WikiLeaks Releases Documents on Two CIA Projects Targeting Network Protocols – Sputnik International

World

17:35 06.07.2017(updated 17:41 06.07.2017) Get short URL

"Today, July 6th 2017, WikiLeaks publishes documents fromthe BothanSpy and Gyrfalcon projects ofthe CIA. The implants described inboth projects are designed tointercept and exfiltrate SSH credentials butwork ondifferent operating systems withdifferent attack vectors," WikiLeaks said ina statement.

SSH is a cryptographic network protocol which gives the user a secure remote access toa websites server. The SSH credentials are the login details, namely the server address, port number, the username and the password.

According toWikiLeaks, the BothanSpy is an implant targeting the SSH client program forMicrosoft Windows platform, stealing user credentials form active SSH sessions. The data is then either exfiltrated toa CIA-controlled server, or encrypted and saved forlater exfiltration byother means.

Gyrfalcon, inits turn, is an implant that targets Linux platforms and can steal the credentials, encrypting the information forlater exfiltration.

WikiLeaks released three documents that appear tobe the CIAs tool documentation and user manuals forboth projects asevidence.

The whistleblowing website released the first patch fromthe Vault 7 project inMarch, withthe first full part comprising 8,761 documents. The previous release, dedicated tothe CIA spying geo-location malware forWiFi-enabled devices, dubbed ELSA, took place onJune 28.

Read more from the original source:
WikiLeaks Releases Documents on Two CIA Projects Targeting Network Protocols - Sputnik International