Menu
Suspected CIA spying tools linked to hacks in 16 countries

Suspected CIA spying tools linked to hacks in 16 countries

Symantec has connected WikiLeaks' dumped CIA files to a hacking team called Longhorn

The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.

The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.

Those targets include governments and organizations in the financial, telecom, IT and aerospace sectors, among others, Symantec said, without disclosing specific names.

Victim computers were located in the Middle East, Europe, Asia, Africa -- and at one point, even the U.S., where the CIA is barred from conducting electronic surveillance.

"On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally," Symantec said.

The CIA has declined to say whether the documents dumped by WikiLeaks are authentic. But security researchers suspect that the dumped files deal a damaging blow to the U.S. spy agency by exposing its secret hacking operations.

On Monday, Symantec said there was “little doubt” a link existed between Longhorn and the hacking techniques described in the dumped documents.

The security firm has found Longhorn using four different malware tools, two of which match details disclosed in the dumped files.

For instance, the suspected CIA files describe a piece of malware known as Fluxwire, and provide a changelog of dates for when new features were added. Those dates align with changes Symantec noticed in a Trojan program used by Longhorn that had been discovered in 2015.

Another CIA file described a malware payload specification that matched another Longhorn-deployed Trojan, which can open a backdoor in a Windows PC.

In 2014, this Trojan was used with a little-known vulnerability that can exploit a Microsoft Word document to hack a target, Symantec said.

Some evidence shows that Longhorn may date back as far as 2007, according to Symantec. But prior to the WikiLeaks dump, the security firm had only concluded that the group was well-resourced, devoted to intelligence gathering, and probably English-speaking.

WikiLeaks hasn't released much of the source code to the suspected CIA hacking tools. However, the files -- which are largely made up of user manuals and other documents -- will nevertheless help both security firms and foreign governments to detect the spy agency's techniques, experts say.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments