[CentOS] ***SPAM*** [Fwd: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?]

Fri Jun 30 17:47:21 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, June 30, 2017 10:47 am, Dario Lesca wrote:
> Do you know this?
> Dario
> ------- Messaggio inoltrato -------
> Da: stan <stanl-fedorauser at vfemail.net>
> Reply-to: Community support for Fedora users
> <users at lists.fedoraproject.org>
> A: users at lists.fedoraproject.org
> Oggetto: CIA Outlaw Country attack against CentOS / Rhel  (and Fedora?)
>  Is this credible?
> Data: Thu, 29 Jun 2017 15:51:43 -0700
> Wikileaks released a document about an attack against CentOS / Rhel.
> https://wikileaks.org/vault7/#OutlawCountry

My taxpayer's money at work ;-)

...against me that is ;-(


> Here's the text, there are some docs there also.
> OutlawCountry
> 29 June, 2017
> Today, June 29th 2017, WikiLeaks publishes documents from the
> OutlawCountry project of the CIA that targets computers running the
> Linux operating system. OutlawCountry allows for the redirection of all
> outbound network traffic on the target computer to CIA controlled
> machines for ex- and infiltration purposes. The malware consists of a
> kernel module that creates a hidden netfilter table on a Linux target;
> with knowledge of the table name, an operator can create rules that
> take precedence over existing netfilter/iptables rules and are
> concealed from an user or even system administrator.
> The installation and persistence method of the malware is not described
> in detail in the document; an operator will have to rely on the
> available CIA exploits and backdoors to inject the kernel module into a
> target operating system. OutlawCountry v1.0 contains one kernel module
> for 64-bit CentOS/RHEL 6.x; this module will only work with default
> kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT
> rules to the PREROUTING chain.
> My first take is that this doesn't represent a very serious threat.  Do
> you disagree?
> _______________________________________________
> users mailing list -- users at lists.fedoraproject.org
> To unsubscribe send an email to users-leave at lists.fedoraproject.org
> --
> Dario Lesca
> (inviato dal mio Linux Fedora 25 Workstation)
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247