WikiLeaks Dump Reveals CIA Malware That Can Sabotage User Software

An anonymous reader writes: "While the world was busy dealing with the WannaCry ransomware outbreak, last Friday, about the time when we were first seeing a surge in WannaCry attacks, WikiLeaks dumped new files part of the Vault 7 series," reports BleepingComputer. This time, the organization dumped user manuals for two hacking tools named AfterMidnight and Assassin. Both are malware frameworks, but of the two, the most interesting is AfterMidnight -- a backdoor trojan for stealing data from infected PCs. According to its leaked manual, AfterMidnight contains a module to "subvert" user software by killing processes and delaying the execution of user software. Examples in this manual show CIA operatives how to kill browsers every 30 seconds to keep targets focused on their work, how to delay the execution of PowerPoint software with 30 seconds just to mess with their targets, or how to lock up 50% of PC resources whenever the user starts certain software. Basically, the CIA created nagware.

50% usage

[Anonymous Coward]

how to lock up 50% of PC resources whenever the user starts certain software

Isn't that just windows updates?

Re:

[rfengr]

I only wish. My home PC runs fine. The one at work is a dog, despite being brand new dual Xeon. Corporate IT has a way of destroying anything.

Re:

[LinuxIsGarbage]

Corporate IT has a way of destroying anything.

Agreed. I've bought surplus work computers, and they went from being dogs that took 10 minutes to boot, to being decent systems.

Re:

[Coisiche]

No problem here... maybe a CIA operative is messing with you.

Re:

[geekmux]

how to lock up 50% of PC resources whenever the user starts certain software

Isn't that just windows updates?

Even worse.

Microsoft could consider this activity patent infringement. Guess it's good the government isn't easily sued...

Re:

[Anonymous Coward]

how to lock up 50% of PC resources whenever the user starts certain software

Isn't that just windows updates?

Nope. A certain Antivirus did that too; and probably still does AFAIK.

Re:

[david_thornley]

Why are you using a singular designation for a plurality?

They don't even understand "work"

[Errol backfiring]

to kill browsers every 30 seconds to keep targets focused on their work

As a web programmer, I need tons of documentation that is mainly available on-line. If I got the CIA's luddite infection, I couldn't deliver much useful

Re:

[GameboyRMH]

If my browser was crashing every 30 seconds I would suddenly be very focused on why my browser is crashing.

Re: They don't even understand "work"

[Mouldy]

Web programmer, lol. Spoiler alert: you don't deliver anything useful anyway.

Says an AC commenting on the web

Re: They don't even understand "work"

[Mouldy]

You missed my point. At risk of just feeding the trolls, let me try again;

Someone who says anything on the web, is using the web to make their message heard. In this instance, GP AC used the web to tell the world that the web is useless. An obvious contradiction.

On top of the use of making their message heard, the AC made use of another capability of the web; limited anonymity.

So in that 1 post, AC contradicted their own message at least twice.

Re:

[Revolteh]

What is "AC"?!

Re:

[Anonymous Coward]

>washington post
>hearsay via anonymous former officials
>directly contradicted on the record by multiple current high-level officials who were in the room at the time
>not even illegal even if it was true

Never mind though, if you want it to be true badly enough it will magically be true. That impeachment's juuuuuust around the corner!

Re:

[Big Hairy Ian]

Trump does something monumentally stupid every day it's just not news anymore

Re:

[Opportunist]

So... we get exciting news every day now?

Browser dies every 30 secs...

[Anonymous Coward]

Powerpoint gets delayed 30 secs... and so on.

Isn't that just standard Windows "user experience" anyway?

If you feel left out...

[jeti]

If you feel left out, you can simply install some anti-virus software.

Windows

[coofercat]

I thought Windows was just like that by default - little did I know I was being hacked by the CIA. I'll be more careful in future ;-)

Value for money

[Mouldy]

Anyone else a bit disappointed by the sophistication of the tools & docs wikileaks are releasing?

