Latest WikiLeaks Reveal says CIA Can Hide its Spying Activity to Appear as the Work of Russian, Chinese Hackers

WikiLeaks continued its ongoing release of documents from the CIA Friday with a collection of files detailing the agency’s ability to obscure its activities and make it difficult for investigators to attribute the origins of attacks and hacking.

The latest release from what WikiLeaks calls Vault 7 is titled “ Marble ” and contains documentation of files that are purportedly part of the CIA Core Library of malware code. WikiLeaks describes Marble as part of the CIA’s “anti-forensics approach.”

The name “Marble” refers to a specific algorithm that scrambles and unscrambles data.

Marble is one of the more technical releases that WikiLeaks has published as part of Vault 7. According to the documentation, the CIA tool is “designed to allow for flexible and easy-to-use obfuscation” by using “string obfuscation algorithms” that are used to link malware to a specific developer.

To accomplish this, the tool hides text fragments found in CIA malware from visual inspection, making the attack difficult to attribute to a specific source. Within the source code for the tool is a “deobfuscator” that essentially reverses the algorithm used to disguise the attack origin.

Within the source code of Marble is a number of different languages, including Chinese, Korean, Russian, Farsi and Arabic. Those languages, according to WIkiLeaks, would allow the CIA to mislead investigators by leaving digital fingerprints that contain a different language.

It has been noted online that the translation of the sample text of different languages shown in Marble—including the Russian and Arabic examples—are essentially gibberish.

Click here to continue reading…

International Business Times