USA POLITICS: WikiLeaks Vault 7 ‘Hive’: Secret CIA Virus Control System Exposed

Politicoscope
By Politicoscope April 14, 2017 12:04

Breaking News Alerts: Sign Up






USA POLITICS: WikiLeaks Vault 7 ‘Hive’: Secret CIA Virus Control System Exposed

WikiLeaks has released ‘Hive’, the fifth installment in a series of leaks exposing alleged CIA hacking techniques known as ‘Vault 7’. The latest batch consists of six documents and details how the agency can use malware to monitor targets.

WikiLeaks has released ‘Hive’, the fifth installment in a series of leaks exposing alleged CIA hacking techniques known as ‘Vault 7’. The latest batch consists of six documents and details how the agency can use malware to monitor targets.

To hide the presence of such malware, WikiLeaks notes that the public HTTPS interface (a protocol for secure communication over a computer network within an encrypted connection) “utilizes unsuspicious-looking cover domains,” meaning those targeted would be unaware of the CIA’s interference.

WikiLeaks notes anti-virus companies and forensic experts have noticed “possible state-actor” malware using similar back-end infrastructure, but were unable to connect the back-end to CIA operations.

The Hive documents released Friday may allow experts to examine this kind of communication between malware implants and backend servers, WikiLeaks says. The CIA’s Hive project was created by its Embedded Development Branch (EDB). This branch was also responsible for projects detailed in WikiLeaks’ ‘Dark Matter’ leak, revealing the CIA’s attacks on Apple firmware. A 2015 User Guide reveals the initial release of Hive was in 2010, and describes the software implant as having two primary functions – a beacon and interactive shell. Both are designed to provide an initial foothold to deploy other “full featured tools.”

– RT

Hive: 14 April, 2017
Today, April 14th 2017, WikiLeaks publishes six documents from the CIA’s HIVE project created by its “Embedded Development Branch” (EDB).

HIVE is a back-end infrastructure malware with a public-facing HTTPS interface which is used by CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets.

HIVE is used across multiple malware implants and CIA operations. The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.

Anti-Virus companies and forensic experts have noticed that some possible state-actor malware used such kind of back-end infrastructure by analyzing the communication behaviour of these specific implants, but were unable to attribute the back-end (and therefore the implant itself) to operations run by the CIA. In a recent blog post by Symantec, that was able to attribute the “Longhorn” activities to the CIA based on the Vault 7, such back-end infrastructure is described:

For C&C servers, Longhorn typically configures a specific domain and IP address combination per target. The domains appear to be registered by the attackers; however they use privacy services to hide their real identity. The IP addresses are typically owned by legitimate companies offering virtual private server (VPS) or webhosting services.

The malware communicates with C&C servers over HTTPS using a custom underlying cryptographic protocol to protect communications from identification.

Readers Who Read this Article Also Read

The documents from this publication might further enable anti-malware researchers and forensic experts to analyse this kind of communication between malware implants and back-end servers used in previous illegal activities.

WikiLeaks


Up Next on Politicoscope

Share this Article: "USA POLITICS: WikiLeaks Vault 7 ‘Hive’: Secret CIA Virus Control System Exposed"


Politicoscope
By Politicoscope April 14, 2017 12:04

What's on Your Mind?