CIA Leak: “Russian Election Hackers” May Work In Langley

from Moon of Alabama

…Wikileaks acquired and published a large stash of documents from the CIA’s internal hacking organization. Part of the CIA hacking organization is a subgroup named UMBRAGE:

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Hacking methods are seldom newly developed. They are taken from public examples and malware, from attacks some other organization once committed, they get bought and sold by commercial entities. Many attacks use a recombined mix of tools from older hacks. Once the NSA’s STUXNET attack on Iran became public the tools used in it were copied and modified by other such services as well as by commercial hackers. Any new breach that may look like STUXNET could be done by anyone with the appropriate knowledge. To assert that the NSA must have done the new attack just because the NSA did STUXNET would be stupid.

The CIA, as well as other services, have whole databases of such ‘stolen’ tools. They may combine them in a way that looks attributable to China, compile the source code at local office time in Beijing or “forget to remove” the name of some famous Chinese emperor in the code. The CIA could use this to fake a “Chinese hacking attack” on South Korea to raise fear of China and to, in the end, sell more U.S. weapons…

[read more here]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: