{"id":89808,"date":"2017-04-03T12:00:24","date_gmt":"2017-04-03T11:00:24","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=89808"},"modified":"2017-04-01T17:42:22","modified_gmt":"2017-04-01T16:42:22","slug":"wikileaks-reveals-marble-proof-cia-disguises-their-hacks-as-russian-chinese-arabic","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/04\/wikileaks-reveals-marble-proof-cia-disguises-their-hacks-as-russian-chinese-arabic\/","title":{"rendered":"WikiLeaks Reveals “Marble”: Proof CIA Disguises Their Hacks as Russian, Chinese, Arabic…"},"content":{"rendered":"

31 Mar 2017 – <\/em>WikiLeaks\u2019 latest Vault 7 release<\/a> contains a batch of documents, named \u2018Marble\u2019, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages.\u00a0 The tool was in use as recently as 2016.\u00a0 Per the WikiLeaks <\/a>release:<\/p>\n

“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game,<\/strong> for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,<\/strong> — but there are other possibilities, such as hiding fake error messages.”<\/p>\n

https:\/\/twitter.com\/wikileaks\/status\/847749901010124800\/photo\/1?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.zerohedge.com%2Fnews%2F2017-03-31%2Fwikileaks-reveals-marble-proof-cia-disguises-their-hacks-russian-chinese-arabic<\/p>\n

The latest release is said to potentially allow for ‘thousands<\/a>‘ of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments.<\/p>\n

WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified.<\/strong> WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.<\/p>\n

It\u2019s \u201cdesigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms\u201d often link malware to a specific developer, according to the whistleblowing site.<\/p>\n

The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.<\/strong><\/p>\n

\u201cThis would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,\u201d WikiLeaks explains, \u201cBut there are other possibilities, such as hiding fake error messages.\u201d<\/p>\n

The code also contains a \u2018deobfuscator\u2019 which allows the CIA text obfuscation to be reversed. \u201cCombined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.\u201d<\/p>\n

\u00a0Previous Vault7 releases have referred to the CIA\u2019s ability to mask its hacking fingerprints.<\/p>\n

\u00a0WikiLeaks claims the latest release will allow for thousands of viruses and hacking attacks to be attributed to the CIA.<\/strong><\/p>\n

https:\/\/twitter.com\/wikileaks\/status\/847773877954543616\/photo\/1?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.zerohedge.com%2Fnews%2F2017-03-31%2Fwikileaks-reveals-marble-proof-cia-disguises-their-hacks-russian-chinese-arabic<\/p>\n

And the rabbit hole just got even deeper.<\/p>\n

* * *<\/p>\n

Full release from WikiLeaks:<\/p>\n

Today, March 31st 2017, WikiLeaks releases Vault 7<\/a> “Marble” — 676 source code files<\/a> for the CIA’s secret anti-forensic Marble Framework<\/a>. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.<\/strong><\/p>\n

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware<\/a> from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.<\/p>\n

Marble forms part of the CIA’s anti-forensics approach<\/a> and the CIA’s Core Library<\/a> of malware code. It is “[D]esigned to allow for flexible and easy-to-use obfuscation<\/em>” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.<\/em>”<\/p>\n

The Marble source code also includes a deobfuscator<\/em> to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.<\/p>\n

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.<\/strong><\/p>\n

The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.<\/p>\n

Go to Original \u2013 zerohedge.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

31 Mar 2017 – WikiLeaks\u2019 latest Vault 7 release contains a batch of documents, named \u2018Marble\u2019, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages. The biggest malicious hacker on Earth was, and still is, the CIA.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-89808","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/89808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=89808"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/89808\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=89808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=89808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=89808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}