing Windows OS exploits.

“Older versions of the tool suite used a mechanism called EZCheese that was a zero-day exploit until March 2015; newer versions seem to use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system,” according to Wikileaks.

In a statement, a Microsoft wrote: "Our investigation confirmed that customers on supported versions of Windows are not impacted. For the best defense against modern security threats, we recommend Windows 10, which is updated automatically by default."

WikiLeaks notes the similarities between Brutal Kangaroo and Stuxnet, the industrial malware that infected the air-gapped computers used by Iranian scientists working on the country’s nuclear program.

Permalink to story.

https://www.techspot.com/news/69846-wikileaks-reveals-brutal-kangaroo-program-used-cia-infect.html

 

[wiyosaya]

IMO, Microsoft should ad this to their statement:

The best means that Windows 10 updates use to protect computers is by breaking them and making them totally unusable. After all, when computers are not in use, they cannot get infected.

 

[Greg S]

Government agencies must have people that are really bored at work to come up with creative code names for projects.

Using usb drives isn't the impressive part. The impressive part is forming a covert network link to coordinate tasks and still not being noticed.

 

[David Belkin]

CIA, NSA, hacking.... So why is every body pointing fingers at Russia, China and North Korea, and is every body believing the bull the corporate media is spewing, day in and day out?

 

[Jibberish18]

Not criticizing any government agencies but people forget that a few years back the US was caught spying on damn near the entire WORLD, including allies.

 

[Lionvibez]

IMO, Microsoft should ad this to their statement:

The best means that Windows 10 updates use to protect computers is by breaking them and making them totally unusable. After all, when computers are not in use, they cannot get infected.

Meh this isn't as bad as it sounds you still need physical access to plug in the USB key.

If I already have physical access to the box its already game over.

 

[David Belkin]

Ngel

Not criticizing any government agencies but people forget that a few years back the US was caught spying on damn near the entire WORLD, including allies.

The US government is still spying on the entire world. Victims included the EU offices in Belgium which was wire tapped, the UN offices which was spied on by US diplomats instructed by Hillary Clinton, and Germany's Angela Merkel's mobile phone.
Now just imagine Iran or Russia had done this?

 

[Capaill]

So, Windows 10 security is so good, it has beaten the CIA hackers?

 

[Evernessince]

And Microsoft uses the opportunity to advertise Windows 10 instead of promising any kind of fix. I know that windows 10 still reads information from a USB drive / Disc automatically to find what kind of content it contains or if it has an auto-play feature. Still easily exploitable.

 

[Uncle Al]

IMO, Microsoft should ad this to their statement:

The best means that Windows 10 updates use to protect computers is by breaking them and making them totally unusable. After all, when computers are not in use, they cannot get infected.

I believe they announced this several decades ago. It's called the "undocumented feature" .......

 

[BrianMontanye]

Not criticizing any government agencies but people forget that a few years back the US was caught spying on damn near the entire WORLD, including allies.

And do you think those countries are like Pipi Longstocking? Cute, adorable and without malevolent intentions? The only difference here is someone tattled on the US. Those other countries are doing the exact same thing.

 

[SirChocula]

CIA, NSA, hacking.... So why is every body pointing fingers at Russia, China and North Korea, and is every body believing the bull the corporate media is spewing, day in and day out?

The great majority of the American public is utterly clueless and/or stupid. The MSM is mass indoctrination on a subconscious level but there are so much mixed content/gate keepers out there that it is hard to filter out what is true vs the paid shills (I.e., Alex Jones of infowars)

 

[Jibberish18]

And do you think those countries are like Pipi Longstocking? Cute, adorable and without malevolent intentions? The only difference here is someone tattled on the US. Those other countries are doing the exact same thing.

Maybe, maybe not. I'd believe the same in major world powers but would I believe that an ally like Japan or Germany installed spyware here to spy on us? That's the question you have to ask. Sure we all play the game but how far should you go?

 

[David Belkin]

Not criticizing any government agencies but people forget that a few years back the US was caught spying on damn near the entire WORLD, including allies.

And do you think those countries are like Pipi Longstocking? Cute, adorable and without malevolent intentions? The only difference here is someone tattled on the US. Those other countries are doing the exact same thing.

Oh dear.

 

[Wizwill]

If the computer in question was truly "air gapped" (In its most restricted definition, not physically connected to a network)you could plug a dozen infected USB drives into it and infected the computer so badly that pus came out of every reopening on the computer case and it would not matter. How would the information be transmitted to the hacker? If there was a port through which it could be offloaded and a way to hook it up, it is not air gapped.
Anybody who thinks any computer anywhere in the world cannot be hacked has crap in their hair because that's where their head is.

 

[Amazon132017]

So, Windows 10 security is so good, it has beaten the CIA hackers?

REALLY! Have you ever asked yourself, why does Microsoft continue to update Windows, that are no longer supported? My Windows XP was security updated, soon after, it started to do weird things and then it completely died!

 

[gigantor21]

Thanks for reminding me that Roger Jr. got cut from Tekken 7. -_-

OT: Wonder how long before this ends up in the wild, like Stuxnet was. If it isn't already, anyway...

 

[Tanstar]

"For the best defense against modern security threats, we recommend Windows 10, which is updated automatically by default."

On an air-gapped computer? *sigh*

 

[DelJo63]

And Microsoft uses the opportunity to advertise Windows 10 instead of promising any kind of fix. I know that windows 10 still reads information from a USB drive / Disc automatically to find what kind of content it contains or if it has an auto-play feature. Still easily exploitable.

There are tools to lock-down USB ports and/or only allow known devices. This exploit is as old as Floppy Disks!

 

[DelJo63]

"Air-Gapped"? In the business it's known as SILO systems: closed networks without Internet access.