Category Archives: #VAULT7

– Wikileaks data dump of CIA resources and dirty tricks.

WikiLeaks: CIA Caught Planting Malicious Software In Windows – Codename ‘Angelfire’

All Windows machines have been infiltrated by the CIA under a project codenamed ‘Angelfire’ – allowing the U.S. government to load malicious programs onto a persons computer without their knowledge…

Source: http://ift.tt/2eJhO0y

Advertisements

How the CIA spies on your everyday life, according to WikiLeaks

How the CIA spies on your everyday life, according to WikiLeaks

WikiLeaks’ latest release from the Vault 7 series of CIA leaks, sheds more light on how ordinary people can be easily tracked and targeted by the US intelligence agency through everyday electronic devices…

Source: http://ift.tt/2ws7WP0

#Vault7: CIA’s ‘Pandemic’ turns file servers into ‘Patient Zero’ | Galactic Connection

The latest WikiLeaks ‘Vault7’ release details an alleged CIA project allowing the spy agency to give file servers the capability to infect machines which access them remotely.

‘Pandemic’ reveals the role of a persistent implant for Microsoft Windows file servers, accessed by remote machines to run programs, according to a statement from WikiLeaks.

The project acts as a ‘Patient Zero’ – a term used to describe the first identified carrier of a communicable disease during an outbreak.

‘Pandemic’ disguises itself on the infected source machine where the targeted files remain unchanged.

It’s modified when in transit from the source file server to the remote machine. When executed on the new machine ‘Pandemic’ will install the program, an iteration of which will now contain modified code.

‘Pandemic’ can replace up to 20 programs, with a maximum size of 800MB.

According to WikiLeaks “a single computer on a local network with shared drives that’s infected with the ‘Pandemic’ implant will act like a ‘Patient Zero’ in the spread of a disease.” 

The latest release, which consists of five files, does not make clear if the infected machines become new pandemic servers, although WikiLeaks claims this is technically feasible.

According to the ‘Pandemic’ documentation its installation takes between 10 to 15 seconds.

The release is the latest in WikiLeaks’ ‘Vault7’ series, detailing hacking techniques allegedly sourced from within the CIA.

Previous releases have revealed techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.

Source: #Vault7: CIA’s ‘Pandemic’ turns file servers into ‘Patient Zero’ | Galactic Connection

#Vault7 ‘Athena’: CIA’s anti-Windows malware ‘better than bombing things’

The latest in WikiLeaks’ series of #Vault7 leaks was released Friday detailing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems. Read Full Article at RT.com

via #Vault7 ‘Athena’: CIA’s anti-Windows malware ‘better than bombing things’ — RT – Daily news

“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools | Zero Hedge

The ransomware has been identifed as WannaCry

* * *

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.

Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Update 3: Microsoft  has issued a statement, confirming the status the vulnerability…

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

In March, we provided a security update which provides additional protections against this potential attack.

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Source: “Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools | Zero Hedge