WikiLeaks
Part
8 - Evading forensics and anti-virus
A series of
standards lay out CIA malware infestation patterns which are likely
to assist forensic crime scene investigators as well as Apple,
Microsoft, Google, Samsung, Nokia, Blackberry, Siemens and anti-virus
companies attribute and defend against attacks.
"Tradecraft
DO's and DON'Ts" contains CIA rules on how its malware
should be written to avoid fingerprints implicating the "CIA,
US government, or its witting partner companies" in
"forensic review". Similar secret standards cover
the use of encryption to hide CIA hacker and malware communication
(pdf), describing targets & exfiltrated data (pdf) as well as
executing payloads (pdf) and persisting (pdf) in the target's
machines over time.
CIA hackers
developed successful attacks against most well known anti-virus
programs. These are documented in AV defeats, Personal Security
Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance.
For example, Comodo was defeated by CIA malware placing itself in the
Window's "Recycle Bin". While Comodo 6.x has a "Gaping
Hole of DOOM".
CIA hackers
discussed what the NSA's "Equation Group" hackers did wrong
and how the CIA's malware makers could avoid similar exposure.
Source
and links:
Comments
Post a Comment