WikiLeaks Reveals "Marble": Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic...

Tyler Durden's picture

WikiLeaks’ latest Vault 7 release contains a batch of documents, named ‘Marble’, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages.  The tool was in use as recently as 2016.  Per the WikiLeaks release:

"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."

 

The latest release is said to potentially allow for 'thousands' of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments.

WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.

 

It’s “designed to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.

 

The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.

 

“This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains, “But there are other possibilities, such as hiding fake error messages.”

 

The code also contains a ‘deobfuscator’ which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.”

 

Previous Vault7 releases have referred to the CIA’s ability to mask its hacking fingerprints.

 

WikiLeaks claims the latest release will allow for thousands of viruses and hacking attacks to be attributed to the CIA.

And the rabbit hole just got even deeper.

* * *

Full release from WikiLeaks:

Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Cognitive Dissonance's picture

The dirty trick hits keep coming.

Whocouldanode the biggest malicious hacker on Earth was, and still is, the CIA?

/sarc

X- x3's picture

Frihet till Assange ni svenskar-motherfuckin' sell-outs!!!

Ta det i arslet Bildt, Löven, Margt W. etc etc....

FREE ASSANGE NOW!!!

X-

cossack55's picture

If the rabbit hole gets much deeper we may run into the three Fuku cores

FrozenGoodz's picture

Russia [wiki] giving us information on the CIA allegedly hacking as Russia ... lol can't fault the Kremlin for lack of effort, give em that - guy never gives up

greenskeeper carl's picture

I watched CNN for about an hour on the treadmill at the gym yesterday, and Russian hacking, Russia election interference, shit like that, was all they talked about. They had a panel discussion on there, and this guy kept talking about hacking of voting machines, which has been completely, and thoroughly debunked, even CNNsaid so, and no one said one thing to correct this guy. No one mentioned the wiki leaks dump either. They are truly off their rockers. Nuts.

Looney's picture

 

Isn’t it what the MSM trumpeted after the Sony Hack: “The malicious code used to attack the Sony networks contained multiple fragments of Korean text”?

BTW… Do we have any Korean, Chinese, or Russian-speaking Zero Hedgers?

Do these text samples contain any meaningful text or is it just gibberish?

Looney

Ghost of PartysOver's picture

So hacking code exists that make it look like someone else did it.  Hmmmm...    This must be the next generation of False Flag Attacks.  Seems the List of Trusted Information just keeps getting shorter and shorter.  To be honest I ma not sure anything is left that can be trusted.

sushi's picture

 

 

 

cossack55 has it exactly right.

 

It's all Fuku all the time.

 

NoDebt's picture

If you've ever bought a generator or tool or whatever that's made in China you know that the instructions that come with it are written in what is referred to as "Chinglish".  You KNOW it was not written by a native English-speaking American.  

I wonder if the CIA's Russian/Chinese/Farsi code insert fakes sound like Chinglish to native speakers of those languages.

beemasters's picture

I bet there's nothing in Hebrew.

techies-r-us's picture
techies-r-us (not verified) stizazz Mar 31, 2017 9:55 AM

They're Fake Hebrews to begin with.

lexxus's picture
lexxus (not verified) techies-r-us Mar 31, 2017 9:57 AM

They're Eastern Europeans, Medes (Iranians), and North Africans.

techies-r-us's picture
techies-r-us (not verified) lexxus Mar 31, 2017 10:00 AM

Sad that they're pretending to be what they're not.

bob_bichen's picture
bob_bichen (not verified) techies-r-us Mar 31, 2017 10:03 AM

RE: chronic SPAMMER kavlar, techies-r-us, lexxus, stizazz, mano-a-mano, etc.   (ALL THE SAME PERSON REPLYING TO HIS OWN COMMENTS)

You have NO IDEA how troubled this individual, the Spammer With One Hundred Log-ons, really is.  He has trolled and spammed his website crap on here forever, always with the same macabre conversations with a long series of "imaginary playmates." It really is quite perverse and whoever "he" is, he seems to really get his rocks off voting himself up arrows and replying to his own comments, and also appears to have no life beyond making off-topic comments with his link to the SPAM-, TROJAN-, VIRUS-INFESTED  "biblicisminstitute,wordpress,com"  (sometimes disguised as a short-URL  http://wp.me  )

He shares this pathology with "Audio Feeline " "blue fin" AKA "TrollAndDump" (formerly known as XYTHRAS - since banned) whose "dailywesterner,com" is, if anything WORSE than the biblicism fetishist, also SPAM-, TROJAN-, VIRUS-INFESTED.

