It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
originally posted by: carewemust
a reply to: interupt42
The implications are?
originally posted by: iTruthSeeker
originally posted by: carewemust
a reply to: interupt42
The implications are?
Yea what's this all mean?
originally posted by: interupt42
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
The FBI interviewed at least a dozen employees of the elite Russian cybersecurity firm Kaspersky Lab on Tuesday night, visiting them at their homes on the east and west coasts to gather facts about how the company works
Since early this year, the Bureau has reportedly been meeting with energy and tech companies to warn them of the threat posed by the security provider, which officials claim can not be trusted to protect America’s critical infrastructure.
originally posted by: interupt42
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
originally posted by: theantediluvian
a reply to: iTruthSeeker
It's source code for a CIA command and control system for its implants (the malware installed on hacked computers).
Just skimming the Wikileaks post, it looks like basically, the implants communicate through a proxy on a VPS (Virtual Private Server) running Apache (a web server) running on a commercial ISP. From there, the traffic is proxied to the Blot 4.0 server which in turn either proxies the connection to a "cover server" — a web server hosting the website of a mundane commercial entity, aka a plausible "cover" — or communicates with the command and control server ("Honeycomb") which in turn dumps logs to another server.
The upshot here is that all of the traffic looks like run-of-the-mill SSL-encrypted web traffic (HTTPS) and if the cover server is scrutinized, it looks innocuous.
It's not anything Earth-shattering really as far as these things go.
originally posted by: JacKatMtn
originally posted by: interupt42
New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
Interesting timing with all the tweets about the CIA being on the OTHER team.
Interesting, wasn't Kaspersky Labs just accused of doing bad things? Could it have been the CIA actually doing the dirty deeds and placing blame on Kaspersky?
originally posted by: Justso
a reply to: theantediluvian
That was alot to take in. Basically, the exposure is of the CIA's ability to hack other computers.