One of the methods network administrators use to try to secure systems is to place the most sensitive information and functions on closed systems, not connected to the Internet. The theory is that hackers cannot get at closed systems. It turns out, thanks to some helpful revelations from Wikileaks(1) the CIA has that covered with a bit of malware called Brutal Kangaroo.
How Brutal Kangaroo Works
The way Brutal Kangaroo works is that it is introduced to a computer system that is connected to the Internet. Then, when someone extracts some data on a data strip or thumb drive from the connected computer to one that is part of a closed system, some malware rides with it. The closed system is thus infected and will begin to perform the tasks that the CIA wants, such as gathering data for later extraction or some other malicious function.
Stuxnet was used to infiltrate Iranian closed computer systems using a method similar to Brutal Kangaroo. Stuxnet was used to destroy Iranian nuclear centrifuges by spinning them far beyond their design parameters, substantially delaying Iran’s nuclear bomb program.
Software such as Brutal Kangaroo places lots of power in the hands of the CIA that should be the cause of, if not concern, at least scrutiny. In a world in which cyberwar is a real thing, we should want our side to have the capability to compromise the computer systems of an enemy. We can only hope that the CIA has enough oversight that it does not abuse this power.
The Foreign Intelligence Threat
Of even greater concern besides the possibility of abuse by domestic spy agencies is the possibility that similar malware could be developed and used by foreign intelligence organizations and terrorists. For example, when the Russian hacking story(2) arose in the media concerning the 2016 election, many in the press pointed out that voting machines are not connected to the Internet and are thus, in theory, inaccessible to Russian cyber war specialists.
However, in theory, a Russian version of Brutal Kangaroo could have been used to infiltrate some of the voting machines and to alter the vote to whatever Moscow wanted. Despite the musings of some conspiracy theorists, no evidence exists that Russia ever gained access to voting machines. Taking over enough of those devices to swing the outcome of an election would be an immense task, even with a tool as potent as Brutal Kangaroo.
More dangerous computer systems that control America’s nuclear arsenal are closed as a matter of course. It is not difficult to imagine a Brutal Kangaroo-style malware taking control of, say, the launch controls of a nuclear sub.
Cyber Security Experts Needed
Much of the above is idle speculation. One would hope that our cyber security experts are on the alert for such shenanigans and have taken appropriate measures. However, reports of Chinese hacking(3) of military and commercial secrets offer a note of concern.
If they have not already, cyber security experts need to close the loophole that allows malware to ride on portable data devices from a computer connected to the Internet to one that is closed off from the net.