If this is the extent of the CIA's super-impressive cyber capabilities, then the tax payers probably deserve a refund.

The difficult/expensive bit are the zero day exploits & getting nafarious/nagging code onto a target system & running with sufficient privileges.

Finding a hole in an EOL OS like windows XP or social engineering someone to install something that kills powerpoint every 30 seconds probably isn't worth the millions (billions?) of dollars thrown into these programs by the government.

Maybe I've just seen too many spy movies, but I kind of expected something a bit more exotic.

Re:

[Mal-2]

Maybe I've just seen too many spy movies, but I kind of expected something a bit more exotic.

Even hundred-million-dollar robots need the application of $1 screwdrivers now and again. Sometimes it takes a tool that costs as much as a car to service a car, while other times it only requires a $10 cable and a laptop you already have. I'm not surprised that the surveillance state uses both expensive tools and cheap ones, since almost every other endeavor does the same.

Re: Value for money

[Entrope]

Why do you think these are the tools that much money goes towards? If some other spy agency took these tools in the first place, they'd probably keep the really cool ones rather than give them to Wikileaks.

Re:

[AHuxley]

The CIA malware is focused at average users in front of an average Windows computer.
Expecting average, tame, consumer grade antivirus products that don't work on average computers.
This is not an average OS X or Linux user with an outgoing firewall that has a nice gui to show new connections and lots of third party software looking for any changes to OS folders, files in real time.
Nothing is watching for persistently installed software or looking at persistence locations for OS changes.

Octopus and Gre

God damnit.

[Narcocide]

Is this why WoW gets slower with every release?

Re:

[fibonacci8]

Is this why WoW gets slower with every release?

It's the reason all raid fights have to fit into a 30 second window now.

Re:

[Dunbal]

Because people aren't stupid enough to give execute privileges to anything that asks for them. You're merely delaying the inevitable. The problem lies between the keyboard and the chair. Most people REFUSE to think. Grandma would rather ask her son to buy her a new laptop than have to read dialog boxes or set file permissions.

Re:

[F.Ultra]

And would it not also be great if that executable flag where automatically stripped when downloading a file so all things downloaded by a browser/mail-program had to be manually enabled in order to run?

Yeah

[Ryanrule]

So they are passing out weapons now. Lots of international law about that. Most of it very nasty.

if i noticed something acting that screwed up

[FudRucker]

i would assume the worst, totally wipe windows off the drive, do a clean install without allowing windows internet access, reboot my dual boot system to Linux and then wait for the shitstorm to subside and then maybe boot up windows for offline only purposes and use Linux for a general purpose internet access OS

Let it be a lesson

[OneHundredAndTen]

To all those who keep looking forward to the year of Linux in the desktop - don't. The status quo is excellent. You can run Linux in the desktop without any problems and without much effort, if you want to, to do just about everything that you need and want. As long as Windows maintains its stranglehold, the bad guys and three letter government agencies world over will focus their efforts on Windows, leaving Linux desktops alone. The time has come to understand that the dominance of Windows in the desktop is a blessing to those of us who wish to run Linux in the desktop. We do not want for Linux to rule in the desktop, we want for Windows to carry on taking the heat. Fortunately, the asinine efforts behind Gnome and KDE (and the fading Unity) almost guarantee that Windows will remain the desktop of choice for the masses. And that is a very good thing for the rest of us.

Re:

[ruir]

After the systemd fiasco, for me is the year of FreeBSD in the desktop...Actually it is so much easier to setup wifi, for instance...

Spotting Malice In The Noise

[ytene]

I'm not sure about other readers, but one of the things I've noticed is that as time passes, so more and more potentially useful software becomes "chatty" - in other words software that we'd normally trust to do "what it says on the tin" and nothing else has suddenly sprouted a great deal of extra activity.

This makes it much harder to spot suspicious activity on "ordinary" machines.

Now, we have to accept that there is a great deal of "free" software available today (firewall software like ZoneAlarm, anti-virus software like AVG) which offer both free and paid-for versions, but for which the free-to-use editions "phone home" an extraordinary amount of data about your PC. You get what you pay for.

