Skip to main content

OutlawCountry: CIA’s Hacking Tool For Linux Computers Revealed

By

cia linux tool hakcing
Another day, another CIA hacking tool reveal. Wikileaks has published fresh documents that deal with the CIA’s hacking and spying on Linux machines using a malware strain called OutlawCountry. This tool consists of a kernel module that creates invisible netfilter
table for creating new rules with iptables command. This way the operator is able to modify and redirect the network traffic.
Following the CIA’s Brutal Kangaroo malware which hacked offline and air-gapped computers using USB drives, WikiLeaks has leaked another CIA hacking and spying tool called OutlawCountry. Interestingly, unlike the previous tools, OutlawCountry targets Linux machines.
This new malware strain’s details have been leaked in the form of a user manual, which describes that OutlawCountry tool consists of a kernel module for Linux 2.6, using which CIA can modify the network traffic and redirect it for ex- and infiltration purposes.
The OutlawCountry’s prerequisites for operation are a compatible 64-bit CentOS/RHEL 6.x operating system, shell access and root access to the target, the target must have a “nat” netfilter table.

Brief working of OutlawCountry

The working of OutlawCountry hasn’t been described in detail in the document. The operator of this Linux malware loads the module via shell access to the target. After it’s loaded, the module creates a new Netfilter table with some obscure name.
Screen Shot 2017-07-01 at 12.49.41 PM
Image: WikiLeaks
The newly created table allows certain rules to be created with the help of “iptables” command. The new rules get priority over the older rules and are only visible to a person if he/she knows the name of the table. The table gets removes when the hacker removes the kernel module. ” Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain,” WikiLeaks writes.
Talking about the network traffic modification, as you can see in the picture above, the OutlawCountry module is loaded on the target (TARG_1). After this step, a CIA hacker may add more hidden iptables rules to play with the network traffic between EAST and WEST networks. For e.g., the traffic from WEST_2 to EAST_3 could be redirected to EAST_4 or EAST_5.
You can read further details about OutlawCountry in this user manual.
Labels:

Comments

Post a Comment

Follow Us

WHAT'S HOT

How To Connect Android or iOS Phone To Windows 10

By
The  Continue on PC  feature is currently available to Windows Insiders, but it’ll arrive for regular users once the update starts landing on their PCs. If you’re running an Insider build, you can use the steps mentioned in this post to connect your phone to Windows 10 PC.
1 comment
Continue Reading »

Samsung Is Having A Lot Of Success With The Gear S3

By
Samsung is having a lot of success with the Gear S3, which is one of the best selling Android Wear 2.0 watches, but the new wearable won't be the successor to the Gear S3. Instead, the company confirmed that a new wearable is likely to
Post a Comment
Continue Reading »

Top 10 Most Hackable Countries In The World In 2017

By
Images: Rapid7 There’s no denying the fact that cyber attacks are on the rise. Rapid7’s National Exposure Index throws light on how vulnerable are individual countries to attacks like DDoS, eavesdropping, etc. According to the report of the most hackable countries featuring data
Post a Comment
Continue Reading »

Apple Invests $200 Into Corning And Its Gorilla Glass Technology

By
For some time, Apple was thinking about releasing iPhones with sapphire models, but according to its latest investment, the company is now focused on glass. As a part of the recently announced $1 billion fund aimed at investing in US-based manufacturing, the first company to get money is Corning.
Post a Comment
Continue Reading »