Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIA Tricked Antivirus Programs, Claims WikiLeaks (betanews.com)

Posted by msmash on from the inside-details dept.

Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

9 of 94 comments (clear)

  1. One Thing is Perfectly Clear by Anonymous Coward · · Score: 5, Insightful

    Our Guard Dogs have turned on us ... and they have rabies.

    1. Re: One Thing is Perfectly Clear by Anonymous Coward · · Score: 5, Insightful

      This is what JFK concluded, shortly before he was assassinated

    2. Re:One Thing is Perfectly Clear by Anonymous Coward · · Score: 2, Insightful

      That certainly doesn't follow from this story.
      Are you saying that we shouldn't have a spy agency, or that they shouldn't create and use malware, or that their malware should say it's from them, or what?

      I'm a different AC. I would be just fine with entirely disbanding the CIA, and allowing such a thing only during times of war (as in, "Congress has declared war on X nation", you know, the way it's supposed to work?), and even then, to keep them on a very short leash. I'll gladly take that risk, no problem.

      Want to prevent most foreign aggression (both official and terroristic) against the US? That's easy. Don't fuck with Russia. Don't fuck with China, For fuck's sake, STOP fucking with the Middle East. Yes that means stop using the CIA to do things like overthrow the democratically elected governments of nations such as Iran. For bonus points, do whatever it takes to start manufacturing things other than weapons in the USA again, and see if there's not suddenly a drastic decline in the need for all these undeclared wars.

    3. Re:One Thing is Perfectly Clear by Anonymous Coward · · Score: 2, Insightful

      Yes that means stop using the CIA to do things like overthrow the democratically elected governments of nations such as Iran.

      This really happened of course, during the 1950s. It's documented, acknowledged history.

      Terrorists don't "hate us for our freedoms". They hate us because we want so badly to believe that our government is "of the People, by the People, and for the People" and responds to the will of the People that we tell the whole world that's the system we have. Thus, when our government creates revolutions, trains and equips Al-Qaeda and the Mujahideen, tries and fails to assassinate Castro and Saddam Hussein, then gets Hussein the hard way because of "weapons of mass destruction" that don't exist, etc. ... well they tend to think that this is what the average American wants. That's why they hate us. They think our government represents us and is only doing what we tell it to do. They have no idea how false that really is. The average American might know the entire lineup of a football team or the personal backstory of a celebrity, but has absolutely no clue whatsoever what the US government is doing overseas.

  2. Russian hackers? by Xua · · Score: 2, Insightful

    "and sometimes going as far as appearing to originate from countries other than the US" <- Russian hackers?

  3. Re:convenient timing as usual from mr. diplomacy by king+neckbeard · · Score: 4, Insightful

    The CIA is a bigger threat to us than Russia is.

    --
    This is my signature. There are many like it, but this one is mine.
  4. My sub is better, missing key fact. by bongey · · Score: 3, Insightful

    The key fact is it disguises the original malware writers in Chinese, Russian, Korean,Arabic and Farsi.
    Wikileaks Vault 7 Part 3 has released the CIA's Marble framework that is used the disguise the origin of malware. Specifically it is designed to " "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."
    https://slashdot.org/submissio...

    Brings up a key point if the CIA does this, other countries do the same thing.
    Do you really think Russia would sprinkle their hacked documents with Fancy Bear and Cozy Bear?

  5. Redirecting the discussion by Okian+Warrior · · Score: 4, Insightful

    Julian's a Russian asset. He might've had the best intentions at some point, but it's very difficult to realize them while staring down the barrel of a figurative or literal gun. His omissions, timing, and deeply misleading editorialism are equally as powerful as printing blatant falsehoods.

    And by that you mean that his release isn't authentic?

    Or maybe that it isn't important? Or interesting? Or valuable to society?

    And I have to wonder, just how is it that you know his intentions? Or that he's a Russian asset?

    You mention "printing blatant falsehoods". Do you have references, sources, rationalization, or... in fact... *anything* to support what you just said?

    Someone always tries to direct the conversation away from the issues and to the person making the claim.

    Does this work on Slashdot? Can we get everyone talking about the merits of Julian Assange at the top of the discussion, pushing any real debate down "below the fold" so fewer people see it?

  6. Re:convenient timing as usual from mr. diplomacy by BlueStrat · · Score: 4, Insightful

    Remind me, where is Snowden, now?

    Right where the US knowingly forced him to be. Snowden didn't want to seek refuge in Russia, the US gave him no choice by yanking his passport when/how they did. It's easier for the US intelligence services and their propaganda mouthpieces to dismiss Snowden's revelations to the low-info US public that way.

    Russia is on the offensive on the internet...

    When has Russia, or every other major power including the US for that matter, NOT been on the offensive on the internet?

    ...deeply implicated in Trump and Brexit elections.

    Innuendo and conjecture unsupported by verifiable facts. Just as likely, if not more so, that it was British and US intelligence services attempting to interfere, if anyone was. They'd have more to gain (or lose), actually.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.