WHISTLEBLOWING DOCUMENT FOUNDATION WikiLeaks has outed another malware tool that it claims was created by the CIA in order to penetrate devices located on a local area network (LAN).
The latest leak revolves around ‘Archimedes’, a tool that facilitates the redirection of traffic from a target computer inside a LAN through a computer infected with this malware and controlled by the CIA.
According to WikiLeaks, the technique is used by the CIA to redirect the target’s PC web browser to an exploitation server, while appearing like a normal browsing session to the end user.
“The document illustrates a type of attack within a ‘protected environment’ as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse,” the organisation explained.
Despite WikiLeaks’ suggestion that the tool was created by the CIA, the founder of security software company Rendition Infosecurity, Jake Williams, said that it appeared to be “nothing more than a repackaged Ettercap”. Ettercap is an open-source toolkit that penetration testers use to perform address resolution protocol (ARP) spoofing and to carry out the same type of attacks as Archimedes.
In terms of thwarting a potential attack via ARP spoofing, Williams suggested securing the LAN to ensure attackers can’t join it in the first place.
For wireless network environments, he said the only viable option was to monitor for ARP spoofing and de-register offenders, while for wired network environments he suggested enabling port switches if they can be supported.
The leaked information could also be used by those organisations that believe they could be CIA targets, to check if their computers had been targeted.
This is the seventh leak that WikiLeaks has made from the Vault 7 malware tools dump. Vault 7 is the codename given by the organisation to documents it claims reveals an arsenal of hacking tools and capabilities that the CIA has used in the recent past.
The documents detail several other secret tools that it claims are, or have been, used by the CIA.
Critics, though, claim that the documents are several years out-of-date and have suggested that WikiLeaks has over-hyped their importance.
However, last month, Symantec claimed to have found firm evidence that the hacking tools were used by a North American cyber-espionage group.
Last week, WikiLeaks revealed the CIA tool Scribbles, software that can allegedly embed ‘web beacons’ into confidential documents, allowing the CIA to track insiders and whistleblowers.