Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Thu, 2017-06-29 at 16:56 -0700, T.C. Hollingsworth wrote:

> Prerequisites(S//NF) 

> The target must be running a compatible 64-bit version of CentOS/RHEL 6.x (kernel version 2.6.32).

This doesn't even work on Fedora.

Fedora kernels move too fast for them to keep up with binaries; they would have to use the source and rebuild it akmod style on every kernel upgrade. They aren't doing this; they want to keep their stuff secret.

It could, however, have been ported to RHEL7 (and not leaked).

> (S//NF) The Operator must have shell access to the target.

So you have to already have a vulnerability or have a server administrator in the CIA's pocket. This is just a rootkit they use once they already have the keys to kingdom.

I went to a conference not too long ago with some feds who were in the business of breaking into computers (not the CIA).  They were pretty cocky.  But, really, my impression is that they pretty much count on someone in an organization doing something stupid.  And it's a good bet -- if you have an organization of 500 people, the chances are very good that at least *one* of them will do something that will compromise your system.  I used to do security for a federal network of mostly scientists, who largely considered security nothing more than a huge imposition on their ability to get work done.  I had to be *very* careful to make sure that my policies and actions were not overly demanding on them, else they would start actively seeking ways to get around things.  

The difference between my colleagues and some of the "hackers" I have known is that not only did these guys believe they could break into anything, but they also assumed that their computers were compromised unless proven otherwise.  It was pretty funny.  You could tell the IT guys and gals at the meeting easily.  They were the ones with tape over the cameras on their laptop.

Personally, I assume that my computers are always on the verge of being compromised.  It's one of the things I like about fedora -- I always do a clean install when a new version comes out, and I occasionally to a clean reinstall midway through.  That basically means I wipe my machine every three months.  It won't stop people from breaking in, but it hampers long term surveillance.


billo
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx




















[Index of Archives]
 
 

[Older Fedora Users]
 
 
[Fedora Announce]
 
 
[Fedora Package Announce]
 
 
[EPEL Announce]
 
 
[EPEL Devel]
 
 
[Fedora Magazine]
 
 
[Fedora Summer Coding]
 
 
[Fedora Laptop]
 
 
[Fedora Cloud]
 
 
[Fedora Advisory Board]
 
 
[Fedora Education]
 
 
[Fedora Security]
 
 
[Fedora Scitech]
 
 
[Fedora Robotics]
 
 
[Fedora Infrastructure]
 
 
[Fedora Websites]
 
 
[Anaconda Devel]
 
 
[Fedora Devel Java]
 
 
[Fedora Desktop]
 
 
[Fedora Fonts]
 
 
[Fedora Marketing]
 
 
[Fedora Management Tools]
 
 
[Fedora Mentors]
 
 
[Fedora Package Review]
 
 
[Fedora R Devel]
 
 
[Fedora PHP Devel]
 
 
[Kickstart]
 
 
[Fedora Music]
 
 
[Fedora Packaging]
 
 
[Fedora SELinux]
 
 
[Fedora Legal]
 
 
[Fedora Kernel]
 
 
[Fedora OCaml]
 
 
[Coolkey]
 
 
[Virtualization Tools]
 
 
[ET Management Tools]
 
 
[Yum Users]
 
 
[Yosemite News]
 
 
[Gnome Users]
 
 
[KDE Users]
 
 
[Fedora Art]
 
 
[Fedora Docs]
 
 
[Fedora Sparc]
 
 
[Libvirt Users]
 
 
[Fedora ARM]
















 
Powered by Linux