CyberCrimeFirewallGovernement-ITRegulationSecuritySecurity Management

Wikileaks Reveals CIA Tool To Hack ‘Air Bridged’ Computers

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

“Brutal Kangaroo” tool used by US spooks to hack into computers not connected to the Internet

Whistleblowing website Wikileaks has exposed plenty of hacking techniques used by the Central Intelligence Agency (CIA) in the past.

And it shows no signs of stopping, after it revealed that the US spooks can even hack into so-called ‘air-gapped machines’ (computers not connected to the Internet) using a suite of tools dubbed ‘Brutal Kangaroo.

Wikileaks has been releasing a steady stream of documents that have divulged government secrets, which have since been acknowledged as genuine.

ideacentre-stick-300Infected Sticks

The latest Wikileaks publication of the ‘Brutal Kangaroo project’ of the CIA, showed that the US intelligence agency is taking active steps to hack non-Internet connected devices.

It does this by using infected USB sticks.

“Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives,” revealed Wikileaks. “Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.”

The documents show that the CIA doesn’t actually require direct access to a closed network in order to infiltrate it. The way it work is that it firstly infects an Internet-connected computer within the target organisation.

The BrutalKangaroo malware is then installed on this hacked ‘primary host’, and when a user inserts a USB stick into this infected computer, the thumbdrive in turn becomes infected with separate malware.

Then the CIA sits back and lets nature take its course.

If that infected USB stick is used to copy data between the closed network and the LAN/WAN, the stick is inevitably plugged into a computer on the closed network.

And then the CIA can turn this supposedly closed network into its own resource.

“If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange,” revealed Wikileaks. “Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.”

Stuxnet of course is the malware that caused so much carnage to Iranian nuclear infrastructure. It also made use of infected USB sticks, and the malware was widely believed to have been created by the United States and Israel.

It reportedly damaged nearly 3,000 centrifuges in the Natanz facility in Iran.

Other CIA Leaks

This is not the first CIA hacking technique revealed by Wikileaks.

Earlier this month Wikileaks exposed the fact that the CIA has been developing and maintaining a set of hacking tools called CherryBlossom that can be used to infiltrate routers, and monitor their network traffic.

Wikileaks founder Julian Assange said in March that the organisation will give manufacturers “exclusive access” to documents related to these CIA hacking tools.

It came after Wikileaks also published thousands of CIA files that exposed the secret hacking tools the spy agency uses to access smartphones, computers and even smart televisions (TVs connected to the Internet).

Quiz: What do you know about privacy?