Home › Forums › MGTOW Central › #Vault7 ‘Athena’: CIA’s anti-Windows malware
This topic contains 46 replies, has 16 voices, and was last updated by 
Anonymous 2 years, 8 months ago.
- AuthorPosts
#Vault7 ‘Athena’: CIA’s anti-Windows malware – coming to a hacker near you.
This is the first malware (of many I believe) targetting Windows systems.
The latest in WikiLeaks’ series of #Vault7 leaks was released Friday detailing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems.
‘Athena’ is the latest codename for the release which consists of five documents.
In the user guide, the operating systems which can be targeted are: Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32-bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.
Once installed on a target computer, Athena will use a listening post to receive beacons from the operator, allowing it to signal and trigger additional malware payloads undetected on the target computer.
Athena “hijacks” the DNSCACHE, a temporary database maintained by the operating system to record internet traffic on the computer, to hide its presence, according to a document contained in the leak.
The command module for Athena will only load during a signal, before being destroyed when completed.
The CIA cooperated with the private cybersecurity firm Siege Technologies to develop the Athena malware.
“I feel more comfortable working on electronic warfare… It’s a little different than bombs and nuclear weapons — that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody,” Jason Syversen, the founder of Siege Technologies, wrote in an email.
The release is the latest in WikiLeaks series, allegedly from the CIA, known as #Vault7. Previous releases showed hacking techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.
You can get the user guide here:
https://wikileaks.org/vault7/document/Athena-v1_0-UserGuide/WAIT WAIT – THERE’S MORE
#Vault7: ‘CIA malware plants Gremlins’ on Microsoft machines
WikiLeaks has released the latest instalment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed ‘AfterMidnight’ and ‘Assassin’ which it says target the Microsoft Windows platform.
The latest release consists of five documents detailing the two frameworks. ‘AfterMidnight’ allows operators to load and execute malware on a target machine, according to a statement from WikiLeaks.
The malware, disguised as a self-persisting dynamic-link library (DLL), unique to Microsoft, executes ‘Gremlins’ – small payloads which run hidden on the machine subverting the functionality of software as well as surveying the target and exfiltration of data. A payload named ‘AlphaGremlin’ allows operators to schedule customs tasks to be executed on the machine.
Once installed ‘AfterMidnight’ uses a HTTPS listening port to check for any scheduled events. Local storage related to ‘AfterMidnight’ is encrypted with a key not stored on the target machine, according to a user guide provided in the leak.
According to the leak, ‘Assassin’ is a similar type of malware to ‘AfterMidnight’. The tool’s user guide describes it as “an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system.”
The tool purportedly allows operators to perform specific tasks on an infected computer, periodically sending intercepted information to listening posts. It is made up of four subsystems: ‘Implant’, ‘Builder’, ‘Command and Control’, and ‘Listening Post’.
The ‘Implant’ provides the core logic and functionality of the tool on a target computer. The way it’s set up determines much of how the tool will behave on the target computer.
The ‘Builder’ arranges the Implant and ‘Deployment Executables’ before deployment, while the ‘Command and Control’ subsystem acts as an interface between the operator and the ‘Listening Post.’
The ‘Listening Post’ allows the ‘Implant’ to communicate with the subsystem through a web server.
Details of the document’s author are revealed in instructional screenshots of their desktop which appear in the ‘AlphaGremlin’ user guide. The screenshots also show a shortcut to Pidgin, an encrypted chat program, along with a folder named ‘Drone.’
AND THAT’S NOT ALL
#Vault7: WikiLeaks reveals CIA ‘Scribbles’ tool can track whistleblowers & foreign spies
A user manual describing a CIA project known as ‘Scribbles’ has been published by WikiLeaks, exposing the potential for the spying agency to track when documents are leaked by whistleblowers or “Foreign Intelligence Officers.”
Released as part of the whistleblowing organization’s ‘Vault 7’ series, the project is purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen,” according to a press release from WikiLeaks.
Dr Martin McHugh, Information Technology Programme chair at Dublin Institute of Technology, said web beacons can be used for “bad as well as good.”
“Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge,” he told RT.com.
“Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon.”
WikiLeaks says ‘Scribbles’ uses similar technology, which suggests the CIA would have been able to see when sensitive documents are accessed by third parties, including when they’re accessed by potential whistleblowers.
Citations
https://www.rt.com/news/388935-vault7-athena-cia-windows-wikileaks/
https://www.rt.com/viral/388075-wikileaks-cia-microsoft-malware/
https://www.rt.com/news/386433-wikileaks-cia-scribbles-microsoft-office/
Anonymous11The f~~~ed up part is the US Government gets to skim the taxes from any American income generated by mitigating and cleaning up this mess to fund more of the same.
