WikiLeaks has unveiled the latest release of the CIA’s hacking program which reveals a tool that CIA hackers use to attack a computer that is part of a Local Area Network (LAN). LANs are usually used to tie all of the computers in an office into a single network for the purposes of sharing resources including those used for security. The CIA tool which is codenamed Archimedes turns the strength of a LAN against itself by leveraging any compromised computers against all others on the network.
The WikiLeaks release revealed that Archimedes is a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. The tool allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. The CIA uses the technique to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.
The WikiLeaks release guide illustrates a type of attack within a protected environment as the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse. The tool dates back to at least June 2011 when it was known as Fulcrum and was already in version 0.6. The most up-to-date version of the cyberweapon listed in WikiLeaks’ publication was Archimedes 1.3 dated January 13, 2014. Like many of the other hacking tools exposed in previous publications, it is not known whether Archimedes is still being developed or used.
The tool works as a weapon for launching a man-in-the-middle attack. It essentially allows a CIA-controlled computer the man in the middle to park itself between two computers and intercept all communications between them. For an archetypal man-in-the-middle attack, computer A sends a data packet which could be anything from a file to an e-mail to a VoIP telephone call to computer B.
The man-in-the-middle intercepts the data packet and relays it on to computer B, keeping a copy of the data packet in the process. The process is repeated for all packets back and forth. It is possible and even common for the packets, especially software downloads to be altered or replaced by a man in the middle. If that is the case, the file a user thinks he downloaded is easily replace by a download that is corrupted, allowing even further disintegration of security and privacy in the form of greater attacks.
The tool has a weakness, though. It is unable to launch a full, two-way man-in-the-middle attack. As the manual for Fulcrum/Archimedes which is part of the WikiLeaks guide explains.
In other words, Archimedes is designed as a cyber-espionage tool and does not appear to be able to be used for cyber-sabotage, though the CIA may have other tools for accomplishing that.
As it has been the case with other CIA hacking leaks, WikiLeaks has published the documents that accompanied Archimedes, but has not published the software itself. As WikiLeaks founder and public face, Julian Assange, wrote in the press release for his organization's first leak about the CIA's hacking program.
Wikileaks has carefully reviewed the Year Zero disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should be analyzed, disarmed and published.
The whistle blowing site has continued to expose the CIA as the unaccountable agency it is, immoral and unethical and likely illegal are being unraveled everyday as the truth comes to light.