CIA Tricked Antivirus Programs, Claims WikiLeaks

Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

Proprietary software: still untrustworthy.

[jbn-o]

The "guard dogs" were proprietary programs. Users of proprietary OSes (chiefly MacOS and Windows) were trusting one black box to "guard" against the ills of other black boxes (other likely proprietary programs running on the same system). This was always known to be foolish and this WikiLeaks release shows another indisputable example how this system is broken by design.

Software freedom (the freedom to run, share, inspect, and modify) is no guarantee against malware, life offers no such guarantees. As with other endeavors we can act to improve the odds in our favor for computers we own so we don't fall prey to the ills of proprietary software. We know that keeping secrets from computer users prevents them from controlling their own computers (this is the power of a proprietor and why proprietary software is released). When we have software freedom we increase the odds skilled software practitioners will identify malware, change the software to excise the malware, and release the improved software. One could even hire someone's skill and time to do this on their behalf.

But no such inspection, improvement, and release is legally permitted with proprietary software. Thus most computer users fall prey not only to the traps of proprietary software itself, but also to the traps built into the software, and the traps of the software ostensibly meant to guard from the ills of other malware. There's no good reason to have faith in one black box over another, trust that one black box will keep you safe while another is less trustworthy, or to continue choosing one master over another. It's easy, convenient, and untrustworthy to do as the proprietors want you to do. You can choose software freedom and invest in businesses working to provide you with practical hardware to make this an everyday reality that meets your computing needs. The Free Software Foundation's "Respects Your Freedom" list includes a high-powered X86 64-bit mainboard called the "Vikings D16 Mainboard" which looks particularly appealing for high-powered, high RAM ceiling systems. WikiLeaks continues to tell us all why we need hardware and software we can trust, software that respects our freedom—we see the consequences of not having trustworthy systems! We can choose to value software freedom for its own sake and we should. Investing in our own future in this way now portends big practical payoffs in the near and long-term future.