The latest from Wikileaks documents CIA hacking practices, particularly its ability to disguise its hacks. From Tyler Durden at zerohedge.com:
WikiLeaks’ latest Vault 7 release contains a batch of documents, named ‘Marble’, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. Per the WikiLeaks release:
“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.”
RELEASE: CIA Vault 7 part 3 “Marble” https://wikileaks.org/vault7/?marble#Marble%20Framework … #Vault7
2:58 AM – 31 Mar 2017
3,110 3,110 Retweets 2,862 2,862 likes
The latest release is said to potentially allow for ‘thousands’ of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments.
WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.
It’s “designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.
The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.