WikiLeaks Publishes CIA Hacking Tool Designed To "Impersonate" Russia's Kaspersky Lab

Tyler Durden's picture

On September 18th, the US Senate voted to ban the use of products from the Moscow-based cyber security firm Kaspersky Lab by the federal government, citing national security risk. The vote was included as an amendment to an annual defense policy spending bill approved by the Senate on the same day and was written to bar the use of Kaspersky Lab software in government civilian and military agencies.

Alas, according to a new revelation from WikiLeaks this morning, any perceived "national security risk" from Kaspersky could have resulted from the fact that the CIA specifically designed hacking software, code-named 'Hive', which intentionally "impersonated" the Russian cyber security firm so that "if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated."

Here's a summary of the hacking tool posted by WikiLeaks:

Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

 

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

 

The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.

 

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.

Of course, Kaspersky Lab has been producing anti-virus software for 20 years and boasts 400 million customers around the world. Suspected of being involved in cyber espionage, the company's management has maintained that it has been "caught in the middle of a geopolitical fight" and is being "treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts"...

...this new WikiLeaks revelation would seemingly lend some credence to Kaspersky's conclusion.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Ignatius's picture

Oh, gee, imagine our surprise.

Excuse me now while I mop up some coffee.

land_of_the_few's picture

NATO early shift. Some of them probably actually are Jew-haters and brownshirts, unbeknownst to their managers, who think it's all fake astroturfing output! Imagine the hilarity when they find out their minions actually mean it and won't stop!

yomutti2's picture

Oh,please. The Russian mouthpieces should just stop trying to confuse people abaout Kaspersky. It's pretty obvious that they are a front for Russian intelligence.

 

 

asteroids's picture

You folks don't get the implications of what the CIA can do or engineer as the "next step".

caconhma's picture

CIA is not in a spy business. It is an out-of-control Crime/Terrorism Inc. with its own agenda.

The USA is in a deep shit both domestically and internationally. We have no coherent policies. We do not have even a country when our leaders have a multi-citizenship and swear their allegiance to foreign countries hostile to the USA.

As for low-life Trump, he is a total failure as a US President. It appears that Trump (with Kushner assistance) is seeing himself as a salesman for the WallStreet and US MIC.

PT's picture

What?  You mean the CIA can arrange the ones and zeroes in any order they like???  The real question is why are they the only ones who can do this? 

Yeah, I know.  Encryption stuff.  But that is why hackers hack.  You need to know fine details but sometimes you don't need to know everything.  Sometimes there are work-arounds.

I have zero surprise that the technocrats can order the ones and zeroes any way they like.  This is their "gun" that the little people do not have.  Little people on computers are like real people with no 2A.

peippe's picture

Stranger things have happened.

Thought Processor's picture

 

I assume they can do this with any and all anti-virus software.  Hell maybe any and all software roaming the net these days.  Intel agencies are simply spoofing on steroids.

 

Therefor all digital evidence is suspect to an extent.

booboo's picture

Go long a law firm staffed with hackers who can make it understandable to their suits

Yog Soggoth's picture

Point on, and if I were Kaspersy, I would sue them immediately. What they did was illegal.

East Indian's picture

If I were Kaspersky, I would spy recklessly, confident that now onwards people would ascribe my spying to CIA. 

ConnectingTheDots's picture

I stopped using anti-virus software by US companies several years ago since I was concerned that these companies were "requested" to install backdoors in their products by the US alpabet soup agencies.

How sad, that I trusted a Russian company more than I trusted US companies becasue I felt the chance of being spied on was less.

I eventually ditched Windows because it is known to have government installed backdoors and switched to Linux where at least there is a community of people who check the open source code for exploits.I was very pleasantly surprised how easy the learning curve was to transition from Windows to Linux Mint and the computers actually ran much faster without all the Windows bloatware.

Taking this one step further, any corporate executive who entrusts their corporate data to "the cloud" should have their heads examined and be fired for gross negligence and incompetence.