But when your OS is the worst offender, (W10), when your video driver maintains a running commentary (nVidia), when almost any piece of software on your computer believes that it has the need or right to "phone home", it becomes orders of magnitude more difficult to understand when something suspicious might be happening with your computer. I recently had to re-install a Windows 10 machine for a friend of mine; after applying a 3rd-party firewall utility and configuring it to block all outbound traffic until it had been positively vetted, I was absolutely stunned by the number of different packages that claimed the need to "phone home".

I am sure there are many legitimate reasons for this to happen [such as checking for updates]. However, the current state of affairs seems to be stacking the odds against the average user. It's a bit like the tic-tac-toe ending to Wargames: the only way to avoid losing is to not play the game... and the only way to avoid having your PC pwned is to not have a PC in the first place.

OK, that's a [small] exaggeration. But it illustrates the point. #Depressing.

Re:

[ruir]

Tell me about chatty...I wonder if any operating system would ever have the common sense of not stealing the focus of apps, at least if the user has been using the keyboard and mouse in the last couple of minutes.

Re:

[ytene]

Oh yes - and especially when the software wants to get you to agree to an update, and cheerfully interrupts a full-screen gaming session to agree to an update.

Software vendors: there are plenty of opportunities and ways that you can let me know that I need to give your software product my attention - for example causing the menu bar icon to flash. Taking control of my PC and switching to your product is NOT an acceptable mechanism. I will replace and remove software that does this. Which is why 95% of my

Re:

[ruir]

I migrated out of linux decades ago, and nowadays starting the process of migrating out of OSX for *BSD.

Re:

[LienRag]

and the only way to avoid having your PC pwned is to not have a PC in the first place.

Or not to use Windows...

Previous art

[ruir]

Cant Microsoft sue for infringement about selling malware that can sabotage user software?

Re:

[fibonacci8]

Suing over trivial and frivolous design patents is Apple's business model. Microsoft might be able to license the technology from them.

Re:

[ruir]

Last time I looked the crappy software is on the MS side, so Apple cannot properly sue about that...MS is known to be shady enough to fund trolls for them to sue other companies, partly also because it had several run ins with the DoJ in the past.
Both situation are pretty well documented, and you know, someone invented something called Google...

Re:

[ruir]

Hmmm....you comment history just indicates you are an idiot or a wanna be troll....

Hey wait a minute

[Kardos]

... this raises the possibility that Windows might actually be a functional and performant piece of work, one that has been unfairly maligned over the years due to the CIA's actions!

Morons

[rickb928]

That's not nagware. Stop with the self-righteous software vigilantiism.

Children.

animal jam

[candysim]

The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much. animal jam [animaljam-2.com] | five nights at freddy's [fivenights...ddys-2.com] | hotmail login [hotmailemaillogin.net]

It is rather odd...

[Viol8]

...that Wikileaks never seems to publish any russian or chinese state cyber security leaks. Now either security is particularly bad in the US security services compared to russia and china, which means information is easy to get hold of, or someone in wikileaks has a rather anti-US agenda. I know which I'd lay money on.

Re:

[Anonymous Coward]

It couldn't just be that the wikileaks editors don't speak chinese...

Re:

[Dunbal]

Because Russia and China state agencies are prohibited by law from using Microsoft products. So they never get hacked this way.

Re:It is rather odd...

[F.Ultra]

What you should ask instead is why no one seams to leak such information to Wikileaks. It's not Wikileaks that hunts down and finds this information, it's sent to them. If you leak Russian secrets to them I'm quite sure that they would distribute them because it's not like the Internet is full of "I leaked Russian data to Wikileaks but they never released them" either.

Re:

[Archtech]

I really shouldn't feed the troll. But...

1. AC

2. Potty mouth

3. No actual content.

Just saying.

Re:

[gnick]

If Wikileaks publishes even one Russian secret, the Russians will find another distributor when they want to release juicy bits on the US and other Western powers.

