It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
A collection of source code repositories from CIA software projects described in the Vault7 series.
WikiLeaks is publishing only source code that does not contain 0-days or any other form of exploits, so it can not be weaponized by others to inflict harm - it only details the software development of the CIA regarding its middle-ware and back-end systems.
The publication of this source code will enable security analysts and forensic experts to better identify, analyze and counter-measure covert CIA infrastructure components.
But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is send to an implant operator management gateway called Honeycomb while all other traffic go to a cover server that delivers the unsuspicious content for all other users.
Certificates for the authentication of implants are generated by a the CIA with fake names. The examples included in the source code builds a certificate for Kaspersky Laboratory, Moscow signed by Thawte Premium Server CA, Cape Town.