Meanwhile, at the CIA Headquarters...
With the release of WikiLeaks long-awaited Vault7 leaks of the CIA, we will begin to meaningfully analyze the data and give it the public scrutiny it deserved for so long.
This will take a lot of time and effort by us all, however, and this is only the beginning.
I, however, am uniquely qualified to analyze this information myself and will attempt to help guide others along through my research.
In this first section we'll just go over some basic initial highlights of Vault7 to be discussed in future articles and analyzed further. This isn't everything, by any means, but it should be a decent primer on the nefarious material to be found within.
Vault7 contains information on CIA software tools designed to exploit, take control, monitor and even disable target systems through a disturbing variety of means. By all accounts the CIA employes the darkest blackhat hacking techniques ever seen by this author.
Everything from phones, TVs and even implants are vulnerable in the digital age and, as you may have guessed, the CIA literally has built an app for hacking that.
- Weeping Angel
- Extract browser credentials or history
- Extract WPA/WiFi credentials
- Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application
- Investigate the Remote Access feature
- Investigate any listening ports & their respective services
- Attempt to override /etc/hosts for blocking Samsung updates without DNS query and iptables (referred to by SamyGo)
- Add ntpclient update calls to startup scripts to sync implant's system time for accurate audio collection timestamps
- Hive is a software implant designed with “Ring 2” operations in mind.
- For establishing beacon and interactive shells on target host
- Contains further tools and provides complete interface for agents to seize target systems
- Flash Bang
- A tool designed to be able to migrate from a browser process (using sandbox breakout), escalate privileges, and memory load a NOD Persistence Spec dll.
- Basically hacks target system and sets up persistent backdoor through iframe media
- Fight Club/RickyBobby
- Fight Club is loaded onto sections of the target system where a set of future actions can be taken
- RickyBobby allows constant monitoring of the network Fight Club is loaded on and performs persistent tasks
- Agents then loaded a customized malware payload to USB for physical delivery
- Software would be loaded onto target's system discretely by disguising itself as WinRAR, VLC Media Player, and more
- Nicknames for each, customized payload included MelomyDropkick (TrueCrypt), MelomyRoundhouse (VLC Player), MelomyLeftHook (Shamela) and MelomyKarateChop (WinRar)
- Bee Sting
- Discrete tool for injecting data in to iFrame media
- Would be coupled with something like Flash Bang to deliver a payload discretely through iFrame media (embedded videos, games, etc.)
- Exact purpose yet unknown
- Listed under the hacking tools for Automated Implants, interestingly though
- Frog Prince
- A tool for testing and manipulating FI (dental?) implants
- Values can also be get and set through Frog Prince, thus the system can be overridden, manipulated and even disabled
- Maddening Whispers
- Set of software components that provide beaconing and remote access capabilities to a Vanguard-based device (ET project)
- "This proof-of-concept project is done in conjunction with ESD/CNB"
For more Vault 7 research, see the Vault 7 page on the Pizzagate Wiki!