NEW DELHI: WikiLeaks on Thursday released documents disclosing information about United States’ Intelligence service Central Intelligence Agency’s (CIA) 'Brutal Kangaroo' programme, which allows it to remotely and covertly gain access to closed computer networks or a single air-gapped device.
‘Brutal Kangaroo’ is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Its components create a custom covert network within the target-closed network and providing functionality for executing surveys, directory listings, and arbitrary executables, WikiLeaks said in a statement.
The documents describe how a CIA operation can infiltrate a closed network or a single air-gapped computer within an organisation or enterprise without direct access.
The operation starts with first infecting a "primary host", internet-connected computer within the organisation and installs the 'Brutal Kangaroo' malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware which later spreads to the systems it uses.
By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under the CIA control, they form a covert network to coordinate tasks and data exchange.
The documents which are part of an ongoing series of leaks released by the WikiLeaks, revealing the work of the CIA's elite hacking unit.
Earlier in June, WikiLeaks leaked secret documents on its website that revealed CIA has been hacking home, office and public wireless routers for years in an effort to carry out clandestine surveillance.
It had also published certain documents in March exposing the tactics used by the CIA to hack certain devices like phone, smart TV, computer and router.