WikiLeaks' exposure of the CIA's virus control system HIVE shed new light on the intelligence agency's cyber-espionage practices. Speaking to Radio Sputnik, security expert John Safa characterized the technology as "very sophisticated" highlighting that the CIA tools are unnervingly similar to those used by Longhorn, a cyberespionage group.
WikiLeaks continues to expose the US Center Intelligence Agency's secret cyberespionage techniques.
A new batch of secret files was leaked on April 14, shedding light on the CIA virus control system HIVE.
HIVE, a back-end infrastructure malware with a public-facing HTTPS interface, was used to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets.
John Safa, security expert and founder of Pushfor, a secure messaging and content sharing platform for businesses, shared his views on the new WikiLeaks' release with Radio Sputnik.
"A very interesting release has come out. HIVE is a web-based interface that controls malware and spyware on different devices. So, for example, if you have spyware installed on a PC, it can be controlled by this technology. And what makes it more sophisticated is [that] it actually communicates over a VPN which is effectively an encrypted channel and also makes it like it's talking to different services that could be legitimate. So it is a very sophisticated technology,"
Commenting on the CIA technology busted by WikiLeaks, the security expert called attention to the fact that it is strikingly similar to the tools used by Longhorn, a North American cyberespionage group known to be active since 2011.
American cyber security provider Symantec started tracking Longhorn several years ago to learn more about the group's techniques and tools.
The most peculiar thing about the hacking group is that it looked nothing less than a state-sponsored entity.
"Prior to the Vault 7 leak, Symantec's assessment of Longhorn was that it was a well-resourced organization which was involved in intelligence gathering operations," Symantec's official press release says.This assessment was based on its global range of targets and access to a range of comprehensively developed malware and zero-day exploits. The group appeared to work a standard Monday to Friday working week, based on timestamps and domain name registration dates, behavior which is consistent with state-sponsored groups," the press release reveals, adding that there is evidence dating the group's activity back as far as 2007.
After examining WikiLeaks' documents the cyber security provider came to the conclusion that there is little doubt that Longhorn is part of the CIA hacking team.
Safa told Radio Sputnik that Longhorn conducted at least 40 attacks against targets in 16 countries across the globe. One attack, believed to be an unintentional one, was launched against a target in the US.
The security expert highlighted that the hacking group has focused primarily on international operating organizations, businesses and government entities. As Symantec remarked, "all of the organizations targeted would be of interest to a nation-state attacker."
The recent release by WikiLeaks has added to existing concerns about the extent of the CIA's hacking activity.
However, besides corporations and governmental organizations, ordinary users may also fall victim to cyberespionage.
The problem is that after the CIA hacking practices were made public by WikiLeaks, the exposed techniques could be easily used by any hackers around the world, the security expert warned.
Hackers may utilize the methods and source code detailed in WikiLeaks' documents to create their own malware to obtain personal information of general users, he believes.
As for the CIA, the new release may do do further damage to the organization, Safa remarked, assuming that the intelligence service will now have to "move quick" to cover up its future attacks and to remain undetected.