Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIA Tricked Antivirus Programs, Claims WikiLeaks (betanews.com)

Posted by msmash on from the inside-details dept.

Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

1 of 94 comments (clear)

  1. CIA *is* Russia by Okian+Warrior · · Score: 4, Interesting

    The CIA is a bigger threat to us than Russia is.

    I think you're missing a key point here: The CIA threat *is* the Russia threat.

    Consider the balance of evidence: Putin says the Clinton leaks did not come from Russia, Julian said specifically that he knew where the Clinton leaks came from and that it wasn't Russia, the US evidence that the Clinton leaks came from Russia can be summed up as "it's something they would do".

    And now we find out that the CIA can leak whatever they want and make it *look* like it came from Russia.

    Also, they are one of the government agencies who claims that the leaks came from Russia.

    Now, I don't have any evidence that the CIA is leaking things and making it appear as if Russia did it, but this has to make us question whether we can trust *any* government pronouncement of where some leak or another came from.

    All this "the Russians did it!" can now be completely ignored as an ad-hominem attempt to lead attention away from the actual data that was leaked.

    We don't know *who* leaked it, because for all we know it was our own security agency.

    (And need I point out that GCHQ, Russian intelligence, and a host of other players could probably do the same thing.)