WikiLeaks Dump Reveals CIA Tool for MitM Attacks

[CrAKeN]

 

WikiLeaks dumped today the documentation of a new supposed CIA hacking tool called Archimedes, which the Agency had used to perform Man-in-the-Middle attacks on local networks.

 

According to the nine leaked documents, this tool was previously named Fulcrum but was renamed to Archimedes when it reached v1.

 

Timestamps in the documents reveal the tool was developed and most likely used between 2011 and 2014.

 

The Archimedes manual describes the tool's purpose as follows.

 

Quote

Archimedes is used to redirect LAN traffic from a target’s computer through an attacker controlled computer before it is passed to the gateway. This enables the tool to inject a forged web server response that will redirect the target’s web browser to an arbitrary location. This technique is typically used to redirect the target to an exploitation server while providing the appearance of a normal browsing session.

 

As you can see, the tool does not execute the MitM attack itself, but only redirects the target's traffic to another PC on the same network. That second machine will be responsible for breaking down connections, reading the user's traffic, and then relaying the traffic to the LAN's gateway server.

 

Archimedes a repackaged version of Ettercap?

 

The tool itself is very simple, as Jake Williams, founder of Rendition Infosec, writes on Twitter. In fact, according to a quick analysis, the tool isn't even original, appearing to be a repackaged version of Ettercap, an open source toolkit for MitM attacks.

 

The most interesting detail in the entire leak are the MD5 hashes for each of the Archimedes files. Security researchers can now take these hashes and scan artifacts from previous cyber-incidents and see cases where the tool might have been deployed, but they failed to detect it at the time.

 

The Archimedes leak is part of a WikiLeaks series called "Vault 7," during which the non-profit organization has dumped the documentation and user manuals of several hacking tools WikiLeaks claims belong to the CIA. WikiLeaks says it received these tools from hackers and whistleblowers.

 

You can follow our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

 

Quote

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
Scribble - beaconing system for Office documents

 

Source

[Atasas]

Let's say AV detected such intrusion, will they, will they not (when, if) they will do to what to protect its customer's?

[straycat19]

7 hours ago, Atasas said:

Let's say AV detected such intrusion, will they, will they not (when, if) they will do to what to protect its customer's?

 

The programs released by Vault7 are old.  The ones used today are probably 100 times better and probably undetectable, either because they are made that way or because AV companies have been alerted not to detect certain things if they want to stay in business.  More than likely it is the former and not the latter, though certain agencies have been known to twist arms in the past.  Because these are tools used to target certain individuals/groups, the 'threat' to the general populace is fairly non existent, so unless you have done something to be on someone's radar it won't be an issue.  You say you are ProPiracy so you should suspect that someone, somewhere just might be looking at you for something, though I doubt that you would have anything of value to offer on any subject.  But what you represent to be can be reason for someone to take a brief peek into what and who you are.  So your presence  online and how it is presented can be cause for a closer look, though people who claim to be something they aren't usually aren't a threat to anything, it is the ones that keep quiet, present a low level appearance, etc because they are trying to stay off the radar that are the real threats.