This is just the tip of the iceberg boys. Thanks Yumbo!
Keep good backups.
This is just the tip of the iceberg boys. Thanks Yumbo!
Cheers mate. Seriously get all important data off Windows.
Me – I’m dusting off my OpenBSD platform.
Anonymous25I’d stock up on essentials of food and water that could last at least a few weeks
If they were able to take payment systems down or other essential infrastructure, it would take a couple of weeks to get things back to normal. And I for one don’t want to be battling crazy cat lady at the local supermarket over a tin of beans
Anonymous11I looked over the leaked source code and read a lot of technical analysis on that NSA crap component that those WannaCry pricks bolted onto their ransomware. It was designed by absolute masters of their craft.
This will haunt us for years. It could very well lead to sporadic global supply chain disruptions and actual deaths. I promise they have the various UNIX variants well covered too as well as everything else under the Sun.
I looked over the leaked source code and read a lot of technical analysis on that NSA crap component that those WannaCry pricks bolted onto their ransomware. It was designed by absolute masters of their craft.
Yes – the C++ code is awesome. Could only follow some of it. It’s been awhile for me.
If they were able to take payment systems down or other essential infrastructure, it would take a couple of weeks to get things back to normal. And I for one don’t want to be battling crazy cat lady at the local supermarket over a tin of beans
I think that’s a very good idea. I was watching Die Hard yesterday – the one with the hackers. S~~~.
Historically, it surprises me that governments don’t remember the concept of ‘blow back’. Sooner or later, others will copy it it, amend it, and use it…..
Still the bonus side is that this will hasten the demise of Windows, lose the public’s confidence in electronic systems and the cashless society…which is where I can see where criminals will target. But rather than go after individuals, go after a country’s banking system and stock exchange….no need for actual warfare.
However this technology is pretty useless in some third world backwater country like Sudan or Mali etc where they don’t even have a regular supply of electricity, never mind a computer system.
The irony is that the country that developed it should be the most worried about it being used against them.
D. G. I. Don't. Get. Involved. (Be happy, and stress not)
The irony is that the country that developed it should be the most worried about it being used against them.
Quote of the Day
Still the bonus side is that this will hasten the demise of Windows, lose the public’s confidence in electronic systems and the cashless society…which is where I can see where criminals will target.
Windows is the most anti-secure system I have worked on. We really need something else, or people in hospitals, critical services etc are in really deep s~~~.
Just imagine NATO or NORAD being compromised. It can happen with this new set of tools. Yes they may be secure but there is always a Windows platform somewhere and some idiot downloading porn or opening great looking emails.
All you need is ONE entry point. Windows is a gift to hackers.
Anonymous42I thought that’s what government is for? To cause as much damage possible then cover their asses by making laws to make the damage permanent and pervasive. This government needs to be abolished and not a dime more!
Life would be better without than with this government, I really mean that!
I thought that’s what government is for? To cause as much damage possible then cover their asses by making laws to make the damage permanent and pervasive. This government needs to be abolished and not a dime more!
Life would be better without than with this government, I really mean that!
The way things are going we may get that sooner than most people think.
Anonymous42The way things are going we may get that sooner than most people think.
I’m already there!
Anonymous11Windows is the most anti-secure system I have worked on.
Do you remember Windows 2000 network SMB sharing? It was Everyone “Full Control” by default.
Windows is all about keeping any users from having to use their brains. Apple pulls it off better using Darwin a BSD fork.
Windows allows things to access privileged kernel space that should never be there in the first place.
Before anyone thinks of changing over to Windows 10, remember you cannot turn off auto-update in Windows 10.
One should watch the 2004 film I, Robot to understand the dangers of living auto-update on.
The hackers do not even have to worry about the computers connecting for the software install. All they have to do is infect their viruses at the source.
Tens of millions of zombie computers with a few keystrokes.
I believe you cannot turn off auto-update with many smartphones. I am not sure.
If MS and Apple are smart, they would turn off auto-update for their products before the large security hole is exploited.
Anonymous42I installed Adobe Photo deluxe buisness edition that came with my first digital camera, trying to use windows editing software felt like a kindergarten romper room, f~~~ing childish! like Win8 (try to figure out how to get in the car with no door handles, no dash board, no ignition. Just childish avatars that lead you to other childish avatars that lead nowhere! Evey pathway you knew through the windows operating system was GONE! Just a big I phone built to hide and obscure all the nuts and bolts. Same with GIF animated programs, everything is a platform one size fits all with severely limited function just like kindergartner romper room. Include platform websites where the techs answer you with “I can see why someone would want that ability” then offer NO SOLUTION whereas the nut’n’bolt website where you have the platform building blocks so you can do waaaaaaaaay moooooorrrrreeeeeeee s~~~!
