![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
We first need to define what an air-gapped computer is. This is a computer with no external network connection: no ethernet cable (going to an outside connection, could have an internal network that has no outside connections), no modem, no WiFi, odds are that the mouse and keyboard are hard-wired rather than Bluetooth. And it's probably kept in a room that is hardened against radio signal penetration and with no windows.
Secure, right?
Ask the Iranians if their centrifuge facility was secure against IT intrusion.
A nation state actor, most likely Russia, figured out an attack against air-gapped PCs. The vector? USB drives. This is why if you want to really secure your network, you take a tube of epoxy to USB and other ports. The attack was first observed launched against a South Asian embassy in Belarus in 2019. It was since been used against an EU agency in 2022. The toolset is known as GoldenJackel.
The basics are quite simple. Infect a computer of someone whom you know works with the secure system that you want in to. Infect every USB device that they plug in, trusting that eventually said USB flash drive will be plugged into the secure system to transfer information to/from. The air-gapped system now gets infected. Information gets mapped out, written to a USB drive, exfiltrated via a non-secure computer, analyzed by the controllers, and they can plot what to exfiltrate next.
It's an interesting write-up, though it can get a little deep in the weeds. It once again proves that computer security is very hard, and trying to keep ultra-secure environments secure is probably even harder. I'm not sure how you'd improve the security in this scenario, you're going to have to move information in and out of the secure air-gapped system for it to be useful, it's a thorny issue.
There's a joke that the only secure computer has no network connection, no power, and is encased in a block of concrete. Very hard to hack that one!
https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/
Secure, right?
Ask the Iranians if their centrifuge facility was secure against IT intrusion.
A nation state actor, most likely Russia, figured out an attack against air-gapped PCs. The vector? USB drives. This is why if you want to really secure your network, you take a tube of epoxy to USB and other ports. The attack was first observed launched against a South Asian embassy in Belarus in 2019. It was since been used against an EU agency in 2022. The toolset is known as GoldenJackel.
The basics are quite simple. Infect a computer of someone whom you know works with the secure system that you want in to. Infect every USB device that they plug in, trusting that eventually said USB flash drive will be plugged into the secure system to transfer information to/from. The air-gapped system now gets infected. Information gets mapped out, written to a USB drive, exfiltrated via a non-secure computer, analyzed by the controllers, and they can plot what to exfiltrate next.
It's an interesting write-up, though it can get a little deep in the weeds. It once again proves that computer security is very hard, and trying to keep ultra-secure environments secure is probably even harder. I'm not sure how you'd improve the security in this scenario, you're going to have to move information in and out of the secure air-gapped system for it to be useful, it's a thorny issue.
There's a joke that the only secure computer has no network connection, no power, and is encased in a block of concrete. Very hard to hack that one!
https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/
