Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIA Tricked Antivirus Programs, Claims WikiLeaks (betanews.com)

Posted by msmash on from the inside-details dept.

Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

37 of 94 comments (clear)

  1. One Thing is Perfectly Clear by Anonymous Coward · · Score: 5, Insightful

    Our Guard Dogs have turned on us ... and they have rabies.

    1. Re: One Thing is Perfectly Clear by Anonymous Coward · · Score: 5, Insightful

      This is what JFK concluded, shortly before he was assassinated

    2. Re:One Thing is Perfectly Clear by Anonymous Coward · · Score: 2, Insightful

      That certainly doesn't follow from this story.
      Are you saying that we shouldn't have a spy agency, or that they shouldn't create and use malware, or that their malware should say it's from them, or what?

      I'm a different AC. I would be just fine with entirely disbanding the CIA, and allowing such a thing only during times of war (as in, "Congress has declared war on X nation", you know, the way it's supposed to work?), and even then, to keep them on a very short leash. I'll gladly take that risk, no problem.

      Want to prevent most foreign aggression (both official and terroristic) against the US? That's easy. Don't fuck with Russia. Don't fuck with China, For fuck's sake, STOP fucking with the Middle East. Yes that means stop using the CIA to do things like overthrow the democratically elected governments of nations such as Iran. For bonus points, do whatever it takes to start manufacturing things other than weapons in the USA again, and see if there's not suddenly a drastic decline in the need for all these undeclared wars.

    3. Re:One Thing is Perfectly Clear by Anonymous Coward · · Score: 2, Insightful

      Yes that means stop using the CIA to do things like overthrow the democratically elected governments of nations such as Iran.

      This really happened of course, during the 1950s. It's documented, acknowledged history.

      Terrorists don't "hate us for our freedoms". They hate us because we want so badly to believe that our government is "of the People, by the People, and for the People" and responds to the will of the People that we tell the whole world that's the system we have. Thus, when our government creates revolutions, trains and equips Al-Qaeda and the Mujahideen, tries and fails to assassinate Castro and Saddam Hussein, then gets Hussein the hard way because of "weapons of mass destruction" that don't exist, etc. ... well they tend to think that this is what the average American wants. That's why they hate us. They think our government represents us and is only doing what we tell it to do. They have no idea how false that really is. The average American might know the entire lineup of a football team or the personal backstory of a celebrity, but has absolutely no clue whatsoever what the US government is doing overseas.

    4. Re: One Thing is Perfectly Clear by PoopJuggler · · Score: 1

      We were always at war with North Korea.

    5. Re:One Thing is Perfectly Clear by ArmoredDragon · · Score: 1

      Terrorists don't "hate us for our freedoms".

      That depends on the terrorist. Some of them very much do. Al-Qaeda and ISIS, given the chance, would kill you simply for not converting to Islam in most cases. In the few cases where they don't, then they'd let you get by if you paid a jizya and obeyed sharia law.

      Either way, that is hating your freedom to not being subject to their religion. You can argue all you want about America did this or America did that, but they give the exact same treatment to non-Americans as well, so it's an entirely moot point.

    6. Re: One Thing is Perfectly Clear by ArmoredDragon · · Score: 1

      This is starting to get silly...I'm beginning to think that the next leak is going to include evidence that the CIA plants dime sized listening devices in people's houses.

      The CIA is and always has been a spy organization, and they've always spied on foreign targets. I'm still waiting for evidence that any of this was used on US citizens.

      Yes, the NSA spying was bad, and Snowden was right to leak it, because they were in fact spying on US citizens. The CIA isn't though; the CIA is merely doing what they've always done, so I don't see why the fact that it involves computers and IoT devices changes anything. (Especially IoT...honestly you have to have your head in the sand if you i.e. still have a smart TV connected to the internet. Many, MANY hacking groups have broken into these so many times that no reasonable person should consider them secure enough to trust. Same with older smartphones that are no longer patched.)

  2. Russian hackers? by Xua · · Score: 2, Insightful

    "and sometimes going as far as appearing to originate from countries other than the US" <- Russian hackers?

