Wikileaks publishes the source code of the CIA hacking tools
With its new season Vault 8, Wikileaks aims to publish the source codes
of CIA spy tools listed in Vault 7 in recent months.
After
its Vault 7 series launched in March 2017 on the undercover spy tools of the
CIA walls, WikiLeaks opens a new season, Vault 8, dedicated to the source code
of the surveillance applications in question.
"This publication will enable investigative journalists, forensic experts and the general public to better identify and understand the secret components of the CIA's infrastructure," explains Julian Assange's platform for launchers of alerts.
Who
is quick to clarify that none of the published documents contain 0 - Day
vulnerability or security likely to be re-operated by third parties.
The
first revelation of Vault 8 covers Hive (hive), a "major" component
of the infrastructure of the U.S. control of its malware Intelligence Agency.
We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected— Eugene Kaspersky (@e_kaspersky) 9 novembre 2017
Hive
indeed provides a platform of communication between infected servers
(monitored) and those of the CIA to exfiltrate information but also to receive
instructions. And this, without that its possible discovery could be traced
back to the Intelligence Agency.
Public Servers
Schematically,
Hive enables multiple operations from several implants on the target computers,
says Wikileaks.
For
each operation, a domain created. Domain running on servers leased from
commercial hosters as a VPS.
These
virtual private servers then serve as relays with the own CIA servers (called
"Blot") hosted behind a VPN connection (private virtual network).
According
to WikiLeaks, the domains created by the CIA offer trivial content that may not
inspire any mistrust of a visitor who falls on it (by chance or not).
Without
the visitor's knowledge, lures websites serve as gateways to propagate malware
from the CIA, promoting the connection with the Blot servers of the
intelligence Agency (and therefore the discrete collection of data).
False misleading certificates
Moreover,
the Hive code generates false certificates. such as, for example, a certificate
assigned to Kaspersky Lab and signed by Thawte Consulting. This requires
Kaspersky to take the floor to defend itself on Twitter.
"This way, if the target organization looks at network traffic coming out of its network, it will tend to attribute the exfiltration of CIA data to uninvolved entities whose identities have been spoofed," says Wikileaks.
Hive
is reminiscent of another malware, FuzzBunch, used by the NSA whose hacking
tools were stolen by Shadow brokers. With the result that have know.
In
the hands of cyber criminals, the tools of the American National Security
Agency have been transformed into ransomware Wannacry and other Petya.
Even
if WikiLeaks commits to not publishing code without 0-Day, the worst is to be
feared with the publication of the twenty tools previously listed in the Vault
7 list.
Did you like this article ? Then share it with your friends by clicking on the buttons below:
No comments: