Vault 7: OutlawCountry
WHISTLEBLOWING - SURVEILLANCE, 3 Jul 2017
Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from a user or even system administrator.
The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.
Vault 7: Elsa – 28 Jun 2017
Vault 7: Brutal Kangaroo – 22 Jun 2017
Vault 7: Cherry Blossom – 15 Jun 2017
Vault 7: Pandemic – 1 Jun 2017
Vault 7: Athena – 19 May 2017
Vault 7: AfterMidnight & Assassin Frameworks – 12 May 2017
Vault 7: Archimedes – 5 May 2017
Vault 7: Scribbles Project – 28 Apr 2017
Vault 7: Weeping Angel – 21 Apr 2017
Vault 7: Hive Project – 14 Apr 2017
Vault 7: Grasshopper Framework – 7 Apr 2017
Vault 7: Marble Framework – 31 Mar 2017
Vault 7: Project Dark Matter – 23 Mar 2017
Vault 7: CIA Hacking Tools Revealed – 7 Mar 2017
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Click here to go to the current weekly digest or pick another article:
WHISTLEBLOWING - SURVEILLANCE: