Updated #Vault7 Leaks: More On Behavior

Wikileaks released documents on a program called Brutal Kangaroo.

We have little interest in the technical aspects of the program.  Our interest lies in what the program's final end requires in terms of human behavior.  Like human engineering, such as convincing someone on the phone to give up username and password, the scheme expects, "When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware."

The victim's "inserts" action is the necessary component.  We could haggle over the technology, but that is another discussion and one we're not equipped to enter.  But would the counter-measure to Brutal Kangaroo, logistically, be to refine one's computer security?  Or would it be to ensure that already existing security protocol in the "secure environment" be followed?  One is not supposed to plug an air gapped device into ground power, and equally important one should not use the same USB drives on connected and gapped devices.

This is the type of thinking criminals, police, and terrorists employ.  We just learned recently that credit card fraud in Fairfax County involves Apple Pay and Android Pay.  The suspects steal credit cards, upload into their own phones in Apple and Android "wallets," and shop at stores in Tysons Corner mall.  The police would need a warrant to search the phones, court orders to unlock with fingerprint or pin, and what state or county agency would invest in unlocking it as the FBI did?  This is a game of using the efficiency and resources of the courts.  The tech is the medium, but the behavior of concealing in a new way is where their ingenuity blossoms: the warrant requirement, the investigative process, and prosecution's willingness to fight for $500 purchased at Best Buy.  Technology advances sure allow for creative ways to work -- for anyone concerned with their safety, freedom, etc. -- but often, as we see the counter-measure for Brutal Kangaroo is to compartmentalize USB drives, the solution is behavior-based.