Money Boo Boo's picture

The Jews aren't the arbitors of all dirty shit pulled by US.gov. Last time I checked Cheney wasn't a Jew. Clintons aren't Jews. Obama's not a Jew. Drumpf isnt Jewish. The MIC and Joint Chiefs and JSOC aren't Jews.

 

Point Being Made:  You're a fucking retard

WTFRLY's picture

Please, they are all card carrying Zionists that are down with the Greater Israel plan and more. Stop cutting it up into pieces like someone else is doing it or this is a random piile of shit the world has landed itself in. No they are all Jews per se, and I don't hate regular Jews, but these cryptojoo Zionists? Fuck all of them, period. Stop being naive about where the shit comes from and why. Everything from mass surveillance to the terrorism, war zones, economic fuckery and worse, it all ties back to them. Fuck you if you don't wanna address it. Just keep being mad at the random Muslim terrorist or SJW, keep bleating on at them. That's really helping.

JRobby's picture

He still doesn't understand the difference.

Must have been out sick in 5th grade for that "Set, sub-set" exercise.

Joe Mama 3's picture

I'm wit ya playa. They were not kicked outta every country in Europe for nuttin !!!!!!!!!!!!! Blood Libel, Occultism disguised as a Judism, mouth ta dick circumsision, DANCING ISRALIES.........  dont git me wrong, mitt romney wears magic underwear, the mutherfucker wears magic underwear, the bushes are sick devils, i'm gonna say it. 9/11 was an inside job and the zionist state had something to do wit it, i'm gonna say it. there should be no sacred cows here. nothing is untouchable, especially if it it done wit taxpayer funds hot of the fake presses !!!!!!!!!!    My disgust at all the V.A. spending and disabled vet payouts is not tasteful to some, but it should be discussed. If ya cant handle unfortunate truths, take ya ass back to yahoo.com 

finametrics's picture

why are you writing like a moron? you can agree with the obvious as it relates to the zio-critters, but you can do it without sounding like a nincompoop. just sayin...

WTFRLY's picture

Typo, no, they are NOT all of Israeli or Jewish lineage and I'm not talking about practicing the Jewish faith. gtfo.

finametrics's picture

wtf are you talking about, i was replying to the other dude who literally writes like a moron

waspwench's picture

You are correct, they are not jews.   They are simply employees.

Gorgeous's picture

More like prime contractors.  CIA couldn't code 2×2.  Julian, any luck finding those DARPA contracts? What do u want to bet Facebook and Google have their fingerprints on that code.

finametrics's picture

what an incredible imbecile. the blame is not on the "jews" per se, but it is and has always been on the talmudist zionists and their false god satan. why is it that the jews have a history of always being kicked out of every country they squat in? the answer is quite factual. a few bad talmudist apples engaging in usury that ruin it for everyone else, including their own kin. along the way, they pick up and hire prostitutes like the clinton's who'll gladly sell their ass for some cookies.

 

dont take my word for it, read it from the grandfather of jew history who writes about it:

http://www.gutenberg.org/ebooks/45085?msg=welcome_stranger

 

also

https://www.youtube.com/watch?v=5va4dq_gG3M

Yog Soggoth's picture
aangirfan: Hillary Clinton: The First Jewish Woman President? You almost had the first jewess president in history. In their culture, as with other tribes, it is matrilineal succession rather than patriarchal. What is surprising is that you are on a financial news website and never expected any of the commentaters would be at least part jewish, married into, or worked extensively with those that you obviously know nothing about.
IH8OBAMA's picture

I've been using Kaspersky on my computers.  I decided months ago that when it comes up for renewal I'll switch to something US made just because at some point it might become compromised.

Solosides's picture

So instead of going to a safe injection site and using a clean needle, you would rather use that dirty blood covered needle you found on the street and that has been used by 20 other people.

Ignatius's picture

"...you would rather use that dirty blood covered needle..."

Wouldn't be the first.

DeusHedge's picture

how pob of you

HAHAHA GIMME THE POWER

IH8OBAMA's picture

What a stupid comment.

