Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Government Privacy Programming United States

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools ( 102

An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
This discussion has been archived. No new comments can be posted.

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools

Comments Filter:
  • CIA's Hive can also hide it's outbound network traffic from compromised devices to look like traffic going to Kapersky. That's also in the leak posted by Wikileaks.

    • by AHuxley ( 892839 )
      The NSA and CIA, GCHQ, 5 eyes have to move data around the globe after collection.
      What better way out of a network than a firewall set to trust an AV product?
      Its just the AV updating...
      If anyone looks, its all the work of other "nations". The interesting part is how dependant and fixated the West is on the talking points and the need to use trusted products to hide their collect it all data flow.
  • First, do no harm (Score:1, Insightful)

    by Sarten-X ( 1102295 )

    Zero-days and malware are just a part of the operation.

    Any attack also requires an infrastructure to send the phishing emails, host fake login pages, make bogus links look trustworthy, and mask the origin of attacks. Often, setting up that infrastructure is the most time-consuming and expensive part of an attack, so it's often reused for several attacks. That is one of the most reliable mechanisms for identifying the source of an attack, by identifying the infrastructure networks used, and associating group

    • The Wikileaks source could have sold those secrets to the highest bidder. Would that make you feel more secure instead ?
      • by Sarten-X ( 1102295 ) on Thursday November 09, 2017 @07:10PM (#55522213) Homepage

        Alternatively, WikiLeaks could have consulted a few trusted security researchers to get any insight from the code, and released that insight with limited snippets of code. While that would likely aid attackers in making a similar infrastructure, they'd have to invent their own boilerplate, likely allowing the different reimplementations to be identifiable. The insight from the experts would also contribute more to coherent and realistic discussions on the actual capabilities of the tool, rather than encouraging more "the CIA is hacking everyone!" panic.

        Even if the toolset had been sold to one "highest bidder", that would only be one other attackerto identify. The shared infrastructure would be a little confusing for researchers at first, but continued attacks would show distinct operation patterns as a signal rising above the noise. Yes, that does actually strike me as being more secure than opening the tools up to everyone at once, since it's now so much easier to hide any given attack in the higher amount of noise.

    • by AmiMoJo ( 196126 ) <mojo@wo[ ] ['rld' in gap]> on Thursday November 09, 2017 @06:51PM (#55522133) Homepage Journal

      We have safely assume that Wikileaks aren't the only ones who have these tools. They have likely already been stolen by others, just like the NSA exploits before them.

      Plus for most of us the CIA is just another adversary we want to defend against, no different than any other malicious actor out there.

      I much prefer to know about these tools and vulnerabilities so I can defend against them. Patches will come quickly to quality software.

      • by Anonymous Coward

        Patches will come quickly to quality software.

        That's a problem. Most software is not of good quality, especially the most commonly used.
        Yes, even in the professional markets. ESPECIALLY in the professional markets, actually. I've used some right shitheaps in my time.

    • Umm... why are you expecting "journalists" to abide by the Hippocratic Oath? Their entire existence is based around exposing those with harmful behaviors. Given the CIAs track record, I'm not surprised they are considered harmful.

      Also, exposing the zero-days will ensure that software is fixed and malware signatures will be added antivirus databases.

      Now, thanks to WikiLeaks, any attacker can start to build their own infrastructure from source, that looks just like the CIA. This in turn opens the door to more successful untraceable attacks and false-flag operations. By raising the banner of "journalism", WikiLeaks has yet again contributed to more damaging attacks and escalating conflicts.

      That sure sounds like they have created an incentive for government agencies to focus on defending systems rather than exploiting systems.

      The lesson to be lear

    • by AHuxley ( 892839 )
      The problem with trying to fix what the security services are doing is the security services have lost control of their tool sets over the years.
      The US and UK have a set of tools. What was once CIA, NSA, GCHQ, Royal Ulster Constabulary Special Branch only is now floating around other nations and staff.
      Hardware and software to rent, for a shared faith, domestic politics, to buy.
      The US and UK shared methods with trusted experts in NATO. To impress new friends in NATO, EU bureaucracy? To get staff in the
    • by rtb61 ( 674572 )

      So you are saying, other people can imitate the US government security apparatus by pretending to be other people, pretending to be other people (not an error). Do you not see the ludicrousness of your proposition. You can pretend to look like the CIA pretending to look like Kaspersky in order to attack any Russian business for simply being Russian or just hacking Russian security software in order to hack Russian corporations using it.

      The US is breaking computer crimes across the globe to chiefly blackmai

    • Yeah let's let the shadow government keep raping anyone they feel like. Great idea.
      The solution to the problem isn't painless. We let this cancer get into the heart of our supposed democracy.

    • Since when is Wikileaks a journalist? They haven't ever been caught faking anything, or bending the facts to fit a pre-existing political bias. How's that journalism?

      Once upon a time, the term "journalist" carried a social expectation of trying to present the truth without harm.

      LOL that time is long past. Journalists spread fake news all the time, whenever it satisfies their emotional needs and validates their pre-existing political biases. It's very menacing if journalists with the loudest claim t

Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.