Skip to main content

The deeper story behind CIA's attempt to 'impersonate' Russian cybersecurity company using hacking tool Hive


In 9 November 2017, WikiLeaks published the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

According to WikiLeaks, Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.

This CIA cybertool could be proven very useful for accusing foreign agencies and organizations for hacking US facilities and processes, but beyond that, there is a deeper reason for which CIA has targeted the specific Russian company and it is related to the first discovered malware that spies on and subverts industrial systems.

Former British intelligence officer and Whistleblower, Annie Machon, reveals why CIA has targeted Kaspersky Lab:

Obviously, the CIA will be interested in a very successful Russian-based company that offers protection on the Internet. But it goes back a bit further because, it was 2010 the very first proven cyberwarfare weapon was deployed. And this was against the Iranian domestic civilian nuclear development capability. And this was at the time when the Americans were drumming up the war against Iran.

There was an attack made against their civilian nuclear capability, and in this case, this virus, which was called Stuxnet, was deployed against the centrifuges that enriched the Uranium. Nobody knew where it came from. It seemed to be very weaponized, a state level. And it was actually Kaspersky that unveiled who had developed it. It was the Americans and the Israeli intelligence agencies. So, Kaspersky has been very much in the cross-chairs of both the American and the Israeli intelligence agencies.


From Wikipedia, Stuxnet is a malicious computer worm, first uncovered in 2010 by Kaspersky Labs, the antivirus company. Thought to have been in development since at least 2005, stuxnet targets SCADA systems and was responsible for causing substantial damage to Iran's nuclear program. Although neither country has admitted responsibility, since 2012 the worm is frequently described as a jointly built American/Israeli cyberweapon.

Stuxnet, discovered by Sergey Ulasen, initially spread via Microsoft Windows, and targeted Siemens industrial control systems. While it is not the first time that hackers have targeted industrial systems, nor the first publicly known intentional act of cyberwarfare to be implemented, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

Comments

Popular posts from this blog

Oct. 7 Reports Implode: Beheaded Babies, NY Times Scandal, & More

Glenn Greenwald    

Israel’s Descent Into Madness & the Holocaust Comparison

BreakThrough News   Rania Khalek was joined by Tarik Cyril Amar, a historian from Germany and associate professor at Koc University in Istanbul, to discuss Israel’s descent into genocidal fascism. Prof. Amar addresses whether it’s useful to make Holocaust and Nazi comparisons and the real reason behind the West’s unshakeable loyalty attitude when it comes to Israel’s barbarism.   

Zionist and US imperialist criminals are about to grab the natural gas off shore Gaza

globinfo freexchange   As the genocide against Palestinians of Gaza is about to be completed with an act of unprecedented brutality by the Zionists and butcher Netanyahu through the bombardment of about 1.4 million civilians in Rafah, it seems that they have already set their next primary goal. Which, in short, is to grab the natural gas resources off shore Gaza, together with their US imperialist buddies whose contribution to the genocide has been undoubtedly critical.     As already reported , in 2007, Hamas came to power and Israel launched an offensive on Gaza Strip, leaving behind 1,400 dead Palestinians, but taking with it the gas fields. Within a year, Israel announced the discovery of the Leviathan natural gas field, which did include Gaza's riches, valued at 453 billion dollars. But Gazans have been denied around 47 billion dollars in revenue. As for Tel Aviv, it's gunning to become a new hub. At that moment in time, that is 2022, Russian oil and gas were sanctioned.

