WikiLeaks began the first in a series of Vault8 releases late last week, including source code related to stolen CIA hacking tools.
The whistleblowing organization has spent the past few months drip feeding information detailing the extent and sophistication of the agency’s offensive cyberspace efforts.
Now it’s going a stage further with more information — although a brief statement claimed none of the data could actually help the cybercrime underground:
“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.
“Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks' earlier Vault7 series, the material published by WikiLeaks does not contain 0-days or similar security vulnerabilities which could be repurposed by others.”
Some security experts on Twitter agreed — at least based on the information that has been released thus far.
It includes source code for “Hive”, an alleged malware communications tool.
Also unveiled as part of this missive were details of an increasingly common tactic used by cyber-criminals: creating fake certificates to hide malware from security filters.
In this instance, it was revealed that the CIA had created a fake cert to appear as if it was issued by Kaspersky Lab and signed by Thawte.
WikiLeaks explained:
“In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.”
Rick McElroy, senior security strategist at Carbon Black, argued that the CIA’s creation of fake Kaspersky Lab certs “muddies the waters when it comes to the question of is Kaspersky really part of Russian intelligence.”
“They [the CIA] have shown repeatedly that they can make their operations look like other teams (Russia, China etc) which makes attribution of cyber-attacks difficult and in and of itself makes conspiracy theories run rampant,” he added.
McElroy added that the carelessness of US intelligence agencies could lead to a barrage of WannaCry-type attacks in 2018.
“From a global perspective, even countries who had inadequate offensive capabilities are now able to get up and running faster. It also helps all the nations understand how we do our operations which makes them better able to defend. It also ‘justifies’ countries like Russia doing it. After all, if the US is the leader, how can we expect others to not do it?” he argued.
“If you think the 2016 election cycle was bad, wait, because it won’t just be Russia in 2020.”