Skip to main content

CIA hacking tools revealed

WikiLeaks

Part 9 - Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

***

Source and links:


[1] [2] [3] [4] [5] [6] [7] [8]

Comments

Popular posts from this blog

Oct. 7 Reports Implode: Beheaded Babies, NY Times Scandal, & More

Glenn Greenwald    

Πώς ο Γκρίνμπεργκ μπορεί να θάψει το καθεστώς Μητσοτάκη

του system failure    Είναι ξεκάθαρο ότι η αναμφίβολη πρωτοκαθεδρία του καθεστώτος Μητσοτάκη οφείλεται σχεδόν αποκλειστικά σε μια άκρως επιθετική επικοινωνιακή εκστρατεία που είχε καταφέρει μέχρι στιγμής να κρύβει κάτω από το χαλί (τουλάχιστον ως ένα βαθμό) τον αυταρχισμό και τη διαφθορά του καθεστώτος, καθώς και τις καταστροφικές πολιτικές που εφαρμόζει.  Και δεν είναι πλέον μυστικό, ότι ο άνθρωπος-κλειδί πίσω από αυτή την εκστρατεία είναι ο Αμερικανός δημοσιοσχετίστας, Σταν Γκρίνμπεργκ .    Όμως καθώς το καθεστώς επαναπαύθηκε στις δάφνες της νίκης των τελευταίων βουλευτικών εκλογών, τα μεγάλα προβλήματα συνέχισαν να συσσωρεύονται και φάνηκε ότι το καθεστώς είτε δεν ήθελε, είτε δεν μπόρεσε να τα αντιμετωπίσει. Έτσι, είδαμε σε σύντομο χρονικό διάστημα να έρχονται τα πρώτα σημαντικά πλήγματα στην πρωτοκαθεδρία του, μέσα από τα αποτελέσματα των δημοτικών και περιφερειακών εκλογών. Παρόλα αυτά, η αλαζονεία των καθεστωτικών στελεχών παρέμεινε αμετάβλητη, καθώς θεώρησαν ότι η τραγωδία των Τ

Zionist and US imperialist criminals are about to grab the natural gas off shore Gaza

globinfo freexchange   As the genocide against Palestinians of Gaza is about to be completed with an act of unprecedented brutality by the Zionists and butcher Netanyahu through the bombardment of about 1.4 million civilians in Rafah, it seems that they have already set their next primary goal. Which, in short, is to grab the natural gas resources off shore Gaza, together with their US imperialist buddies whose contribution to the genocide has been undoubtedly critical.     As already reported , in 2007, Hamas came to power and Israel launched an offensive on Gaza Strip, leaving behind 1,400 dead Palestinians, but taking with it the gas fields. Within a year, Israel announced the discovery of the Leviathan natural gas field, which did include Gaza's riches, valued at 453 billion dollars. But Gazans have been denied around 47 billion dollars in revenue. As for Tel Aviv, it's gunning to become a new hub. At that moment in time, that is 2022, Russian oil and gas were sanctioned.

Israel’s Descent Into Madness & the Holocaust Comparison

BreakThrough News   Rania Khalek was joined by Tarik Cyril Amar, a historian from Germany and associate professor at Koc University in Istanbul, to discuss Israel’s descent into genocidal fascism. Prof. Amar addresses whether it’s useful to make Holocaust and Nazi comparisons and the real reason behind the West’s unshakeable loyalty attitude when it comes to Israel’s barbarism.   

Neocon Queen Victoria Nuland Ends Her Reign: Exposing a Catastrophic Career

Glenn Greenwald    

The Shadowy, Intelligence-Linked Group Driving the US Towards War With Iran

"United Against Nuclear Iran does not miss an opportunity to try to bring the United States closer to a military conflict with Iran. And on the other side of the equation, they also have worked very hard to oppose efforts to de-escalate the U.S.-Iran relationship."   by Alan Macleod   Part 7 - A Lesson From History   The history of Iran has been intimately intertwined with the United States since at least 1953 when Washington orchestrated a successful coup against Prime Minister Mohammad Mosaddegh. Mosaddegh had refused U.S. demands to stamp out Communist influences in his country and had nationalized the nation’s oil. The U.S. installed Shah Mohammad Reza Pahlavi as a puppet ruler. An unpopular and authoritarian ruler, the Shah was overthrown in the Revolution of 1979. Since then, it has become a target for regime change, and its nuclear program is something of an obsession in the West. Often orchestrated by UANI officials while they were in government, the U.S. has carried

