Skip to main content

CIA hacking tools revealed

WikiLeaks

Part 9 - Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

***

Source and links:


[1] [2] [3] [4] [5] [6] [7] [8]

Comments

Popular posts from this blog

Hyper-educated poor: one of the last 'achievements' of collapsing capitalism

globinfo freexchange
Truthdig's Robert Scheer spoke with Alissa Quart about the "hyper-educated poor" phenomenon on the context of her new book.
An interesting part of the story is the bizarre psychology of 'self-blaming', identified in most of these highly educated people who are increasingly struggling to find a job proportional to their skills and knowledge.
Quart explains:
You have $1.5 trillion student debt. You have, an income inequality thrumming under all this. Since 1997 the top one percent, its income has grown 20 times faster than the other 90 percent. It’s so high now, and the gap is so great. And you have this whole world of counselors and coaches and certificate programs that, I think of them as like vultures on the carcass of the middle class. Also, when you’re talking about race, the whites’ median wealth is 68 times the median wealth of African Americans.
So, in the middle class, it starts to mirror that too; I talked to an African American woman who …

How normal human behavior became a false mental disorder epidemic

globinfo freexchange
In the early nineties, an epidemic of mental disorder was sweeping America and Britain. It had been uncovered by a new system for identifying disorders. Psychiatry had been attacked for relying on the personal and fallible judgement of psychiatrists.
But instead, a new objective method based on checklists had been invented. These listed only the objective symptoms, and deliberately did not enquire into why the individuals felt an anxiety. In the late 80s, nationwide surveys had revealed an incredible picture: more than 50% of Americans suffered from mental disorders.
But at the very same, the drug companies had announced that they had created a new type of drug, called an SSRI, which they claimed, targeted the circuits inside the brain that were causing these malfunctions. The SSRIs were marketed under names like "Prozac". What they did was alter the amounts of serotonin that flowed across the circuit connections within the brain, and they readjusted the …

Western nations were never set up as democracies - and it's going to get even worse

globinfo freexchange
As Yanis Varoufakis said in this recent interview:
Europe and the United States were never set up as democracies. Read the Federalist Papers. It was all an attempt to make sure that the riffraff do not control governments. We hark back to the Magna Carta. The Magna Carta was not a democratic instrument, it was a charter of barons. It was all about their right to have slaves and not to be taxed by the king.
Aristotle defined, I think, democracy very well even though he was anti-democratic. He said it's a system of governance where the many — and therefore the poor, who are always in the majority — control government.
It is impossible for our sophisticated societies to become sustainable without democracy. Democracy is not a luxury.
If you go to Europe today, what unites them [people] is a sense of hopelessness. A sense that their democracies have been usurped, that their democratic rights mean absolutely nothing, that there is a decision making process, which combi…

WikiLeaks paper reveals US officials intervened to cancel New Zealand's Labour Party fundraising event for Michael Moore's Fahrenheit 9/11

The WIKILEAKS Public Library of US Diplomacy (PlusD)holds the world's largest searchable collection of United States confidential, or formerly confidential, diplomatic communications. As of April 8, 2013 it holds 2 million records comprising approximately 1 billion words. The collection covers US involvements in, and diplomatic or intelligence reporting on, every country on earth. It is the single most significant body of geopolitical material ever published. The PlusD collection, built and curated by WikiLeaks, is updated from a variety of sources, including leaks, documents released under the Freedom of Information Act (FOIA) and documents released by the US State Department systematic declassification review.
globinfo freexchange
A cable from July 30, 2004, reveals that the US officials put high pressure on the then Government of New Zealand to cancel a fundraising event for Michael Moore's documentary Fahrenheit 9/11*, under the umbrella of the Labour Party. Although the ev…

WikiLeaks paper reveals key player in the first Argentinian collapse expressed to US officials his desire to overthrow Kirchner and bring back the IMF

The WIKILEAKS Public Library of US Diplomacy (PlusD)holds the world's largest searchable collection of United States confidential, or formerly confidential, diplomatic communications. As of April 8, 2013 it holds 2 million records comprising approximately 1 billion words. The collection covers US involvements in, and diplomatic or intelligence reporting on, every country on earth. It is the single most significant body of geopolitical material ever published. The PlusD collection, built and curated by WikiLeaks, is updated from a variety of sources, including leaks, documents released under the Freedom of Information Act (FOIA) and documents released by the US State Department systematic declassification review.
globinfo freexchange
A cable from February 2009, reveals that Domingo Cavallo*, a key player in the 2001 Argentinian collapse, was expressing to the US side his desire to see the IMF return to Argentina. He was also expressing his desire to see the Kirchner administration &…

