The CIA has developed strains of malware specifically designed to target Linux computers. The existence of the malware, known as OutlawCountry, was revealed by WikiLeaks. It demonstrates the CIA is intent on accessing all kinds of computer system.
Generally, mainstream malware attacks tend to focus on consumer-oriented operating systems like Windows. It’s rare that Linux is specifically targeted which makes this discovery concerning. Linux users may not be as secure as previously thought. The CIA has developed tools for every platform, letting them target all computer users.
The hacking tool gives the CIA the power to redirect outbound network traffic from a target computer. It can be routed through a specially-designed gateway that allows operatives to inspect the traffic. It’s a sophisticated surveillance tool that grants the CIA the ability to covertly monitor Linux PCs. It also opens the door to the scores of web servers that run on the operating system.
The malware is effective but also hindered by several prerequisites needed for a successful attack. Most importantly, the CIA needs to have root access to the target machine before OutlawCountry can be deployed. This means the computer must have been previously compromised before the malware can be used.
WikiLeaks said that the installation method is not fully detailed in the leaked software manual. The operator would need to use known lists of Linux exploits and backdoors to gain access to the system and set up a control chain. They could then push OutlawCountry onto the machine, allowing them to monitor its network traffic and begin surveillance of the target.
Once the software is installed, the operator can remotely add traffic routing rules to the Linux kernel. These determine the path which Internet traffic takes between the computer and its destination. The new rules injected by OutlawCountry take precedence over the older ones, ensuring the CIA can snoop on any suspect traffic. The presence of the additional routing rules is hidden from the computer’s user.
The release of the tool is part of a wider WikiLeaks dump known as “Vault 7.” The ongoing series of leaks comprises almost 9,000 secure documents sourced from an “isolated, high-security network” at the CIA’s Center for Cyber Intelligence in Langley, Virginia. Many of the programs within have been described as “cyberweapons” with the potential to infiltrate individuals, opposition groups or entire states.
Last week, WikiLeaks published documents on hacking tools “Elsa” and “Brutal Kangaroo.” The former is a tracking tool that logs the movements of a target based on the Wi-Fi signals from their laptop. Brutal Kangaroo is an innovative approach to compromising “air-gapped” offline computers. It uses memory sticks to transfer files from closed networks that aren’t connected to the web.