• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Wikileaks Exposes CIA’ Linux Hacking, Geolocation Tracker Malware

July 1st, 2017 Jahanzaib Hassan Hacking News, Malware, Security 0 comments
Wikileaks Exposes CIA’ Linux Hacking, Geolocation Tracker Malware
Share on FacebookShare on Twitter

As you may know, WikiLeakes has been releasing sensitive documentation associated with CIA’s hacking tools as part of its Vault 7 series. This time round, the whistleblowing website made public documentation related to two hacking tools called OutlawCountry and Elsa.

OutlawCountry

OutlawCountry is a tool that allows CIA to hack into Linux-based systems and perform a cyberespionage on the victims. According to the leaked documents, it essentially lets the agency to secretly monitor the activities of the victim by manipulating network traffic.

[irp posts=”54629″ name=”WikiLeaks’ Latest Dump Exposes CIA Hacking Tools for air-gapped PCs”]

RELEASE: #CIA 'Outlaw Country' covert kernel module for #Linux https://t.co/RnNjT8EutT #RHAT #redhat #vault7 pic.twitter.com/trdhc4VbJ2

— WikiLeaks (@wikileaks) June 29, 2017

How does it work?

The tool works by injecting a Kernel module into the target system through accessing the shell and subsequently creating a Netfilter table that contains rules. The table is created using the iptables command, and these rules can only be seen if the administrator of the affected device knows the table name.

However, since the table name is already hidden, the administrator of the victim has no means to know the name. Furthermore, the CIA uses usual backdoor exploits to infiltrate the system with the tool.

Once installed, the tool simply redirects outbound network traffic to CIA’s computers and allows the CIA operator to extract and perform analysis on the data.

Limitations

The documentation released also reveal certain limitations of the tool. Primarily, OutlawCountry’s Kernel modules only work with compatible Linux Kernels. These kernels are usually the default ones since the tool works with the 64-bit CentOS/RHEL 6.x module.

[irp posts=”54440″ name=”Cherry Blossom: WikiLeaks’ Latest Dump Exposes CIA Wireless Hacking Tools”]

ELSA

Details related to ELSA were released last week in which it was revealed that this tool could track down a person’s exact geo-location using a Windows PC through public Wi-Fi hotspot even if the system is not connected to it.

RELEASE: CIA 'ELSA' malware can geolocate your Windows laptop or desktop by listening to surrounding WiFi signals https://t.co/XjyyXIqXAz pic.twitter.com/WCw6dgF9ql

— WikiLeaks (@wikileaks) June 28, 2017

The documents show that ELSA works by firstly getting into the system through certain exploits and then scans the infected computer’s Wi-Fi hardware to see if there are any Wi-Fi hot spots nearby, along with the MAC address and the signal strength.

It then stores the information in an encrypted form. The CIA operator can then download these files using further exploits and decrypt them for further analysis.

Essentially, once the CIA operator has the data, he/she can run a quick search on Google’s database using back-end software to see all the locations of Wi-Fi hotspots and match the hotspot extracted from the data to filter out its exact address.

As such, the CIA can know your exact location even if you are not connected to the internet per say. 

[irp posts=”54066″ name=”Wikileaks reveals pandemic malware for Windows developed by the CIA”]


[Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.]

  • Tags
  • CIA
  • hacking
  • internet
  • Linux
  • Malware
  • Privacy
  • security
  • Surveillance
  • Vault 7
  • wikileaks
Facebook Twitter LinkedIn Pinterest
Previous article UN: Terrorists can access WMDs via Dark Web
Next article Afghan robotic team of girls denied US visa
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

49
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

87
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

108

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us