Another day, another government spying exploit rises to the surface courtesy of Wikileaks, this time originating from the CIA. This WikiLeaks data dump specifically lets us know of a CIA-engineered spying tool called OutlawCountry (no space), which, interestingly enough, explicitly targets Linux users. You know, those digital freedom loving passionate penguin peeps that appreciate having great control over their computer? But don’t worry, the CIA has targeted Windows users en masse in the past as well; absolutely no one has proven safe and they obviously don’t discriminate.
OutlawCountry starts out as a Linux kernel module (nf_table_6_64.ko) that gets loaded into the system and subsequently creates a new entry in the iptables firewall configuration. After the deed is done, the original kernel module is no longer needed, so it’s deleted.
At this point, an attacker could run an iptables command to reroute all of the traffic through a designated CIA data mining server, allowing the agency to spy on user activities and communications. The biggest threat here isn’t winding up with the attack on a home PC, but more so a web server that could have thousands or even millions of people routing through it.
Submitted by: Arnfried Walbrecht