WikiLeaks today laid bare a CIA hacking tool which helps the agency hack into computers inside Local Area Networks and exploit them without being noticed.
The CIA’s Archimedes’ system redirects web browser traffic to the CIA via a hacking tool which is deployed into an existing Local Area Network.
“Archimedes is used to redirect LAN traffic from a target’s computer through an attacker controlled computer before it is passed to the gateway. This enables the tool to inject a forged web server response that will redirect the target’s web browser to an arbitrary location. This technique is typically used to redirect the target to an exploitation server while providing the appearance of a normal browsing session,” read the latest WikiLeaks report on CIA’s covert activities.
The hacking tool owes its functioning to debug and release builds of each binary. The debug build, which WikiLeaks notes should be used in controlled testing environments only since they are vulnerable to reverse engineering, generates logs which can trace a programme’s execution. The tool employed by the CIA disables the check, thus allowing their ‘malware’ to run in systems where it should have been detected.
Then using a hidden IFRAME, the malware then goes on to add support for a new HTTP injection method, modifies the DLLs and removes alerting strings from release binaries. This way, the Archimedes system succesfully deceives the user to believe that he is browsing securely where in fact his browsing traffic is being redirected to a different system. After an operation is completed, the DLL unloads but the behavious of the Archimedes programme can still be traced through log files.
While WikiLeaks has described the process in great detail through a series of documents, it is not clear how many LAN systems have been victimised by the Archimedes system so far. The leak comes not long after WikiLeaks released damning documents on the CIA employing tools to hack into people’s inter-connected Samsung televisions, prompting CIA Director Mike Pompeo to call WikiLeaks a “non-state hostile intelligence service” engaging in ‘intelligence porn.’
While WikiLeaks has been attacking the CIA on a regular basis for hacking into people’s lives and every imaginable piece of technology used by humans, the CIA in turn accuses WikiLeaks of obtaining their data via dubious means. Back in April, both the American CIA and FBI agencies were hot on trail of a suspected CIA agent who passed on some top-secret and eye-opening secrets to WikiLeaks, who in turn published the details for all to see.
“Whether individuals view this as the righteous act of a whistle-blower and a victory for free speech, an act of blatant treason, or something in-between, at its heart it is a failure of access controls and monitoring. The fact that an organisation built around a culture of confidentiality, with a high degree of security knowledge and employee screening, and which has suffered breaches in the past, can still fall victim to insider attacks is a reminder to organisations of any size, in any sector,” says Piers Wilson, Head of Product Management at Huntsman Security.