The Hacker News – by Mohit Kumar
WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.
The leak, which includes a user manual of Athena, overview of the technology, and demonstration on how to use this spyware, reveals that the program has two implications:
- Primary: Athena for XP to Windows 10
- Secondary: Hera for Windows 8 through Windows 10
According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its configuration in real time, while the implant is on target “to customize it to an operation.”
“Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system,” WikiLeaks claims.
The leaked documents suggest that Athena, written in Python programming language, was developed in August 2015, just a month after Microsoft released its Windows 10 operating system.
Interestingly, one document also suggests that the CIA agents have been advised to make sure that the spyware should not get caught by antivirus software programs, especially Kaspersky AV software.
Athena has been developed by the CIA in cooperation with Siege Technologies – an American cyber security firm that offers offensive cyber war technologies and works in close cooperation with the United States government.
However, WikiLeaks has not provided any detail about the operations being conducted by the agency using Athena, but it is not hard to imagine how the intelligence agency would be using this program to spy on their targets.
Last week, WikiLeaks dumped two apparent CIA malware frameworks – AfterMidnight and Assassin – for the Microsoft Windows platform that has been designed to monitor and report back actions on the infected remote host computer and execute malicious actions.
Since March, the whistleblowing group has published nine batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:
- Archimedes – a man-in-the-middle (MitM) attack tool allegedly created by the CIA to target computers inside a Local Area Network (LAN).
- Scribbles – a piece of software allegedly designed to embed ‘web beacons’ into confidential documents, allowing the spying agency to track insiders and whistleblowers.
- Grasshopper – reveal a framework which allowed the agency to easily create custom malware for breaking into Microsoft’s Windows and bypassing antivirus protection.
- Marble – revealed the source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
- Dark Matter – focused on hacking exploits the agency designed to target iPhones and Macs.
- Weeping Angel – spying tool used by the agency to infiltrate smart TV’s, transforming them into covert microphones.
- Year Zero – dumped CIA hacking exploits for popular hardware and software.
https://thehackernews.com/2017/05/athena-cia-windows-hacking.html
What about linux? If they are running python on windows seems like it be easy to do the same on linux.
Linux has open source code, the GNU and “copy left” projects ensure when a tool or a kernel is borrowed whatever changes are made must be shown in a programing language form (not binary code) otherwise a lawsuit could ensue.
There is no mystery to what makes linux tick, I am not an expert so anyone please feel free to correct me or add more.
“Linux has open source code, the GNU and “copy left” projects ensure when a tool or a kernel is borrowed whatever changes are made must be shown in a programing language form (not binary code) otherwise a lawsuit could ensue.”
I’m pretty sure the CIA can get out of any lawsuit and are the least of their problems. Just sayin’.
Like BMF says, I believe Linux, although still hackable, is much more secure than any Windows or Apple system at this point in time. But I still wouldn’t say it is 100% secure.
My point is because its “no mystery” I wouldn’t trust it either, I should have been more clear.
Your less likely to catch a virus with linux and it has way less running in the background compared to windows with all its reporting back to headquarters.
I wouldn’t trust ANY computer to be completely unhackable unless it’s kept disconnected from the Internet and has no wireless capability. Even then, there are still ways to access such a computer, but they’re MUCH more laborious and would require you to be specifically targeted (e.g., Van Eck phreaking).
Still, I’d expect Linux to be far more secure than Windows, provided that all the software on the Linux system is completely open source. (Windows could have just as easily been named “Backdoors.”) For day-to-day use, Linux is better for the privacy-conscious. But again, I wouldn’t store anything extremely private on ANY device that can do wireless networking.
Vault 7.
I wonder if they caught the dastardly culprit who leaked the vault 7 info?
You know, the one they claimed was an “inside job.”
I bet they were laughing about that joke in the upper echelons. Hardy har har.
If this is what’s in vault 7 then what’s in vaults 1 through 6?
Vault 1– Jimmy Hoffa’s decomposed skeleton.
Vault 2– the Arc of the Covenant.
Vault 3– James Clapper’s vintage toy Barbie doll collection.
Vault 4– Alter to Satan with inlaid pentagram on the floor.
Vault 5– They keep their weed in there!
Vault 6– Hitler’s mustache.
(just jokin)