SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Nov 2017

WikiLeaks says CIA impersonated Kaspersky Lab

WikiLeaks has resumed its CIA leaks and it has now started publishing source code and other files associated with tools allegedly developed by the intelligence agency.

In March, WikiLeaks began publishing documentation files describing what appeared to be CIA hacking tools as part of a leak dubbed Vault 7. Roughly two dozen tools and projects were disclosed over the course of several months.

Now, after a two-month break, WikiLeaks announced a new round of leaks dubbed Vault 8, which provides source code and analysis for CIA tools. The organization pointed out that, similar to Vault 7, Vault 8 will not expose any zero-day or other vulnerabilities that could be used for malicious purposes. “This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said. “Source code published in this series contains software designed to run on servers controlled by the CIA.”

The first Vault 8 leak covers Hive, a project whose documentation was published by WikiLeaks in mid-April. The organization has now released source code and development logs for Hive. Hive has been described as a tool designed to help malware communicate with a remote server without raising suspicion.

“Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet,” WikiLeaks said. “Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.”

Hive provides a communication channel between a piece of malware and what WikiLeaks describes as “cover domains.” These domains are boring-looking and they deliver harmless content when accessed. However, malware implants communicating with these domains authenticate themselves and the traffic they generate is directed to a gateway called Honeycomb, which sends the data to its final destination.

Implants authenticate themselves using digital certificates that impersonate existing entities. One fake certificate is for Russia-based security firm Kaspersky Lab and it pretends to have been issued by South African certificate authority Thawte. According to WikiLeaks, its analysis revealed that by using these fake certificates, the CIA made it look like data was being exfiltrated by one of the impersonated entities – in this case Kaspersky Lab.

“We have investigated the claims made in the Vault 8 report published on November 9 and can confirm the certificates in our name are fake,” Kaspersky Lab told. “Our private keys, services and customers are all safe and unaffected.” The news that the CIA may have impersonated Kaspersky Lab in its operations has led some to believe that the U.S. may have actually used such tools to falsely pin cyberattacks on Russia.

The U.S. government has banned the use of Kaspersky products due to the company’s alleged ties to Russian intelligence. A recent report also claimed that Kaspersky products had been used on the computer of an NSA contractor from which Russian hackers stole sensitive files. Kaspersky has denied the allegations and announced a new transparency initiative in an effort to clear its name.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
Kaspersky Lab WikiLeaks CIA information leaks
Source:
SecurityWeek
1840
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015