KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Vault 7: An attack on The United States of America

On Tuesday March 7th, 2016, WikiLeaks posted a trove of stolen files and data sourced from inside the Central Intelligence Agency.  This information was posted to the WikiLeaks website with a press release claiming the need for transparency to protect users.  This is just the first release in a long line they have setup for milking attention and maximizing impact.  It is the same tactic used for Hillary Clinton’s emails and many other leaks.

What was released?

Keeping in mind this is just the first part of many, the leak contains more data in the first installment than the entire Edward Snowden archive.  Supposedly this collection contains data at Top Secret / SCI level.  If this is true, it may do serious damage to the United States.

This first release contains details on many of the offensive capabilities of the Central Intelligence Agency.  The capabilities outlined include the code names for systems, applications, and tools used by the CIA, operational details, non-disclosed CIA organizational structure details, and internal discussions that show the processes, development practices, employee logic, and more.  For an intelligence agency, this is a SERIOUS release.

Some of the programs information has been released for include:

  • SnowyOwl: Tool for injecting code into OpenSSH client process and surreptitiously creating sub-channels to remote targets.
  • Sparrowhawk:  Keylogging tool.
  • Bee Sting:  Proxy with iFrame injection.  Used for MITM attacks.
  • YarnBall:  Covert USB storage
  • Weeping Angel:  Samsung SmartTV implant.
  • HarpyEagle:  Apple Airport Extreme and Time Capsule implant.
  • DerStarke and QuarkMatter:  Apple EFI/UEFI boot implant.
  • BaldEagle:  HAL daemon 0-day.
  • ShoulderSurger:  Exchange Server data extractor.
  • Magical Mutt:  Inject DLL from memory into a remote process. (mmm hmm).
  • Fine Dining: Trojan/DLL injection tool for a large array of applications.  Everything from Notepad++ and VLC, to Chrome and Kaspersky TDSS.  This is a pretty important case officer’s toolset.

Some of the practices and policies that increase exposure:

  • Development standards.
  • Code hosting locations.
  • Training methods / practices.
  • Crypto Standards
  • Demo and temp password creation standards (Example: [email protected])
  • Exploitation approach and standards.

Isn’t this a good thing?

No.  Simply put, this is a bad thing.  This does nothing to protect anyone, it does nothing to help citizens make informed decisions, and it does nothing to expose corruption.

Starting with corruption:  Every government on this planet that has computing capabilities, has offensive and defensive computer security units.  Every. Single. One.  Even the government protecting Julian Assange’s hypocritical ass has several of their own unit’s setup for offensive cyber security.

Next up, end-user protection:  Most of the exploits methods and tools used are non-controllable by end users.  If your cell phone has a vulnerability… there is NOTHING you can do about it.  You can buy a new cell phone, but it will have the same hole.  The companies that produce the hardware are able to patch holes and make changes, but the public disclosure before disclosure to company’s servers no benefit to citizens.  All it does, is make the exploits known publicly before companies have a chance to patch them.  In many cases, there are hardware limitations to patching holes.  These hardware limitations can only be overcome with capital expense.  WikiLeaks isn’t furnishing new hardware… they are only exposing the vulnerabilities for malicious actors to exploit.

By exposing these capabilities and vulnerabilities, WikiLeaks has only further endangered citizens around the world and attacked the United States government.  One of the biggest concepts in poker, security, and politics is never to show your hand.  If everyone knows what you can and cannot do, it weakens your position and allows them to target you.  WikiLeaks has intentionally targeted this concept under the guise of protecting people.

Make no mistake… this IS an attack.

 

Kalypto • March 8, 2017


Previous Post

Next Post