Wikileaks has revealed a hacking tool that has been actively used by the CIA. Called OutlawCountry, the latest development by the US agency works as a network traffic re-routing tool to attack Linux systems around the world.
The OutlawCountry tool is reportedly based on kernel module of Linux 2.6. The kernel access helps CIA agents to reroute the traffic to a desired destination on the Internet. WikiLeaks claims that installing OutlawCountry requires a privileged access to the root and shell. Furthermore, the malware uses a server installation to breach a mass-level security.
“OutlawCountry consists of a kernel module that creates a hidden netfilter table on a Linux target. With knowledge of the table name, an operator can create rules that take precedence over existing netflter/iptables rules,” WikiLeaks’ team describes in a detailed user manual.
Attackers using OutlawCountry need to compromise the target systems to get the shell and root access. Notably, the first version of the tool is said to work with default kernels only.