The hacking tools of America’s infamous intelligence. On March 7, Wikileaks began to publish another series of CIA documents under the title “Vault 7.”. Wikileaks publicizes Vault 7, 8000 plus pages of CIA documents. All that coming up now on Threat Wire. Shop: http. Ethical Hacking,Cracking,Rooting,Exploiting,Fuzzers,Reverse Engineering,Social Network Exploits,0-Days. Delphi site: daily Delphi-news, documentation, articles, review, interview, computer humor.
The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.
While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks -- and that Longhorn is just a branch of the CIA -- Symantec opts for a rather more conservative evaluation of things: 'there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group.'
In a post on the Symantec Security Response blog, the company provides what it says is the first evidence that the Vault 7 tools have actually been used in cyberattacks or cyberespionage. The Longhorn group is known to Symantec as it has been tracking its activities for the last three years.
The post says:
The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group.
Symantec says that Longhorn has been active since 2011, and is responsible for a number of cyberattacks in the Middle East, Europe, Asia and Africa -- and even one (possibly accidental) attack in the US. The attacks have all the hallmarks of a state-sponsored attacker, as the targets are governments, financial institutions, energy companies and telecoms.
Cia Hacking Software
So how has the security company linked Longhorn to Vault 7 and the CIA?
A number of documents disclosed by WikiLeaks outline specifications and requirements for malware tools. One document is a development timeline for a piece of malware called Fluxwire, containing a changelog of dates for when new features were incorporated. These dates align closely with the development of one Longhorn tool (Trojan.Corentry) tracked by Symantec. New features in Corentry consistently appeared in samples obtained by Symantec either on the same date listed in the Vault 7 document or several days later, leaving little doubt that Corentry is the malware described in the leaked document.
Early versions of Corentry seen by Symantec contained a reference to the file path for the Fluxwire program database (PDB) file. The Vault 7 document lists removal of the full path for the PDB as one of the changes implemented in Version 3.5.0.
Up until 2014, versions of Corentry were compiled using GCC. According to the Vault 7 document, Fluxwire switched to a MSVC compiler for version 3.3.0 on February 25, 2015. This was reflected in samples of Corentry, where a version compiled on February 25, 2015 had used MSVC as a compiler.
Analysis of the Longhorn code strongly suggest that the group is based in North America, and the timecodes which adhere to regular office hours suggest state involvement. Symantec says that it has been interested in the activities of Longhorn with a view to protecting its customers from the malware put out by the group:
Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide. Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault 7.
Throughout its investigation of Longhorn, Symantec's priority has been protection of its customers. Through identifying different strains of Longhorn malware, connecting them to a single actor, and learning more about the group's tactics and procedures, Symantec has been able to better defend customer organizations against this and similar threats. In publishing this new information, Symantec’s goal remains unchanged: to reassure customers that it is aware of this threat and actively working to protect them from it.
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named «Vault 7» by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, «Year Zero», comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized «zero day» exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
«Year Zero» introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of «zero day» weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.
More information about Vault 7 – CIA Hacking Tools Revealed: