Wednesday18 May 2022

New WikiLeaks Vault7 reveals show nothing that is all that new

Reading time is around minutes.

WikiLeaks is at it again with their "Vault 7" releases. This time part of the dump features a nice little took kit for continued exploitation of some Linux systems. The tool kit is called OutlawCountry and is, to be perfectly honest, not much more than a remote management, monitoring and exfiltration tool. It is intended to run in the background on a system after a vulnerability has been exploited to allow the payload to be pushed. It looks very similar to a tool that the NSA used for years and has now become the commercial product Kaseya.

The release of the news prompted some sites to claim that Linux, as a whole, is now at greater risk. The simple truth is that this is not really the case. There is no such thing as a secure OS, but you can make things more difficult for attackers. Both Windows and *nix based systems have vulnerabilities in them that, when left alone, can be a playground for attackers. To the uninitiated securing Linux can be much more difficult, but to the Linux crowd it is just another day to take some basic precautions to prevent all but the most determined attacker from getting into your system.

What I find most interesting is that some of the tricks that Linux users use to lock down their systems can also be turned around in Windows. Locking out service accounts, making system directories read-only, hardening firewall rules (Iptables) can are not specific to Linux. Sadly, most corporations and end users will not take these measures in Windows as it can make your user experience pretty shitty. There is also the nasty issue of third party applications not functioning with the increase security profile.  
Once again, we are back to the fact that third party vendors, and even users can and do have a massive impact on how secure systems are kept. Not how secure they can be, but how secure you are often allowed to get them. The NSA, CIA, and the "bad guys" all are well aware of this and are more than willing to use this to their advantage. The information that WikiLeaks is pushing out is just not all the surprising and does not mean that the Operating Systems we use are any less secure now than they were before the leaks, we are just becoming more aware of the tools that government agencies are using to pull data out of them...

Gives me a warm feeling inside, how about you?

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.