WikiLeaks Vault 8 Part 1: CIA Wrote Code to Impersonate Russian Anti-Virus Company Kaspersky
WHISTLEBLOWING - SURVEILLANCE, 13 Nov 2017
9 Nov 2017 – WikiLeaks has released part 1 of its new Vault 8 series following its popular and widely distributed Vault 7 series which exposed CIA spyware and malware capabilities.
The new release “will enable investigative journalists, forensic experts, and the general public to better identify and understand covert CIA infrastructure components,” the international whistleblower coalition wrote.
The CIA’s master virus control system known as “Hive” was exposed previously last April by WikiLeaks.
— WikiLeaks (@wikileaks) April 14, 2017
“Described as a multi-platform malware suite, Hive provides “customisable implants” for Windows, Solaris, MikroTik (software used in Internet routers), Linux OS, and AVTech Network Video Recorders, used for CCTV recording.
A 2015 user guide for the malware suite reveals the initial release of Hive was in 2010. The guide goes on to describes the software as having two primary functions – a beacon and interactive shell. Both are designed to provide a starting point for CIA cyber agents to deploy other tools that have been included in the WikiLeaks Vault 7 series release.
The implants communicate via HTTPS with the web server using a cover domain. Each cover domain is connected to an IP address that is hooked into a Virtual Private Server (VPS) provider. This forwards all incoming traffic to a ‘Blot’ server.
The redirected traffic is then examined to see if it contains a valid beacon. If it does, it’s sent to a tool handler, called a “Honeycomb.”
The CIA can then choose to initiate other actions on the targeted computer.
The user guide further details the commands that are available, including uploading and deleting files and executing applications on the computer.
“Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks’ earlier Vault7 series,” WikiLeaks wrote in a press release for the new Vault 8 series.
The release of Hive followed with wide-scale blowback against the CIA when security firm Symantec linked the agency and a hacking group Longhorn to 40 targets in 16 countries with many more expected to come. Longhorn has been active since at least 2011, according to Symantec, infiltrating targets in the financial, telecom, aerospace and natural resources industries. It has the markings of an intelligence-backed state attacker.
“The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,” a Symantec statement said.
The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tacts to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.
The latest leak is the CIA’s master infrastructure source code + logs for that malware control system created by its Embedded Development Branch (EDB.) and expands on the use of obfuscated spoofed tools to implicate another party in a cyber attack.
In March, WikiLeaks also released 676 files code-named ‘Marble’, which detailed CIA hacking techniques and how they can misdirect forensic investigators from attributing viruses, trojans and worms to their agency by using the source code of other languages as a scapegoat – in other words, false flag cyber attacks.
CIA's "Marble Framework" shows its hackers use potential decoy languages https://t.co/Hm3pTPSXIS
— WikiLeaks (@wikileaks) March 31, 2017
This latest release exposes that the CIA wrote code “to impersonate Russia’s Kaspersky Lab anti-virus company.”
— WikiLeaks (@wikileaks) November 9, 2017
“If the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated,” WikiLeaks said in a statement.
In July, the U.S. Department of Homeland Security (DHS) ordered all government agencies to stop using Kaspersky-related security products and remove them from computers, citing “information security risks presented by the use of Kaspersky products on federal information systems.”
It’s worth noting that Kaspersky was named in the infamous Trump dossier compiled by Fusion GPS under the behest of former spook Christopher Steele. The same firm that was coincidentally connected to a Russian lawyer Natalia Veselnitskaya who set up a meeting with U.S. President Donald Trump’s son, Donald Trump Jr., through Rob Goldstone, a music publicist and personal friend of Trump Jr.
Then there is the fact that Hillary Clinton herself approved the dossier and helped fund it along with the DNC and RNC, according to journalist Edward Klein.
“Hillary approved Podesta’s decision to pay for the dossier by funneling campaign funds through Marc Elias,” the strategist said, referring to the lawyer who represented both the Clinton campaign and the Democratic National Committee.
“The dossier was delivered to the Clinton campaign by the opposition research firm Fusion GPS in the summer of 2016, and Hillary read it and was thrilled by its salacious content,” the strategist continued.
She bragged about it so openly that many of the people in her Brooklyn campaign headquarters were aware of the existence of the dossier. Hillary referred to it as her ‘secret weapon’ that would ‘blow Trump out of the water.’
Former DNC interim head, Donna Brazile, even stated on The View that she knew about the dossier before the presidential election. “I asked one question on November 4th and I was told that I did not need to know and so no, I did not know,” Brazile said.
Is all the propaganda and setups of U.S. president Donald Trump to paint him as colluding with Russia finally falling apart? WikiLeaks seems to play a major part in the destruction of the narrative that alludes to have heavy CIA involvement since the effort is so sophisticated and vast that indicates it was a potential clandestine operation. At some point, people have to start questioning the breadth of coincidences and realize as President Franklin Delano Roosevelt once said: “In politics, there are no accidents,” None Dare Call it Conspiracy, by Gary Allen and Larry Abraham.
Aaron Kesel writes for Activist Post.
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Click here to go to the current weekly digest or pick another article:
WHISTLEBLOWING - SURVEILLANCE: