I bet the Community is on it...
"Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network.
Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.
Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server.
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu. Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server."
http://thehackernews.com/2017/07/ssh-cr ... g.html?m=1
Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs
Moderators: b1o, jkerr82508
Re: Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs
It looks like "the operator" is depending on the JQC/KitV Rootkit on the target machine to upload this malware (Genfalcon2).
This is not and easy backdoor to use in Linux and would requires an active hacker/"operator" and a somewhat sloppy "target".
The targets are all Redhat derivates and Debian +Ubuntu and Suse so the most common server distros are covered.
The problem the CIA always will face is that Linux is open source so the dirty software will always have a chance of being discovered.
It will not be all that easy to establish that the CIA is behind the attack though.
In the case of Windows it will be easier to hide permanent rootkits that will enable immediate delivery of your userID and password though.
It cannot be ruled out that Redhat is ordered to put the Malware in there by default either.
Changing your SSH password often would make life a living hell for the "operators" though.
Also it will be harder to capture your keystrokes for password if you use Florence when entering passwords.
Sadly we have learned that any Tech company under US jurisdiction can be forced to spy on their customers and that this would be even likely.
It is pretty clear from the leak that the CIA is presuming that the "BothanSpy" and "Gyrfalcon" Rootkits are already "in place".
Shame on the US government for that (and all other governments who do it).
For those interested in the interesting details:
https://wikileaks.org/vault7/document/G ... pagination
This is not and easy backdoor to use in Linux and would requires an active hacker/"operator" and a somewhat sloppy "target".
The targets are all Redhat derivates and Debian +Ubuntu and Suse so the most common server distros are covered.
The problem the CIA always will face is that Linux is open source so the dirty software will always have a chance of being discovered.
It will not be all that easy to establish that the CIA is behind the attack though.
In the case of Windows it will be easier to hide permanent rootkits that will enable immediate delivery of your userID and password though.
It cannot be ruled out that Redhat is ordered to put the Malware in there by default either.
Changing your SSH password often would make life a living hell for the "operators" though.
Also it will be harder to capture your keystrokes for password if you use Florence when entering passwords.
Sadly we have learned that any Tech company under US jurisdiction can be forced to spy on their customers and that this would be even likely.
It is pretty clear from the leak that the CIA is presuming that the "BothanSpy" and "Gyrfalcon" Rootkits are already "in place".
Shame on the US government for that (and all other governments who do it).
For those interested in the interesting details:
https://wikileaks.org/vault7/document/G ... pagination
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
"There are no stupid questions - Only stupid answers!"
Re: Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs
registered Linux user number 505431
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!
Re: Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs
seriously though i dont care if the government is looking in my computer but i do get pissed about companies selling my private data without my express permission
nothing annoys me more than f****** spammers nuking my email with their useless trash.
it seems to me that we need to demand 50 % of any profits they and their customers make from selling our names and email addresses
we are entitled to compensation for unauthorized endorsment.
any eula that includes the clause that we give them exclusive right to sell our information without just compensation should be subject to a class action lawsuit
nothing annoys me more than f****** spammers nuking my email with their useless trash.
it seems to me that we need to demand 50 % of any profits they and their customers make from selling our names and email addresses
we are entitled to compensation for unauthorized endorsment.
any eula that includes the clause that we give them exclusive right to sell our information without just compensation should be subject to a class action lawsuit
registered Linux user number 505431
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!