{"id":101658,"date":"2017-11-13T12:00:30","date_gmt":"2017-11-13T12:00:30","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=101658"},"modified":"2017-11-10T19:37:59","modified_gmt":"2017-11-10T19:37:59","slug":"wikileaks-vault-8-part-1-cia-wrote-code-to-impersonate-russian-anti-virus-company-kaspersky","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/11\/wikileaks-vault-8-part-1-cia-wrote-code-to-impersonate-russian-anti-virus-company-kaspersky\/","title":{"rendered":"WikiLeaks Vault 8 Part 1: CIA Wrote Code to Impersonate Russian Anti-Virus Company Kaspersky"},"content":{"rendered":"<div id=\"attachment_101659\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/11\/wikileaks-vault-8-777x437.jpg\" ><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-101659\" class=\"wp-image-101659\" src=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/11\/wikileaks-vault-8-777x437.jpg\" alt=\"\" width=\"600\" height=\"337\" srcset=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/11\/wikileaks-vault-8-777x437.jpg 777w, https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/11\/wikileaks-vault-8-777x437-300x169.jpg 300w, https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/11\/wikileaks-vault-8-777x437-768x432.jpg 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><p id=\"caption-attachment-101659\" class=\"wp-caption-text\">Image Credit: Truthstream Media<\/p><\/div>\n<p><em>9 Nov 2017 &#8211; <\/em>WikiLeaks has <a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault8\/\" >released<\/a> part 1 of its new Vault 8 series following its popular and widely distributed Vault 7 series which exposed CIA spyware and malware capabilities.<\/p>\n<p>The new release \u201cwill enable investigative journalists, forensic experts, and the general public to better identify and understand covert CIA infrastructure components,\u201d the international whistleblower coalition wrote.<\/p>\n<p>The CIA\u2019s master virus control system known as \u201cHive\u201d was exposed previously last April by WikiLeaks.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">RELEASE: Inside the top secret CIA virus control system HIVE <a target=\"_blank\" href=\"https:\/\/t.co\/Bs6LmsVALz\" >https:\/\/t.co\/Bs6LmsVALz<\/a> <a target=\"_blank\" href=\"https:\/\/t.co\/y79IVSukK0\" >pic.twitter.com\/y79IVSukK0<\/a><\/p>\n<p>&mdash; WikiLeaks (@wikileaks) <a target=\"_blank\" href=\"https:\/\/twitter.com\/wikileaks\/status\/852823256239185921?ref_src=twsrc%5Etfw\" >April 14, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cDescribed as a multi-platform malware suite, Hive provides \u201ccustomisable implants\u201d for Windows, Solaris, MikroTik (software used in Internet routers), Linux OS, and\u00a0<a target=\"_blank\" href=\"http:\/\/www.avtech.com.tw\/NetworkRecorder.aspx\" >AVTech<\/a>\u00a0Network Video Recorders, used for CCTV recording.<\/p>\n<p>A 2015 <a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/hive-UsersGuide\/page-17\/#pagination\" >user guide<\/a> for the malware suite reveals the initial release of Hive was in 2010. The guide goes on to describes the software as having two primary functions \u2013 a beacon and interactive shell. Both are designed to provide a starting point for CIA cyber agents to deploy other tools\u00a0that have been included in the WikiLeaks Vault 7 series release.<\/p>\n<p>The implants communicate via HTTPS with the web server using a cover domain. Each cover domain is connected to an IP address that is hooked into a Virtual Private Server (VPS) provider. This forwards all incoming traffic to a \u2018Blot\u2019 server.<\/p>\n<p>The redirected traffic is then examined to see if it contains a valid beacon. If it does, it\u2019s sent to a tool handler, called a \u201cHoneycomb.\u201d<\/p>\n<p>The CIA can then choose to initiate other actions on the targeted computer.<\/p>\n<p>The user guide further details\u00a0the commands that are available, including uploading and deleting files and executing applications on the computer.<\/p>\n<p>\u201cSource code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks\u2019 earlier Vault7 series,\u201d WikiLeaks wrote in a <a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault8\/\" >press release<\/a> for the new Vault 8 series.<\/p>\n<p>The release of Hive followed with wide-scale blowback against the CIA when security firm\u00a0Symantec <a target=\"_blank\" href=\"https:\/\/www.symantec.com\/connect\/blogs\/longhorn-tools-used-cyberespionage-group-linked-vault-7\" >linked<\/a> the agency and a hacking group Longhorn to\u00a040 targets in 16 countries with many more expected to come.\u00a0Longhorn has been active since at least 2011, according to Symantec, infiltrating targets in the financial, telecom, aerospace and natural resources industries. It has the markings of an intelligence-backed state attacker.<\/p>\n<p>\u201cThe tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,\u201d\u00a0a Symantec statement said.<\/p>\n<blockquote><p><em>The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tacts to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn\u2019s activities and the Vault 7 documents are the work of the same group.<\/em><\/p><\/blockquote>\n<p>The latest leak is the CIA\u2019s master infrastructure source code + logs for that malware control system created by its Embedded Development Branch (EDB.) and expands on the use of obfuscated spoofed tools to implicate another party in a cyber attack.<\/p>\n<p>In March, WikiLeaks also released <a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/Marble\/Marble.zip\" >676 files <\/a>code-named <a target=\"_blank\" href=\"https:\/\/wikileaks.org\/ciav7p1\/cms\/space_15204359.html\" >\u2018Marble\u2019<\/a>, which detailed CIA hacking techniques and how they can misdirect forensic investigators from attributing viruses, trojans and worms to their agency by using the source code of other languages as a scapegoat \u2013 in other words, false flag cyber attacks.