It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major
page: 1share:
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major
component of the CIA infrastructure to control its malware.
Interesting timing with all the tweets about the CIA being on the OTHER team.
Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
edit on 511130America/ChicagoThu, 09 Nov 2017 13:51:16 -0600000000p3042 by interupt42 because: (no reason given)
originally posted by: carewemust
a reply to: interupt42
The implications are?
Yea what's this all mean?
originally posted by: iTruthSeeker
originally posted by: carewemust
a reply to: interupt42
The implications are?
Yea what's this all mean?
Since the thread was started in the "Political News" forum, we can rule out UFO's, 911, etc.
Meaning, the CIA can now be hacked since their malware protection has been exposed? Sounds treasonous.
originally posted by: interupt42
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
This summer: www.businessinsider.com...
The FBI interviewed at least a dozen employees of the elite Russian cybersecurity firm Kaspersky Lab on Tuesday night, visiting them at their homes on the east and west coasts to gather facts about how the company works
www.geek.com...
Since early this year, the Bureau has reportedly been meeting with energy and tech companies to warn them of the threat posed by the security provider, which officials claim can not be trusted to protect America’s critical infrastructure.
This story could be quite the twist if the CIA is imitating Kapersky, no?
edit on 9-11-2017 by RadioRobert because: (no reason given)
originally posted by: interupt42
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
Interesting, wasn't Kaspersky Labs just accused of doing bad things? Could it have been the CIA actually doing the dirty deeds and placing blame on Kaspersky?
a reply to: iTruthSeeker
It's source code for a CIA command and control system for its implants (the malware installed on hacked computers).
Just skimming the Wikileaks post, it looks like basically, the implants communicate through a proxy on a VPS (Virtual Private Server) running Apache (a web server) running on a commercial ISP. From there, the traffic is proxied to the Blot 4.0 server which in turn either proxies the connection to a "cover server" — a web server hosting the website of a mundane commercial entity, aka a plausible "cover" — or communicates with the command and control server ("Honeycomb") which in turn dumps logs to another server.
The upshot here is that all of the traffic looks like run-of-the-mill SSL-encrypted web traffic (HTTPS) and if the cover server is scrutinized, it looks innocuous.
It's not anything Earth-shattering really as far as these things go.
It's source code for a CIA command and control system for its implants (the malware installed on hacked computers).
Just skimming the Wikileaks post, it looks like basically, the implants communicate through a proxy on a VPS (Virtual Private Server) running Apache (a web server) running on a commercial ISP. From there, the traffic is proxied to the Blot 4.0 server which in turn either proxies the connection to a "cover server" — a web server hosting the website of a mundane commercial entity, aka a plausible "cover" — or communicates with the command and control server ("Honeycomb") which in turn dumps logs to another server.
The upshot here is that all of the traffic looks like run-of-the-mill SSL-encrypted web traffic (HTTPS) and if the cover server is scrutinized, it looks innocuous.
It's not anything Earth-shattering really as far as these things go.
edit on 2017-11-9 by theantediluvian because: (no reason given)
a reply to: theantediluvian
That was alot to take in. Basically, the exposure is of the CIA's ability to hack other computers.
That was alot to take in. Basically, the exposure is of the CIA's ability to hack other computers.
Russia is scared of something...
Hence WL doing this. LOL LOL LOL
Hence WL doing this. LOL LOL LOL
a reply to: theantediluvian
Headline makes it LOOK alarming.
Propaganda doesn't need to actually be harmful.
It's the perception it creates that MATTERS.
Headline makes it LOOK alarming.
Propaganda doesn't need to actually be harmful.
It's the perception it creates that MATTERS.
a reply to: theantediluvian
SSL has been hacked since 2011. SSLScan is the new toy. Heck, some traffic send password and account names in plain text. No real hacking required; you just scan the stream for ascii characters and your in.
What the real kicker is, "What does the SSL traffic contain"?
Prolly the contents of your hard drive!
SSL has been hacked since 2011. SSLScan is the new toy. Heck, some traffic send password and account names in plain text. No real hacking required; you just scan the stream for ascii characters and your in.
What the real kicker is, "What does the SSL traffic contain"?
Prolly the contents of your hard drive!
originally posted by: theantediluvian
a reply to: iTruthSeeker
It's source code for a CIA command and control system for its implants (the malware installed on hacked computers).
