Skip to main content

CIA hacking tools revealed

WikiLeaks

Part 9 - Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

***

Source and links:


[1] [2] [3] [4] [5] [6] [7] [8]

Comments

Popular posts from this blog

How neoliberalism manufactured consent to secure its unlimited power

From David Harvey's A Brief History of Neoliberalism
Part 3 - The corporate-backed institutions behind the rapid and artificial ideological transformation of the American society in favor of neoliberalism
In the US case I begin with a confidential memo sent by Lewis Powell to the US Chamber of Commerce in August 1971. Powell, about to be elevated to the Supreme Court by Richard Nixon, argued that criticism of and opposition to the US free enterprise system had gone too far and that ‘the time had come –– indeed it is long overdue –– for the wisdom, ingenuity and resources of American business to be marshalled against those who would destroy it’. Powell argued that individual action was insufficient. ‘Strength’, he wrote, ‘lies in organization, in careful long-range planning and implementation, in consistency of action over an indefinite period of years, in the scale of financing available only through joint effort, and in the political power available only through united action and n…

Mystery solved: here's why the Western mainstream media suddenly 'discovered' the war in Yemen

globinfo freexchange
Why it took so long for the Western mainstream media to 'discover' the war in Yemen and the war crimes committed by the Saudi coalition in full co-operation with the US?
One might think that the humanitarian disaster there - caused also by the blockade of goods for the relief of the civilians - has become so obvious, condemned multiple times by the UN, that the media finally forced to speak about it.
In previous article we attempted to explain the 'unexplained phenomenon' and the fact that CNN surprisingly returned to the issue to openly condemn the US support to the Saudi coalition atrocities against civilians in Yemen.
Yet, despite that the Saudi regimes have been, traditionally, the best allies of the Western neocolonialists, this time, the US had serious reasons to overthrow the Saudi crown prince Mohammed bin Salman (MBS). And, surprisingly enough, at the center of this underground conflict lies an attempt by the US to privatize Aramco, Saudi Arab…

CIA had an agent at a newspaper in every world capital at least since 1977

Joel Whitney is a co-founder of the magazine Guernica, a magazine of global arts and politics, and has written for many publications, including the New York Times and Wall Street Journal. His book Finks: How the C.I.A. Tricked the World's Best Writers describes how the CIA contributed funds to numerous respected magazines during the Cold War, including the Paris Review, to subtly promote anti-communist views. In their conversation, Whitney tells Robert Scheer about the ties the CIA’s Congress for Cultural Freedom had with literary magazines. He talks about the CIA's attempt during the Cold War to have at least one agent in every major news organization in order to get stories killed if they were too critical or get them to run if they were favorable to the agency. And they discuss the overstatement of the immediate risks and dangers of communist regimes during the Cold War, which, initially, led many people to support the Vietnam War.
globinfo freexchange
James Jesus Angleton wa…

Trump proves he is completely clueless on what's the real reason behind the mass layoffs epidemic in big businesses and how to deal with it

globinfo freexchange
Donald Trump's response to recent General Motors' decision to close plants and slash jobs, proves that he is completely clueless on what's the real reason behind the mass layoffs epidemic in US big businesses and how to deal with it.
The media circulated what Trump thinks to do about it, including threats against GM to impose auto tariffs, or, his most beloved action: penalties on foreign cars.
Yet, perhaps the most hilarious part in the whole story, is that one of the key frontline tools of the global neoliberal capital immediately published an 'in your face' article to make Trump realize that he is completely powerless too, against the forces of the markets. Here are some interesting parts:
... market forces are tough to beat, even if you’re president. Trump captured the White House thanks in large part to the story he told -- that he could reverse America’s industrial decline. He promised to bring back manufacturing and fossil-fuel j…

In 1961, US experts knew that the Soviets had only four ICBMs

globinfo freexchange
In a discussion with Paul Jay of the Real News, Daniel Ellsberg revealed that the US discovered - through a top-secret operation -that the USSR had only four(!) ICBMs back in 1961. This meant that the Soviets were very far from becoming a serious threat for the West. However, the false picture of the 'Soviet threat' remained powerful in order to permit the US to justify its frenzy nuclear armament race.
Ellsberg explains:
The estimate of 40 to 60 [Soviet intercontinental ballistic missiles] - which was pretty much in 1962 at the time of the missile crisis based on a lot of satellite photography - was much lower than was estimated earlier, from ‘58, ‘59, ‘60.
The Air Force had a higher estimate. Even the CIA official estimate in 1961 was well over 100. The State Department estimated like 160. The Air Force was much higher than that. And in August of 1961, the then commander of Strategic Air Command, Thomas Power, believed that there were then 1000 Soviet ICBMs…

