WikiLeaks: CIA impersonated Kaspersky Labs as a cover for its malware operations

WikiLeaks, under its new Vault 8 series of released documents, has rolled out what it says is the source code to a previously noted CIA tool, called Hive, that is used to help hide espionage actions when the Agency implants malware.

Artigos em outros idiomas são publicados em International News | Articles in other languages are published in the International News 

Hive supposedly allows the CIA to covertly communicate with its software by making it hard or impossible to trace the malware back to the spy organization by utilizing a cover domain. Part of this, WikiLeaks said, is using fake digital certificates that impersonate other legitimate web groups, including Kaspersky Labs.

Kaspersky Labs CEO Eugene Kaspersky confirmed WikiLeaks statement.

“These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a “hidden” CIA server called ‘Blot’,” WikiLeaks said in a statement.

 

The CIA’s cover is maintained by having the domain delivering innocent content in case someone stumbles across the site. This is handled by having the server use Optional Client Authentication. This means a bystander who comes to the domain does not have to authenticate, but if the CIA’s malware does authenticate itself and thus be detected by the Blot server. All other traffic is shunted to a cover server that delivers benign content.

WikiLeaks alleges that part of the CIA’s obfuscat

Fonte: https://www.scmagazine.com

 

[button link=”https://cryptoid.com.br/category/international-news/” icon=”fa-circle-thin” side=”left” target=”” color=”1fa8b7″ textcolor=”ffffff”]Artigos em outros idiomas são publicados em International News | Articles in other languages are published in the International News [/button]