PDA

View Full Version : Wikileaks Vault7 Reveals "Marble" Proof of CIA False Flag Hacking




AZJoe
04-01-2017, 06:31 AM
Wikileaks Vault7 Reveals "Marble" Proof of CIA False Flag Hacking
http://www.zerohedge.com/news/2017-03-31/wikileaks-reveals-marble-proof-cia-disguises-their-hacks-russian-chinese-arabic

WikiLeaks’ latest Vault 7 release contains a batch of documents, named ‘Marble’, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. ...
"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."

... to allow for 'thousands (https://www.rt.com/news/382940-wikileaks-vault7-marble-framework/)' of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments. ...

Marble hides fragments of texts that would allow for the author of the malware to be identified. ... the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents. It’s “designed to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms” often link malware to a specific developer ...

The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.

847773877954543616
“This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” ...

The code also contains a ‘deobfuscator’ which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.” ...

AZJoe
04-01-2017, 06:35 AM
From Wikileaks: Marble (https://wikileaks.org/vault7/?marble#Marble%20Framework)

Today, March 31st 2017, WikiLeaks releases Vault 7 (https://wikileaks.org/ciav7p1/) "Marble" -- 676 source code files (https://wikileaks.org/vault7/document/Marble/Marble.zip) for the CIA's secret anti-forensic Marble Framework (https://wikileaks.org/ciav7p1/cms/space_15204359.html). Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding ("obfuscating") text fragments used in CIA malware (https://wikileaks.org/ciav7p1/) from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the English language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

Marble forms part of the CIA's anti-forensics approach (https://wikileaks.org/ciav7p1/cms/page_11629046.html) and the CIA's Core Library (https://wikileaks.org/ciav7p1/cms/page_13763406.html) of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop." ...

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, ...

AZJoe
04-01-2017, 06:41 AM
From ActivitPost (http://www.activistpost.com/2017/03/wikileaks-vault-7-reveals-cia-can-disguise-hacks-malware-russian-chinese.html):

With each release from these Vault 7 leaks, it becomes more apparent that everything we thought the CIA might get in this 1984 (http://www.activistpost.com/product/1328869334/US/permacultucom-20/?cart=y)-esque world — they already have. ...

Over the course of the last 4 months, the deep state has claimed — without evidence — that Russia has interfered in US elections. With this technology, the CIA could theoretically present the evidence it needs to “prove” Russian meddling. ...

the CIA could create a virus that would potentially devastate entire systems — and then blame it on anyone they want.

As Leak of Nations reports (http://leakofnations.com/cia-shadowed-a-black-hat-hackers-conference-in-order-to-deliver-their-sonic-screwdriver-mac-exploit-wikileaks-vault7-sonic-screwdriver-thunderstrike/), in the second batch of ‘Vault 7’ documents, WikiLeaks released a user guide for Sonic Screwdriver – an implant on the Apple Thunderbolt-to-USB converter that allows code to be booted onto an attached device, even if the device is password-protected.
What this means is that the CIA can infect the firmware of Macs at the core of the system with a trojan horse. Having a proverbial ocean of computers to choose from, the CIA could then pick one of those infected computers, launch an attack, use Marble to cover it up and blame it on whomever they wish.

It is no wonder Ubuntu founder Mark Shuttleworth called this “a trojan horse of monumental proportions.”

For now, however, the only one to be caught hacking US elections is the Department of Homeland Security. As the Free Thought Project previously reported, the Department of Homeland Security, under the Obama administration, attempted to hack the Indiana State electoral system nearly 15,000 times.

Prior to the hacks in Indiana, it was the State of Georgia to expose DHS meddling in their elections. ...

http://www.activistpost.com/2017/03/wikileaks-vault-7-reveals-cia-can-disguise-hacks-malware-russian-chinese.html

agitator
04-01-2017, 06:54 AM
http://www.ronpaulforums.com/showthread.php?509230-DNC-Russian-Hackers-Found&highlight=

AZJoe
04-12-2017, 04:13 AM
Symantic Links CIA to Known Cyber-Attacks Against 16 Countries (http://news.antiwar.com/2017/04/10/symantec-links-cia-leaks-to-cyberattacks-in-16-countries/)

Symantec has issued a statement today related to the Vault 7 WikiLeaks documents (https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7)leaked from the CIA, saying that the methods and protocols described in the documents are consistent with cyberattacks they’d been tracking for years.

Symantec says they now believe that the CIA hacking tool Fluxwire is a malware that had been known as Corentry (http://thehill.com/policy/cybersecurity/328093-security-firm-links-cia-leaks-to-series-of-past-attacks), which Symantec had previously attributed to an unknown cyberespionage group called Longhorn, which apparently was the CIA.

They described Longhorn as having been active since at least 2011, and responsible for attacks in at least 16 countries across the world, targeting governments and NGOs, as well as financial, energy, and natural resource companies, things that would generally be of interest to a nation-state. ...

as WikiLeaks continues to share specific vulnerabilities ... the ability of security companies like Symantec to link the CIA to known hacking operations could prove to be even more enlightening as to the scope of CIA cyber-espionage the world over.

AZJoe
04-12-2017, 04:31 AM
Symantec Links CIA to widespread Hacking Attacks (http://thehill.com/policy/cybersecurity/328093-security-firm-links-cia-leaks-to-series-of-past-attacks)

[Wikileaks] documents focus on descriptions of CIA hacking tools, including one called Fluxwire that Symantec believes matches malware the firm had been calling Corentry. Symantec attributed Corentry to an espionage group it had been calling Longhorn.
Symantec released a writeup (https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7) connecting the attacks to the CIA documents ...

Longhorn targeted at least 40 computers in 16 countries across the Middle East, Europe, Asia and Africa. The attacks used a variety of different, exclusive tools and struck governmental, financial, telecommunications, energy, aerospace, information technology, education and natural resources sectors.

Symantec said it also identified a Longhorn attack on a U.S. system but believes the attack might have been an error. Within hours of infecting that system, the attacker uninstalled the program on its own. ...

Symantec reports that the functionality described in the files and timeline of specific updates to the software leave "little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group.