SoylentNews is people
SoylentNews
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.
The code shows how the CIA could impersonate Kaspersky Lab:
According to WikiLeaks, CIA used these fake certificates to impersonate existing entities including Kaspersky Lab. "The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated," noted WikiLeaks.
Also at The Register (follow-up).
(Score: 2) by The Mighty Buzzard on Tuesday November 14 2017, @10:23PM (2 children)
Right but you seem to be under the misapprehension that guns "designed for war" are more deadly than "ordinary" guns. They're not. Truth of the matter is, a good hunting rifle is better suited to a round of "snipe the innocent bystander" than an AR-15 ever will be. Why? Because they're heavier. Less muzzle movement during recoil, so it's faster to re-aim. There is precisely one thing on an M-16 (excluding automatic fire) that makes it any more dangerous than any other rifle: the bayonet mount. And that's not been used in any mass killings that I've heard of.
Most of the differences that make something an assault rifle? They're there because of conditions unique to war and offer little to no benefit to a civilian; even a wackjob, murderous civilian. Mud, sand, dirt resistance. Daily use for extended periods of time. The need to fire all night long without giving the barrel a chance to cool down. Lighter thus easier to carry over endless miles. Things like that. The differences make for a better service weapon but they don't make it any more deadly.
High capacity magazines are another matter but they're by no means unique to military-styled weapons. You can get a thirty round magazine for an ordinary deer rifle. M-16s by contrast, use a twenty round magazine. The military figured out long ago that the longer springs in the thirty round M-16 magazines wore out too quickly to be useful to them.
My rights don't end where your fear begins.
(Score: 2) by bob_super on Tuesday November 14 2017, @11:03PM (1 child)
You seem to imply that there is no reason whatsoever why civilians should have access to derivatives of military weapons, since there is no benefit outside of a formal war zone. (grin, as he says)
> a good hunting rifle is better suited to a round of "snipe the innocent bystander"
If you're going for one target.
But "spray the churchgoers with 450 bullets in a few minutes" is a game that is unquestionably better played with those weapons that have been optimized to optimize the lethality of each soldier on the battlefield, even without mods to avoid the hassle of semi-auto.
To get slightly back on topic, the CIA/NSA code leaks similarly make script kiddies (and pros, local or foreign) a whole lot more dangerous than they would be without the big-budget weaponized hacks, which they now get without even a pretense of "semi-auto" conversion.
(Score: 2) by The Mighty Buzzard on Tuesday November 14 2017, @11:42PM
No, I would never imply something like that. That presupposes that civilians need permission to own weapons.
Exactly the opposite. If you're aiming and going after multiple targets, a heavier rifle will always get you a higher kill count.
You're thinking full-auto. You can't spray with any kind of semi-automatic; no matter how scary it looks. You aim, fire into a crowd so densely packed that you literally can't miss, or miss with any semi-automatic weapon.
My rights don't end where your fear begins.