WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.Read more
WikiLeaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems.
Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data. The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.Read more
Hacking air-gapped machines — computers that are not connected to the internet, so theoretically less vulnerable — is always pretty interesting.
On Wednesday, Wikileaks published a series of alleged CIA documents that supposedly show how the intelligence agency's malware was designed to infect these sort of targets. Naturally, the documents indicate how the CIA has continued to develop its own hacking tools, allegedly targeting devices from smart TVs to internet routers. According to one of the documents, "Brutal Kangaroo is a tool suite for targeting closed networks by air gap jumping using thumbdrives."Read more
Purported CIA documents published by WikiLeaks reveal the US Central Intelligence Agency has been hacking wireless routers for years as part of its surveillance efforts.
The trove of documents released by the anti-privacy publication on Thursday details the CIA’s CherryBlossom project, in which the intelligence agency has compromised Wi-Fi routers in private homes, public spaces, businesses and enterprise environments in order to gather information about specific targets. The project comes from the CIA's elite hacking unit, the Engineering Development Group. The leaked files include installation guides, manuals and other documents.Read more
WikiLeaks just published details of a purported CIA operation that turns Windows file servers into covert attack machines that surreptitiously infect computers of interest inside a targeted network.
"Pandemic," as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers.Read more
WikiLeaks has released the user guide, demo and more of a new spy malware strain allegedly created and used by the CIA. The spyware targets all Windows versions and allows attackers to completely hijack computers, steal data and send it to CIA severs, delete data and upload malicious software.
According to WikiLeaks' documents, the spyware was created by the CIA, with help from a private New Hampshire-based cybersecurity firm called Siege Technologies. The spyware has two modules. While Athena, the primary module, targets Windows XP to 10, the secondary module dubbed Hera targets Windows 8 through Windows 10.Read more
Federal investigators suspect a vetted member of the U.S. intelligence community supplied WikiLeaks with the trove of previously unpublished CIA documents released by the anti-secrecy group last month.
A joint investigation launched by the CIA and FBI in the wake of last month’s WikiLeaks publication has given way to a manhunt within the federal government, sources familiar with the probe told this week. The material released by WikiLeaks was “classified and stored in a highly secure section of the intelligence agency,” and had likely been compromised by an individual with physical access to the documents, such as a CIA employee or contractor.Read more
Since March, Wikileaks has published more than 8,761 confidential documents it claims originated from inside the US Central Intelligence Agency. Contained within the whistleblowing organisation's Vault 7 files are details of recent security exploits used by the agency to spy on people.
In particular, the documents claim the CIA developed malware to hack Samsung smart TVs, shared zero-day exploits with UK security agencies, developed anti-forensic tools to avoid detection, and built tools so its code could be disguised as being created in a third-party country.Read more
A new Wikileaks release called DarkMatter was released today, affirming that the Central Intelligence Agency has long targeted Apple Macs, creating malware designed to evade the tech giant's security mechanisms.
The leak also revealed the CIA had been targeting the iPhone since 2008, a year after the landmark device was released. That slice of info was included in a small dump of information Wednesday, that included manuals for a handful of implants and rootkits, the kernel and the firmware of the device. One of CIA's implants was called NightSkies then appearing to list the year 2008, though Wikileaks claimed the tool was operational in 2007, the year of launch.Read more
Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more