Wikileaks Exposes CIA Exploit Capable Of Cyber “False Flag” Attack To Blame Russia
Earlier today, Wikileaks once again made headlines following its release of the “largest ever publication of U.S. Central Intelligence Agency (CIA) documents.” The massive release – just the first batch in a trove of documents code-named “Vault 7” by Wikileaks – details the CIA’s global covert hacking program and its arsenal of weaponized exploits.
While most coverage thus far has focused on the CIA’s ability to infiltrate and hack smartphones, smart TVs and several encrypted messaging applications, another crucial aspect of this latest leak has been skimmed over – one with potentially far-reaching geopolitical implications.
According to a Wikileaks press release, the 8,761 newly published files came from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia. The release says that the UMBRAGE group, a subdivision of the center’s Remote Development Branch (RDB), has been collecting and maintaining a “substantial library of attack techniques ‘stolen’ from malware produced in other states, including the Russian Federation.”
As Wikileaks notes, the UMBRAGE group and its related projects allow the CIA to misdirect the attribution of cyber attacks by “leaving behind the ‘fingerprints’ of the very groups that the attack techniques were stolen from.”
In other words, the CIA’s sophisticated hacking tools all have a “signature” marking them as originating from the agency. In order to avoid arousing suspicion as to the true extent of its covert cyber operations, the CIA has employed UMBRAGE’s techniques in order to create signatures that allow multiple attacks to be attributed to various entities – instead of the real point of origin at the CIA – while also increasing its total number of attack types.
Other parts of the release similarly focus on avoiding the attribution of cyberattacks or malware infestations to the CIA during forensic reviews of such attacks. In a document titled “Development Tradecraft DOs and DON’Ts,” hackers and code writers are warned “DO NOT leave data in a binary file that demonstrates CIA, U.S. [government] or its witting partner companies’ involvement in the creation or use of the binary/tool.” It then states that “attribution of binary/tool/etc. by an adversary can cause irreversible impacts to past, present and future U.S. [government] operations and equities.”