Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Privacy Security IT

CIA Tricked Antivirus Programs, Claims WikiLeaks (betanews.com) 94

Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."
This discussion has been archived. No new comments can be posted.

CIA Tricked Antivirus Programs, Claims WikiLeaks

Comments Filter:
  • by Anonymous Coward on Friday March 31, 2017 @01:44PM (#54153251)

    Our Guard Dogs have turned on us ... and they have rabies.

    • by Anonymous Coward on Friday March 31, 2017 @01:54PM (#54153359)

      This is what JFK concluded, shortly before he was assassinated

      • This is starting to get silly...I'm beginning to think that the next leak is going to include evidence that the CIA plants dime sized listening devices in people's houses.

        The CIA is and always has been a spy organization, and they've always spied on foreign targets. I'm still waiting for evidence that any of this was used on US citizens.

        Yes, the NSA spying was bad, and Snowden was right to leak it, because they were in fact spying on US citizens. The CIA isn't though; the CIA is merely doing what they've al

    • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Friday March 31, 2017 @05:57PM (#54155071) Homepage

      The "guard dogs" were proprietary programs. Users of proprietary OSes (chiefly MacOS and Windows) were trusting one black box to "guard" against the ills of other black boxes (other likely proprietary programs running on the same system). This was always known to be foolish and this WikiLeaks release shows another indisputable example how this system is broken by design.

      Software freedom (the freedom to run, share, inspect, and modify) is no guarantee against malware, life offers no such guarantees. As with other endeavors we can act to improve the odds in our favor for computers we own so we don't fall prey to the ills of proprietary software. We know that keeping secrets from computer users prevents them from controlling their own computers (this is the power of a proprietor and why proprietary software is released). When we have software freedom we increase the odds skilled software practitioners will identify malware, change the software to excise the malware, and release the improved software. One could even hire someone's skill and time to do this on their behalf.

      But no such inspection, improvement, and release is legally permitted with proprietary software. Thus most computer users fall prey not only to the traps of proprietary software itself, but also to the traps built into the software, and the traps of the software ostensibly meant to guard from the ills of other malware. There's no good reason to have faith in one black box over another, trust that one black box will keep you safe while another is less trustworthy, or to continue choosing one master over another. It's easy, convenient, and untrustworthy to do as the proprietors want you to do. You can choose software freedom and invest in businesses working to provide you with practical hardware [fsf.org] to make this an everyday reality that meets your computing needs. The Free Software Foundation's "Respects Your Freedom" list includes a high-powered X86 64-bit mainboard called the "Vikings D16 Mainboard" which looks particularly appealing for high-powered, high RAM ceiling systems. WikiLeaks continues to tell us all why we need hardware and software we can trust, software that respects our freedom—we see the consequences of not having trustworthy systems! We can choose to value software freedom for its own sake and we should. Investing in our own future in this way now portends big practical payoffs in the near and long-term future.

      • by sokk ( 691010 )
        Good points, but I still think that open source suffers because of the lack of a economic model that fits application developers. Open source is good for the big dogs ("cloud", "enterprise") - not so good for the garage guys. I think the status quo will self-correct if the economic incentive can be tilted. How about an open source license that only allows distribution to other license holders?
        • by rtb61 ( 674572 )

          The advantage of open source it is very hard to sneak stuff in or leave bugs in there because every countries across the board can take a squiz http://www.dictionary.com/brow... [dictionary.com] at the code, unlike closed source. So when they find a bug, it is not like they can secure their own without the rest finding out, so in spy vs spy open source tends by the nature of it's design to be neutral territory (not that they would not hack it but secure it for one, secure it for all and blinding hoping the fully visible bug

  • Russian hackers? (Score:2, Insightful)

    by Xua ( 249955 )
    "and sometimes going as far as appearing to originate from countries other than the US" <- Russian hackers?
    • The CIA does imitate Russian hackers. But the Russian hackers were imitating Ukranian hackers. What, do you think the CIA could pull off a DOUBLE false flag?
    • by zlives ( 2009072 )

      no no, Sony was hacked by North Korean hackers on their c-64s

    • "and sometimes going as far as appearing to originate from countries other than the US"
      TFA includes a partial list of the languages used by the tool:

      The code includes Chinese, Russian, Korean, Arabic and Farsi language examples,

      In other words: The CIA tool could fake their attacks as originating from, or sponsored and assisted by, at least the following state-level powers:
      - China
      - Russia
      - North Korea
      - ISIS
      - Iran

      So, Yes. The CIA could routinely fake their malware,

  • It's common practice in a secret organization that presumably everyone knows about for your actions so they look in the wrong direct. I'm not justifying anything, just point out the basic "what do you expect". When China attacks us, they blame home grown hackers either domestic or foreign. Russia does the same, why are we any different. What would be interesting is if they did something original, like said it was a rouge employee within their own ranks when they were caught hacking someone. Or have they don
  • Alan Turing would've been proud of the work, American (and British) intelligence agencies are doing in the area of computers and communications.

