Sunday, January 24, 2021
FEATURED ARTICLES Brutal Kangaroo: Wikileaks Exposes How CIA Hacks Computers Not Connected To Internet

Brutal Kangaroo: Wikileaks Exposes How CIA Hacks Computers Not Connected To Internet

Like the post? Why not make it Facebook official. ⇊

By Tim Brown on D.C. Clothesline

Wikileaks has been at the forefront of exposing how the Central Intelligence Agency through the leaks of what has become to known as Vault 7 documents. In their latest release, Wikileaks exposes how the CIA is able to hack into computers, even if they are not connected to the internet.


General Michael Flynn defense fund Fellow patriots, please listen to this short, inspiring message from General Flynn. General Michael Flynn exemplifies patriotism, courage, and love of God and country - despite some of his own countrymen relentlessly attacking him. Donations for his defense are greatly appreciated. If you can only give $5.00, please do so - every little bit helps. Thank you so much, and God bless. Letter from General Flynn. 

In eleven new documents published by Wikileaks, there is an explanation of a piece of software known as “Brutal Kangaroo.” This software suite is used to target “air-gapped” computers by using internet-connected networks within the same organization.

Quartz explains how it all works:

You Might Like

Brutal Kangaroo works by creating a digital path from an attacker to an air-gapped computer and back. The process begins when a hacker remotely infects an internet-connected computer in the organization or facility being targeted. Once it has infected that first computer, what the documents refer to as the “primary host,” Brutal Kangaroo waits. It can’t spread to other systems until someone plugs a USB thumb drive into that first one.

Screen Shot 2017-06-23 at 5.40.29 PM
“Emotional Simian,” a tool for packaging malware described in the Brutal Kangaroo documents (WikiLeaks)

Once someone does, malware specific to the make and model of the thumb drive is copied onto it, hiding in modified LNK files that Microsoft Windows uses to render desktop icons, and in DLL files that contain executable programs. From this point, Brutal Kangaroo will spread further malware to any system that thumb drive is plugged into. And those systems will infect every drive that’s plugged into them, and so on, and the idea is that eventually one of those drives will be plugged into the air-gapped computer.

The major flaw in the concept of isolating sensitive computers is that the air gap around them can only be maintained if no one ever needs to copy files onto or off of them. But even for specialized systems, there are always updates and patches to install, and information that has to be fed in or pulled out. It’s common knowledge among IT specialists that external hard drives are an obvious target for anyone seeking to break the air gap, and precautions are presumably taken in facilities with diligent IT specialists. Those precautions, however, can be subverted with exploitations of obscure vulnerabilities, and sometimes mistakes simply happen.

If a thumb drive infected with Brutal Kangaroo is plugged into an air-gapped computer, it immediately copies itself onto it. If a user tries to browse the contents of the infected drive on that computer, it will trigger additional malware that will collect data from the computer. As users continue plugging the drive into connected and disconnected computers, a relay is formed, ultimately creating a slow path back to the hacker, through which data copied from the air-gapped computer will be delivered if everything goes according to plan.

The targeting of “air-gapped” computers is not something new. Stuxnet, another malware that was reportedly developed by the US and Israel to sabotage Iran’s nuclear program, also had “air-gapped” computers in its sights.

According to the New York Times in 2012, “President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.”

“Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet,” the report continued. “Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.”

Stuxnet allegedly took out 1,000 of 5,000 centrifuges Iran had at the time to purify uranium.

While the CIA has been unwilling to confirm the authenticity of the documents Wikileaks has released, it appears the Justice Department may have done so. From an earlier report:

Judging by a recent court filing, at least some of the CIA files Wikileaks published earlier this month are genuine, because the government pushed back against having them admitted in court due to the documents’ classified content.

“The government is not able to declare non-government records as classified, unless they are taking ownership of the records themselves,” Bradley P. Moss, a national security attorney, told Motherboard in an email.

Strangely, the court filing was made in a largely unrelated case involving the FBI’s own hacking capabilities. In February 2015, the FBI took over a dark web child pornography site called Playpen, and deployed a network investigative technique—a piece of malware—in an attempt to identify the site’s users.

That investigation has led to hundreds of arrests, but also dozens of contentious court cases across the US. Defense teams have battled over the legality of the warrant used to authorize the hacking operation, as well as access to the source code of the exploit used to hack their clients’ computers.

In this case, federal public defender Colin Fieman wanted to admit some of the Wikileaks documents into court. The idea was to bolster his argument that even with a forensic examination of the defendant’s computer, it would not be possible to see whether someone else planted child pornography on the machine, because the exhibits may show the US government has “the ability to hack into a computer without leaving any trace,” the court filing, written by District Judge Robert J. Bryan, reads.

Whether or not that argument actually holds water is largely irrelevant, as the government did not want the Wikileaks documents included in the case at all.

And why would they not want it included? More than likely it would be confirmed that the documents are authentic and would expose the criminal activity of the central government.

Let this be a lesson, no computer is safe.

Former Intelligence Agent Steve Pieczenik said that the Vault 7 documents are aimed at taking down the CIA, which in all honesty have shown themselves to be more of a threat to the national security of the united States than any foreign power is.

Viewpoints expressed herein are of the article’s author(s), or of the person(s) or organization(s) quoted or linked therein, and do not necessarily represent those of TCP News

What you can do to help:


It is vitally important that we all take the time to like and share articles regardless of what site you are on. Conservative sites (like this one) cannot count on traffic from Facebook etc. any more. Subscribing is also important; this bypasses the censorship. The more that we can get the word out the better – and in order to continue bringing you content like this – we ALL need traffic in order to survive. Sign up for desktop notifications (the red bell symbol). Running a website is not only expensive, it also takes a lot of time and effort.

No one likes ads, but very few people will donate, hence the reason most of us have ads.

Besides donating and clicking on ads, you can make a purchase from our store and buy my book.

Don't forget to follow TCP News on Parler, USA Life, Gab, Facebook, and Twitter

TCP News is proud to be ranked #24 in the Top 40 Conservative Political Blogs

Thank you for helping us grow, we appreciate it!


Please enter your comment!
Please enter your name here

Related news

An Escalator Ride Into Hell

In the following 67 months, he has faced a myriad of enemies including establishment Republicans, Democrats, the media, and the “Deep State.”   By Jeff Crouere (TCP...

Trump Did NOT Incite D.C. Riots!

ANTIFA and BLM caused the Capitol riots - and they were all paid to do so.   By Rev. Austin Miles (TCP News)  The lying newspapers today...

Biden Just Handed China an Engraved Invitation to Sabotage the Already Weak U.S. Power Grid 

Joe Biden just reversed a Trump executive order banning China from participation of any kind in the U.S. power grid.   By TCP News Staff (TCP News) ...

Joe Biden’s America: Silence All Opposition – Trump Supporters are ‘Insurgents’ & Need ‘Deprogramming’

The Joe Biden administration to "root out" those considered dangerous to America - like conservatives.   By Greg Holt (TCP News)  It is happening, the reshaping of...