SoylentNews is people
SoylentNews
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.
The code shows how the CIA could impersonate Kaspersky Lab:
According to WikiLeaks, CIA used these fake certificates to impersonate existing entities including Kaspersky Lab. "The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated," noted WikiLeaks.
Also at The Register (follow-up).
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @11:19PM (2 children)
To keep a balanced, modern, politically correct, no-discriminatory policy, WikiLeaks should now go full out to UP THE FUN. We need a big juicy leak of Russian and Chinese intel spycode and a leak of Norkies naughty pen-tools for malware deployment. Goal and challenge laid out, now get to it WikiLeakers!
(Score: 3, Interesting) by takyon on Wednesday November 15 2017, @02:22AM
WikiLeaks is only as good as its sources, and state-sponsored hackers are typically the most resourceful. Russia and China employ criminal hackers to add a little deniability and get access to top notch talent, and they seem to have no problem using them to dump hacked stuff online. The NSA's TAO on the other hand is losing talent and morale [nytimes.com], and is too bureaucratic and hostile towards WikiLeaks to utilize it as their own dumping grounds. They also want to keep vulns/tools secret and stockpiled because they had the best collection... at least until recently.
Will the U.S. execute Reality Winner? Unlikely. Try leaking in Russia or China and see what happens if you get caught.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Thursday November 16 2017, @08:56AM
The difference is unlike the other countries mentioned the US claims the moral high ground. And is the biggest player as of now.
However since the US tortures and massively surveils people they certainly have no moral superiority and it's perfectly OK to spy and torture US citizens. If you dislike this logic, you should be rather angry at the US politicians who used this reasoning for their actions... And such affronts can never be repaired ever.