Skip to main content

Brutal Kangaroo

WikiLeaks

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Links, documents:

Comments

Post a Comment

Popular posts from this blog

Eurozone is ready to explode, but probably not for the reasons you think

globinfo freexchange Wolfgang Schäuble and the German leadership of the eurozone have good reasons to worry, maintaining an uncompromising attitude in the negotiations with Greece. But the repayment of Greek debt, which amounts to EUR 317 billion, is not one of the most important ones. The Greek debt is insignificant in comparison with the financial dynamite of the German (and other) banks, which in recent months gives more daily ignition signs. Only Deutsche Bank, the largest bank in Germany, is significantly exposed, holding dubious financial products known as "derivatives", worth 67 trillion euros. This amount is similar to the GDP of the entire world and 20 times greater than the GDP of Germany. Any comparison with the situation of the bank Lehman Brothers in 2008 would not be irrelevant. Just when Lehman Brothers went bankrupt, had available derivatives of only 31.5 trillion. The crisis of 2008 confirmed the concise definition of derivatives as proposed b...
2 comments
Read more

WikiLeaks reveals that literally every router in America has been compromised

The latest Wikileaks Vault7 release reveals details of the CIA’s alleged Cherry Blossom project, a scheme that uses wireless devices to access users’ internet activity. globinfo freexchange As cyber security expert John McAfee told to RT and Natasha Sweatte: Virtually, every router that's in use in the American home are accessible to hackers, to the CIA, that they can take over the control of the router, they can monitor all of the traffic, and worse, they can download malware into any device that is connected to that router. I personally, never connect to any Wi-Fi system, I use the LTE on my phone. That's the only way that I can be secure because every router in America has been compromised. We've been warning about it for years, nobody pays attention until something like WikiLeaks comes up and says 'look, this is what's happening'. And it is devastating in terms of the impact on American privacy because once the router...
6 comments
Read more

Confirmed: Alex Jones' popularity rises after Infowars banning from social media

globinfo freexchange We wouldn't expect to be confirmed so fast on this. A few days ago in the article IT and social media supergiants have just made Alex Jones a hero in the eyes of the ultra-conservative audience , we wrote that Alex Jones' wet dream has just become reality thanks to the combined move by Facebook, Apple, YouTube and Spotify to ban Infowars. These private IT and social media companies couldn't give a better gift to him right now. At a time where Infowars was going through a saturated period according to the best scenario, the corporate giants actually saved it with that stupid(?) strategy. Suddenly, a corporate branch of the liberal establishment gave real value to Alex Jones' awful performance, pretending to be the 'anti-establishment' hero - just like Donald Trump - and made him a real hero in the eyes of the ultra-conservative audience that has been brainwashed by his absurd conspiracy theories. Only a couple of days later...
2 comments
Read more

How normal human behavior became a false mental disorder epidemic

globinfo freexchange In the early nineties, an epidemic of mental disorder was sweeping America and Britain. It had been uncovered by a new system for identifying disorders. Psychiatry had been attacked for relying on the personal and fallible judgement of psychiatrists. But instead, a new objective method based on checklists had been invented. These listed only the objective symptoms, and deliberately did not enquire into why the individuals felt an anxiety. In the late 80s, nationwide surveys had revealed an incredible picture: more than 50% of Americans suffered from mental disorders. But at the very same, the drug companies had announced that they had created a new type of drug, called an SSRI, which they claimed, targeted the circuits inside the brain that were causing these malfunctions. The SSRIs were marketed under names like "Prozac". What they did was alter the amounts of serotonin that flowed across the circuit connections within the brain, and they...
Post a Comment
Read more

Stephen Hawking confirms: The problem is Capitalism, not robots!

globinfo freexchange According to world famous physicist Stephen Hawking, the rising use of automated machines may mean the end of human rights – not just jobs. But he’s not talking about robots with artificial intelligence taking over the world, he’s talking about the current capitalist political system and its major players. On Reddit, Hawking said that the economic gap between the rich and the poor will continue to grow as more jobs are automated by machines, and the owners of said machines hoard them to create more wealth for themselves. The insatiable thirst for capitalist accumulation bestowed upon humans by years of lies and terrible economic policy has affected technology in such a way that one of its major goals has become to replace human jobs. If we do not take this warning seriously, we may face unfathomable corporate domination. If we let the same people who buy and sell our political system and resources maintain control of automated technology, the...
7 comments
Read more

CIA had an agent at a newspaper in every world capital at least since 1977

Joel Whitney is a co-founder of the magazine Guernica, a magazine of global arts and politics, and has written for many publications, including the New York Times and Wall Street Journal. His book Finks: How the C.I.A. Tricked the World's Best Writers describes how the CIA contributed funds to numerous respected magazines during the Cold War, including the Paris Review, to subtly promote anti-communist views. In their conversation, Whitney tells Robert Scheer about the ties the CIA’s Congress for Cultural Freedom had with literary magazines. He talks about the CIA's attempt during the Cold War to have at least one agent in every major news organization in order to get stories killed if they were too critical or get them to run if they were favorable to the agency. And they discuss the overstatement of the immediate risks and dangers of communist regimes during the Cold War, which, initially, led many people to support the Vietnam War. globinfo freexchange...
Post a Comment
Read more

Confirmed: US imperialists wanted to drag Russia into a war with Ukraine since at least 2019

globinfo freexchange   As we wrote in our previous article, after almost eight years, the US imperialists and the NATO criminals got what they wanted. They finally managed to drag Russia into a war with Ukraine.     We now have indisputable evidence for that, through a document by the top US think tank, RAND Corporation. In the preface of a 2019 report under the title Extending Russia, Competing from Advantageous Ground we read: [emphasis added]                            The purpose of the project was to examine a range of possible means to extend Russia. By this, we mean nonviolent measures that could stress Russia’s military or economy or the regime’s political standing at home and abroad. The steps we posit would not have either defense or deterrence as their prime purpose, although they might contribute to both. Rather, these steps ar...
3 comments
Read more

Signals of an unsustainable future coming from Davos

Hyper-automation impact on unemployment rise - further shrinking of the middle class - creation of a working elite - substitution of saturated Western consumers with other emerging consumer tanks globinfo freexchange The general conclusions from the report The Future of Jobs , of the 2016 World Economic Forum, leave little room for optimistic thoughts about the future. They reflect what already most of us have realized: that the combination of the current socio-economic model with the rapid hyper-automation of production, lead to further imbalance and inequality in favor of the very few. As Stephen Hawking mentioned recently: “ If machines produce everything we need, the outcome will depend on how things are distributed. Everyone can enjoy a life of luxurious leisure if the machine-produced wealth is shared, or most people can end up miserably poor if the machine-owners successfully lobby against wealth redistribution. So far, the trend seems to be toward the seco...
Post a Comment
Read more

American youth are turning on Israel, left and right

The Grayzone   The Grayzone 's Max Blumenthal on the total collapse of support for Israel among young American progressives, and the crisis Israel faces for the first time among conservative youth. 
Post a Comment
Read more

GAME OVER, Trump: Putin, China & BRICS Just CRUSHED US Dollar

Danny Haiphong   Donald Trump's war on BRICS is backfiring as the Russia & China-led Global South moves to dump the US dollar and build a new order independent of its dictates. Journalist and geopolitical analyst Ben Norton breaks it all down.    Related: Trump's tariffs: A unique opportunity for BRICS and the Global South to fully escape from dollar tyranny
Post a Comment
Read more