CIA hacking tools revealed

WikiLeaks

Part 9 - Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

***

Source and links:

https://wikileaks.org/ciav7p1/

[1] [2] [3] [4] [5] [6] [7] [8]

Comments

The wounded US imperialist beast becomes more dangerous than ever as desperately seeks to start a WWIII

globinfo freexchange It seems that the declining Western superpower is losing ground and tries hardly to avoid the inevitable. The US imperialist beast, despite all the destruction that causes, is failing to fulfill its utter objectives. Which in short, are the dissolution of Russia and China, looting their vast resources, as well as the full expansion of the destructive neoliberal model throughout these areas and other countries allied with the Sino-Russian bloc. Most importantly, the wounded beast is loosing much of its strength due to the rapid de-dollarization that has started approximately ten years ago, as dollar had become the front line of the US imperialist sweeping force since the early 70s. As if nothing has changed, the beast insists on using the same tools to prevail in the global geopolitical field, ignoring the unprecedented changes and complexities under current circumstances. In a move (as it seems) of desperation, the United States House of Representative

Atlanta Police Violently Arrest Emory Students & Faculty to Clear Gaza Solidarity Encampment

Democracy Now! As a wave of student protests against Israel’s war on Gaza continues to spread from coast to coast, schools and law enforcement have responded with increasing brutality to campus encampments. One of the most violent police crackdowns took place at Emory University in Atlanta on Thursday, when local and state police swept onto the campus just hours after students had set up tents on the quad in protest against Israel’s war on Gaza as well as the planned police training center known as Cop City. Police used tear gas and stun guns to break up the encampment as they wrestled people to the ground, and are accused of using rubber bullets. Among those arrested were a few faculty members. Democracy Now! spoke with two of the arrested professors: Noëlle McAfee, chair of the philosophy department, and Emil’ Keme, professor of English and Indigenous studies. Also with Palestinian American organizer and medical student Umaymah Mohammad, who describes how Emory has repeat

Indiana University Brings In SNIPERS & Then LIES About It

Katie Halper Katie Halper talks to Aidan Khamis and Bryce Greene, who was arrested at Indiana University where snipers have been brought in. Bryce Greene is a student, writer, organizer and media critic based in Indianapolis. He is a contributor to Fairness and Accuracy In Reporting. He was arrested and banned from Indiana University's campus for participating in the Gaza solidarity encampment at Indiana University. Aidan Khamis is an organizer for Palestine Solidarity Committee IU and IU divestment coalition.

"Student Intifada": Stanford, University of Michigan, Indiana University, & more

The Real News Network Seven months into Israel’s genocidal war on Gaza, a student-led grassroots movement is spreading across the US and beyond, hearkening back to the student protests of the ‘60s that played a pivotal role in ending the US war in Vietnam. In what is being called the “student intifada,” with over 100 encampments going up at different college and university campuses, students, faculty, grad students, and other campus community members are exercising civil disobedience, occupying space on campuses, defying brutal repression from administrators and police, combatting skewed and wildly lopsided narratives in corporate media, and pressuring their universities to “disclose and divest” their investments in companies and financial institutions connected to Israel. TRNN speaks with encampment organizers/participants from the University of Michigan, the Indiana University, and Stanford University, and gets updates from encampments from New York to California.

Yanis Varoufakis Banned from Germany as Berlin Police Raid & Shut Down Palestinian Conference

Democracy Now! As Germany intensifies its crackdown on pro-Palestinian voices, Democracy Now! spoke with Greek economist and politician Yanis Varoufakis, one of the planned speakers at a conference in Berlin last weekend that was forcibly shut down by police. The Palestine Congress was scheduled to be held for three days, but police stormed the venue as the first panelist spoke. Germany's Interior Ministry had also banned some conference speakers from even entering the country, including Varoufakis, the Palestinian British surgeon Ghassan Abu-Sittah and the Palestinian researcher Salman Abu Sitta. " This is not about protecting Jewish lives and Jews from antisemitism. It's all about protecting the right of Israel to commit any war crime of its choice, " says Varoufakis. Varoufakis speaks also about freeing Julian Assange and his new book Technofeudalism . Related: Germany again on a dark path towards fascism

Pro-Palestinian Campus Encampments Spread Nationwide Amid Mass Arrests at Columbia, NYU & Yale

Democracy Now! Palestinian solidarity protests and encampments are appearing on college campuses from Massachusetts to California to protest Israel's attacks on Gaza and to call for divestment from Israeli apartheid. This week, police have raided encampments and arrested students at Yale and New York University. Palestinian American scholar and New York University professor Helga Tawil-Souri describes forming a faculty buffer to protect students, negotiating with police, and the ensuing crackdown that led to over 100 arrests Monday night. Uptown in New York City, the encampment at Columbia University is entering its seventh day despite mass arrests of protesters last week. "In my opinion, the NYPD were called in under false pretenses by the president of the university," says Joseph Slaughter, professor at Columbia University. "The university is being run as a sort of ad-hocracy at this point, the senior administration making up policies and procedures and pro

'Make no mistake, the full-scale assault on Rafah would be a human catastrophe': Guterres

Al Jazeera English United Nations Secretary-General Antonio Guterres has appealed for an end to the bloodshed in Gaza. He says the Middle East is at risk of explosion if the fighting continues. In his speech, Guterres urged Israel’s allies to press its leadership to stop the war on Gaza. “ I appeal to all those with influence over Israel to do everything in their power to help avert even more tragedy. The international community has a shared responsibility to promote a humanitarian ceasefire, the unconditional release of all hostages, and a massive surge in life-saving aid, ” he said. “ It is time for the parties to seize the opportunity and secure a deal for the sake of their own people. ”

Day 1846: Julian Assange still in prison and under slow-motion execution by the Anglo-American imperialist criminals

failed evolution On 11 April 2019, the Ecuadorian government of traitor Lenin Moreno, invited the Metropolitan Police into the Ecuadorian embassy in London, and they arrested Julian Assange . Since then, Assange is kept in Belmarsh high security prison in London, without actual charges. The real reason world's number one political prisoner is still kept in this high security prison, is because he exposed horrendous war crimes carried out by the US imperialists and their allies. The ruthless Western imperialist regime wants to punish the No1 real journalist in the world and make him an example for any Whistleblower or real journalist who will attempt to expose its big crimes in the future. And the Anglo-American axis has now become officially a fascist coalition , framed by the rest of its Western pets. UK's Home Secretary Priti Patel, one of the most ruthless ever, decided to extradite Julian Assange to US. No surprise of course. The only question we had in mind is

Biden PANICS Over Israel's Genocide

Owen Jones Biden's latest move tells us one thing: they're panicking.

the unbalanced evolution of homo sapiens

Search This Blog