WikiLeaks shows CIA hijacked Russian mafia malware – TRUNEWS

Posted on by

On Friday WikiLeaks released part 4 of their Vault 7 series detailing Russian mafia malware believed to have been weaponized by the CIA

(WASHINGTON, DC) WikiLeaks has released the fourth part of their Vault 7 CIA series.

The package set free to the world today is pointedly named Grasshopper, and details alleged CIA hacking techniques involving malicious software WikiLeaks claims was taken from suspected Russian organized crime.

The latest release consists of 27 documents WikiLeaks claims come from the CIAs Grasshopper framework, a platform for building malware for use on Microsoft Windows operating systems.

In a statementfrom WikiLeaks, Grasshopper was described as providing the CIA with the ability to build a customized implant which will behave differently, depending on the security capabilities of a computer.

According to WikiLeaks, Grasshopper performs a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration."

This allows CIA operators to detect if a target device is running a specific version of Microsoft Windows or if an antivirus is running, according to the statement.

Grasshopper allows tools to be installed and run on a machine without detection using PSP avoidance, allowing it to avoid Personal Security Products such as 'MS Security Essentials', 'Rising', 'Symantec Endpoint' or 'Kaspersky IS'.

One of the so-called persistence mechanisms, which allows malware to avoid detection and remain on a computer system indefinitely, is known as Stolen Goods.

In the WikiLeaks release, it is creditedto Umbrage, a group within the CIAs Remote Development Branch (RDB) which was linked in the Year Zero release to collecting stolen malware and using it to hide its own hacking fingerprints.

The components of the Stolen Goods mechanism were taken from a malware known as Carperb, a suspected Russian organized crime rootkit," alleges WikiLeaks.

Stolen Goods targets the boot sequence of a Windows machine, loading a driver onto the system that allows it to continue executing code when the boot process is finished.

WikiLeaks confirmed that the CIA did not merely copy and paste the suspected Russian malware but appropriated "[the] persistence method, and parts of the installer, which were then modified to suit the CIAs purposes.

The latest release came with an emblem containing a grasshopper and the words: Look before you leap, a possible reference to how the latest leaked tools would allow the CIA to prepare a machine for future hacking, without raising suspicion.

The rootkits can be installed and used as a 'man on the inside' who can allow more malicious software through undetected in future, if the CIA felt it necessary. If suspicions were raised on initial installation, they would know not to proceed with a more extensive operation.

Also detailed in the release are Buffalo and Bamboo, modules that hide malware inside DLLs, a collection of shared libraries, on a Windows system.

The two modules operate in slightly different ways: Buffalo runs immediately on installation whereas Bamboo requires a reboot to function properly.

The goal of todays release is to help users seeking to defend their systems against any existing compromised security systems, Wikileaks stated.

Also detailed in the release is ScheduledTask, a component of Grasshopper that allows it to utilize Windows Task Scheduler to schedule executables.

The component would allow the executables to automatically run at startup or logon, before killing it at the end of its duration. Included in ScheduledTask are commands that allow the executables names and description to be hidden.

The release is the fourth in a series called Vault 7 which WikiLeaks claims contains documents taken from within the CIA. Releases so far include Zero Days which detailed the CIAs hacking of Samsung smart TVs and Marble, which allowed the CIA to disguise their hacks and attribute them to someone else, including Russia.

RT copy, TRUNEWS contribution

Donate Today!

We believe Christians need and deserve their own global news network to keep the worldwide Church informed, and to offer Christians a positive alternative to the anti-Christian bigotry of the mainstream news media

Originally posted here:
WikiLeaks shows CIA hijacked Russian mafia malware - TRUNEWS

Related Posts
This entry was posted in $1$s. Bookmark the permalink.