{"id":94789,"date":"2017-07-03T12:00:51","date_gmt":"2017-07-03T11:00:51","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=94789"},"modified":"2017-07-03T12:32:21","modified_gmt":"2017-07-03T11:32:21","slug":"vault-7-outlawcountry","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/07\/vault-7-outlawcountry\/","title":{"rendered":"Vault 7: OutlawCountry"},"content":{"rendered":"<p style=\"padding-left: 30px;\"><a href=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/wikileaks-logo.png\" ><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-thumbnail wp-image-90223\" src=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/wikileaks-logo-150x150.png\" alt=\"\" width=\"150\" height=\"150\" \/><\/a>Today, June 29th 2017, WikiLeaks publishes documents from the <em>OutlawCountry<\/em> project of the CIA that targets computers running the Linux operating system. <em>OutlawCountry<\/em> allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter\/iptables rules and are concealed from a user or even system administrator.<\/p>\n<p>The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. <em>OutlawCountry<\/em> v1.0 contains one kernel module for 64-bit CentOS\/RHEL 6.x; this module will only work with default kernels. Also, <em>OutlawCountry<\/em> v1.0 only supports adding covert DNAT rules to the PREROUTING chain.<\/p>\n<p><a href=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa.png\" ><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-90672\" src=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa-300x212.png\" alt=\"\" width=\"300\" height=\"212\" srcset=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa-300x212.png 300w, https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa.png 399w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2 style=\"padding-left: 30px;\">Leaked Documents:<\/h2>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/OutlawCountry_v1_0_User_Manual\/\" >OutlawCountry v1.0 User Manual <\/a><\/p>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/OutlawCountry_v1_0_Test_Plan\/\" >OutlawCountry v1.0 Test Plan <\/a><\/p>\n<p>___________________________________________________<\/p>\n<p><em><strong>All Releases:<\/strong><\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/07\/vault-7-elsa\/\" >Vault 7: Elsa<\/a> &#8211; 28 Jun 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/06\/vault-7-brutal-kangaroo\/\" >Vault 7: Brutal Kangaroo<\/a> \u2013 22 Jun 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/06\/vault-7-cherry-blossom\/\" >Vault 7: Cherry Blossom<\/a> \u2013 15 Jun 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/06\/vault-7-pandemic\/\" >Vault 7: Pandemic<\/a> \u2013 1 Jun 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-athena\/\" >Vault 7: Athena<\/a> \u2013 19 May 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/aftermidnight-assassin-frameworks\/\" >Vault 7: AfterMidnight &amp; Assassin Frameworks<\/a> \u2013 12 May 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-archimedes\/\" >Vault 7: Archimedes \u2013<\/a> 5 May 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-scribbles-project\/\" >Vault 7: Scribbles Project<\/a> \u2013 28 Apr 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/vault-7-weeping-angel\/\" >Vault 7: Weeping Angel<\/a> \u2013 21 Apr 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/vault-7-hive-project\/\" >Vault 7: Hive Project<\/a> \u2013 14 Apr 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/grasshopper\/\" >Vault 7: Grasshopper Framework<\/a> \u2013 7 Apr 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/marble-framework\/\" >Vault 7: Marble Framework<\/a> \u2013 31 Mar 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/dark-matter\/\" >Vault 7: Project Dark Matter<\/a> \u2013 23 Mar 2017<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/03\/vault-7-cia-hacking-tools-revealed\/\" >Vault 7: CIA Hacking Tools Revealed<\/a> \u2013 7 Mar 2017<\/em><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/#OutlawCountry\" >Go to Original \u2013 wikileaks.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. It allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-94789","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/94789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=94789"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/94789\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=94789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=94789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=94789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}