Air-gapped computers are supposed to be ultra-secure PCs that can’t be infected with malware that spreads with the help of the internet. That’s because of these computers, often connected to sensitive machines, aren’t also connected to the internet. You’d think these systems would be impenetrable by remote attacks and would require a hacker to be in the same room with the PC. But, unsurprisingly, the CIA developed tools that can infect air-gapped computers.
Wikileaks on Thursday published more than 150 pages of materials that explain how the CIA used USB drives to sneak malware to the air-gapped machines. After all, even these computers need to exchange data, and the only way to do it is using USB drives or external hard drives.
A platform called Brutal Kangaroo contains tools that can be used to target computer systems not connected to the internet, Ars Technica explains. Drifting Deadline is a tool installed on a computer of interest. When a USB drive is connected to it, the tool will infect it with malware that would then be passed to the air-gapped computer.
These advanced malware versions would be able to infect air-gapped computer immediately after the USB drive is plugged in. Some of them required no user interaction and could be activated by default behaviors in Windows, such as Windows Explorer displaying icons, or the letter corresponding to the thumb drive that was just inserted.
Microsoft said it patched some of these vulnerabilities, and they don’t work on any of the supported versions of Windows.
The documentation says that the first infection — the deployment of Drifting Deadline — might need manual access to a computer, but Ars argues that intrepid hackers could find ways to deliver the malware to the computer that would be used to transmit it to a USB stick.