Your browser does not support the HTML5 canvas tag.
Εγχειρίδιο χειρισμού κρίσεων λόγω πολιτικών ΔΝΤ από τη CIA! / Already confirmed: Civil liberties under attack! / Greece's creditors gone completely insane! / How the global financial mafia sucked Greece's blood / ECB's economic hitmen / Η Μέρκελ επιβεβαιώνει τα σχέδια των γραφειοφασιστών! /Greece: the low-noise collapse of an entire country/ How the neoliberal establishment tricked the masses again, this time in France / Ενώ η Γερμανία προετοιμάζεται για τα χειρότερα, η Ελλάδα επιμένει στο ευρώ! / Ένας παγκόσμιος "proxy" πόλεμος κατά της ελευθερίας έχει ξεκινήσει! / In reality, McCarthyism never ended in America / Ο επικεφαλής του "σκιώδους συμβουλίου" της ΕΚΤ επιβεβαιώνει ότι η ευρωζώνη είναι μια χρηματοπιστωτική δικτατορία! /With a rising Jeremy Corbyn and a declining Angela Merkel, Brexit has been upgraded to play a much more critical role / Δημοψήφισμα για Grexit: η τελευταία ευκαιρία να σωθεί η Ελλάδα και η τιμή της Αριστεράς / Populism as the new cliche of the elites to stigmatize anyone not aligned with the establishment / Δεν γίνεται έτσι "σύντροφοι" ... / Panama Papers: When mainstream information wears the anti-establishment mask / The Secret Bank Bailout / The head of the ECB “shadow council” confirms that eurozone is a financial dictatorship! / A documentary by Paul Mason about the financial coup in Greece / The ruthless neo-colonialists of 21st century / First cracks to the establishment by the American people / Clinton emails - The race of the Western neo-colonialist vultures over the Libyan corpse / Επιχείρηση Panama Papers: Το κατεστημένο θέλει το μονοπώλιο και στις διαρροές; / Operation "looting of Greece" reaches final stage / Varoufakis describes how Merkel sacrificed Greece to save the Franco-German banks / France officialy enters the neo-Feudal era! / The US establishment just gave its greatest performance so far ... / A significant revelation by WikiLeaks that the media almost ignored / It's official: the US is funding Middle-East jihadists! / Οι αδίστακτοι νεο-αποικιοκράτες του 21ου αιώνα / How to handle political unrest caused by IMF policies! / Πώς το νεοφιλελεύθερο κατεστημένο ξεγέλασε τις μάζες, αυτή τη φορά στη Γαλλία / Οι Γάλλοι νεοαποικιοκράτες επιστρέφουν στην Ελλάδα υπό 'ιδανικές' συνθήκες

06 July, 2017

BothanSpy

WikiLeaks

Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Documents:

No comments:

Post a Comment