Putting a backdoor into Kaspersky software would be a perfect way for Russia to gain control of millions of computers should hostilities of any kind break out.  There is no reason to take that risk as it is highly likely to be a real threat. 

Your comments are making me consider making the change sooner.

Sledge750's picture

I'll bet you rubles to dollars the US will launch hostilities in a foreign country before the Russians!

number06's picture

you lose ... ukraine or georgia come to mind?

Volkodav's picture

       yeh, I am reminded dumbass...

       violent fiery cookie coup, police killed, civilians slaughtered and Russian Peacekeepers murdered in their baracks

 

Yog Soggoth's picture

Right now, but I would not make that bet in the future. Central banks and treasuries have many tools at their disposal. First major country that goes gold backed for certain commodities in agreement with other countries wins. Dropping of zeros can have many uses for specific monetary problems.

Dsyno's picture

"Your comments are making me consider making the change sooner."

No one cares.

By the way, way to drink the kool-aid and be a sucker for propaganda.

vulcanraven's picture

"Putting a backdoor into Kaspersky software would be a perfect way for Russia to gain control of millions of computers should hostilities of any kind break out."

 

>Doesn't realize that this is exactly what the US intelligence community is already doing to its own citizens.

finametrics's picture

lol. what a dumb fuck. because Russia has a centuries long history of attacking first and invading other countries? gtfoh simpleton.

kochevnik's picture

Finally you decide to share your computer power with botnets

Thought Processor's picture

 

"The problem with internet quotes is that you can't always depend on their accuracy" -Abraham Lincoln, 1864

 

I'm sure Lincoln would have included all information on the internet, if only he had given it a bit more thought.

land_of_the_few's picture

Well you don't have to wait for the other stuff to be compromised, so you will save time!

Buck Johnson's picture

Sorry, But I trust Kaspersky over any of the US. 

 

RedDwarf's picture

"I've been using Kaspersky on my computers.  I decided months ago that when it comes up for renewal I'll switch to something US made just because at some point it might become compromised."

If you are using anything but an open source anti-virus, you can assume there is a backdoor designed by teh company at the behest of the parent government.  It doesn't matter if said software is from the USA or Russia.

bh2's picture

So it comes down to whether you trust you personal data more with the US or Russian government.

Hmmmmm....

Blue Steel 309's picture

It couldn't be any more blatantly obvious that the US gov is waging a propaganda war against Kaspersky precisely because it is the only company that they don't have a backdoor to.

I will never use anything else BUT Kaspersky.

TAALR Swift's picture

Ah, but Norton has a "Pre-Black-Friday" sale.  Regular $70. Now $20.

Better hurry and get that NSA/CIA backdoor installed at a discount.  They don't pay you.  You pay them

Remember:

   i.  You're #1, you're Exceptional

   ii.  Salute the flag and Support the Troops

   iii. Pray to your deity (that caused the natural disaster, to help the victims your deity created)

   iv. Pay your taxes

   v.  Max your 401k and IRA contributions

 

p.s. We have always been at war with Eurasia

GeoffreyT's picture

You would be better advised to switch off Fox News and wait until Kaspersky opens its source.

Kaspersky has has said it intends to do this (to an extent) in Q1 of 2018, permitting source code review by a selected group of tech-competent reviewers.

If the group is not good enough, the FOSS community will scream it from the rooftops - so Kaspersky is unlikely to want to reputational damage that would happen if they only chose 'safe hands' for the review.

None of that will be on Fox News, because to be on that network you have to be a bloviating tech-illiterate blowhard, just like the audience.

Winston Churchill's picture

Not that  it matters if you truly are tech literate, the problems go far deeper

than operating systems and programs on them.We already know about spyware

built into drive firmware.I'm convinced that bios on every computer has similar problems.

Very odd that only one company dominates in writing it,unless someone is sudsidizing

loss leading for a whole different reason.

ConnectingTheDots's picture

You are heading in the wrong direction.

US companies are far more likely to have been compromised by the government.