    1. Re:Russian hackers? by king+neckbeard · · Score: 1

      The CIA does imitate Russian hackers. But the Russian hackers were imitating Ukranian hackers. What, do you think the CIA could pull off a DOUBLE false flag?

      --
      This is my signature. There are many like it, but this one is mine.
    2. Re:Russian hackers? by zlives · · Score: 1

      no no, Sony was hacked by North Korean hackers on their c-64s

  3. Re:convenient timing as usual from mr. diplomacy by king+neckbeard · · Score: 4, Insightful

    The CIA is a bigger threat to us than Russia is.

    --
    This is my signature. There are many like it, but this one is mine.
  4. Typical espionage tactics by evolutionary · · Score: 1

    It's common practice in a secret organization that presumably everyone knows about for your actions so they look in the wrong direct. I'm not justifying anything, just point out the basic "what do you expect". When China attacks us, they blame home grown hackers either domestic or foreign. Russia does the same, why are we any different. What would be interesting is if they did something original, like said it was a rouge employee within their own ranks when they were caught hacking someone. Or have they done that already? Anyone see anything like that from the NSA or CIA?

    --
    "Imagination is more important than knowledge" - Einstein
  5. Alan Turing would've been proud by mi · · Score: 1

    Alan Turing would've been proud of the work, American (and British) intelligence agencies are doing in the area of computers and communications.

    And whoever leaked the information to adversaries, would've been shot in Alan Turing's times... For treason.

    Synzronvg zl gnvy...

    --
    In Soviet Washington the swamp drains you.
    1. Re:Alan Turing would've been proud by BlueStrat · · Score: 1

      Alan Turing would've been proud of the work, American (and British) intelligence agencies are doing in the area of computers and communications.

      But if he realized that the 'work' was being used against their own citizens, he would likely have burned not only his own work, but also the entire Bletchley Park complex to the ground and then shot himself after making sure the facts surrounding his actions went public.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Alan Turing would've been proud by mi · · Score: 1

      But if he realized that the 'work' was being used against their own citizens

      There is nothing about that in TFA. We do know about Obama making it easier for his top staff to learn about — and inevitably leaksome such intelligence pertaining to US citizens, but it is still an awesome tech.

      he would likely have burned not only his own work, but also the entire Bletchley Park complex to the ground and then shot himself after making sure the facts surrounding his actions went public.

      No, I'm confident, he would've preferred the "domestic spying" — however appalling by itself — to Hitler's victory.

      --
      In Soviet Washington the swamp drains you.
    3. Re:Alan Turing would've been proud by mi · · Score: 1
      I was going to just ignore your outburst on Godwin's Law grounds, but then realized, that even if, as the Progressive assholes love to claim, the "US is no different from Nazi Germany" (or that "Trump is Hitler"), there is still the importance of your side winning.

      Whether it's the CIA, MI5, or the Nazi SS violating your rights and killing/imprisoning you

      There is a lot more to why we love Nazis, than the SS. And, of course, in reality neither CIA nor MI5 are anywhere close to them in the "killing/imprisoning" part, which you clumsily attempted to conflate with the amorphous "violating your rights".

      --
      In Soviet Washington the swamp drains you.
    4. Re:Alan Turing would've been proud by BlueStrat · · Score: 1

      Whether it's the CIA, MI5, or the Nazi SS violating your rights and killing/imprisoning you

      There is a lot more to why we love Nazis, than the SS. And, of course, in reality neither CIA nor MI5 are anywhere close to them in the "killing/imprisoning" part, which you clumsily attempted to conflate with the amorphous "violating your rights".

      As far as the CIA/MI5 "not being anywhere close", in many areas I would disagree. In fact, in some areas they've exceeded the wildest dreams of all the dictators and tyrannies of the 20th century. With the widespread use of "Predator"-type weapons systems in the military and the push for domestic law enforcement use of drones, it seems only a matter of time before they exceed yet more past dreams of tyrants.

      And as for your referring to "...the amorphous "violating your rights"." the rights in question are very clear as well as the serious and numerous clear violations of those rights. There's nothing "amorphous" about it.

      History is filled with numerous stories of how dictators, tyrants, and authoritarian regimes have risen and fallen through the decades and centuries. One lesson stands clear. It's best not to wait until the checkpoints are set up and the armored vehicles are stationed at intersections before trying to prevent the slide into authoritarianism.

