[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

The Siege (1998) Trump Admin To BAN Pride Rainbow Crosswalks, DoT Orders ALL Distractions REMOVED Elon Musk Backing Thomas Massie Against Trump-AIPAC Challenger Skateboarding Dog Israel's Plans for Jordan Daily Vitamin D Supplementation Slows Cellular Aging: Hepatitis E Virus in Pork Hospital Executives Arrested After Nurse Convicted of Killing Seven Newborns, Trying to Kill Eight More The Explosion of Jewish Fatigue Syndrome Tucker Carlson: RFK Jr's Mission to End Skyrocketing Autism, Declassifying Kennedy Files Israel has killed 1,000 Palestinians in the West Bank since October 7, 2023 100m Americans live in areas with cancer-causing 'forever chemicals' in their water Scientists discover cancer-fighting bacteria that "soak up" forever chemicals in the body Israel limits entry of baby formula in Gaza as infants die of hunger 17 Ways mRNA Shots May CAUSE CANCER, According to Over 100 STUDIES Report: Pentagon Halts Some Munitions Shipments To Ukraine Over Concerns That US Stockpiles Are Too Low Locals Fear Demolitions as Israeli Troops Set Up New Base in Syrias Quneitra Russian forces discover cache of Ukrainian chemical drone munitions FSB Clarissa Ward: Gaza is what is turning people overseas against the US What Parents Wish Their Children Could Grow Up Without WHY SO MANY FOREIGN BASES IN AFRICA? Trump called Candace Owens about Brigitte Macron's P*NIS? New Mexico Is The Most-Dependent State On The Federal Govt, New Jersey The Least "This Is The Next Level": AI-Powered "Digital Workers" Deployed At Major Bank To Work Alongside Humans Cash Jordan: ICE Raids Taco Trucks... Deports 'Entire Parking Lot' of Migrants Jaguar Went Woke & The Results Were Catastrophic Trump Threatens To DEPORT ELON MUSK Over Big Beautiful Bill Feud, Elon NEVER Wanted EV Mandates If Trump Cared About Israel, He would Stop the Genocide Why do you think Henry Ford was such a hardcore Antisemite? In Case you miss Bad Journalism

Science/Tech
See other Science/Tech Articles

Title: WikiLeaks' latest leak shows how CIA avoids antivirus programs
Source: [None]
URL Source: http://thehill.com/policy/cybersecu ... hows-how-cia-avoids-anti-virus
Published: Apr 1, 2017
Author: Joe Uchill
Post Date: 2017-04-01 08:09:44 by Ada
Keywords: None
Views: 63

WikiLeaks released its third package of CIA documents on Friday which highlight source code used by the CIA to avoid antivirus programs.

The source code is for a tool called "Marble," what is known as an obfuscator or packer.

Obfuscators are principally designed to jumble the execution of malware so that programs designed to spot malware have trouble determining what it is.

The Marble toolkit includes a variety of different algorithms to accomplish that task.

In its release, WikiLeaks describes the primary purpose of Marble as being to insert foreign language text into the malware to cause malware analysts to falsely attribute code to the wrong nation.

This appears to be an inaccurate description of the primary purpose of the code, however.

While the code can insert any language text or sequence of characters into the code, or English text, the point appears to be more about eliminating the original intent of coders than causing an incorrect attribution.

Analysts are more likely to lump together multiple uses of the same packer algorithm featuring text from multiple languages then they are to assume the languages accurately describe the country of origin. Though language artifacts in the code are the easiest investigatory tool to explain to a non-technical audience, the are neither the only nor the most telling piece of evidence used in an attribution.

Nicholas Weaver, a researcher with the International Computer Science Institute at the University of California at Berkeley, said in a statement that releasing the packer will allow antivirus companies to block CIA malware, but notes that is only in the public interest if "disrupting the CIA's operations for the sake of disrupting the CIA's operations is in your 'public interest.'"

While releasing information about security flaws in products being exploited by the CIA may one day be independently discovered and exploited by malicious hackers, obfuscators can only be used to help prevent attacks by the group using that specific obfuscator — in this case, the CIA.

Now, Weaver said, WikiLeaks is forcing antivirus companies to block the CIA packer because, by releasing it publicly, "[t]hey practically guarantee that a bunch of digital miscreants will start using it as well, because 'hey, a CIA packer for my malcode, cool!'" Weaver said.

Marble is the third in a series of leaks from WikiLeaks that purportedly come from a secure CIA network. The first two largely described CIA hacking techniques.

Post Comment   Private Reply   Ignore Thread  

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]