WikiLeaks has been fairly steadily releasing documents from what is known as the Vault 7 leaks, and now documentation has been released about a tool known as Aeris which specifically targets POSIX systems such as a couple GNU\/Linux Distributions. <\/p>\n
Posted on WikiLeaks yesterday, was information regarding the Imperial project of the CIA, <\/p>\n
Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. <\/p>\n
It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants. <\/p>\n
This article will be focusing specifically on Aeris however. <\/p>\n<\/p>\n
Aeris appears to be an implant that is designed to allow an agent to retrieve and send information about the infected system through TLS encrypted channels. <\/p>\n
There are multiple avenues for information transmission such as mail systems like Postfix, that allow the agent to send heavily encrypted information to the designated destination in a virtually unbreakable fashion using AES256 encryption. <\/p>\n
What systems are targeted? <\/p>\n
The distribution of Aeris consists of a set of Python utilities and a set of binaries, one per platform that is targeted by Aeris. <\/p>\n
Aeris does not have a separate installer. To deploy it, simply place an Aeris binary in the desired directory. Rename the binary in any way that you wish. Note that the configuration is patched in at build time; hence, no additional files (beyond possibly those related to persistence -- see the next section) are needed. <\/p>\n
While many people may view this on a political level, or on the topic of privacy advocacy etc, I look at this from a standpoint of future security. <\/p>\n
In the past, malware that has caused problems for the general populace has been based on government malware; such as WannaCry for example. WannaCry was initially based on EternalBlue, that many attribute it to the NSA. <\/p>\n
Read also: A look at the nano text editor in GNU\/Linux <\/p>\n
With the release of this information on Aeris, I worry that black-hat (read: bad hackers) may get their hands on \/ develop something similar, and use the methods described in the documentation in malicious ways. <\/p>\n
However, with that being said, most home users would have very little to worry about, and unless a server has a reason to be targeted; again there shouldnt really be any need to worry. But, educating ones-self on the topic is never a bad thing! <\/p>\n
In the Manual, there is a rather amusing part of one paragraph that I thought I might point out: <\/p>\n
Each implant instance has a unique certificate authority associated with it. The CA's private key is used to sign the implant's certificate as well as certificates for each LP associated with the implant in question. <\/p>\n
If anyone actually reads this paragraph, he or she is entitled to a small monetary prize courtesy of the Aeris team lead. Implant- collected data cannot be decrypted without the CA's private key; hence, this key is considered SECRET\/\/NOFORN and must be maintained on a classified network. All keys and certificates (CA, target, and LP) are 2048 bits in size. <\/p>\n
Many people like to think that GNU\/Linux systems are invincible, and that simply by running a Linux based system you are totally safe from malware and the like; these releases are just further proof that this is not the case; lets just hope that more malicious users out there do not try and take advantage of these new tools! <\/p>\n
For those who wish to see the information about Aeris, you can find the manual here (PDF). <\/p>\n
Summary <\/p>\n
Article Name <\/p>\n
WikiLeaks releases Manual for Linux Implant Aeris <\/p>\n
Description <\/p>\n
WikiLeaks has been releasing documents from what is known as the Vault 7 leaks, and now documentation has been released about a tool known as Aeris <\/p>\n
Author <\/p>\n
Mike Turcotte <\/p>\n
Publisher <\/p>\n
Ghacks Technology News <\/p>\n
Logo <\/p>\n<\/p>\n
You are here: Home > Linux > WikiLeaks releases Manual for Linux Implant Aeris <\/p>\n
You can support us in many ways, for instance by disabling adblockers. Alternatively, you may support us with a PayPal donation. <\/p>\n
Please check out our other support options here. <\/p>\n
Advertisement <\/p>\n
Recent Updates: <\/p>\n
Pale Moon 27.4 Remove Intel True Key Firefox 54.0.1 Windows 10 Privacy Software The best Chrome extensions The best Firefox addons Firefox privacy and security preferences Firefox Release Schedule Firefox multi-process information Windows Backup Software overview Anti-Ransomware Software overview The Best Windows Software Firefox Roadmap 2017 <\/p>\n
Advertisement <\/p>\n
Topics <\/p>\n
Apple Development Facebook Games Ghacks Hardware Internet Internet Explorer Linux Microsoft Mobile Computing Music And Video Networks Opera Security Tutorials <\/p>\n
Advertisement <\/p>\n
Latest Downloads: <\/p>\n
WinSuperMaximize Fing Network Discovery<\/p>\n
<\/p>\n