      Being aware of the dangers and sensitive to trends from more than a passing knowledge and understanding of history, thus allowing political action early on before things escalate, leaves a lot fewer dead bodies all around.

      Read history books. Times may change but human nature and behavior does not. The life/lives you save may be your own and your family's, for many generations to come. Or not.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:Alan Turing would've been proud by mi · · Score: 1

      in some areas they've exceeded the wildest dreams of all the dictators and tyrannies

      "In some ways", maybe — because of the technology advances. But not in the killing/imprisoning part.

      As for the rest, I remind you of the Godwin's Law once again... Farewell.

      --
      In Soviet Washington the swamp drains you.
  6. Re:convenient timing as usual from mr. diplomacy by Anonymous Coward · · Score: 1

    That may be true, but these releases are still clearly meant to be more of a distraction than an attempt at fixing a problem. Kind of trivializes that point of view.

    It is true. The CIA is a grave and existential threat to everything that the US stands for. They will stop at nothing to distract, and ultimately consolidate power. This is not power for the people, nor by the people, it is lawless power over the people.

  7. My sub is better, missing key fact. by bongey · · Score: 3, Insightful

    The key fact is it disguises the original malware writers in Chinese, Russian, Korean,Arabic and Farsi.
    Wikileaks Vault 7 Part 3 has released the CIA's Marble framework that is used the disguise the origin of malware. Specifically it is designed to " "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."
    https://slashdot.org/submissio...

    Brings up a key point if the CIA does this, other countries do the same thing.
    Do you really think Russia would sprinkle their hacked documents with Fancy Bear and Cozy Bear?

    1. Re:My sub is better, missing key fact. by AHuxley · · Score: 1

      Yes the CIA could change the code litter. A later gov or private sector investigation would find the code litter of another nation as talking point.

      --
      Domestic spying is now "Benign Information Gathering"
  8. Redirecting the discussion by Okian+Warrior · · Score: 4, Insightful

    Julian's a Russian asset. He might've had the best intentions at some point, but it's very difficult to realize them while staring down the barrel of a figurative or literal gun. His omissions, timing, and deeply misleading editorialism are equally as powerful as printing blatant falsehoods.

    And by that you mean that his release isn't authentic?

    Or maybe that it isn't important? Or interesting? Or valuable to society?

    And I have to wonder, just how is it that you know his intentions? Or that he's a Russian asset?

    You mention "printing blatant falsehoods". Do you have references, sources, rationalization, or... in fact... *anything* to support what you just said?

    Someone always tries to direct the conversation away from the issues and to the person making the claim.

    Does this work on Slashdot? Can we get everyone talking about the merits of Julian Assange at the top of the discussion, pushing any real debate down "below the fold" so fewer people see it?

  9. Strings by Sloppy · · Score: 1

    How dastardly! These CIA hackers wrote a program that takes the "Copyright 2011 CIA" strings in executables and replaces them with Chinese copyright notices!

    On the other hand, it's nice that the CIA was putting origin-identifying strings into the binaries in the first place (so they exist to be removed or changed). If I were running a spy agency, I'm not sure I would have thought to do that.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  10. Re:convenient timing as usual from mr. diplomacy by BlueStrat · · Score: 4, Insightful

    Remind me, where is Snowden, now?

    Right where the US knowingly forced him to be. Snowden didn't want to seek refuge in Russia, the US gave him no choice by yanking his passport when/how they did. It's easier for the US intelligence services and their propaganda mouthpieces to dismiss Snowden's revelations to the low-info US public that way.

    Russia is on the offensive on the internet...

    When has Russia, or every other major power including the US for that matter, NOT been on the offensive on the internet?

    ...deeply implicated in Trump and Brexit elections.

    Innuendo and conjecture unsupported by verifiable facts. Just as likely, if not more so, that it was British and US intelligence services attempting to interfere, if anyone was. They'd have more to gain (or lose), actually.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  11. Re:convenient timing as usual from mr. diplomacy by Anonymous Coward · · Score: 1

    And you're a CIA asset, it seems.

