Menu
Latest WikiLeaks dump exposes CIA methods to mask malware

Latest WikiLeaks dump exposes CIA methods to mask malware

The site has dumped anti-forensic tools that WikiLeaks claims the CIA used last year

WikiLeaks may have dealt another blow to the CIA’s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.

On Friday, the site dumped the source code to the Marble Framework, a set of anti-forensic tools that WikiLeaks claims the CIA used last year.

The files do appear to show “obfuscation techniques” that can hide CIA-developed malicious coding from detection, said Jake Williams, a security researcher at Rendition InfoSec, who has been examining the files.

Every hacker, from the government-sponsored ones to amateurs, will use their own obfuscation techniques when developing malware, he said.

But thanks to WikiLeaks, some of the CIA’s methods are out in the public. Security researchers will now have a resource to identify whether past malware samples have any ties to the U.S. spy agency, Williams said.

WikiLeaks has said the same. But the site is also drawing another conclusion with the source code: that the CIA can frame other countries for its malware attacks.

WikiLeaks points to how the CIA anti-forensic tools support other languages such as Chinese, Russian, Korean, Arabic and Farsi. “This would permit a forensic attribution double game,” the site said.

Security researchers, for instance, might misattribute CIA-developed malware to other countries, when noticing it contained certain foreign languages.

But Williams doesn’t buy that conclusion. “That’s ludicrous,” he said. “It’s wholly inaccurate.”

The anti-forensic tools are actually designed to conceal the presence of computer code written in foreign languages, not reveal it, Williams said.

That’s important because the agency was probably targeting computers overseas from Russia or China. To hack those systems, the CIA probably needed to include some Russian or Chinese language in the malware.

“But if you don’t obfuscate that,” Williams said. “Anyone who is looking at your malware will know you are trying to steal their stuff.”

It’s not the first time WikiLeaks has made claims that were later questioned. Security researchers have criticized the site for exaggerating the CIA’s hacking capabilities since WikiLeaks began dumping tools allegedly taken from the agency.

The CIA hasn’t commented on Friday’s dumped source code. But assuming the files are real, security researchers say they’ll probably disrupt the agency’s spying efforts.

“This is one of the most damaging releases ever done by WikiLeaks,” tweeted Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

In addition, hackers will be able to learn from the dumped source code to obfuscate their own malware. "Now anyone can create malware that looks like it came from the CIA," Williams said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments