Wikileaks leaked third part in series of Vault 7 yesterday , CIA secret Anti-forensic Marble-framework. Marble is used to confuse and incomprehensible the forensics and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.
Marble framework does all of this by hiding text in viruse, troajns(or CIA malware) from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.
Marble framework is a very core thing used with CIA malwares to avoid forensic investigations pointing CIA for it.
The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
For source code of Marble framework go to wikileaks.org
Reference: wikileaks
Comments
Post a Comment