B.S. There's no loyalty between the two. Wikileaks is a tool used by whoever has stuff they want leaked. They seem to be pretty neutral, even though their sources are obviously not. Nobody's going to avoid it because they got their feelings hurt - Why would they?

Re:

[gtall]

At this point, all we have is Wikileaks saying it is CIA software. I don't find it beyond the realm of possibility that they are just feeding the world some Russian crap and billing it as coming from the CIA. It has better mass appeal that way, because who gives a damn about what Russia's doing.

Re:

[Sique]

It might have to do with the fact that you can see the leaked information from russian or chinese sources in the evening news on TV, because leaking russian and chinese secrets to the public is not in violation to any U.S. statute. That's quite different to leaking U.S. secrets to the public, which is considered treason in the US.

WikiLeaks makes the headlines in the U.S. everytime it publishes information from the U.S.. That's right. And that's because you wouldn't get that information anywhere else becau

Re:

[acrimonious howard]

What are the biggest examples of stuff leaked about Russia that went straight to US press?

Re:

[nospam007]

"What are the biggest examples of stuff leaked about Russia that went straight to US press?"

The stuff that orange Hitler blabbered out to the Russian spy-chief ?

Or....

[rholtzjr]

This could also be yet another "look over here, pay no attention to the man behind the curtain" scenario. Do not fool yourself, all of the world's intelligence communities has been doing this for decades of influencing the masses with carefully orchestrated information dumps. Because they know most people prefer the ignorance is bliss mentality. I bet you still consider the DNC staffer was the victim of a botched robbery, right?

All of this is the classical "Divide and Conquer" rules of war that has been going on for centuries. They have successfully implemented the first phase by dividing the country in half. What would the next step be?

More importantly, who is the they in the equation?

Re:

[radarskiy]

"I bet you still consider the DNC staffer was the victim of a botched robbery, right?"

Yes, because Seth Rich told police that the perpetrators were actually trying to mug him. If they intended to kill him, they would have made sure he was dead first them made it look like a mugging gone wrong.

Re:It is rather odd...

[AHuxley]

China and Russia now have better practices after decades of having to counter intrusion attempts.
The most easy way is to only allow mil officers to move up the ranks who are loyal. Some profiling helps a lot.
Mil bases, science city, closed areas allow projects to stay safe. No mixing of other nations embassy staff, spies been tourists, university students, random foreigners, illegal migrants near sensitive sites.
Russia and China now fully understand the signals gathering efforts by the NSA and GCHQ. Less chatter on their networks about secrets as they know the NSA and GCHQ are in on all their internal networks.
The main security issues for Russia and China is the CIA or MI6 making a cash offer to their mil and workers. A lot of cash, new life in the West, education, holidays, work. No uniform, fun, freedom to read, watch TV all day.
The only way around that is to profile every worker and see if they are tempted. Personality traits that sway to loyalty, been patriotic, pride in uniform, pride in own nation are valued. The easy to distract, weak minded person who lives in a total fantasy world does not get any security clearance.

Its different to the West. Less contractors working with mil staff, low wages, tension between mil, new contractors setting projects and gov workers. A spirit de corps still holds as all the people on site are tested and trusted. The site is also the only pace the project exists. No digital copies with just in time contractors that can walk.

So the West sees a lot of talk by human rights groups, lawyers, documents. Court cases get supported, published. A lot of court related material exists in the West about Russian and China. Just not mil grade as it does not exist on computer networks.