Neocon Queen Victoria Nuland Ends Her Reign: Exposing a Catastrophic Career

Glenn Greenwald    

Τυχαία γεγονότα στην τριτοκοσμική μπανανία των Βαλκανίων

failed evolution   1) Συμβαίνει το μεγαλύτερο σιδηροδρομικό δυστύχημα στην ιστορία της χώρας. 2) Γίνεται αστραπιαία επιχείρηση μοντάζ των συνομιλιών του σταθμάρχη από μηχανισμό του καθεστώτος, πριν ακόμα φτάσει στα χέρια των αρχών, προκειμένου να αποδοθεί η τραγωδία αποκλειστικά σε ανθρώπινο λάθος και να βγουν από το κάδρο οι πολιτικές ευθύνες ανώτατων κυβερνητικών αξιωματούχων. 3) Αναπαράγεται το παραποιημένο υλικό αστραπιαία από ναυαρχίδα της καθεστωτικής προπαγάνδας. 4) Τοποθετείται επικεφαλής στην επιτροπή-παρωδία πρωτοπαλίκαρο του καθεστώτος Μητσοτάκη που εργάζονταν παλιά στην ίδια αυτή ναυαρχίδα. 5) Η επιτροπή κλείνει άρον-άρον την υπόθεση αποκλείοντας ουσιώδεις μάρτυρες που είχαν προειδοποιήσει επανειλημμένα τον αρμόδιο υπουργό για τον κίνδυνο μεγάλου δυστυχήματος. Σταματάει έτσι και η όποια σε βάθος διερεύνηση για την τσιμεντοποίηση του χώρου και την απόπειρα συγκάλυψης της τραγωδίας.  

Το σκάσιμο της φούσκας Μητσοτάκη με νέα επίσημη χρεοκοπία και οριστικό τέλος της μεταπολίτευσης

του system failure   Τα αποτελέσματα των εκλογών της 25ης Ιουνίου ήταν λίγο-πολύ αναμενόμενα όσον αφορά τις πρώτες θέσεις με βάση και τα αποτελέσματα της πρώτης κάλπης του Μαίου. Αν συμπεριλάβουμε και το ποσοστό της αναμενόμενης αποχής, δεν μας έδωσαν κάποια ιδιαίτερη έκπληξη. Αυτό όμως που φαίνεται να αιφνιδίασε ακόμα και το συστημικό κατεστημένο, είναι η είσοδος των δύο υπερσυντηρητικών, ακροδεξιών κομμάτων Νίκη και Σπαρτιάτες, με το τελευταίο να έχει ξεκάθαρες διασυνδέσεις με τον πρώην Χρυσαυγίτη, Ηλία Κασιδιάρη. Παρά τη μεγάλη νίκη Μητσοτάκη, οι μιντιακοί ινστρούχτορες της καθεστωτικής προπαγάνδας εμφανίστηκαν σε γενικές γραμμές "μουδιασμένοι" και αυτό οφείλεται στο γεγονός ότι το συστημικό κατεστημένο (δηλαδή τα μεγάλα οικονομικά συμφέροντα που ελέγχουν και το σύνολο των μεγάλων ΜΜΕ πανελλαδικής εμβέλειας), πέτυχε μόνο έναν από τους τέσσερις μεγάλους στόχους που είχε θέσει εξ'αρχής. Μιλώντας με ποδοσφαιρικούς όρους, ουσιαστικά έχασε με σκορ 3-1.   Ο μεγάλος στόχος πο

The Shadowy, Intelligence-Linked Group Driving the US Towards War With Iran

"United Against Nuclear Iran does not miss an opportunity to try to bring the United States closer to a military conflict with Iran. And on the other side of the equation, they also have worked very hard to oppose efforts to de-escalate the U.S.-Iran relationship."   by Alan Macleod   Part 7 - A Lesson From History   The history of Iran has been intimately intertwined with the United States since at least 1953 when Washington orchestrated a successful coup against Prime Minister Mohammad Mosaddegh. Mosaddegh had refused U.S. demands to stamp out Communist influences in his country and had nationalized the nation’s oil. The U.S. installed Shah Mohammad Reza Pahlavi as a puppet ruler. An unpopular and authoritarian ruler, the Shah was overthrown in the Revolution of 1979. Since then, it has become a target for regime change, and its nuclear program is something of an obsession in the West. Often orchestrated by UANI officials while they were in government, the U.S. has carried

How the CIA oversees the Ukraine proxy war on Russia

Geopolitical Economy Report   Several reports in mainstream US media outlets show how the CIA has helped to direct the proxy war against Russia in Ukraine, and played a role in causing the conflict in the first place. Ben Norton examines the evidence.   Related: Confirmed: US imperialists wanted to drag Russia into a war with Ukraine since at least 2019

Israel Carries Out Most Sadistic Massacre, Opens Fire On Gaza Aid Convoy

Richard Medhurst  

The real reason behind TikTok ban

Glenn Greenwald /  Richard Medhurst