WikiLeaks may have dealt another blow to the CIA\u2019s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.<\/p>\n
![](\"http:\/\/zapt2.staticworld.net\/images\/article\/2017\/03\/21394517746_9a77570fae_o-100713150-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Michael Kan| Date: Fri, 31 Mar 2017 14:51:00 -0700<\/strong><\/p>\n WikiLeaks may have dealt another blow to the CIA\u2019s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.<\/p>\n On Friday, the site dumped the source code to the Marble Framework<\/a>, a set of anti-forensic tools that WikiLeaks claims the CIA used last year.<\/p>\n The files do appear to show \u201cobfuscation techniques\u201d that can hide CIA-developed malicious coding from detection, said Jake Williams, a security researcher at Rendition InfoSec, who has been examining the files.<\/p>\n Every hacker, from the government-sponsored ones to amateurs, will use their own obfuscation techniques when developing malware, he said.<\/p>\n But thanks to WikiLeaks, some of the CIA\u2019s methods are out in the public. Security researchers will now have a resource to identify whether past malware samples have any ties to the U.S. spy agency, Williams said.<\/p>\n WikiLeaks has said<\/a> the same. But the site is also drawing another conclusion with the source code: That the CIA can frame other countries for its malware attacks.<\/p>\n WikiLeaks points to how the CIA anti-forensic tools support<\/a> other languages such as Chinese, Russian, Korean, Arabic and Farsi. \u201cThis would permit a forensic attribution double game,\u201d the site said.<\/p>\n Security researchers, for instance, might misattribute CIA-developed malware to other countries, when noticing it contained certain foreign languages.<\/p>\n But Williams doesn\u2019t buy that conclusion. \u201cThat\u2019s ludicrous,\u201d he said. \u201cIt\u2019s wholly inaccurate.\u201d<\/p>\n The anti-forensic tools are actually designed to conceal the presence of computer code written in foreign languages, not reveal it, Williams said.<\/p>\n That\u2019s important because the agency was probably targeting computers overseas from Russia or China. To hack those systems, the CIA probably needed to include some Russian or Chinese language in the malware.<\/p>\n \u201cBut if you don\u2019t obfuscate that,\u201d Williams said. \u201cAnyone who is looking at your malware will know you are trying to steal their stuff.\u201d<\/p>\n It\u2019s not the first time WikiLeaks has made claims that were later questioned. Security researchers have criticized the site for exaggerating<\/a> the CIA\u2019s hacking capabilities since WikiLeaks began dumping tools allegedly taken from the agency. \u00a0<\/p>\n The CIA hasn\u2019t commented on Friday\u2019s dumped source code. But assuming the files are real, security researchers say they\u2019ll probably disrupt the agency\u2019s spying efforts.<\/p>\n \u201cThis is one of the most damaging releases ever done by WikiLeaks,\u201d tweeted<\/a> Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.<\/p>\n In addition, hackers will be able to learn from the dumped source code to obfuscate their own malware. “Now anyone can create malware that looks like it came from the CIA,” Williams said.\u00a0<\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Michael Kan| Date: Fri, 31 Mar 2017 14:51:00 -0700<\/strong><\/p>\n WikiLeaks may have dealt another blow to the CIA\u2019s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.<\/p>\n<\/p>\n