The latest disclosure of CIA cyber tools by WikiLeaks’ reveals a technique used by the agency to hide its digital tracks, potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets.
The release on Friday of the CIA’s “Marble Framework” comes less than a month after the anti-secrecy organization dumped onto the Internet a trove of files – dubbed Vault 7 – that described the type of malware and methods the CIA uses to gain access to targets’ phones, computers and other electronic devices.
Also Read: Emirates to Build an Airplane with a Swimming Pool and Gym Onboard
According to the report a computer security researcher at the University of California at Berkeley was quoted saying that;
“This appears to be one of the most technically damaging leaks ever done by WikiLeaks, as it seems designed to directly disrupt ongoing CIA operations and attribute previous operations,” said Nicholas Weaver,
The material includes the secret source code of an “obfuscation” technique used by the CIA so its malware can evade detection by antivirus systems. The technique is used by all professional hackers, whether they work for the National Security Agency, Moscow’s FSB or the Chinese military. But because the code contains a specific algorithm, a digital fingerprint of sorts, it can now be used to identify CIA hacking operations that had previously been detected but not attributed.
“It’s one thing to say, ‘I got hacked.’ It’s another thing to say, ‘I got hacked by the CIA,'” said Jake Williams, founder of Rendition InfoSec, a cybersecurity firm. “I suspect this could cause some foreign policy issues down the road.”If this source code is used in a majority of CIA hacking operations, Williams said, the release could be “devastating.”
In releasing the material, WikiLeaks tweeted: “CIA Vault 7 Part 3 ‘Marble’ – thousands of CIA viruses and hacking attacks could now be attributed.”
RELEASE: CIA Vault 7 Part 3 “Marble” — thousands of CIA viruses and hacking attacks could now be attributed https://t.co/MfNtlwEoZS #Vault7 pic.twitter.com/2SVNR3v7Ll
— WikiLeaks (@wikileaks) March 31, 2017
CIA’s hacking operations are much smaller in scale than the NSA’s, designed to enable intelligence gathering by human spies – more “boutique” than industrial-strength.
WikiLeaks, in its press release, suggested that the obfuscation tool might be used to conduct a “forensic attribution double game” or false flag operation because it included test samples in Chinese, Russian, Korean, Arabic and Farsi.
But Williams explained that the tests were to ensure that hacking operations using code written in those languages could be hidden. “If you’re trying to false flag an operation as Chinese, you wouldn’t want to hide those code strings, you’d want everyone to see them,” he said. Moreover, other experts said, attribution is based on more than just malware analysis.
The extent of the damage will take time to assess and the cost of replacing lost capabilities is expected to be high, experts said. An FBI and internal investigation is ongoing into how the files were breached.
Also Read: MIT Mathematician Develops an Algorithm to Help Treat Diabetes !