Brutal Kangaroo allows CIA to access computers not connected to internet :-)

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.
The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as “primary host”) and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.
The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).
The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

https://wikileaks.org/vault7/

Advertisements

Daily Dozen β€” Photos β€” National Geographic Your Shot

i just discovered this great source of fotos from all ova de worl’
haven’t seen none from Guyana yet but … πŸ™‚
Catch up on the Daily Dozen, our editors’ favorite community photos. Get inspired and upload your own pictures.

Source: Daily Dozen β€” Photos β€” National Geographic Your Shot

Mast Brothers the Milli Vanilli of chocolate

this is funny stuff. am not a big chocolate fan but this is some nice nice chocolate detective work by a guy name scott down in dallas texas. check it out here. a four part series uncovering chocolate fraud πŸ™‚

Week after week, one wholesale account was ordering more than double what the Masts could have possibly produced from the bean with the equipment they had, even with improbably charitable assumptions; yet the Masts’ web page at the time showed that they had at least fifteen wholesale accounts that Christmas season.

and how about this for coincidence
mast brothers brought down a choclate business they accused of fraudulent practices at the beginning of their star trek.

Tanzania private schools ORDERED to reduce fees. Hello Guyana!

President John Magufuli once again leading from the front by the time he gets done with Tanzania….You don’t negotiate with the lawless. This type of leadership is still lacking in Guyana. I hope we get there soon.

BBC: Private schools in Tanzania have been ordered to reduce fees as a part of a government review of education.
The education ministry has also banned state schools from seeking contributions from parents.
Free government primary education was introduced in 2002, and from January annual fees of $19 (Β£12) will be abolished at secondary schools too.
But most state schools request contributions from parents of about $100 a year, which many cannot afford.