Wikileaks: CIA disguises spy software with fake Kaspersky certificates

Wikileaks: new messages from the hive

(Picture: wikileaks.org)

News from the figures published by Wikileaks CIA"beehive": The US foreign secret CIA message traffic to his Command&-control servers covered with fake certificates of the Russian Kaspersky Lab.

With the latest release of Vault 8 Wikileaks has published files can further explain the known internal function of the earlier than Hive (Beehive) project. Accordingly, the US foreign intelligence service CIA used decoy certificates for communication with the Command&-control servers. show now released by Wikileaks files that flared in at least three cases, from the Symantec subsidiary Thawte certificates for the Russian company Kaspersky Lab were used. While Wikileaks speaks of a scandal, the incident of Kaspersky is investigated.

Technically, what Wikileaks has now published from the existing CIA material, easy to explain: If an attacker via a Command&-control server will communicate with the infected systems by him, he must choose an unsuspecting possible channel. In case of "Vault 8", The CIA project "Hive" said system fake certificates were used, the message traffic between the malware and the C&C servers authenticated and therefore should it appear innocuous. The CIA used for certificates that were issued by Thawte to the Russian firm Kaspersky Labs.

The timing of the Vault 8 publications coincides with various speculations as "Russian hackers" have influenced from the so-called fancy-bear-scene, the elections in the United States.(Detlef Borchers) /(ANW)