WikiLeaks Dump Reveals CIA Malware That Can Sabotage User Software

An anonymous reader writes: "While the world was busy dealing with the WannaCry ransomware outbreak, last Friday, about the time when we were first seeing a surge in WannaCry attacks, WikiLeaks dumped new files part of the Vault 7 series," reports BleepingComputer. This time, the organization dumped user manuals for two hacking tools named AfterMidnight and Assassin. Both are malware frameworks, but of the two, the most interesting is AfterMidnight -- a backdoor trojan for stealing data from infected PCs. According to its leaked manual, AfterMidnight contains a module to "subvert" user software by killing processes and delaying the execution of user software. Examples in this manual show CIA operatives how to kill browsers every 30 seconds to keep targets focused on their work, how to delay the execution of PowerPoint software with 30 seconds just to mess with their targets, or how to lock up 50% of PC resources whenever the user starts certain software. Basically, the CIA created nagware.

Re:please stop them

[Kiuas]

Man I wish we had some vigilante hackers that would shut down wikileaks, they are the Enemy. Giving secrets to them is giving them to the enemy which is all the spyware writers in North Korea.

Do you not think the other agencies don't have access to such tools and information already? Exploits are sold and distributed in the darkweb on a daily basis, you can even these days buy malware as a service. It's a highly advanced, highly lucrative industry with professionals at work on all sides. And not all the players are state actors, plenty of them have commercial interests in mind and these people don't care who's buying.

Now, someone else said it well in a recent story about WannaCry: the lesson of this story is not just 'guard your weapons better' but also 'make better armor'

Putting these exploits out there allows for people to defend themselves against them. Following the mentality of 'well let's just not tell anyone of this exploit we found and no $BAD GUYS will ever find it" is arrogant and stupid because there are billions of dollars involved in the industry of seeking out and taking advantage of these exploits. There are millions of people across the planet right now working for criminal enterprises whose day-to-day job it is to seek these security holes out, with or without sites like WikiLeaks.

I personally think the whole tactic of not informing companies of serious security flaws in their products in the hopes of one day being able to use said exploits to target $BAD GUYS, is incredibly stupid and shortsighted because it simultaneously puts EVERYONE running these systems in the US/west at risk of being attacked by whoever else has found the same exploit. It's literally the same as finding out a vaccine for a deadly virus but trying to keep it a secret in case one day you decide to start full-scale biological war against $BAD GUYS; if your population is not vaccinated and is hit first by the enemy, you're fucked. The risk-reward ration is absurd.

But then again, I'm not american, so that must mean I'm the enemy, right?

Re:please stop them

Yeah people like you would rather have fake news that has been sanitized for your protection. All wikileaks does is report stuff. Don't blame them for being the messenger. You want to shoot someone, shoot the guy in charge of internal security at the CIA/NSA or wherever these "tools" get stolen from. And shoot the guy at Microsoft who knew about all these vulnerabilities years ago and decided to sit on his hands.

But I'm wasting my breath - your statement proves you are incapable of dealing with the real world.

Re:It is rather odd...

[F.Ultra]

What you should ask instead is why no one seams to leak such information to Wikileaks. It's not Wikileaks that hunts down and finds this information, it's sent to them. If you leak Russian secrets to them I'm quite sure that they would distribute them because it's not like the Internet is full of "I leaked Russian data to Wikileaks but they never released them" either.

Re: They don't even understand "work"

[Mouldy]

You missed my point. At risk of just feeding the trolls, let me try again;

Someone who says anything on the web, is using the web to make their message heard. In this instance, GP AC used the web to tell the world that the web is useless. An obvious contradiction.

On top of the use of making their message heard, the AC made use of another capability of the web; limited anonymity.

So in that 1 post, AC contradicted their own message at least twice.

Re:It is rather odd...

[AHuxley]

China and Russia now have better practices after decades of having to counter intrusion attempts.
The most easy way is to only allow mil officers to move up the ranks who are loyal. Some profiling helps a lot.
Mil bases, science city, closed areas allow projects to stay safe. No mixing of other nations embassy staff, spies been tourists, university students, random foreigners, illegal migrants near sensitive sites.
Russia and China now fully understand the signals gathering efforts by the NSA and GCHQ. Less chatter on their networks about secrets as they know the NSA and GCHQ are in on all their internal networks.
The main security issues for Russia and China is the CIA or MI6 making a cash offer to their mil and workers. A lot of cash, new life in the West, education, holidays, work. No uniform, fun, freedom to read, watch TV all day.
The only way around that is to profile every worker and see if they are tempted. Personality traits that sway to loyalty, been patriotic, pride in uniform, pride in own nation are valued. The easy to distract, weak minded person who lives in a total fantasy world does not get any security clearance.

Its different to the West. Less contractors working with mil staff, low wages, tension between mil, new contractors setting projects and gov workers. A spirit de corps still holds as all the people on site are tested and trusted. The site is also the only pace the project exists. No digital copies with just in time contractors that can walk.

So the West sees a lot of talk by human rights groups, lawyers, documents. Court cases get supported, published. A lot of court related material exists in the West about Russian and China. Just not mil grade as it does not exist on computer networks.

The US stores too much with contractors, has too much complex data in plain text facing open networks thanks to role and for profit needs of contractors.
Its seems to go back to an idea that the early 1950-70's US networks would always be secure. Each US base was physically secure, the secure networks between each US base was perfect. So lots of chatter and plain text for contractors is just part of that long term US system.
The US also learned a lot from 1930-1970 UK staff security issues and tried its best to secure its own mil and gov staff. That worked well until the US got flooded with for profit contractors.
The US believes in the creativity, profit motive and imagination of its contractors, if they need plain text computer networks, thats just part of the system.
Very different concepts around staff security and document security after decades of issues and walk outs in Russia and USA.
The UK tried to get the best of both worlds with better gov/mil staff conditions, real gov and mil jobs with good wages, security and trust in the 1970's. It worked well until new contractors got access to UK material.
The UK also faced the real Irish issue, past UK staff issues with the Soviet Union and was finally much more security aware.
No more easy to access photocopiers with lots of paper next to secure UK document vaults for spies to copy with.