Other ZHers  may wish to take one minute to send an email to abuse@zerohedge.com requesting that all of the "imaginary friends" (in the list below; copy and paste)   be permanently banned for spamming.

As you do that, use your imagination to try to conceive of what type of whackadoo would spend their life in pajamas, fake eyelashes and high heels, eating stale chips and drinking cheap soda from the dollar store, popping zits, and spamming zerohedge. 

Many of the following have been banned but, like crabs and cockroaches, they just seem to come back.  The "short list of imaginary playmates" includes:

Audio Feeline
blue fin
TrollAndDump
XYTHRAS

kavlar
mano-a-mano

letsit
lexxus
tazs

techies-r-us

stizazz

lock-stock

beauticelli  
mofio

santafe
Aristotle of Greece

Gargoyle

bleu

oops

lance-a-lot
Loftie

toro
Yippee Kiyay

lonnng
Nekoti

SumTing Wong

King Tut
Adullam

espirit

rp2016

Holy hand grenade of Antioch,

etc. etc. etc.

Haus-Targaryen's picture

Tylers need better comment admins.  

Ban the guy enough and blacklist his email, he'll eventually give up. 

PrayingMantis's picture

 

... >>> "WikiLeaks Reveals "Marble": Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic..."

             ... there's no end in sigh ...

 

espirit's picture

Yeah? Add bob_bichen to the list for being a 1 year old troll.

I think I know how I got to him, sooo... much more to come.

limpinalien69's picture

Where is the joo version of the code? Sorry. My bad. CIA is run by joos for the joos.

BullyBearish's picture

If you just start off with the premise that all these F*^kers LIE, then your position on the issues is as good as your adherence to the truth...

logicalman's picture

Genetic studies tend to suggest Northern Turkey.

Ashkenazic Jews are the descendants of Greeks, Iranians and others who colonized what is now northern Turkey more than 2000 years ago and were then converted to Judaism, probably in the first few centuries AD by Jews from Persia. At that stage, the Persian Empire was home to the world’s largest Jewish communities.
Over 90 per cent of Ashkenazic ancestors come from that converted partially Greek-originating ancient community in north-east Turkey.
Dr Eran Elhaik of the University of Sheffield.

neversink's picture

And who really gives a shit. 
The articles of ZH are great, but the anti-Semitic comments spoil it.
Your hatred of Jews by some tof the more active particpants shows your ignorance.
Jews make up less thann 2/10,000ths of one percent of the world's population, yet you idiots blame everything on the Jews' If only Jews were so powerful. In the meantime you love to use the inventions of Jews and Israel that have made your lives easiier and healthier....

Go figure!!!!

atomp's picture

It is possible that many "anti-semitic" posts on this site, or any site, for that matter, are actually posted by "semites"

Yog Soggoth's picture
Origin of the Word Jew - Overlords of Chaos  Semitic(Shemitic) means brown skinned, and the language they spoke. The word describes a people in ancient times that are displaced right now. The word jew was coined in 1795.  Zionism Unveiled: The Historical Origins of the Word "Jew" Now apologize to the world for your ignorance. 
Teja's picture

Well, if you look into your descendants in detail, you probably would find some surprises, too. Although interesting to know, one should not put too much value into it. Many Germans (especially in the nationalist East) for example have strong slavic roots. Or take Arab peoples - Morroccan elites are said to have strong Jewish roots, and during Mohammad's time, a large part of the population of the Arab peninsula was Jewish.

logicalman's picture

Genetic studies tend to suggest Northern Turkey.

Ashkenazic Jews are the descendants of Greeks, Iranians and others who colonized what is now northern Turkey more than 2000 years ago and were then converted to Judaism, probably in the first few centuries AD by Jews from Persia. At that stage, the Persian Empire was home to the world’s largest Jewish communities.
Over 90 per cent of Ashkenazic ancestors come from that converted partially Greek-originating ancient community in north-east Turkey.
Dr Eran Elhaik of the University of Sheffield.

PT's picture

<Yawn>.  Oh what a surprise.  The CIA can arrange the ones and zeroes in any order they like!!!  Who woulda thought it?  Who couldanode?

My apologies.  That may sound a bit harsh and dismissive of the effort put in by Wikileaks and Zero Hedge.  And it may trivialize the effort put in to overcome some protocols or encryption that I may know nothing about.  Here I remind others that I know how to program but my knowledge is out of date.  But at the end of the day it is ALL ones and zeroes, and I am most surprised that people assume that just because they don't know how to arrange the ones and zeroes, no-one else does either.