    And whoever leaked the information to adversaries, would've been shot in Alan Turing's times... For treason.

    Synzronvg zl gnvy...

    • Alan Turing would've been proud of the work, American (and British) intelligence agencies are doing in the area of computers and communications.

      But if he realized that the 'work' was being used against their own citizens, he would likely have burned not only his own work, but also the entire Bletchley Park complex to the ground and then shot himself after making sure the facts surrounding his actions went public.

      Strat

      • by mi ( 197448 )

        But if he realized that the 'work' was being used against their own citizens

        There is nothing about that in TFA. We do know about Obama making it easier [circa.com] for his top staff to learn about — and inevitably leak [reason.com] — some such intelligence pertaining to US citizens [circa.com], but it is still an awesome tech.

        he would likely have burned not only his own work, but also the entire Bletchley Park complex to the ground and then shot himself after making sure the facts surrounding his actions went public.

        No, I'm confide

        • ...he would've preferred the "domestic spying" â" however appalling by itself â" to Hitler's victory.

          What's the difference, outside of an obsession with killing Jews, if the methods and results are ultimately nearly the same for regular people? Whether it's the CIA, MI5, or the Nazi SS violating your rights and killing/imprisoning you, you're still just as screwed.

          Strat

          • by mi ( 197448 )
            I was going to just ignore your outburst on Godwin's Law grounds, but then realized, that even if, as the Progressive assholes love to claim, the "US is no different from Nazi Germany" (or that "Trump is Hitler"), there is still the importance of your side winning.

            Whether it's the CIA, MI5, or the Nazi SS violating your rights and killing/imprisoning you

            There is a lot more to why we love Nazis, than the SS. And, of course, in reality neither CIA nor MI5 are anywhere close to them in the "killing/imprisoning

            • Whether it's the CIA, MI5, or the Nazi SS violating your rights and killing/imprisoning you

              There is a lot more to why we love Nazis, than the SS. And, of course, in reality neither CIA nor MI5 are anywhere close to them in the "killing/imprisoning" part, which you clumsily attempted to conflate with the amorphous "violating your rights".

              As far as the CIA/MI5 "not being anywhere close", in many areas I would disagree. In fact, in some areas they've exceeded the wildest dreams of all the dictators and tyrannies of the 20th century. With the widespread use of "Predator"-type weapons systems in the military and the push for domestic law enforcement use of drones, it seems only a matter of time before they exceed yet more past dreams of tyrants.

              And as

              • by mi ( 197448 )

                in some areas they've exceeded the wildest dreams of all the dictators and tyrannies

                "In some ways", maybe — because of the technology advances. But not in the killing/imprisoning part.

                As for the rest, I remind you of the Godwin's Law [killfile.org] once again... Farewell.

  • by bongey ( 974911 ) on Friday March 31, 2017 @02:34PM (#54153691)

    The key fact is it disguises the original malware writers in Chinese, Russian, Korean,Arabic and Farsi.
    Wikileaks Vault 7 Part 3 has released the CIA's Marble framework that is used the disguise the origin of malware. Specifically it is designed to " "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."
    https://slashdot.org/submissio... [slashdot.org]

    Brings up a key point if the CIA does this, other countries do the same thing.
    Do you really think Russia would sprinkle their hacked documents with Fancy Bear and Cozy Bear?

    • by AHuxley ( 892839 )
      Yes the CIA could change the code litter. A later gov or private sector investigation would find the code litter of another nation as talking point.
  • How dastardly! These CIA hackers wrote a program that takes the "Copyright 2011 CIA" strings in executables and replaces them with Chinese copyright notices!

    On the other hand, it's nice that the CIA was putting origin-identifying strings into the binaries in the first place (so they exist to be removed or changed). If I were running a spy agency, I'm not sure I would have thought to do that.

  • Could the source code reverse a method? A good tech journalist could then look back over past events and uncloak past cold litter discoveries?
  • Why aren't people paying attention? Wikileaks summaries are always just propaganda, intentionally misleading to work up conspiracy theorists. It's clever though, it's based on half-truths, but it's generally nothing in the end. They look over their info for weeks to write their summary, then dump a huge amount of info that no one can reasonably read quickly, so the media just publishes the Wikileaks summary.

    Just wait a few days, the truth will come out to be something extremely boring. Ah, but who follo

fortune: not found

Working...