    Look: Putin's an authoritarian asshole. The FSB is out of control, and Russian government is pushing their power agenda, among other at the Russian's cost (excepting the few ultra rich). We know that.

    But what the fuck has this to do with the fact that our secret services are out of control, a state whithin the state, and that we have to do something about it, if we want to keep our democracies in working order -- more or less.

    Why are you trying to derail the discussion? Let's focus on CIA's abuses here, shall we?

  12. CIA *is* Russia by Okian+Warrior · · Score: 4, Interesting

    The CIA is a bigger threat to us than Russia is.

    I think you're missing a key point here: The CIA threat *is* the Russia threat.

    Consider the balance of evidence: Putin says the Clinton leaks did not come from Russia, Julian said specifically that he knew where the Clinton leaks came from and that it wasn't Russia, the US evidence that the Clinton leaks came from Russia can be summed up as "it's something they would do".

    And now we find out that the CIA can leak whatever they want and make it *look* like it came from Russia.

    Also, they are one of the government agencies who claims that the leaks came from Russia.

    Now, I don't have any evidence that the CIA is leaking things and making it appear as if Russia did it, but this has to make us question whether we can trust *any* government pronouncement of where some leak or another came from.

    All this "the Russians did it!" can now be completely ignored as an ad-hominem attempt to lead attention away from the actual data that was leaked.

    We don't know *who* leaked it, because for all we know it was our own security agency.

    (And need I point out that GCHQ, Russian intelligence, and a host of other players could probably do the same thing.)

  13. Re:convenient timing as usual from mr. diplomacy by benjonson · · Score: 1

    The CIA is a bigger threat to us than Russia is.

    Sure, right. Because Wikileaks has also given us equivalent info on Russian espionage.

    Wait, they haven't? What's going on here?

    --
    =-+
  14. Re:convenient timing as usual from mr. diplomacy by Anonymous Coward · · Score: 1

    Innuendo and conjecture unsupported by verifiable facts.

    Politics does not operate by means of verifiable facts. I'm not sure if it has ever worked that way, except MAYBE in small-scale democracies like Athens where important offices were assigned by lottery. Even then ...

    No, politics at the individual level is governed by two major things: what someone has been taught to believe and never seriously questioned, and what someone really wants to believe. To give an easy example, a lot of people want to believe that banning guns will work in the USA. If you point out, with references that Chicago has loads of shootings despite it being nearly impossible to legally own a gun there, or that mass shootings overwhelmingly happen in "gun free zones", or that states which enable conceal-carry experience lower violent crime rates, or that (and this is basic and easy to understand) criminals willing to commit mass murder aren't afraid of weapons charges, well they get upset.

    They get angry. They get upset. They might try to shout you down (or mod you down), call you names, demonize you, misrepresent your position, etc. They don't do anything like saying "hey that's a good point, and I really need to explain that or else my position becomes untenable". Far from it. That's politics.

    At most, verifiable facts might be (selectively, carefully framed, with no rebuttal permitted) brought up after a decision has already been made, in order to give an appearance of objectivity to what was going to happen anyway because that's what the monied interests want. This also has the side-effect of convincing supporters that they had a monopoly on truth all along, increasing their zeal, making them more useful, vocal, and so convinced that "their side" is "right" that listening to reasonable doubts seems like a waste of time.

  15. Re:convenient timing as usual from mr. diplomacy by dbreeze · · Score: 1

    https://search.wikileaks.org/?...
    Mebbe there's no equivalent info on russia because they have less of a corrupt, lawlessness problem with their government than we have here in America.
    Some people just don't understand that there's little excuse for not knowing almost anything you want these days...

    --
    When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
  16. Proprietary software: still untrustworthy. by jbn-o · · Score: 3, Informative

    The "guard dogs" were proprietary programs. Users of proprietary OSes (chiefly MacOS and Windows) were trusting one black box to "guard" against the ills of other black boxes (other likely proprietary programs running on the same system). This was always known to be foolish and this WikiLeaks release shows another indisputable example how this system is broken by design.

