WikiLeaks: CIA Toolkit “OutlawCountry” Targets Linux Servers

CIA terminal

On June 29, WikiLeaks Vault 7 publication has released a new CIA hacking tool. This tool vulnerability, codenamed OutlawCountry, targets Linux servers running the Linux Kernel 2.6. The tool allows the intelligence agency to redirect outbound internet traffic from the compromised computer to a CIA terminal. However, this tool does not infiltrate a system remotely and requires the use of other exploits and backdoors or for the user to have physical access to the network.

OutlawCountry consists of a kernel module, nf_table_6_64.ko, targeting Linux 2.6 with a 64-bit architecture. Once the operator gains access to the system, the module is loaded via shell commands and then proceeds to create a Netfilter table with a hidden name. This allows network rules to be created by using the “iptables” command. The rules have priority over other network rules and can only be visible by an administrator if the table name is known.

OutlawCountry concept of operation

OutlawCountry concept of operation. Source: WikiLeaks

Because over 80% of enterprise and cloud servers are run on Linux, the scope of access the CIA could attain is tremendous. Linux users and administrators are recommended to update and patch up against the vulnerability. It will be a busy year for the InfoSec community with all the NSA exploits and CIA toolkits periodically released throughout this year.

Leave a Reply

Your email address will not be published. Required fields are marked *