Disclosure non-profit WikiLeaks published documents this week from the Imperial project of the Central Intelligence Agency, exposing three new hacking tools that the CIA developed to infect MacOS and POSIX-based systems.
The US spy agency’s reasons for developing the tools can include anything from mass-surveillance to state-sponsored attacks, to just plain research. So far, however, the leak only exposes technical details and doesn’t address use of the tools.
As reported in the July 27 disclosure, the first tool, codenamed Achilles, is designed to infect Macs:
“Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.”
Typically spread by social engineering, Trojans are malicious software that masquerades as something else, misleading users as to its true intent and tricking them into installing the malware themselves.
The second leak in the Imperial project involves an implant that does automated file exfiltration. Per WikiLeaks:
“Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.”
Finally, the leak includes a third hacking tool, also targeting Apple computers. A stealth program, SeaPea is designed to hide things from plain sight:
“SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.”
Vault 7, the series of documents that WikiLeaks began to publish in March, has been a trove of leaks detailing the CIA’s abilities to perform electronic surveillance and cyber warfare. The leaks have not so far shown that the CIA has actually used them.
However, as part of the ELSA leak published four weeks ago, WikiLeaks made a disclosure that showed how the nature of some CIA cyberweapons can harm the general population. ELSA was exposed as malware designed by the CIA to track Windows computers over long periods of time, by hacking into their WiFi radios even when the computers are not connected to the Internet.