Any techies out there who can point out my ignorance in the first paragraph?  Apart from any Public Key encryption problems?  Why is the ordering of ones and zeroes in any order you like NOT a trivial problem?  Thanks in advance.

 

 

 

 

 

Is it a hardware problem?  eg, my old computer's disc hardware / firmware only allowed a few disc-writing protocols whereas some other computers let you directly write ALL the ones and zeroes to disc?  Do we have a similar problem with modem hardware / firmware or is it something else?  Thanks in advance again and apologies for being a smart-ass in the first paragraph, if the solution merits it.

MsCreant's picture

I hear you and would almost agree BUT...

There is not only 0s and 1s.

  1. The first order of confusion is to be familiar with the "culture" of the hacker you want to frame. That means the way they use their 0s and 1s in their world. This is what we call counterfeiting. There is something real, a truth, and you are trying to replicate it.
  2. The second order of confusion is to be familiar with the way they cover their tracks when they want to. You want to do that well enough that you can convince a Russian programmer that a Russian did it, a Korean, an Arab, etc.and tried to hide it. 
  3. The third order of confusion, not described in this article, but you bet they do it, they do this shit in places where you don't even need to, just because. A kind of disinformation of the disinformation. Random places where it does not matter, beside places where it does matter. It is replicated, so much, you can find it lots of places. It is an assembly line of lies, so that the reference point, "truth," is totally obfuscated. 
  4. Do this enough, and you cover your tracks to do any fucking thing you please. What we end up with here is Baudrillard's simulacra- the truth that hides the truth that there is no truth- in play. One could argue the Wiki- publication of this frosts the cake. Forensics is destroyed as a discipline, at least in regards to computers. It's the wild, wild, west out there.

Joe and Josephine 6 pack, learn learned helplessness. We are spied on, our information is sold, we are hacked, we can't trace who did it and there is nothing we can do about it because we can't "prove it." Oh yeah, and you are dependent on the net because we say you must conduct your business there, but hey, anything can happen to you and you can't defend yourself at all, and you can't hold anyone responsible for the bad things that happen there.

We are totalized, subordinated, and as men on this site like to say "cucked."

PT's picture

Agree with you about the cultural side of the problem.  There are many different ways to solve a problem and cultural priorities will be reflected in the code.  And the method that the "hacks" are released into the wild.  Just wondering if there are any major technical hindrances they have to consider.

slyhill's picture

That Baudrillard's simulacra is some deep shit. Disturbingly dark, yet somehow refreshing, thought. Place all perceived reality into a blender and hit the button. Fuck these political harpies and media whores. WTF are we really trying to perceive here, anyway?

chiaroscuro's picture

 

Thank you for sharing your keen insights. I hadn't heard of Baudrillard's Simulacra but I have heard of cultural marxism. However deep the rabbit hole goes we must all remember that whoever created the hole with all its traps and mazes are mere mortals like ourselves. They may be better organized and funded than we are but they have no more power to create reality than we do with our own minds.

I believe in God and absolute truth. Yet even if you do not, at least believe that you have the power to envision and work towards a more beautiful version of reality than the one you are handed by other humans. To give in to apathy or despair is to surrender. They may think they've already won and you may be tempted to think so too. But remember, the only way they can win is if you stop fighting. As long as you continue to resist, to search for truth and beauty, to believe in something better and in so doing to create it;  their version of reality cannot be complete. So never stop fighting.

  

Implied Violins's picture

The really sad part about what you just wrote, is it all could be disinfo and we wouldn't know it.

For all we know, there are lazy agents putting this shit out there for people to believe, thus perpetrating the 'myth' of their total control of information, while they actually do nothing but watch our reactions.

But of course, I don't believe that...but I ain't discounting it, either.

Does that sound insane? Or is that the goal??

espirit's picture

NnErtDFiaBJiCwqSMiFgzt

(when they believe everything I say is a lie, I've won)

Yog Soggoth's picture

What people have been saying for decades. I have a friend that works for (blank) that told me the whole gates thing was a puposely run scam from the beginning. The lie in your own statement is that "you can't prove it". I think I can. You are just not thinking hard enough. Quitter is your new name.

temporarity's picture

Russian text visible in that image is gibberish. 

StychoKiller's picture

Go visit http://www.engrish.com -- The Japanese have a vast misuse of English going on (although China and even some Arab countries ain't far behind!)  :>D

Countrybunkererd's picture

what a den of vipers.  all for keeping us safe.  yeah, right. 

