Now, Wikileaks reveals code that can unmask CIA hacking operations. Vault 7 is a series of documents that WikiLeaks began launching on March 7 this year, detailing activities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. Until this week, WikiLeaks’ “Vault 7” file launches were largely made up of documentation relating to various malware projects that the CIA Engineering Development Group (EDG) created to aid in missions of the agency. However, the information revealed, on Friday afternoon WikiLeaks began to launch parts of the CIA development library. While the release does not contain any malware, it potentially has information that could be the most sensitive and damaging to the agency revealed till to date. This information now refers to CIA operations that are still in progress. The information revealed relates to a code repository for the CIA’s EDG obfuscation tools, called Marble. The tools were used to hide the signature of implants developed by the CIA from malware scans, making it difficult either to reverse engineer them if they were detected or to make it difficult to trace the malware. In a statement to the Washington Post, UC Berkeley researcher Nicholas Weaver said: “This appears to be one of the most technically damaging information leaks ever published by WikiLeaks, as it appears that it was intended to interfere directly with CIA operations”. There is nothing particularly magical about CIA tools. What is more relevant is that these were developed and tested by a professional team and the code itself is extremely well documented. The code deployed on Windows systems was overshadowed by a tool called Marble, which is an application developed in C ++ that hides text strings and binary objects through various implant forms. These methods include “encoding” binary content using a series of bit-changing techniques and inserting foreign language snippets with a feature called “WARBL”. The characters as a whole, inserted with the code, appear to be mostly gibberish text, incomprehensible, which could be to replace for more revealing pieces of text, or else for something more Specific to the project. The existence of the code alone is not so revealing, even because the techniques were unmasked in the initial documents launched by Wikileaks. Code obfuscation is the author’s fundamental part in anti-forence art, making it difficult for the “adversary” to use reverse engineering and reverse what it is trying to conceal and execute. However, with the information now revealed, programmers can create tools that search for accurate CIA implants. Worse than that is programmers using this technique for their own malware which is even more damaging.
Δ