WikiLeaks has published documents, proving the fact that the CIA kept records of malware attacks, stolen from outside agents, to use them to ‘misdirect attribution’ of hacking sources.
WikiLeaks released a series of documents, which reveal the fact that the Central Intelligence Agency (CIA) kept records of malware attacks supposedly stolen from outside agents, including the Russian government, and used them to ‘misdirect attribution’ of hacking sources.
“The CIA’s hand crafted hacking techniques pose a problem for the agency,” WikiLeaks noted, adding that “each technique it has created forms a ‘fingerprint’ that can be used by forensic investigators to attribute multiple different attacks to the same entity.”
According to WikiLeaks, the CIA has the so-called UMBRAGE team, which activities is described by the non-profit organization as follows: “The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware. The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications.”
As the WikiLeaks’ website noted, then the UMBRAGE team “collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.”
— WikiLeaks (@wikileaks) March 7, 2017
In this way, the CIA has an opportunity to use a malware attack, developed by another country to “misdirect attribution” for the hack away from themselves. The UMBRAGE’s arsenal of malware includes a collection of “keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.” WikiLeaks published a directory of the tools collected by the UMBRAGE team.