I wonder how much money the FBI spends on spying on the CIA, NSA, DHS, etc.

then i wonder how much the NSA spends on spying on the CIA, FBI, DHS, etc.

then i wonder how much the CIA spends on spying on the FBI, NSA, DHS, etc.

then i wonder how much the military spends spying on... OH FOR GOD'S SAKE!!!!

PT's picture

Oh they're all good friends.  They just share the information with everyone.  It makes life so much easier that way.

http://biblio.com.au/book/cia-mission-burundi-john-m-bernier/d/153094689

Fiction story,  Old.  Took me a few pages to get into it but after that it was an easy read and quite funny.

"You guys are so lucky you have borders.  Every time you feel like having a war you can have a skirmish on the border.  But our whole country is an island.  The border is very clearly defined.  We can't use border skirmishes as an excuse." amongst other gems.

Countrybunkererd's picture

all good friends. When one enters their dark world, NOBODY is a friend. I have a relative from childhood that joined the alphabet of Choice and hasn't contacted a member of the family since the 80's...NOT ONCE.  They can't.  Anyone you speak to could be an operative of abc to xyz with ANY number of agenda items.

PT's picture

It was fiction.  And it was a funny story.  You might enjoy it.

Countrybunkererd's picture

i will do my best to look into it, any enjoyment these days is cherished.  Consider this though, the police have their own network away from citizens, such as a police watering hole and so on.  how much worse do you think it gets as you go up the ladder to state police, FBI, DHS, NSA, CIA? there comes a point in time that when they look in the mirror they don't even trust themself.

Got The Wrong No's picture

Talk about being able to trust. This was an enlightening video and well worth the time to view.   

DARPA Insider Reveals the Coming Hive Mind Control Grid: “If Even 20% Of What This Guy Says Is True…”

The video below features a keynote by Dr. Robert Duncan regarding what can only be described as our coming hive mind control grid. He isn’t just talking about advances in transhumanism, the singularity, or artificial intelligence. He’s talking about how to control the minds of everyone on the planet and evolving humanity in a technological sense… whether they like it or not.

https://youtu.be/hKh-_VUllTI

PT's picture

The question is not, "Can the ones and zeroes be trusted?"  The question is, "How the hell could the ones and zeroes possibly be trusted at all???"  They're just ones and zeroes!  You can do whatever you like with them.  Maybe you can't but I guarantee you several other people can!  This is like acting all surprised when you discover that locksmiths know how to pick locks.

"You fucked up!  You trusted us!"

https://www.youtube.com/watch?v=JTF2j0OWUi8

But refer to my other comment above.  I expect that surely it would be a little bit more difficult than what I said.  Perhaps.  I would like the experts to explain how or why I am wrong.

logicalman's picture

I just counted my legs.

Seems I have two, if I can trust my eyes.

If the See Eye Ay said I have two, I'd do a re-count and have it confirmed by someone I could 'trust!' ;-)

 

land_of_the_few's picture

Don't know but the Sony Korea hacky thing was also "verified" by you-know-who, just like the DNC one

PT's picture

You got 90(?)% of the population using computers and telephones that automatically update their own software, not to mention the antivirus software.  And 99% of the population just automatically believe that these updates ONLY do the right thing.  (Errr, actually, more people have become aware since Windows 10).  The reality is that 99% of the population has absolutely NO idea what their computers and phones are uploading and downloading and no way to find out and most of them don't give a shit either way.  For example, the entire world's computers could be shipped straight from the factory with kiddie-porn, encrypted or not, or written in as "deleted" but still there, ready to be activated by the smallest of viruses or "updates", and most of the world's population would not be able to prove it either way.  The whole system relies on an unbelievably HUGE amount of TRUST.

You think it means something when you see a bunch of coloured dots on a screen?  It is ALL TRUST.

OverTheHedge's picture

I posted earlier today (perhaps yesterday for our American chums) the idea that computer "evidence" is soon to be inadmissible in court, as it is completely suspect. This means that all those pizza people will just shrug and say,"" "CIA put it there....", and there will be no way to prove, one way or the other, what the truth might be. Cyber crime is about to become an oxymoron. Where are all those bitcoin the FBI "confiscated?

Grumbleduke's picture

the peons will get the boot, regardless. Only the aristrocrats will be exempt.

Chris Dakota's picture
Chris Dakota (not verified) Looney Mar 31, 2017 9:52 AM

Julian Assange is THE most powerful man in the world.

God Bless you Julian, and thank you!