Το σκάσιμο της φούσκας Μητσοτάκη με νέα επίσημη χρεοκοπία και οριστικό τέλος της μεταπολίτευσης

του system failure   Τα αποτελέσματα των εκλογών της 25ης Ιουνίου ήταν λίγο-πολύ αναμενόμενα όσον αφορά τις πρώτες θέσεις με βάση και τα αποτελέσματα της πρώτης κάλπης του Μαίου. Αν συμπεριλάβουμε και το ποσοστό της αναμενόμενης αποχής, δεν μας έδωσαν κάποια ιδιαίτερη έκπληξη. Αυτό όμως που φαίνεται να αιφνιδίασε ακόμα και το συστημικό κατεστημένο, είναι η είσοδος των δύο υπερσυντηρητικών, ακροδεξιών κομμάτων Νίκη και Σπαρτιάτες, με το τελευταίο να έχει ξεκάθαρες διασυνδέσεις με τον πρώην Χρυσαυγίτη, Ηλία Κασιδιάρη. Παρά τη μεγάλη νίκη Μητσοτάκη, οι μιντιακοί ινστρούχτορες της καθεστωτικής προπαγάνδας εμφανίστηκαν σε γενικές γραμμές "μουδιασμένοι" και αυτό οφείλεται στο γεγονός ότι το συστημικό κατεστημένο (δηλαδή τα μεγάλα οικονομικά συμφέροντα που ελέγχουν και το σύνολο των μεγάλων ΜΜΕ πανελλαδικής εμβέλειας), πέτυχε μόνο έναν από τους τέσσερις μεγάλους στόχους που είχε θέσει εξ'αρχής. Μιλώντας με ποδοσφαιρικούς όρους, ουσιαστικά έχασε με σκορ 3-1.   Ο μεγάλος στόχος πο

Study Finds Media Giants New York Times, CNN, and Fox News Pushing for US War in Yemen

by Alan Macleod  Part 2 - Biased Reporting MintPress conducted a study of four leading American outlets: The New York Times , CNN, Fox News and NBC News. Together, these outlets often set the agenda for the rest of the media system and could be said to be a reasonable representation of the corporate media spectrum as a whole. Using the search term “Yemen” in the Dow Jones Factiva global news database, the fifteen most recent relevant articles from each outlet were read and studied, giving a total sample of 60 articles. All articles were published in January 2024 or December 2023. The study found the media wildly distorted reality, presenting a skewed picture that aided U.S. imperial ambitions. For one, every article in the study (60 out of 60) used the word “Houthis” rather than “Ansar Allah” to describe the movement which took part in the Yemeni Revolution of 2011 and rose up against the government in 2014, taking control of the capital Sanaa, becoming the new de facto government. Ma

The truth about Alexei Navalny

Glenn Greenwald / Dangerous Ideas with Lee Camp / The Hill /  

Top German military commanders plan direct attacks on Russia

by Johannes Stern  Top German generals and the German government are discussing in concrete terms how “Taurus” cruise missiles can be delivered to Ukraine and used against Russian targets. This emerged from an approximately 30-minute conversation on February 19, which was reportedly intercepted by Russian intelligence and published over the weekend by the Russian news channel RT. The conversation involved Air Force Inspector Ingo Gerhartz, Head of Operations and Exercises in the Luftwaffe Command Frank Gräfe and two lieutenant colonels of the Bundeswehr (armed forces) Space Command named Fenske and Florstedt. According to their own statements, the military commanders met to prepare a meeting with Defense Minister Boris Pistorius (Social Democrats, SPD) and to discuss with him whether and how the Taurus can be delivered to Kiev and used against the nuclear-armed power Russia. Pistorius wanted to “ get really deep into Taurus, ” Gerhartz began the conversation. He leaves no doubt that he