Written by Alexa Erickson
It seems that more and more information continues to come to light regarding hacking — not just by your average hacker, but by the CIA and other government agencies, too.
Now, WikiLeaks documents have revealed how the CIA infected offline computers using air-gap hacking.
Air-gapping refers to a security measure that involves isolating a computer or network and preventing it from establishing an external connection. Being segregated in this way, devices cannot connect wirelessly or physically with other computers or network devices, making them virtually immune to remote hacking.
Classified military networks, the payment networks responsible for processing credit and debit card transactions for retailers, or industrial control systems that operate vital infrastructure — these are examples of networks that typically use air-gapping.
Maintaining security requires such networks to remain on internal networks that aren’t connected to the company’s business network. This ensures intruders can’t enter the corporate network by way of the Internet and weasel their way into sensitive systems.
But sometimes, as is being revealed by WikiLeaks, there’s a way around an air-gap. Wikileaks recently published a series of alleged CIA documents showing how the CIA’s malware was designed to infect these types of targets. The exposed documents reveal how the CIA has continued to develop its own hacking tools, apparently to get into devices such as smart TVs and Internet routers.
Called Brutal Kangaroo, the tool suite’s components consist of various components including: Drifting Deadline, a thumbdrive infection tool; Shattered Assurance, a server tool responsible for automated infection of USB drives), Broken Promise, a post processor that evaluates collected information; and Shadow, the main persistence mechanism.
“Brutal Kangaroo is a tool suite for targeting closed networks by air gap jumping using thumbdrives,” one of the documents notes. The 11 files in question come from the CIA’s Engineering Development Group, and allegedly span from 2012 t0 2016.
According to the documents, the CIA gets around air-gapped computers by first remotely installing a piece of malware on a system connected to the internet called the “primary host.” Next, an unaware user plugs the infected USB into an air-gapped computer unavailable to the CIA. The malware then works to send any data back to the CIA once it’s plugged into the primary host again.
Originally posted @ Collective Evolution