Wikileaks, the controversial online data leaker which is known for exposing corruption within governments and corporations, has released a massive data dump which included some interesting news about what the CIA has been up to recently. According to the leak, the CIA has targeted Linux users, with an exploit that re-routes network traffic towards them for analysis.
The exploit called 'OutlawCountry', which is detailed in the report, essentially loads itself onto a vulnerable system as a Linux kernel module (nf_table_6_64.ko) and then creates a new exemption in the IPtables firewall protocol. Once this is done, it deletes itself. When all is said and done, the attacker can exploit the system to re-route all traffic to designated CIA servers.
The proactive community over on Linux is most likely already hard at work fixing this exploit, but it is still alarming. The CIA has been exploiting Windows systems for quite some time and it seems they want to have a peek inside the systems of the extremely private Linux user as well.
One good thing, however, is that this malware attack requires physical access to the system so that it can get elevated privileges, so if you're running the system and it's connected to the internet, you should be safe since it cannot run via an email attachment or like a lot of malware, download itself onto your system through ads in your browser.
Source: HotHardware | Image via HotHardware
49 Comments - Add comment