More CIA spyware and malware tools have been exposed in Wikileaks latest release, Vault 8. Source code for the CIA malware control program Hive is included as well as other back-end infrastructure that allows for covert electronic communication between controlled computers and the CIA.
Hive adds another layer of security between CIA hacking and scraping tools so that even if they're discovered it is difficult to attribute the malware back to the CIA. Hive is a multitasking tool that can oversee multiple implants on targetted workstations. The front end involves covering the domain whose servers run relay for the <a href="https://fossbytes.com/via-spying-tool-hive-source-code-wikileaks-vault-8/">hidden CIA server (called Blot)</a> passing traffic over a VPN.
Hive uses an Optional Client Authentication which circumvents authentication on the user's side. Hive traffic from implanted CIA malware can then be spirited away to a management gateway aptly called Honeycomb.
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Stuxnet was an illegal act of war. It was a war crime because it was an unprovoked act of aggression.</p>— The New Sincerity🗺 (@BonsaiMums) <a href="https://twitter.com/BonsaiMums/status/927713766061625344?ref_src=twsrc%5Etfw">November 7, 2017</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
Just as interesting as all this is the fact that the CIA wrote code that would impersonate Kaspersky lab antivirus and build fake certificates. Kaspersky lab has been under fire since 2010 when they revealed the <a href="https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet">US and Israeli cyber-spies behind the Stuxnet malware.</a>
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Wikileaks source code release indicates CIA used fake certificate to sign its malware and make it look like it was legitimate code from Moscow-based antivirus firm Kaspersky Labs <a href="https://t.co/C95eJgM7GO">pic.twitter.com/C95eJgM7GO</a></p>— Kim Zetter (@KimZetter) <a href="https://twitter.com/KimZetter/status/928669548210991104?ref_src=twsrc%5Etfw">November 9, 2017</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
More recently, Department of Homeland Security ordered all government agents to cease the use of the Kaspersky antivirus citing "security risks." Hive was first uncovered in Vault 7 in March. <a href="https://www.rt.com/news/409405-kaspersky-lab-spy-agencies-crosshairs/">Ray McGovern, former CIA analyst explained</a> that Hive “enables the CIA to hack into computer, or network and ‘obfuscate’ is the word in CIA document… To conceal who hacked in and then leave traces like in Cyrillic [alphabet], or the name of the first head of the Soviet secret police… Just to show that it might be the Russians,” McGovern, who has decades of experience in the CIA, said.
We should start by having everyone with security clearance retake their oaths. Purely symbolic, but you can bet there would be a lot of people who would pull a Kaepernick on that one - good riddance.
This whole Russia thing is twisted. It's been going on for years and both Republicans and Democrats are culpable for turning Putin into a boogieman.
What scares me is how long can we just blame things on them and set up sanctions, etc. before they decide to actually fight back and do some of the things we're blaming on them.