This article is from the source 'rtcom' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.rt.com/news/382940-wikileaks-vault7-marble-framework/

The article has changed 5 times. There is an RSS feed of changes available.

Version 1 Version 2
#Vault7 Part 3: WikiLeaks reveals how ‘Marble’ tool disguised CIA hacks #Vault7: WikiLeaks reveals ‘Marble’ tool could mask CIA hacks with Russian, Chinese, Arabic
(35 minutes later)
WikiLeaks’ latest batch of documents, named ‘Marble’, details CIA hacking tactics and how the agency can hamper forensic investigators from attributing viruses, trojans and hacking attacks to them. The tool was in use at the agency as recently as 2016. WikiLeaks’ latest batch of documents, named ‘Marble’, details CIA hacking tactics and how they can hamper forensic investigators from attributing viruses, trojans and hacking attacks to the spy agency . The tool was in use as recently as 2016.
The third release, which contains 676 source code files for the agency’s secret anti-forensics framework, is part of the CIA’s Core Library of malware, according to a statement from WikiLeaks.The third release, which contains 676 source code files for the agency’s secret anti-forensics framework, is part of the CIA’s Core Library of malware, according to a statement from WikiLeaks.
WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.
It’s “designed to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.It’s “designed to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.
The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.
READ MORE: #Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracksREAD MORE: #Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracks
“This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains, “But there are other possibilities, such as hiding fake error messages.”“This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains, “But there are other possibilities, such as hiding fake error messages.”
The code also contains a ‘deobfuscator’ which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.”The code also contains a ‘deobfuscator’ which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.”
Previous Vault7 releases have referred to the CIA’s ability to mask its hacking fingerprints.Previous Vault7 releases have referred to the CIA’s ability to mask its hacking fingerprints.
WikiLeaks claims the latest release will allow for thousands of viruses and hacking attacks to be attributed to the CIA.WikiLeaks claims the latest release will allow for thousands of viruses and hacking attacks to be attributed to the CIA.
Now comes the fun stuff
“This framework is intended to help us [AED Applied Engineering Division] to improve upon our current process for string/data obfuscation in our tools,” a CIA Marble Framework page explains.
“The framework allows for obfuscation to be chosen randomly from a pool of techniques. These techniques can be filtered based upon the project needs. If desired, a user may also, select a specific technique to use for obfuscation.”
A receipt file is generated which identifies which algorithm was used along with the strings or data that was obfuscated.
Under “Coding with the Marble Framework,” the page breaks down how to code with Marble. “Now comes the fun stuff,” it reads.
Featured in the coding examples are instructions on how to “add foreign languages” algorithms.