Results 1 to 3 of 3
Like Tree3Likes

Thread: Latest WikiLeaks release shows how the CIA uses computer code to hide the origins of

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012

    Latest WikiLeaks release shows how the CIA uses computer code to hide the origins of

    Latest WikiLeaks release shows how the CIA uses computer code to hide the origins of its hacking attacks and 'disguise them as Russian or Chinese activity'


    • WikiLeaks published 676 source code files today which it claimed are from CIA
    • It says the CIA disguised its own hacking attacks to make it appear those responsible were Russian, Chinese, Iranian or North Korean


    By Mail Online Reporter

    PUBLISHED: 07:02 EDT, 31 March 2017 | UPDATED: 07:20 EDT, 31 March 2017

    WikiLeaks has published hundreds more files today which it claims show the CIA went to great lengths to disguise its own hacking attacks and point the finger at Russia, China, North Korea and Iran.

    The 676 files released today are part of WikiLeaks' Vault 7 tranche of files and they claim to give an insight into the CIA's Marble software, which can forensically disguise viruses, trojans and hacking attacks.

    WikiLeaks says the source code suggests Marble has test examples in Chinese, Russian, Korean, Arabic and Farsi (the Iranian language).



    +1



    WikiLeaks, founded by Julian Assange (pictured), claims its Vault 7 files come from the CIA's Center for Cyber Intelligence

    It says: 'This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese.'
    This could lead forensic investigators into wrongly concluding that CIA hacks were carried out by the Kremlin, the Chinese government, Iran, North Korea or Arabic-speaking terror groups such as ISIS.

    WikiLeaks, whose founder Julian Assange remains holed up in the Ecuadorean Embassy in London, said Vault 7 was the most comprehensive release of US spying files ever made public.

    Earlier this month WikiLeaks published thousands of documents claiming to reveal top CIA hacking secrets, including the agency's ability to infiltrate encrypted apps like Whatsapp, break into smart TVs and phones and program self-driving cars.

    It also claims the CIA can bypass the encryption of Whatsapp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the smart phones the applications run on.
    The CIA was also looking at hacking the vehicle control systems used in modern cars and trucks, WikiLeaks claims.


    Wikileaks said the release of confidential documents on the agency already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.
    Experts who've started to sift through the material said it appeared legitimate - and that the release was almost certain to shake the CIA.



    Read more: http://www.dailymail.co.uk/news/arti...#ixzz4cv61eOJY
    Follow us: @MailOnline on Twitter | DailyMail on Facebook
    Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts at https://eepurl.com/cktGTn

  2. #2
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012
    All Releases




    Marble Framework

    31 March, 2017

    Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

    Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

    Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

    The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
    The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

    The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.



    Dark Matter

    23 March, 2017

    Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

    Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

    "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

    Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

    Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

    While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

    https://wikileaks.org/vault7/?marble#Marble
    Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts at https://eepurl.com/cktGTn

  3. #3
    Senior Member Judy's Avatar
    Join Date
    Aug 2005
    Posts
    55,883
    Yeah, someone in CIA's been meddling in our elections and interfering in our democracy.

    Like I asked some weeks ago:

    How did the FBI know that the DNC had been hacked before the DNC knew?
    A Nation Without Borders Is Not A Nation - Ronald Reagan
    Save America, Deport Congress! - Judy

    Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts at https://eepurl.com/cktGTn

Similar Threads

  1. WikiLeaks Data Shows Hillary's True Racist Character
    By European Knight in forum General Discussion
    Replies: 0
    Last Post: 10-16-2016, 01:57 AM
  2. Assange: WikiLeaks to release all US election docs by Nov. 8
    By lorrie in forum General Discussion
    Replies: 2
    Last Post: 10-04-2016, 08:43 PM
  3. Replies: 2
    Last Post: 08-09-2016, 05:44 PM
  4. Obamacare computer code riddled with typos, Latin filler text, desperate programmer c
    By AirborneSapper7 in forum Other Topics News and Issues
    Replies: 0
    Last Post: 10-12-2013, 01:10 AM
  5. Defying Experts, Rogue Computer Code Still Lurks
    By vortex in forum Other Topics News and Issues
    Replies: 0
    Last Post: 08-27-2009, 01:22 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •