Full Disclosure mailing list archives
Sneakernet virus as possible source of WikiLeaks cablegate files
From: Andriy Tereshchenko <tag () 24 odessa ua>
Date: Wed, 16 Feb 2011 17:31:44 +0200
________________________________________ Sneakernet virus as source of WikiLeaks cablegate, Iraq and Afghanistan war log files. _________________________________________ Package : .sgov.gov / smil.mil (SIPRNet) Date : February 16, 2011 Affected: Army Pfc. Bradley Manning _________________________________________ Problem Description: The Secret Internet Protocol Router Network (SIPRNet) is "a system of interconnected computer networks used by the United States Department of Defense and the U.S. Department of State to transmit classified information (up to and including information classified SECRET) over regular TCP/IP network to about half a million of computers world-wide. Computers are isolated from others networks for security reasons. No viruses that rely on TCP/IP connectivity to Command and Control Center are able to attack this infrastructure. But decades old technology known as Sneakernet (aka. Floppynet, CD-Net) based on delivery of physical media with information able to successfully attack it. Virus embedded in CD/DVD-RW (like one that pretend it is music-only) can copy up to 600Mb/4Gb of information to another PC if it will erase existing CD data and write new one be sent to/from C&C. By distributing "music" CD-R to USA soldiers stationed in Iraq (or simply infecting PCs and waiting for rewritable CD/DVD inserted) one can take control over their Internet connected PCs and use Sneakernet as last-mile to collect information from SIPRNet computers. Communication from infected PC to C&C can be done as trivially as IRC, many open-source recording tools are available on SF.net. After successful copy - can restore CD-RW to original state, clean up virus from PC and initiate fake IRC conversation to cover trails/set-up private Manning. Solutions: SIPRNet computers/laptops should have no DVD/CD writers on them and no USB ports at all. _________________________________________ References: 1. Sneakernet - http://en.wikipedia.org/wiki/Sneakernet 2. WikiLeaks - http://wikileaks.ch/ 3. Bradley Manning support network - http://www.bradleymanning.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sneakernet virus as possible source of WikiLeaks cablegate files Andriy Tereshchenko (Feb 16)