WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
The release on Friday of the CIA’s “Marble Framework” comes less than a month after the anti-secrecy organization dumped onto the Internet a trove of files – dubbed Vault 7 – that described the type of malware and methods the CIA uses to gain access to targets’ phones, computers and other electronic devices.
“This appears to be one of the most technically damaging leaks ever done by WikiLeaks, as it seems designed to directly disrupt ongoing CIA operations and attribute previous operations,” said Nicholas Weaver, a computer security researcher at the University of California at Berkeley.
The materials discloses includes the secret source code of an “obfuscation” technique used by the CIA so its malware can evade detection by antivirus systems. The technique is used by all professional hackers, whether they work for the National Security Agency, Moscow’s FSB or the Chinese military. But because the code contains a specific algorithm, a digital fingerprint of sorts, it can now be used to identify CIA hacking operations that had previously been detected but not attributed.
WikiLeaks, founded by Julian Assange, has sought to position itself as a champion of transparency and defender of privacy rights. It described the Marble Framework as “the digital equivalent of a specialized CIA tool to place covers over the English language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.”
In releasing the material, WikiLeaks tweeted: “CIA Vault 7 Part 3 ‘Marble’ – thousands of CIA viruses and hacking attacks could now be attributed.”
The agency responded angrily.
“Dictators and terrorists have no better friend in the world than Julian Assange, as theirs is the only privacy he protects,” spokesman Dean Boyd said, without commenting on the authenticity of the release.
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” Boyd said. “Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.”
The security agency hacking operations are much smaller in scale than the NSA’s, designed to enable intelligence gathering by human spies – more “boutique” than industrial-strength.
WikiLeaks, in its press release, suggested that the obfuscation tool might be used to conduct a “forensic attribution double game” or false flag operation because it included test samples in Chinese, Russian, Korean, Arabic and Farsi.
But Williams explained that the tests were to ensure that hacking operations using code written in those languages could be hidden. “If you’re trying to false flag an operation as Chinese, you wouldn’t want to hide those code strings, you’d want everyone to see them,” he said. Moreover, other experts said, attribution is based on more than just malware analysis.
The extent of the damage will take time to assess and the cost of replacing lost capabilities is expected to be high, experts said. An FBI and internal investigation is ongoing into how the files were breached.
more recommended stories
Samsung unveils foldable Galaxy Z phone, Galaxy S with 5G
Samsung Electronics unveiled updated versions of.
Millions of Facebook user phone numbers exposed online
More than 267 million Facebook user.
Facebook CEO Mark Zuckerberg faces Congressional grilling on Libra
In a hearing with plenty of.
PayPal first company to drop out of Facebook cryptocurrency Libra
PayPal has become the first company.
Samuel L. Jackson’s voice coming to Amazon Alexa devices
Amazon has announced that its virtual.
Facebook teams up with police to stop streaming of terror attacks
Facebook on Tuesday teamed up with.