How the corporate elite started to eliminate the Left and the power of the US working class right after the end of WWII

globinfo freexchange
Richard Wolff brilliantly explains the economics behind the great US anti-leftist purge (McCarthyism) after 1945:
At the end of WWII - late 1940s into the 50s - something remarkable happened politically in the United States. And it was in many ways surprising. Suddenly, a group of people in the United States who had been celebrated as heroes, became instead - almost overnight – demons. From being leaders they became traitors.
Communists - members of the American Communist Party, Socialists - members of the two socialist parties at that time, and active leaders of the labor movement - the big organizing drives of the CIO in the 1930s and 40s, had brought millions of Americans who had never been in unions before, into the unions. They joined the unions because they thought it would be a safe way to make it through the Great Depression of the 1930s. At least safer than not being in a union.
And together, the Communists, the Socialists and the Unionists, really struggled …

Another US slow motion coup in Latin America: astonishing details on how the neoliberal-fascist complex destroyed Leftist leaders in Brazil and brought Jair Bolsonaro to power

globinfo freexchange
Greg Wilpert of the RealNews, spoke with Brian Mier, editor for the website Brasil Wire, about the recent developments after right-wing extremist Jair Bolsonaro won the presidential election in Brazil.
Mier revealed astonishing details on how the neoliberal-fascist complex in Brazil (fully backed by the US), undermined and destroyed the most popular leaders of the Workers' Party (PT), Lula da Silva, Dilma Rousseff and even Fernando Haddad, in order to bring Jair Bolsonaro to power.
The purpose of this slow motion coup was what has been always for the US empire, especially in Latin America: to secure and broaden the absolute domination of the US and the Western corporate monopolies and destroy any Leftist resistance against the neoliberal status quo.
As Mier explained:
On the eve of the Supreme Court decision - which ruled on whether Lula should be imprisoned or not, exceptionally, in a moment when his appeals were still going on, contrary to hundreds of other poli…

How neoliberalism manufactured consent to secure its unlimited power

From David Harvey's A Brief History of Neoliberalism
Part 4 - Neoliberalism's second big experiment after Chile: the financial coup by the banking mafia to take over New York
One line of response to the double crisis of capital accumulation and class power arose in the trenches of the urban struggles of the 1970s. The New York City fiscal crisis was an iconic case. Capitalist restructuring and deindustrialization had for several years been eroding the economic base of the city, and rapid suburbanization had left much of the central city impoverished. The result was explosive social unrest on the part of marginalized populations during the 1960s, defining what came to be known as ‘the urban crisis’ (similar problems emerged in many US cities).
The expansion of public employment and public provision –– facilitated in part by generous federal funding –– was seen as the solution. But, faced with fiscal difficulties, President Nixon simply declared the urban crisis over in the early 1…

Exploiting Khashoggi's assassination: the neoliberal predators hang over Saudi Arabia

globinfo freexchange
A month ago we gathered some information to explain the sudden 180 degrees hostile turn by the Western neoliberal status quo against the current Saudi regime.
We discovered that the US corporate dictatorship and the Wall Street mafia heavily invested on the rapid neoliberalization of the Saudi Arabian economy, with the privatization of the state-owned oil company Aramco at the heart of this plan. Suddenly, Mohammed bin Salman decided to step back from the deal.
It would be worth to note that Aramco was standing at the top of the global list of the largest oil and gas companies for 2017 with a revenue of 465.49 billion US dollars.
It seems that the neoliberal regime didn't abort its plans concerning Saudi Arabia and silently seeks to "replace" bin Salman with a more faithful puppet, exploiting, of course, the assassination of Jamal Khashoggi.
Digging a little bit more, we found plenty of evidence in the Western mainstream media, in recent years, showing …

WikiLeaks lawyer warns US charges against Assange endanger press freedom worldwide

Exclusive from Democracy Now!
The Justice Department has inadvertently revealed that it has prepared an indictment against WikiLeaks founder Julian Assange. In an unusual development, language about the charges against Assange was copied and pasted into an unrelated court filing that was recently unsealed. In the document, Assistant U.S. Attorney Kellen S. Dwyer wrote, “Due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.
The news broke on Thursday night just hours after The Wall Street Journal reported the Justice Department was planning to prosecute Assange. Assange has been living since 2012 in the Ecuadorean Embassy in London where he has sought refuge and political asylum. It’s unclear what charges may be brought against Assange; the Justice Department has previously considered prosecuting him over his role in the release of hacked DNC emails during the 2016 pres…