The US stores too much with contractors, has too much complex data in plain text facing open networks thanks to role and for profit needs of contractors.
Its seems to go back to an idea that the early 1950-70's US networks would always be secure. Each US base was physically secure, the secure networks between each US base was perfect. So lots of chatter and plain text for contractors is just part of that long term US system.
The US also learned a lot from 1930-1970 UK staff security issues and tried its best to secure its own mil and gov staff. That worked well until the US got flooded with for profit contractors.
The US believes in the creativity, profit motive and imagination of its contractors, if they need plain text computer networks, thats just part of the system.
Very different concepts around staff security and document security after decades of issues and walk outs in Russia and USA.
The UK tried to get the best of both worlds with better gov/mil staff conditions, real gov and mil jobs with good wages, security and trust in the 1970's. It worked well until new contractors got access to UK material.
The UK also faced the real Irish issue, past UK staff issues with the Soviet Union and was finally much more security aware.
No more easy to access photocopiers with lots of paper next to secure UK document vaults for spies to copy with.

Re:

[phorm]

Also, if you leak a bunch of Russian secrets, you're likely to get a nice drink of Polonium Tea even if you defect to the West and find "safe harbour"

Re:

In authoritarian regimes government employees are generally more compliant and feel less democratic responsibilities than in relatively free and democratic countries, hence there are less whistleblowers.

Re:please stop them

[Kiuas]

Man I wish we had some vigilante hackers that would shut down wikileaks, they are the Enemy. Giving secrets to them is giving them to the enemy which is all the spyware writers in North Korea.

Do you not think the other agencies don't have access to such tools and information already? Exploits are sold and distributed in the darkweb on a daily basis, you can even these days buy malware as a service. It's a highly advanced, highly lucrative industry with professionals at work on all sides. And not all the players are state actors, plenty of them have commercial interests in mind and these people don't care who's buying.

Now, someone else said it well in a recent story about WannaCry: the lesson of this story is not just 'guard your weapons better' but also 'make better armor'

Putting these exploits out there allows for people to defend themselves against them. Following the mentality of 'well let's just not tell anyone of this exploit we found and no $BAD GUYS will ever find it" is arrogant and stupid because there are billions of dollars involved in the industry of seeking out and taking advantage of these exploits. There are millions of people across the planet right now working for criminal enterprises whose day-to-day job it is to seek these security holes out, with or without sites like WikiLeaks.

I personally think the whole tactic of not informing companies of serious security flaws in their products in the hopes of one day being able to use said exploits to target $BAD GUYS, is incredibly stupid and shortsighted because it simultaneously puts EVERYONE running these systems in the US/west at risk of being attacked by whoever else has found the same exploit. It's literally the same as finding out a vaccine for a deadly virus but trying to keep it a secret in case one day you decide to start full-scale biological war against $BAD GUYS; if your population is not vaccinated and is hit first by the enemy, you're fucked. The risk-reward ration is absurd.

But then again, I'm not american, so that must mean I'm the enemy, right?

Jill Stein travelled to Russia in 2015

[Anonymous Coward]

The Russians are looking to own both the left and the right.

Heads they win, tails we lose.

Jill Stein travelled to Russia in 2015, and we still don't know who paid for that trip or why (and she's keeping mightly quiet).

It's probable that Russia helped amplify Bernie Sander's message to disrupt Hillary's primary run (though it is equally clear that Bernie himself did not know this or collaborate, unlike Trump).

It is certain that they will mess with our primaries, and the 2020 presidential campaign (as well as

What Do You Mean, "Russia Hacked Our Election?"

[RobotRunAmok]

Seriously. What did they do? Specifically.

Re:

[Dunbal]

Nobody leaks classified info to the New York Times they just make up the stories. Like the latest one about Assad burning people alive in a crematorium. That's the difference.

Re:please stop them

[Anonymous Coward]

Yeah people like you would rather have fake news that has been sanitized for your protection. All wikileaks does is report stuff. Don't blame them for being the messenger. You want to shoot someone, shoot the guy in charge of internal security at the CIA/NSA or wherever these "tools" get stolen from. And shoot the guy at Microsoft who knew about all these vulnerabilities years ago and decided to sit on his hands.

But I'm wasting my breath - your statement proves you are incapable of dealing with the real world.

Re:

[Jeremiah Cornelius]

This is the best description of Microsoft Windows I have seen in print, to date.

It also provides excellent context for the creation and promotion of systemd.