    Software freedom (the freedom to run, share, inspect, and modify) is no guarantee against malware, life offers no such guarantees. As with other endeavors we can act to improve the odds in our favor for computers we own so we don't fall prey to the ills of proprietary software. We know that keeping secrets from computer users prevents them from controlling their own computers (this is the power of a proprietor and why proprietary software is released). When we have software freedom we increase the odds skilled software practitioners will identify malware, change the software to excise the malware, and release the improved software. One could even hire someone's skill and time to do this on their behalf.

    But no such inspection, improvement, and release is legally permitted with proprietary software. Thus most computer users fall prey not only to the traps of proprietary software itself, but also to the traps built into the software, and the traps of the software ostensibly meant to guard from the ills of other malware. There's no good reason to have faith in one black box over another, trust that one black box will keep you safe while another is less trustworthy, or to continue choosing one master over another. It's easy, convenient, and untrustworthy to do as the proprietors want you to do. You can choose software freedom and invest in businesses working to provide you with practical hardware to make this an everyday reality that meets your computing needs. The Free Software Foundation's "Respects Your Freedom" list includes a high-powered X86 64-bit mainboard called the "Vikings D16 Mainboard" which looks particularly appealing for high-powered, high RAM ceiling systems. WikiLeaks continues to tell us all why we need hardware and software we can trust, software that respects our freedom—we see the consequences of not having trustworthy systems! We can choose to value software freedom for its own sake and we should. Investing in our own future in this way now portends big practical payoffs in the near and long-term future.

    --
    Digital Citizen
    1. Re:Proprietary software: still untrustworthy. by sokk · · Score: 2

      Good points, but I still think that open source suffers because of the lack of a economic model that fits application developers. Open source is good for the big dogs ("cloud", "enterprise") - not so good for the garage guys. I think the status quo will self-correct if the economic incentive can be tilted. How about an open source license that only allows distribution to other license holders?

    2. Re:Proprietary software: still untrustworthy. by rtb61 · · Score: 1

      The advantage of open source it is very hard to sneak stuff in or leave bugs in there because every countries across the board can take a squiz http://www.dictionary.com/brow... at the code, unlike closed source. So when they find a bug, it is not like they can secure their own without the rest finding out, so in spy vs spy open source tends by the nature of it's design to be neutral territory (not that they would not hack it but secure it for one, secure it for all and blinding hoping the fully visible bugs wont be found is like sitting on a mine and hopping for the best).

      --
      Chaos - everything, everywhere, everywhen
  17. What the source code could show? by AHuxley · · Score: 1

    Could the source code reverse a method? A good tech journalist could then look back over past events and uncloak past cold litter discoveries?

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:What the source code could show? by tobiah · · Score: 1

      Cold litter ate my source code.

      --
      "The ability to delude yourself may be an important survival tool" - Jane Wagner -
    2. Re:What the source code could show? by AHuxley · · Score: 1

      All the past cold case discoveries packed with "evidence" that had to point to nations due to "language" or expected code "fragments". i.e. cold case https://en.wikipedia.org/wiki/... but now we have old litter that can be reexamined.

      --
      Domestic spying is now "Benign Information Gathering"
  18. Yes, and others by Ungrounded+Lightning · · Score: 1

    "and sometimes going as far as appearing to originate from countries other than the US"
    TFA includes a partial list of the languages used by the tool:

    The code includes Chinese, Russian, Korean, Arabic and Farsi language examples,

    In other words: The CIA tool could fake their attacks as originating from, or sponsored and assisted by, at least the following state-level powers:
      - China
      - Russia
      - North Korea
      - ISIS
      - Iran

    So, Yes. The CIA could routinely fake their malware, and attacks using it, as coming from Russia.

    I find it interesting, though unsurprising, that this was not included in the slashdot posting. B-b

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  19. Wikileaks summaries are propaganda by kent.dickey · · Score: 1

    Why aren't people paying attention? Wikileaks summaries are always just propaganda, intentionally misleading to work up conspiracy theorists. It's clever though, it's based on half-truths, but it's generally nothing in the end. They look over their info for weeks to write their summary, then dump a huge amount of info that no one can reasonably read quickly, so the media just publishes the Wikileaks summary.

    Just wait a few days, the truth will come out to be something extremely boring. Ah, but who follows up and finds out the truth? This propaganda is very effective.

    I think the most shocking revelation from the Clinton email leaks was Podesta's risotto recipe.