I’m not the biggest fan of Alex Jones but I’ll say one thing, I see a dumbdown push to cripple peoples ability on every platform on the internet and
programsorry, I mean App that’s published.They removed the f~~~ing “help tab” from the mind-f~~~ win-8 program. It went from an elaborate maze of brick pathways to every corner of the empire to an ENORMOUS PILE OF BROKEN BRICKS! WTF! It’s like they’re trying to eliminate text entirely and replace the written word with F~~~ING SILHOUETTES AND SYMBOLS! I find the whole f~~~ing direction of Microsoft and Windows going down the drain to degrade the internet experience down to making you a drooling, mumbling, babbling, f~~~ing mute!
Simple things, simple paths, convert to GIF, JPG, PNG, just a f~~~ing click or two away, not f~~~ing doing an internet search just to find the new s~~~ f~~~ing program doesn’t have the f~~~ing function! WTF! It’s INTENTIONAL TO CRIPPLE THE MASSES FROM FREEDOM OF EXPRESSION! STUPIDITY IS EASIER TO CONTROL! SO WHY NOT MAKE THEM THINK THEY’RE STUPID WHEN ACTUALLY THEY’RE FRUSTRATED WITH OUR REMOVING THE CONTROLS! <rant f~~~ing over>
My brother mentioned this yesterday, so thanks for the post Yumbo.
After getting an xbox for christmas and having to deal with microsoft support a few times, I’ve decided that I’m done supporting them.
So this stuff is pretty over my head, but if I were to by a MacBook, would that solve the problem? Is this virus for windows only?
Do you remember Windows 2000 network SMB sharing? It was Everyone “Full Control” by default.
Windows is all about keeping any users from having to use their brains. Apple pulls it off better using Darwin a BSD fork.
Windows allows things to access privileged kernel space that should never be there in the first place.
Please don’t remind me -I used to work on CIFS and LAN Manager Server – never again!! I got out of programming serverside after that.
At that time we never really thought about security – except I was backending for a bank so that’s why I learnt what MS was not doing right.
The best MS OS in my opinion was Win NT4 – hands down.
Great post Yumbo, unfortunately I’m not very computer/techo literate but even so your post scares the daylights out of me. I’m putting in an order for more ammo TODAY!
So this stuff is pretty over my head, but if I were to by a MacBook, would that solve the problem? Is this virus for windows only?
The viruses for now are being tested for Windows. There is a low probability that Mac would be infected as they gave a really good internal structure that is difficult to access.
I have not used Mac in a while and a Mac has its own user issues as well. Perhaps bro ChauvinistPig would care to respond on issues.
However you would be much better off with a Mac at this point in time. You will have to adjust to the OS and office appliances but security-wise it would be worth it.
I’m sticking with Win 7 until I get my Unix up and running. .My thinking is that MS products will get infected one way or the other by Vault 7. This includes phones and other programmable equipment.
Security is always retroactive so you stand a risk of being infected regardless of who you secure with – Norton is still the best on the market and cheap if you use download and install.
So you have a much better chance if you do not use Windows OS’s at this point in time.
Great post Yumbo, unfortunately I’m not very computer/techo literate but even so your post scares the daylights out of me. I’m putting in an order for more ammo TODAY!
I’m going to write something on computers just for you my friend. Wait for it. 🙂
Before anyone thinks of changing over to Windows 10, remember you cannot turn off auto-update in Windows 10.
Yep, Windows 10 is a no-go for me. I’m using 8.1 but once it’s time for the upgrade then I will exclusively use Linux and save Windows just for gaming.
It’s like they’re trying to eliminate text entirely and replace the written word with F~~~ING SILHOUETTES AND SYMBOLS!
I miss Win XP. I wish I could still use it but it’s pretty much obsolete for many things I want to do.
"Are you loosed from a wife? Do not seek a wife." --Apostle Paul
- AuthorPosts
You must be logged in to reply to this topic.
921526
921524
919244
916783
915526
915524
915354
915129
914037
909862
908811
908810
908500
908465
908464
908300
907963
907895
907477
902002
901301
901106
901105
901104
901024
901017
900393
900392
900391
900390
899038
898980
896844
896798
896797
895983
895850
895848
893740
893036
891671
891670
891336
891017
890865
889894
889741
889058
888157
887960
887768
886321
886306
885519
884948
883951
881340
881339
880491
878671
878351
877678