Just skimming the Wikileaks post, it looks like basically, the implants communicate through a proxy on a VPS (Virtual Private Server) running Apache (a web server) running on a commercial ISP. From there, the traffic is proxied to the Blot 4.0 server which in turn either proxies the connection to a "cover server" — a web server hosting the website of a mundane commercial entity, aka a plausible "cover" — or communicates with the command and control server ("Honeycomb") which in turn dumps logs to another server.
The upshot here is that all of the traffic looks like run-of-the-mill SSL-encrypted web traffic (HTTPS) and if the cover server is scrutinized, it looks innocuous.
It's not anything Earth-shattering really as far as these things go.
I read through those documents: *aws.com = Amazon Web Services
Perfect cover for creating a covert data stream; So many companies use these services - Internet web-cams, telemetry, auto-updates. It makes perfect sense and always the opportunity to throw something in at the same time.
originally posted by: JacKatMtn
originally posted by: interupt42
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
Interesting, wasn't Kaspersky Labs just accused of doing bad things? Could it have been the CIA actually doing the dirty deeds and placing blame on Kaspersky?
Thats is what is being suggested. With the recent leaks , craziness , and SA arrests I find the timing interesting if so.
edit on 051130America/ChicagoThu, 09 Nov 2017 15:05:06 -0600000000p3042 by interupt42 because: (no reason given)
a reply to: Justso
Sort of. Nothing about the penetration, it's all about how they communicate with the implants that are left behind (to control them and to exfiltrate data).
There's apparently also a tool that can be used to construct a fake cert and the source documentation includes examples that use Kaspersky Labs as the organization for the cert.
The insinuation from Wikileaks is that a fake cert in Kaspersky Labs name could be used to cause misattribution to the Russians. I suppose that might be true of somebody with mild brain damage but I suspect that WL is deliberately trying to muddy the waters and plant the idea of plausible deniability for the Russians.
Sort of. Nothing about the penetration, it's all about how they communicate with the implants that are left behind (to control them and to exfiltrate data).
There's apparently also a tool that can be used to construct a fake cert and the source documentation includes examples that use Kaspersky Labs as the organization for the cert.
The insinuation from Wikileaks is that a fake cert in Kaspersky Labs name could be used to cause misattribution to the Russians. I suppose that might be true of somebody with mild brain damage but I suspect that WL is deliberately trying to muddy the waters and plant the idea of plausible deniability for the Russians.
a reply to: theantediluvian
Indeed.
Muddying the waters is what Russia is known for:
Spy Circles Suspect Kremlin Is Behind Dozenz of Fake Trump Sex Tapes
Indeed.
Muddying the waters is what Russia is known for:
Spy Circles Suspect Kremlin Is Behind Dozenz of Fake Trump Sex Tapes
originally posted by: Justso
a reply to: theantediluvian
That was alot to take in. Basically, the exposure is of the CIA's ability to hack other computers.
YES, and perhaps this explains why the white house under trump announced all federal computers where to stop using kaspersky, they unreasonably blamed russian interference for the reason, but this makes it more plausible that the trump admin was actually trying to root out cia control over federal computers...
new topics
-
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 3 hours ago -
Maestro Benedetto
Literature: 4 hours ago -
Is AI Better Than the Hollywood Elite?
Movies: 4 hours ago -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 8 hours ago -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 9 hours ago -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 9 hours ago -
The functionality of boldening and italics is clunky and no post char limit warning?
ATS Freshman's Forum: 10 hours ago -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 11 hours ago -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 11 hours ago
top topics
-
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 3 hours ago, 23 flags -
Krystalnacht on today's most elite Universities?
Social Issues and Civil Unrest: 14 hours ago, 9 flags -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media: 17 hours ago, 8 flags -
Weinstein's conviction overturned
Mainstream News: 12 hours ago, 8 flags -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 14 hours ago, 8 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 11 hours ago, 7 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 9 hours ago, 7 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 8 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 11 hours ago, 5 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 9 hours ago, 4 flags
active topics
-
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues • 27 • : ToneD -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 688 • : daskakik -
Reason of the Existence
The Gray Area • 21 • : BingoMcGoof -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies • 10 • : nugget1 -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics • 85 • : Sookiechacha -
Chris Christie Wishes Death Upon Trump and Ramaswamy
Politicians & People • 24 • : nugget1 -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 63 • : pianopraze -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 74 • : Justoneman -
Starburst galaxy M82 - Webb Vs Hubble
Space Exploration • 6 • : Arbitrageur -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 264 • : stelth2