Tulsi Gabbard: the very same terrorists responsible for 9/11 attacks are the US ground force in Syria

globinfo freexchange
Nearly two years ago, Tulsi Gabbard introduced a bill to stop the US from arming terrorists in Syria. Two years later, the US proxies are losing the war, yet the Empire refuses to accept the defeat. Gabbard spoke with Jimmy Dore and gave, one more time, the real picture. Not only the terrorists in Syria are essentially the US ground force, but also, the Saudis are paying vast amounts of money to the US to promote their agenda in the Middle East.
Key points:
Not only are [Saudis] paying for these wars and using our sons and daughters lives to carry out their bidding, but they're also paying a lot of these think tanks in Washington. A ton of money to issue opinions, and ideas, and plans, and proposals that jive with their agenda.
Specifically in Syria, now, since 2011, both overtly and covertly, the United States has been providing arms, intelligence and equipment to fighters who are allied with, fighting alongside, working with Al-Qaeda in this regime change war.
S…

The Podesta emails - top US plutocracy group attempted to approach Hillary Clinton under newly elected chairman Jeff Bezos

WikiLeaks series on deals involving Hillary Clinton campaign Chairman John Podesta. Mr Podesta is a long-term associate of the Clintons and was President Bill Clinton's Chief of Staff from 1998 until 2001. Mr Podesta also owns the Podesta Group with his brother Tony, a major lobbying firm and is the Chair of the Center for American Progress (CAP), a Washington DC-based think tank.
globinfo freexchange
An email by a Business Council* representative to John Podesta was expressing the desire of the group to 'approach' Hillary Clinton.
The email was sent nearly two years before the 2016 presidential election at the time where Jeff Bezos was the newly elected president of the group. Also, according to the email, the group consisted of more than 120 "of the biggest CEO's in the US.", meaning, the elite of the American plutocracy.
According to the email, the group was interested for a speech by Hillary Clinton in their meeting, but also, for some informal contacts of he…

Highly suspicious latest poll shows corporate Democrats will promote Joe Biden against Bernie Sanders

globinfo freexchange
Just when we were writing this story, David Doel of the Rational National already uploaded a relevant video, which shows how obvious are the tricks of the establishment and how fast can be uncovered in our days.

The video is about a recent poll which highlights the Democrats that could beat Trump:

Spot on.
To expand a little further Doel's insightful analysis, we simply compared how the poll was presented by two different types of media. The independent leftist Common Dreams took the results from Politico, presented them under the title By Double-Digit Margin, Poll Shows Sanders Mopping the Floor With Trump in Latest 2020 Matchup, and put the picture of Bernie Sanders at the top.
Politico itself (part of the liberal establishment media), didn't put any winner in the title. However, as you can see, there is a picture of Joe Biden at the top with the phrase "Former Vice President Joe Biden leads President Donald Trump in a hypothetical 2020 match-up, 43 perc…

Alexandria Ocasio-Cortez - neoliberal establishment 0-3 ... so far

globinfo freexchange
More than a month ago, we identified an immediate mobilization of the establishment machine to push progressives into the establishment lines after the 'shocking' victory of Alexandria Ocasio-Cortez.
Under the fierce pressure of the corporate media, Cortez was essentially forced to declare loyalty to Nancy Pelosi. That was a first, significant victory of the establishment against Cortez and the progressive movement.
After that, we saw an unexplained and bizarre contribution of both Bernie Sanders and Ocasio-Cortez to the establishment pro-McCain 'litanies'. In this totally unnecessary self-recruitment for the McCain's legacy whitewash operation, Cortez retreated unconditionally and the establishment marked a second victory against her.
Now, the establishment 'scored' one more time, as Cortez was forced to endorse establishment's agent, Andrew Cuomo.


We mentioned already that corporate media will focus mainly on pushing progressives to b…

Here is why Brexit happened ... and why this is only a start

failed evolution
The European Parliament voted on Wednesday to sanction Hungary for neglecting norms on democracy, civil rights and corruption in a first bid to launch the punitive process of the EU treaty’s Article 7.
Poland said it will oppose any sanctions imposed by the EU on fellow member Hungary, accused of floating EU rules on democracy. “Every country has its sovereign right to make internal reforms it deems appropriate,” Poland’s Foreign Ministry said in a statement late on Wednesday. “Actions aimed against member states serve only deepening divides in the EU, increasing citizens’ current lack of confidence to European institutions.

We are talking about the Union that faithfully followed the US empire in supporting the neo-nazis in Ukraine.
This is the Union that contributed to Gaddafi's ugly ending and the subsequent chaos in Libya.
This is the Union that remains completely silent in front of the Yemen humanitarian disaster, caused by the US-Saudi evil alliance.
This is t…