CIA hacking air-gapped networks?
US Central Intelligence Agency – Brutal Kangaroo
A newly released dump of intel by WikiLeaks details how the CIA developed a way to hack an air-gapped network using a USB and some creative malware. Technically speaking, this is not in anyway new information. It has always been known that one could hack an air-gapped network using a USB so as to either:
- Steal intel on the USB or;
- Download some type of malware so as to infect the network promoting the network to send out the requested data should the malware detect any open internet connection.
How does it work you ask?
The software consists of four specific applications:
And Finally my personal favorite, Brutal Kangaroo.
Shattered Assurance is the server-side of the code that forms the basis of the attack system and infects the USB drives that are plugged into an infected computer with the Drifting Deadline malware.
Once an infected thumb drive is plugged into a target computer that is set up to autorun its contents and is using Windows 7 as an operating system and running .Net 4.5, Drifting Deadline deploys Shadow malware onto the system.
Shadow is a much older piece of code that has both client and server versions and it is highly configurable for specific targets.
The operator can set it up to collect system data of up to 10% of the system’s memory, watermark all data it collects, and store it on an encrypted partition on the infected computer’s hard drive.
Once the infection has been achieved, Shadow will look for other connected systems and infect those too. It can be set up to put the pilfered data onto any new thumb drives that are installed in the system, or send it as a burst if it detects an open internet connection.
The final app in Brutal Kangaroo was once called Broken Promise, which is a tool used to examine the stolen data easily and quickly. Taken together, the Brutal Kangaroo suite could be very useful for defeating air-gapped machines and is certainly more feasible than more esoteric methods.
Or one can just get a job working for the NSA and walk out the door with data and intel. Take your pick right?
At any rate, this should not come as a huge surprise to anyone, you would expect the CIA an intelligence agency to have this sort of tool what does however surprise me is the vivid detail that WikiLeaks released about how the malware works, the data dump details just how each app works together in order to gain the needed or wanted access to intel.
I am all for transparency when it comes to our Governments, but at what point do we begin to question the amount of intel released to the public?
Some of the documentation released in the latest WikiLeaks dump could cause problems later down the road because it fell into the wrong hands and if someone modified one or all of the app’s capabilities making it a worldwide problem like for instance with WannaCry?
Sometimes in our effort to keep our Government’s honest, we manage to create more of a problem than we do good. Anything having to do with Cyber-Security, Cyber-Warefare, Malware and the like, being detailed and released to the world under the guise of keeping our Government’s in check, is simply not accomplishing those efforts.
Cristal M Clark