Brutal Kangaroo: Wikileaks Exposes How CIA Hacks Computers Not Connected To Internet

Monday, June 26, 2017
By Paul Martin

TIM BROWN
FREEDOMOUTPOST.COM
JUNE 26, 2017

Wikileaks has been at the forefront of exposing how the Central Intelligence Agency through the leaks of what has become to known as Vault 7 documents. In their latest release, Wikileaks exposes how the CIA is able to hack into computers, even if they are not connected to the internet.

In eleven new documents published by Wikileaks, there is an explanation of a piece of software known as “Brutal Kangaroo.” This software suite is used to target “air-gapped” computers by using internet-connected networks within the same organization.

Quartz explains how it all works:

Brutal Kangaroo works by creating a digital path from an attacker to an air-gapped computer and back. The process begins when a hacker remotely infects an internet-connected computer in the organization or facility being targeted. Once it has infected that first computer, what the documents refer to as the “primary host,” Brutal Kangaroo waits. It can’t spread to other systems until someone plugs a USB thumb drive into that first one.

“Emotional Simian,” a tool for packaging malware described in the Brutal Kangaroo documents (WikiLeaks)
Once someone does, malware specific to the make and model of the thumb drive is copied onto it, hiding in modified LNK files that Microsoft Windows uses to render desktop icons, and in DLL files that contain executable programs. From this point, Brutal Kangaroo will spread further malware to any system that thumb drive is plugged into. And those systems will infect every drive that’s plugged into them, and so on, and the idea is that eventually one of those drives will be plugged into the air-gapped computer.

The major flaw in the concept of isolating sensitive computers is that the air gap around them can only be maintained if no one ever needs to copy files onto or off of them. But even for specialized systems, there are always updates and patches to install, and information that has to be fed in or pulled out. It’s common knowledge among IT specialists that external hard drives are an obvious target for anyone seeking to break the air gap, and precautions are presumably taken in facilities with diligent IT specialists. Those precautions, however, can be subverted with exploitations of obscure vulnerabilities, and sometimes mistakes simply happen.

The Rest…HERE

Leave a Reply

Join the revolution in 2018. Revolution Radio is 100% volunteer ran. Any contributions are greatly appreciated. God bless!

Follow us on Twitter