FEATURED

WikiLeaks revealed the way the CIA used to conceal the country of origin of spyware


Note the place with the supposedly "Russian" text

Until now, WikiLeaks has been published Only technical documentation describing the capabilities of the software tools of the Central Intelligence Agency of the United States. Vault 7 documents are of great interest for information security professionals, telecommunications companies and, of course, hackers. Now the resource edition has decided to start publishing the source code of some programs, which allows you to get a more detailed idea of ​​the software's capabilities from the CIA.

This is a release of the "Marble Framework" toolkit intended for obfuscating the code. This toolkit was used by CIA officers to complicate the reverse engineering process of various programs that are used by intelligence to obtain various types of confidential information. Marble is a C ++ application, obfuscating the code and comments to it in various ways. WikiLeaks believes that software from the Marble package was used by the CIA as early as 2016.

According to representatives of the University of California at Berkeley, this information is one of the most "malicious" from Wikileaks, as it jeopardizes the successful conduct of operations conducted by the CIA.

As for the methods of obfuscation, it uses the introduction of snippets in various languages ​​of the world, including Farsi, Chinese and "Russian" (in the illustration in the announcement). The set of symbols is a continuous gibberish, there is no sense in these texts (as for the alleged "Russian" language, then there is no sense not only in the texts, but also in the words themselves.) It's Cyrillic, yes, but hardly anyone will think it's Russian language). According to experts, what was used is akin to "Lorem ipsum", the types of text that is used to fill in templates of sites and documents. These snippets, according to the developers, should have been misleading the experts who would attempt to reverse engineer the software from the CIA toolkit.

Snippets, in particular, were supposed to convince those who would disassemble the accidentally discovered CIA software tool in the fact that the developers of the software were not Americans, but representatives of other countries. This software, according to experts, is written by highly qualified specialists and is well documented.

Experts argue that the very publication of information on the methods used by the CIA to obfuscate its software is not a danger. In general, everything that programmers use for intelligence is known to other specialists. But now textual snippets can now be searched, which allows you to identify malicious software from US intelligence agents. The texts disclosed by WikiLeaks, along with other "digital fingerprints", make it possible to identify spyware, which, of course, will complicate the further work of the CIA in cyberspace.

Almost immediately after the announcement of the information WikiLeaks on the web, there were comments from users who managed to find traces of the CIA's presence. "I have to say one thing. I'm hacked. I was hacked by the CIA, "said Jake Williams, founder of the information security company Rendition InfoSec. "I believe that all this can affect the country's foreign policy in the future." He believes that if this is the obfuscation software used by the CIA in most operations, then the CIA's work can be destroyed.

The CIA has already managed to react to the actions of WikiLeaks. "Dictators and terrorists do not have a friend closer than Julian Assange, because it is he who protects their privacy," said Dean Boyd, spokesman for the CIA. – "American society should be deeply concerned about any disclosures of Wikileaks information, which hinders the ability of scouts to protect America from terrorists and other threats. All this not only jeopardizes US employees and various operations, but also gives weapons and information to our enemies that can harm us. "

Be that as it may, but in the Vault 7 information package provided by Wikileaks (the information about Marble is the third portion of the data on the CIA tools), there is not too obvious "failure of the covers". Yes, a lot of information is interesting, but most of the disclosed software vulnerabilities are already outdated – software developers that are mentioned in Wikileaks leaks, including Google, Microsoft, Firefox, have already fixed the vulnerabilities, and in most cases until the very outbreak.

Now FBI representatives are investigating the situation, trying to understand how the files that got to WikiLeaks flowed out of the CIA.