CATEGORIES
home News

WikiLeaks Exposes CIA Targeting Linux Users With OutlawCountry Network Traffic Re-Routing Tool

by Rob WilliamsSunday, July 02, 2017, 03:34 PM EDT

CIA Logo Eagle Stealth Knowledge Innovation
Another day, another government spying exploit rises to the surface courtesy of Wikileaks, this time originating from the CIA. This WikiLeaks data dump specifically lets us know of a CIA-engineered spying tool called OutlawCountry (no space), which, interestingly enough, explicitly targets Linux users. You know, those digital freedom loving passionate penguin peeps that appreciate having great control over their computer? But don't worry, the CIA has targeted Windows users en masse in the past as well; absolutely no one has proven safe and they obviously don't discriminate.

OutlawCountry starts out as a Linux kernel module (nf_table_6_64.ko) that gets loaded into the system and subsequently creates a new entry in the iptables firewall configuration. After the deed is done, the original kernel module is no longer needed, so it's deleted.

OutlawCountry
Excerpt from CIA's OutlawCountry guide

At this point, an attacker could run an iptables command to reroute all of the traffic through a designated CIA data mining server, allowing the agency to spy on user activities and communications. The biggest threat here isn't winding up with the attack on a home PC, but more so a web server that could have thousands or even millions of people routing through it.

What's not clear at this point, is how the CIA expected to infect computers with this malware. Access to the machine is required, so it seems another exploit would allow an attacker to get in and then elevate to a privileged account to execute the attack. Falling victim to this particular attack, given its implementation, would pose almost no risk being sent as an email attachment, unless it was packaged as a script and still somehow managed to be run with root access.

OutlawCountry is just one of the many CIA leaks that WikiLeaks has released out as part of its Vault 7 series of data dumps, which have had more than a dozen separate leaks since the first back in March of this year.

Tags:  Linux, exploit, Wikileaks, CIA, outlawcountry
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment