'Dark Matter': Wikileaks Releases New Batch of 'Vault-7' on CIA Hack Techniques
16:08 23.03.2017(updated 19:13 23.03.2017)
Wikileaks has released a new batch of 'Vault 7' revelations on CIA hacking techniques.
The second batch of 'Vault-7' is called "Dark Matter."
The "Dark Matter" contains documentation for several CIA projects that infect Apple Mac computer firmware eveloped by the CIA's Embedded Development Branch (EDB).
"These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," according to Wikileaks' press release.
Moreover, the documents reveal the "Sonic Screwdriver" project, a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled".
"While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise," the press release said.
"DarkSeaSkies" is a CIA "implant that persists in the firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies," the release noted.
The release is full of code names that are difficult for typical computer, or iPhone, user to understand, such as "Triton" MacOSX malware, a MacOSX infector named "Dark Mallet" and a firmware version named "DerStake."
In computer jargon, firmware means that the infection will persist, even if the operating system is re-installed, according to the release.
On March 7, WikiLeaks released the first part of what it called an unprecedentedly large archive of CIA-related classified documents.
According to the website, a large archive comprising various viruses, malware, software vulnerability hacks and relevant documentation, was uncovered by US government hackers, which is how WikiLeaks gained access to some of the data from the trove.
|Join the GlobalSecurity.org mailing list|