WikiLeaks: CIA uses stolen malware to redirect attribution for cyber attacks (e.g., toward Russia)

WikiLeaks: CIA uses stolen malware to redirect attribution for cyber attacks (e.g., toward Russia)
Fever swamp. (CIA HQ in Langley. Image: Wikipedia; By Carol M. Highsmith - This image is available from the United States Library of Congress's Prints and Photographs division under the digital ID highsm.16449.)

[Ed. – Note: the original purpose of this is clear from the summary purportedly reflecting CIA intentions.  It’s to cover up the CIA’s tracks by ensuring that the CIA can’t be fingerprinted in a cyber attack.  But the application for generating false-flag narratives about someone else launching cyber attacks — like Russia — is obvious.  Glory be.  This item is from the trove of purported CIA documents released this week by WikiLeaks.]

Documents released by WikiLeaks show that the CIA  kept records of malware attacks supposedly stolen from outside agents, including the Russian government, used to “misdirect attribution” of hacking sources.

“The CIA’s hand crafted hacking techniques pose a problem for the agency,” WikiLeaks explains. “Each technique it has created forms a ‘fingerprint’ that can be used by forensic investigators to attribute multiple different attacks to the same entity.

That’s where the CIA’s UMBRAGE team comes in. WikiLeaks describes UMBRAGE team’s activities:

The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware. The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications.

According to WikiLeaks, the UMBRAGE team then “collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

Continue reading →

Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.