In the almost total indifference of the generalist media, the operation Vault 7, launched by WikiLeaks last 7 March, continues to reveal interesting material about them information operations of the CIA. The agency, as could be expected, has neither confirmed nor denied the authenticity of the huge quantity of fillet that the organization of Mr. Assange claims to have acquired, none other, from the "heart" of the structure. However, Mr. Snowden, well known by WikiLeaks, has no doubts about the authenticity of this information and many industry experts agree with him. Moreover, and this too was to be expected, the major producers of the e hardware object of the "attentions" of the agency as shown by Vault 7, they hastened to resize the story. In particular, they state that many of the techniques and tools used by the CIA have long been known or exploit vulnerabilities of the already outdated systems, and therefore they consider their products to be absolutely safe. But it's not like this: Vault 7 before and now WannaCry, show how fragile the cybernetic ecosystem created by the producers of need hardware. Beyond the belief in the attribution to the CIA of the information disclosed or of the personal diffidence towards WikiLeaks, the most striking aspect of this story is precisely the demonstration that, at present, nothing can be said to be really "safe" in the cyber-space. Those who say the opposite, evidently, have specific interests to do so, which do not always coincide with those of us citizens and consumers. But let's sum up what has emerged so far thanks to Vault 7.
First, with "Year Zero", the first release of the 7 March (article), the largest amount of transaction information was disseminated cyber of the CIA, from which it would also emerge the involvement of the CIA intelligence of His Majesty. Apart from the history of the smart TV, the most important aspect that emerged is that intelligence would be able to use hacking (compromise) can be found on the net or developed on their own. Some of these techniques, particularly sophisticated, would or would have been able to compromise the most widely used operating systems in the world at a level that has never been so far kernel, the central core of the code with which they are written.
Subsequently, the 23 of the same month was released the "package" baptized "Dark Matter", focused on hacking specially developed by the American agency, in order to compromise Apple devices. According to this company, the vulnerabilities exploited by the CIA were solved and removed time by their devices. This is probably true, but the fact remains that the material published by WikiLeaks covers a period ranging from 2013 to 2016 when probably the vulnerabilities had not yet been removed from all systems and, however, it is unlikely that the CIA has developed a such an ambitious project knowing it would have had a short life.
With "Marble Framework", instead, March 31 was published more than 600 fillet containing source code linked to the agency 's project intelligence American, trying to disguise their operations cyber. Experts agree that Marble is not particularly advanced, but they point out the CIA's casual use. In particular, to disguise their own malware o cyber attacks, techniques have been used to avoid recognizing source code security is to leave you traces that, if analyzed by investigators or experts of security companies, would mislead the investigations, causing them to attribute their "paternity" to other subjects. Lastly, with Marble, the methods of disabling the masking of the attacks would also be revealed. One aspect that must not have made the agency managers happy.
The April 7, on the WikiLeaks website made its appearance "GrassHoper", another project aimed at compromising the devices and used by users, this time produced by the Microsoft company. In particular, GrasshHoper would have allowed the agency to get around the of safety, among which the antivirus, in order to install and activate malware intended, in all likelihood, for activities of intelligence.
Just seven days later "Hive" was published, a project that would involve an infrastructure set up by the CIA, mainly to collect data transmitted by computer and by smartphone compromises and to control them (ie send commands) at a distance. Specifically, all this would have happened without the knowledge of users, through unsuspected sites websites in the public domain, actually under the control of the agency. Another technique borrowed from the world of the hacker.
The 21 April was released the material about "Weeping Angel", the malware which would be developed in collaboration with intelligence British and who, in the meantime, made so much noise in the media. The weeping Angel, which would be able to compromise on smart TV, has already written enough.
Much more interesting is Scribbles, a project designed to capture the ability to trace classified information disclosed on the net intentionally. In summary, in the fillet products using Microsoft Office containing such information, it would have been possible to "embed" a code that could send "signals" into the websites, captured and traced by the CIA. This would allow the agency to retrieve the devices from which it had access to fillet and, above all, to its owners. Obviously, in the case of Vault 7, however, something did not work.
"Men in the middle", on the other hand, might seem like one of the many verbal expressions in the States to indicate a particular sexual practice; however, it is the technique used for the malware "Archimedes". This other tool would have been developed by the agency on the basis of a malware already existing, baptized "Fulcrum". It was brought to light by Vault 7 last May 5 and would allow you to infect a whole local network through a single PC connected to it. this computer, under the direct control of the CIA, would logically be between computer "lens" and network connection with the outside. In this way, "the man who is in the middle" would devote himself to nothing other than acquiring all the data exchanged from the network with the outside, with the purpose of discovering the vulnerabilities to be exploited to infect others computer and then take control.
The 12 last May, however, it was possible to know two malware very similar to each other: "AfterMidnight" and "Assassins". These two "brothers" would be particularly fond of Microsoft Windows operating systems and, using slightly different techniques, they would have a bad habit of sending data contained in infected devices and receiving commands from the CIA, including those for installing additional malware. Finally, they would be able to uninstall at command or at a predetermined date, without leaving traces.
We come to the latest CIA product documented by WikiLeaks, that is, the tweet spyware "Athena" and "Hera", which overall could compromise any version of the Microsoft Windows operating system, XP to 10 and 2008 to 2012 server. And this is just the most interesting aspect, rather than the mechanism of their operation: the dating of some documents suggests that the agency is actually able to compromise even the latest creature of Microsoft, Windows 10, the operating system that should be a decisive step forward in terms of security. For the rest, Athena / Hera does not seem to be anything particularly sophisticated.
In short, if you read this article, many people will snatch their nose, saying that WikiLeaks has discovered "hot water", it should be admitted, rather, that Vault 7 has at least the advantage of offering the "average digital citizen" consciousness in that "digital world" lives. If it is true that we are talking about the "informationfera" in which we now live, it is good to know that, when it is fine, it is subject to the attention of the intelligence, as part of the conduct of its missions. When it goes wrong, however, in the consideration that many of the tools used are the same as'intelligence, to jeopardize the information we depend on today, are the criminals.
Another clear example: WannaCry. At the time of writing this modest article, it is still the echo of the hustle and bustle caused by this new cybernetic attack, which hit the planetary level causing great problems. However, WannaCry deserves a specific article, which will be released as soon as more detail is known and, above all, when some of its specific aspects will be confirmed. In particular, the probable origin of the malware used for the attack, which would date back to the National Security Agency (NSA), which would have "lost control" for some time.
In any case, the situation that emerges from the events Vault 7 and WannaCry is particularly serious: it seems that there are no intended for mass consumption, able to guarantee a reasonable level of security for users' information. But this, as written in a previous article, makes the good game of producers, governments and criminals. The former continue to produce sacrificing something in terms of security, with the sole purpose of obtaining maximum profit. The latter benefit from the vulnerabilities left behind by the former, to achieve their legitimate and less legitimate purposes. The latter are enriched at our expense, risking, in most cases, at most a bad backache for too many hours spent at the computer. It would be time to stop this hateful vicious circle!
Main sources:
http://www.wired.co.uk/article/cia-files-wikileaks-vault-7
https://threatpost.com/wikileaks-reveals-cia-tool-scribbles-for-document-tracking/125299/
aftermidnight-assassin-malware-framework.html
http://securityaffairs.co/wordpress/58775/hacking/cia-archimedes-tool.html
http://securityaffairs.co/wordpress/58518/hacking/wikileaks-cia-scribbles.html
http://securityaffairs.co/wordpress/59256/intelligence/wikileaks-athena-spyware.html
