WikiLeaks has published the first batch of source code for the CIA cyber-weapons. The source code released today is called Hive and is an implant framework that allows CIA operatives to control the malware they install on their victims' computers.
From March to August 2017, WikiLeaks released only the documentation for the alleged CIA cyber-armament. Recall that WikiLeaks claims that these files have been stolen by the CIA from hackers and internal collaborators.
All of these revelations were part of a series of WikiLeaks leaks called Vault 7. According to the website, Hive released today is the first post in a long series of similar releases, called Vault 8.
The series will consist of the source code of the tools announced in the Vault 7 series.
The WikiLeaks announcement, along with their leaks Shadow Brokers, has caused a stir in infosec experts around the world, as some of the tools have already been integrated into many malware families and have been the focus of three major ransomware releases in 2017, WannaCry, NotPetya and Bad Rabbit.
The tools included in Hive do not appear to pose an immediate risk to end users, as they cannot be used to undermine today's computers. But they could be used to build a basic infrastructure for delivering and controlling other more powerful threats.
If WikiLeaks released the source code of all the tools listed in Vault 7, things could get a lot worse for everyone.
For example, tools such as Achilles, Aeris, SeaPea, DarkSeaSkies, Archimedes, Brutal Kangaroo, or CherryBlossom are very serious cyber-weapons that could be integrated into various existing malware families and hacking tools. Hopefully WikiLeaks will proceed with caution and will not have tools that can be modified to have another WannaCry ransomware epidemic
Below is a list of the most important CIA government weapons released by WikiLeaks as part of the Vault 7 series.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software that is designed to add 'web beacons' to secret documents to allow for leakage control by secret services.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
Dumbo: blocks cameras, microphones, and surveillance software.
CouchPotato: CIA tool for stealing streaming video from IP Webcams
ExpressLane: CIA tool to monitor colleagues at the FBI and the NSA
Angelfire: CIA tool to boot earlier Windows (7 and XP)