Popular leak website Wikileaks has now published new documents which have revealed CIA’s hacking tools, now this time aimed at Windows and Linux SSH clients.
The leaked papers have revealed that the agency turned to software which is named BothanSpy and Gyrfalcon to steal user credentials for active SSH sessions, with both Windows and Linux said to be the primary target.
Wikileaks has stated that software BothanSpy has been aimed towards hacking Xshell, a popular SSH client for Windows. The hack has allowed the CIA to steal username and passwords extract from password-authenticated SSH session, as well as usernames, filenames of private SSH key and key password in the case of public key authentication.
“BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an encrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine,” WikiLeaks says.
However, the Gyrfalcon hacking tool was targeted at OpenSSH client for Linux, and all popular platforms were said to be affected including Ubuntu and SUSE.
“The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine,” today’s leak reveals.
In layman terms, CIA can use Gyrfalcon only after compromising the Linux system with the rootkit. Although previous leaks have shown that the CIA has several other hacking tools which could be used to break into a computer.
In other words, CIA agents can use Gyrfalcon only after compromising the Linux system with the rootkit, though previous leaks have also shown that the agency has several other hacking tools that could be used to break into a computer.
