Yesterday Wikileaks unveiled their latest installment, a series of leaks officially entitled “Vault 8,” the logistical next step after all the contents of “Vault 7” were released earlier this year. To try and explain these leaks in layman’s terms, Vault 7 exposed various hacking tools used by the Central Intelligence Agency to commit illegal/criminal acts all around the world. The contents of Vault 7 also included a breakdown of the tools, what they did and how the agency proceeded to use them. Vault 8 takes the leaks of Vault 7 another step further by releasing the source code of these individual hacking tools outright, theoretically allowing anyone in the world to own or use them in the future.
Much like Vault 7, Vault 8 will consist of a series of small releases over the course of the next several weeks and months, and each new release will unveil a new hacking tool to the online world. The first tool released today is known as “Hive,” a tool used by the CIA to conceal the agencies traffic when interacting with or using malware already installed on an infected computer. To accomplish this, Hive malware mimic’s the digital traffic of other software programs already installed on a computer, such as an anti-virus program. Once installed on a host computer, Hive allows agents at the CIA to actively communicate with the infected computer in live time without their traffic being detected or intercepted.
View Official Release Here: https://wikileaks.org/vault8/
— WikiLeaks (@wikileaks) November 9, 2017
One of the most interesting pieces of information exposed by yesterdays leak was that the CIA regularly faked the security certificate of Kapersky Lab products in order to communicate with infected computers. To understand why this is significant, Kapersky Lab was previously one of the worlds most used/trusted anti-virus software producers and the company has repeatedly tested highest in terms of Windows security. By faking the identity of Kapersky Lab, the CIA could theoretically have accessed millions of computers around the world, including computers used by other Government agencies.
For example, earlier this year the United States Government went on a crusade against Kapersky Lab, officially banning all Federal agencies and employees from owning or using Kapersky products in the future. Other Government agencies, including the FBI, have also since gone out of their way to advise American business owners to ditch Kapersky all the same. I do not think this is any small “coincidence” and, given the information now exposed by Wikileaks, perhaps some of these events were inspired by the CIA attempting to get out ahead of the release of this information.
— WikiLeaks (@wikileaks) November 10, 2017
We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected
— Eugene Kaspersky (@e_kaspersky) November 9, 2017
With that said, despite the release of the source code for the Hive hacking tool today, as was reported by security researcher Catalin Cimpanu, News Editor at Bleeping Computer, Hive does “not possess an immediate danger to end users, as they cannot be used to compromise computers, but they can be used to set up a backbone infrastructure for the delivery and control of other more potent threats.” With that said however, Cimpanu goes on to point out that “if WikiLeaks ends up releasing the source code of other Vault 7 tools, things could become tremendously worse for the rest of the world. For example, tools like Achilles, Aeris, SeaPea, DarkSeaSkies, Archimedes, Brutal Kangaroo, or CherryBlossom, are actually offensive cyber-weapons that could be incorporated into various existing malware families and hacking toolsets.”
If something like this were to occur then theoretically any hacker in the world be in instantaneous possession of some of the worlds most sophisticated and advanced hacking tools, a clear and present danger for obvious reasons. Perhaps ironically enough, this is also something I warned about in a previous article written this past March, entitled “3 Reasons Why The Wikileaks CIA Data Dump Should Matter Much More To You.”
Categories: Hacking News