Thursday, November 9, 2017

Bombshell: WikiLeaks Publishes CIA Hacking Tool Designed To 'Impersonate' Russia's Kaspersky Lab

By Tyler Durden - November 09, 2017 at 02:07PM

undefined

On September 18th, the US Senate voted to ban the use of products from the Moscow-based cyber security firm Kaspersky Lab by the federal government, citing national security risk. The vote was included as an amendment to an annual defense policy spending bill approved by the Senate on the same day and was written to bar the use of Kaspersky Lab software in government civilian and military agencies.

 Alas, according to a new revelation from WikiLeaks this morning, any perceived "national security risk" from Kaspersky could have resulted from the fact that the CIA specifically designed hacking software, code-named 'Hive', which intentionally "impersonated" the Russian cyber security firm so that "if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated."

 Here's a summary of the hacking tool posted by WikiLeaks:
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.
Of course, Kaspersky Lab has been producing anti-virus software for 20 years and boasts 400 million customers around the world. Suspected of being involved in cyber espionage, the company's management has maintained that it has been "caught in the middle of a geopolitical fight" and is being "treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts"......this new WikiLeaks revelation would seemingly lend some credence to Kaspersky's conclusion.

undefined
larger image

 Reprinted with permission from ZeroHedge

from Ron Paul Institute Peace and Prosperity Articles

via IFTTT

No comments:

Post a Comment

Merchandise



See other gifts available on Zazzle.

Ron Paul America Cloud

Site Credits

Ron Paul America

is voluntarily affiliated with

Liberty Operations Group

______________________________

Site created, maintained and hosted by

Liberty Web Services

Tags

#TurnOnTheTruth 2008 2012 4th amendment 911 ACTION Afghanistan war Agency Aggression Principle al-Qaeda Alan Colmes Alert America America's Fault Americans antigun AR 15 assault weapon Audit Authoritarian bailouts Believe Big Brother big government bill of rights Blame blowback bubbles Bush Campaign for Liberty Career Politician Eric Cantor Central Bank Charity China churches collapse Collectivism Commission committee Compassion Congress Conservative constitution Crash dangerous person Democrat Democrats Donald Trump Donald Trump. Planned Parenthood drones economic Economy Edward Snowden End the Fed European Union Federal Reserve Floyd Bayne floyd bayne for congress force foreign interventionism free market free markets GOP Nominee GOP Presidential Debates Government Great Depression gun control House of Representatives housing bubble HR 1745 I like Ron Paul except on foreign policy If ye love wealth better than liberty IFTTT Individual Individualism Institute Irag Iran Iraq war ISIL ISIS Judge Andrew Napalitano libertarian Liberty Liberty Letters Liberty Report Lost mass Media meltdown metadata Micheal Moore Middle East Mitt Romney nap National Neocons New Ron Paul Ad New York Times Newsletters Newt Gingrich No Non non-interventionism NSA NSA Snooping Obama Overreach overthrow Patriot Act peace politicians Pope Francis President Presidential Presidential Race programs prosperity Race Racist Racist Newsletters Rand Paul Read the Bills Act recessions redistribution of wealth refugee crisis Repeal Obamacare Report Republican Republican Nomination Republican Nominee Republicans Revolution Rick Santorum Rick Santorum Exposed Ron Ron Paul Ron Paul Institute Ron Paul Institute Featured Articles Ron Paul Institute for Peace And Prosperity Ron Paul Institute Peace and Prosperity Articles Ron Paul Next Chapter Media Channel Ron Paul Racist Newsletters ron paul's foreign policy Ronald Reagan ronpaulchannel.com ronpaulinstitute.org Rosa DeLauro russia Samuel Adams Saudi Arabia Second Amendment Security Senate Senator September 11th attacks Show Soviet Spying stimulate Stock Market surveillance Syria tech bubble terrorist The the Fed the poor US US foreign policy Us troops USA Freedom Act Virginia Virginia Republican Primary voluntarism. Liberty Voluntary Warner Warning warrantless wiretaps YouTube