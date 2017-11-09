WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com) 29
An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
Of course that will get ignored, didnt you know Wikileaks is just another arm of the KGB?
I thought *everyone* knew that! It is your duty as a citizen to know that!
I think you had better report yourself immediately for re-education.
Was the whole Kaspersky thing not completely transparent enough to make it clear that they are being punished for not playing 'the game'?
Please.
You have to give out your name first citizen. How else are they going to find you?
Hive impersonates Kapersky certs and netwrok traff (Score:2)
CIA's Hive can also hide it's outbound network traffic from compromised devices to look like traffic going to Kapersky. That's also in the leak posted by Wikileaks.
First, do no harm (Score:3)
Zero-days and malware are just a part of the operation.
Any attack also requires an infrastructure to send the phishing emails, host fake login pages, make bogus links look trustworthy, and mask the origin of attacks. Often, setting up that infrastructure is the most time-consuming and expensive part of an attack, so it's often reused for several attacks. That is one of the most reliable mechanisms for identifying the source of an attack, by identifying the infrastructure networks used, and associating groups of attacks together, then connecting specific attacks with specific political actions.
Now, thanks to WikiLeaks, any attacker can start to build their own infrastructure from source, that looks just like the CIA. This in turn opens the door to more successful untraceable attacks and false-flag operations. By raising the banner of "journalism", WikiLeaks has yet again contributed to more damaging attacks and escalating conflicts.
Once upon a time, the term "journalist" carried a social expectation of trying to present the truth without harm. Dumping unfiltered source code doesn't offer any new insight except to a few good researchers, but it does enable significant harm and neuters those same researchers' usual techniques.
I'm unimpressed.
We have safely assume that Wikileaks aren't the only ones who have these tools. They have likely already been stolen by others, just like the NSA exploits before them.
Plus for most of us the CIA is just another adversary we want to defend against, no different than any other malicious actor out there.
I much prefer to know about these tools and vulnerabilities so I can defend against them. Patches will come quickly to quality software.