[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?
From:       JD <jd1008 () gmail ! com>
Date:       2017-06-30 0:44:03
Message-ID: 59559ED3.5090509 () gmail ! com
[Download RAW message or body]



On 06/29/2017 04:51 PM, stan wrote:
> Wikileaks released a document about an attack against CentOS / Rhel.
>
> https://wikileaks.org/vault7/#OutlawCountry
>
> Here's the text, there are some docs there also.
>
> OutlawCountry
> 29 June, 2017
>
> Today, June 29th 2017, WikiLeaks publishes documents from the
> OutlawCountry project of the CIA that targets computers running the
> Linux operating system. OutlawCountry allows for the redirection of all
> outbound network traffic on the target computer to CIA controlled
> machines for ex- and infiltration purposes. The malware consists of a
> kernel module that creates a hidden netfilter table on a Linux target;
> with knowledge of the table name, an operator can create rules that
> take precedence over existing netfilter/iptables rules and are
> concealed from an user or even system administrator.
>
> The installation and persistence method of the malware is not described
> in detail in the document; an operator will have to rely on the
> available CIA exploits and backdoors to inject the kernel module into a
> target operating system. OutlawCountry v1.0 contains one kernel module
> for 64-bit CentOS/RHEL 6.x; this module will only work with default
> kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT
> rules to the PREROUTING chain.
>
>
> My first take is that this doesn't represent a very serious threat.  Do
> you disagree?
My attitude is that they have plants within the dev teams. They might 
not need
such a kernel module. There might already be backdoors and trojans that 
the team
(of non plants) does not look at. So I think one's attitude should be 
that there already
are backdoors and trojans in all versions of linux, but one should still 
take all the
precautions to block out hackers and hobbyists who ENJOY taking down 
systems.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org

[prev in list] [next in list] [prev in thread] [next in thread]