This article is from the source 'rtcom' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.rt.com/viral/379779-vault7-cia-hacking-fingerprints/
The article has changed 3 times. There is an RSS feed of changes available.
Version 0 | Version 1 |
---|---|
#Vault7: How the CIA steals hacking fingerprints to cover its tracks | #Vault7: How the CIA steals hacking fingerprints to cover its tracks |
(about 11 hours later) | |
The CIA can hide its own fingerprints from its hacking exploits and attribute blame to others, such as Russia and China, according to WikiLeaks’ Year Zero confidential data release. | The CIA can hide its own fingerprints from its hacking exploits and attribute blame to others, such as Russia and China, according to WikiLeaks’ Year Zero confidential data release. |
READ MORE: WikiLeaks publishes 'entire hacking capacity of the CIA' | READ MORE: WikiLeaks publishes 'entire hacking capacity of the CIA' |
Every hacking technique leaves a “fingerprint” which, when collated, can be used to connect different attacks and tie them to the same culprit. | Every hacking technique leaves a “fingerprint” which, when collated, can be used to connect different attacks and tie them to the same culprit. |
The CIA’s Remote Development Branch (RDB)’s Umbrage sub-group collects an archive of hacking exploits created by other actors, like Russia and other hackers, and leaves this false trace for others to detect. | The CIA’s Remote Development Branch (RDB)’s Umbrage sub-group collects an archive of hacking exploits created by other actors, like Russia and other hackers, and leaves this false trace for others to detect. |
Umbrage captures and collects keyloggers, passwords, webcam captures, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques. | Umbrage captures and collects keyloggers, passwords, webcam captures, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques. |
This allows the CIA to not only steal other’s hack techniques, but falsely apportion blame to those actors. | This allows the CIA to not only steal other’s hack techniques, but falsely apportion blame to those actors. |
Hacking Team | Hacking Team |
An Umbrage document shows how the agency mined information from a breach of Italian “offensive security” vendor Hacking Team, that boasts governmental and law enforcement clients. | An Umbrage document shows how the agency mined information from a breach of Italian “offensive security” vendor Hacking Team, that boasts governmental and law enforcement clients. |
Some 400GB of data including “browser credential stealing” and “six different zero-day exploits” was released in the breach, which Umbrage studied and added to its repository. | Some 400GB of data including “browser credential stealing” and “six different zero-day exploits” was released in the breach, which Umbrage studied and added to its repository. |
DNC hack | DNC hack |
In the case of the Democratic National Committee (DNC) hack, which reports have connected to Russia, the fingerprints used to link blame to Russian hackers may have been manipulated. | In the case of the Democratic National Committee (DNC) hack, which reports have connected to Russia, the fingerprints used to link blame to Russian hackers may have been manipulated. |
READ MORE: ‘Propaganda intended to incite Americans’: John McAfee to RT on ‘Russian hacking’ claims | READ MORE: ‘Propaganda intended to incite Americans’: John McAfee to RT on ‘Russian hacking’ claims |
Crowdstrike, a private security firm linked to the Atlantic Council, found the hackers who accessed the DNC emails (and those of Clinton campaign chair John Podesta) left “clues,” which Crowdstrike attributed to Russian hackers. | Crowdstrike, a private security firm linked to the Atlantic Council, found the hackers who accessed the DNC emails (and those of Clinton campaign chair John Podesta) left “clues,” which Crowdstrike attributed to Russian hackers. |
Malware dug into the DNC computers was found to be programmed to communicate with IP addresses associated with Fancy Bear and Cozy Bear - hacking groups that Crowdstrike says are controlled by Russian intelligence. | Malware dug into the DNC computers was found to be programmed to communicate with IP addresses associated with Fancy Bear and Cozy Bear - hacking groups that Crowdstrike says are controlled by Russian intelligence. |
READ MORE: US Senator accuses RT of hacking Google, RT suggests he should learn how search engines work | |
Metadata found in a file contained modifications by a user using Cyrillic text and a codename Felix Edmundovich. | Metadata found in a file contained modifications by a user using Cyrillic text and a codename Felix Edmundovich. |
While the documents released don’t tie Crowdstrike to the CIA’s Umbrage program, the data demonstrates how easily fingerprints can be manipulated, and how the CIA’s vast collection of existing malware can be employed to disguise its own actions. | While the documents released don’t tie Crowdstrike to the CIA’s Umbrage program, the data demonstrates how easily fingerprints can be manipulated, and how the CIA’s vast collection of existing malware can be employed to disguise its own actions. |