[CentOS] [Fwd: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?]

Fri Jun 30 15:47:52 UTC 2017
Dario Lesca <d.lesca at solinos.it>

Do you know this?

------- Messaggio inoltrato -------
Da: stan <stanl-fedorauser at vfemail.net>
Reply-to: Community support for Fedora users
<users at lists.fedoraproject.org>
A: users at lists.fedoraproject.org
Oggetto: CIA Outlaw Country attack against CentOS / Rhel  (and Fedora?)
 Is this credible?
Data: Thu, 29 Jun 2017 15:51:43 -0700

Wikileaks released a document about an attack against CentOS / Rhel.


Here's the text, there are some docs there also.

29 June, 2017

Today, June 29th 2017, WikiLeaks publishes documents from the
OutlawCountry project of the CIA that targets computers running the
Linux operating system. OutlawCountry allows for the redirection of all
outbound network traffic on the target computer to CIA controlled
machines for ex- and infiltration purposes. The malware consists of a
kernel module that creates a hidden netfilter table on a Linux target;
with knowledge of the table name, an operator can create rules that
take precedence over existing netfilter/iptables rules and are
concealed from an user or even system administrator.

The installation and persistence method of the malware is not described
in detail in the document; an operator will have to rely on the
available CIA exploits and backdoors to inject the kernel module into a
target operating system. OutlawCountry v1.0 contains one kernel module
for 64-bit CentOS/RHEL 6.x; this module will only work with default
kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT
rules to the PREROUTING chain.

My first take is that this doesn't represent a very serious threat.  Do
you disagree?
users mailing list -- users at lists.fedoraproject.org
To unsubscribe send an email to users-leave at lists.fedoraproject.org
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)