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">CIA&#39;s &quot;Marble Framework&quot; shows its hackers use potential decoy languages <a target=\"_blank\" href=\"https:\/\/t.co\/Hm3pTPSXIS\" >https:\/\/t.co\/Hm3pTPSXIS<\/a><\/p>\n<p>Background: <a target=\"_blank\" href=\"https:\/\/t.co\/GsoN4BuyTz\" >https:\/\/t.co\/GsoN4BuyTz<\/a> <a target=\"_blank\" href=\"https:\/\/t.co\/ZT66doCnfY\" >pic.twitter.com\/ZT66doCnfY<\/a><\/p>\n<p>&mdash; WikiLeaks (@wikileaks) <a target=\"_blank\" href=\"https:\/\/twitter.com\/wikileaks\/status\/847773877954543616?ref_src=twsrc%5Etfw\" >March 31, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This latest release exposes that the CIA wrote code \u201cto impersonate Russia\u2019s Kaspersky Lab anti-virus company.\u201d<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company <a target=\"_blank\" href=\"https:\/\/t.co\/EvE8GdyAmM\" >https:\/\/t.co\/EvE8GdyAmM<\/a> <a target=\"_blank\" href=\"https:\/\/t.co\/geigDgIDsk\" >pic.twitter.com\/geigDgIDsk<\/a><\/p>\n<p>&mdash; WikiLeaks (@wikileaks) <a target=\"_blank\" href=\"https:\/\/twitter.com\/wikileaks\/status\/928651185174794241?ref_src=twsrc%5Etfw\" >November 9, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cIf the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated,\u201d\u00a0WikiLeaks said in a statement.<\/p>\n<p>In July, the U.S. Department of Homeland Security (DHS) <a target=\"_blank\" href=\"http:\/\/dailycaller.com\/2017\/07\/12\/trump-admin-bans-use-of-russian-cybersecurity-firms-software\/\" >ordered<\/a> all government agencies to stop using Kaspersky-related security products and remove them from computers, citing\u00a0\u201cinformation security risks presented by the use of Kaspersky products on federal information systems.\u201d<\/p>\n<p>It\u2019s worth noting that Kaspersky was named in the infamous Trump dossier compiled by Fusion GPS under the behest of former spook Christopher Steele. The same firm that was coincidentally connected to a <a target=\"_blank\" href=\"https:\/\/www.activistpost.com\/2017\/07\/russian-lawyer-natalia-veselnitskaya.html\" >Russian lawyer\u00a0Natalia Veselnitskaya <\/a>who set up a meeting with U.S. President Donald Trump\u2019s son, Donald Trump Jr., through\u00a0Rob Goldstone, a music publicist and personal friend of Trump Jr.<\/p>\n<p>Then there is the fact that Hillary Clinton herself approved the dossier and helped fund it along with the DNC and RNC, <a target=\"_blank\" href=\"http:\/\/www.breitbart.com\/big-government\/2017\/11\/08\/edward-klein-hillary-dossier-connection\/\" >according<\/a> to journalist Edward Klein.<\/p>\n<p>\u201cHillary approved Podesta\u2019s decision to pay for the dossier by funneling campaign funds through Marc Elias,\u201d the strategist said, referring to the lawyer who represented both the Clinton campaign and the Democratic National Committee.<\/p>\n<p>\u201cThe dossier was delivered to the Clinton campaign by the opposition research firm Fusion GPS in the summer of 2016, and Hillary read it and was thrilled by its salacious content,\u201d the strategist continued.<\/p>\n<blockquote><p><em>She bragged about it so openly that many of the people in her Brooklyn campaign headquarters were aware of the existence of the dossier. Hillary referred to it as her \u2018secret weapon\u2019 that would \u2018blow Trump out of the water.\u2019<\/em><\/p><\/blockquote>\n<p>Former DNC interim head, Donna Brazile, even stated on <em>The View<\/em> that she knew about the dossier before the presidential election.\u00a0\u201cI asked one question on November 4th and I was told that I did not need to know and so no, I did not know,\u201d Brazile said.<\/p>\n<p>httpv:\/\/www.youtube.com\/watch?v=ppaQJTtg604<\/p>\n<p>Is all the propaganda and setups of U.S. president Donald Trump to paint him as colluding with Russia finally falling apart? WikiLeaks seems to play a major part in the destruction of the narrative that alludes to have heavy CIA involvement since the effort is so sophisticated and vast that indicates it was a potential clandestine operation. At some point, people have to start questioning the breadth of coincidences and realize as President Franklin Delano Roosevelt once said: \u201cIn politics, there are no accidents,\u201d <a target=\"_blank\" href=\"https:\/\/www.activistpost.com\/product\/1939438004\/US\/permacultucom-20\/?cart=y\" ><em>None Dare Call it Conspiracy<\/em><\/a>, by Gary Allen and Larry Abraham.<\/p>\n<p>__________________________________<\/p>\n<p style=\"padding-left: 30px;\"><em>Aaron Kesel writes for <\/em>Activist Post.<\/p>\n<p><a target=\"_blank\" href=\"https:\/\/www.activistpost.com\/2017\/11\/wikileaks-vault-8-part-1-cia-wrote-code-impersonate-anti-virus-company-kaspersky-lab.html?utm_source=Activist+Post+Subscribers&amp;utm_medium=email&amp;utm_campaign=a4616d3dd8-RSS_EMAIL_CAMPAIGN&amp;utm_term=0_b0c7fb76bd-a4616d3dd8-388191805\" >Go to Original \u2013 activistpost.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>9 Nov 2017 &#8211; WikiLeaks has released part 1 of its new Vault 8 series following its popular and widely distributed Vault 7 series which exposed CIA spyware and malware capabilities.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-101658","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/101658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=101658"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/101658\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=101658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=101658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=101658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}