I used to consider a best approach to strengthen a mechanism hosting supportive information was by not joining it to any network, a routine famous as atmosphere gapping. Ah, a good aged days.
WikiLeaks recently revealed that when a mechanism with a supportive information is regulating Windows, even atmosphere gapped insurance is insufficient. The CIA, regulating a program complement codenamed Brutal Kangaroo, initial infects a Windows mechanism connected to a internet, afterwards infects any USB peep expostulate (a.k.a. ride drive) plugged into that mechanism in a wish that a peep expostulate will eventually be plugged into a air-gap stable machines.
The many apparent defensive tactic is to avoid regulating Windows, though during this point, that goes but saying. There is, however, another defensive tactic that can strengthen air-gapped Windows computers from putrescent ride drives.
Use a Chromebook as a middleman
Brutal Kangaroo infects a ride expostulate itself, not a user information files. But a malware on a expostulate targets Windows, so, plugging an putrescent peep expostulate into a Chromebook does nothing. Chrome OS is defence to Windows malware.
Copy a information files from a presumably putrescent peep expostulate to a Chromebook, afterwards mislay a peep drive. Then take another peep drive, duplicate a files from a Chromebook to this second peep expostulate and then, finally, to a air-gapped Windows machine.
This invulnerability requires peep drives that are dedicated to any half of a record transfer. That is some drives only transport between a internet and a Chromebook, while others only transport between a Chromebook and a air-gapped machines.
Keeping lane of this can be done easier by tone coding a peep drives. For example, all a peep drives that block into an internet-connected mechanism could be red, while a peep drives that block into a air-gapped machines could be green.
For additional safety, a Chromebook should be in Guest Mode to discharge antagonistic browser extensions as a means of attack. Also, it would be safer to use a Chromebook that does not support Android apps, again, to revoke a conflict surface.
Still another defensive step is to format a USB peep drives on a Chromebook before regulating them. Chrome OS now formats inclination with a exFAT record system, one that many other handling systems can review and write. For a record, Chrome OS offers read/write access to a FAT16, FAT32, exFAT and NTFS file systems.
Formatting on a Chromebook has 3 advantages.
For one, a Chromebook in Guest Mode should be a malware-free environment. Also, reformatting should strengthen opposite ride drives that are already putrescent with malware. Finally, exFAT advantages from not being NTFS.
The Brutal Kangaroo User Guide discusses stealing a malware regulating dual tricks that exist usually in a NTFS record system. One hides information in a NTFS Alternate Data Streams (ADS), and a other hides files in the a System Volume Information folder.
Of course, atmosphere gapped insurance is not only for organizations housing supportive data. It’s also for computers determining industrial inclination such as energy grids, dams and battleships. Recent reports in a British media note that their newest aircraft carrier, a HMS Queen Elizabeth, that is still being finalized, runs Windows XP in a drifting control room. Hopefully, this blog does not come as news to a British Navy.
Get in hold with me secretly by email during my full name during Gmail or publicly on Twitter during @defensivecomput.