Wikileaks Reveals Hive: The CIA’s Top Secret Virus Control System
(MPN) Early Friday morning, Wikileaks released its fifth batch of Vault 7 documents exposing the U.S. Central Intelligence Agency’s hacking techniques. The latest release, titled “Hive,” exposes the agency’s multi-platform malware suite that allows the CIA to monitor targets via malware as well as the ability to realize specific tasks on compromised machines.
Wikileaks has described Hive’s function as a “back-end infrastructure malware” that uses public HTTPS interfaces which provide “unsuspicious-looking cover domains” to hide its presence on infected devices. Each of those domains is linked to an IP address at a commercial Virtual Private Server (VPS) provider, which forwards all incoming traffic to what is termed a “Blot” server. All re-directed traffic is then examined by CIA hackers to see if it contains a valid beacon. If it does, then a tool handler – called Honeycomb in the released documents – and the CIA then begins initiating other actions on the target computer. The released user guide shows that Hive allows for the uploading and deleting of files as well as the execution of applications on the device.
Wikileaks noted that anti-virus companies along with forensic experts have noticed before that malware, potentially originating from a state-actor, utilized the same back-end infrastructure implantation that Hive employs. Through the analysis of the communication between specific implants, these experts and software companies were able to determine that the malware’s origin came from a “well-resourced organization which was involved in intelligence gathering operations.”
However, there had been unable to attribute the back-end or the implants to the CIA, though Wikileaks’ release of Hive may change that. Indeed, Wikileaks noted in its press release that “The documents from this publication might further enable anti-malware researchers and forensic experts to analyse this kind of communication between malware implants and back-end servers used in previous illegal activities.”
Assange, for his part, doesn’t seem too concerned, choosing to respond with a witty retort that incisively pointed out the CIA’s lack of credibility in making such accusations:
Called a “non-state intelligence service” today by the “state non-intelligence agency” which produced al-Qaeda, ISIS, Iraq, Iran & Pinochet.
— Julian Assange (@JulianAssange) 14. travnja 2017.
By Whitney Webb