Jump to content

CIA Malware Infects System Boot Sector to Hack Windows PCs


Matsuda

Recommended Posts

cia-malware.png



A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access.

As part of its Vault 7 leaks, WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire, to target computers running Windows operating system.

AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector.
 
AngelFire framework consists five following components:

1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up.

2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications

3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system.

4. BadMFS — a covert file system that attempts to install itself in non-partitioned space available on the targeted computer and stores all drivers and implants that Wolfcreek starts.

5. Windows Transitory File system — a new method of installing AngelFire, which allows the CIA operator to create transitory files for specific tasks like adding and removing files to AngelFire, rather than laying independent components on disk.

According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.

The 32-bit version of implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2, Windows 7.



Source
Link to comment
Share on other sites


  • Replies 8
  • Views 1.6k
  • Created
  • Last Reply
Quote

The user guide for the tools published by WikiLeaks have a change log but it contains no dates, so it is unclear what period the Angelfire tools were active. The most recent version was compatible with Windows 7, released in 2009. It is also not clear if the tool has undergone additional updates or is still in use by the CIA.

http://www.ibtimes.com/wikileaks-vault-7-angelfire-framework-used-cia-windows-machines-2585080

Don't seem they have any real samples of this malware to be of any help too the security community too help people out no way that may be infected ..This is if the CIA  uses this any more  witch they most likely dont  they know what was stolen from them for over a year now.   According what was said stating in 2017  there in the process  of upgrading there security but even this is a secret info  but  Trump touched base on it before. Still more info  about stuff  that was done under old government and really dont reflect on the here and now  .

 

It's been almost  a year now and all I see is stuff  PRE  2017 when the government was not as paranoid as they are now .  Fact is the  USA Government  has Russian hackers helping them hack Microsoft  ,  Google and Apple .

https://www.forbes.com/sites/thomasbrewster/2017/08/30/russian-hackers-help-us-with-encryption-nightmare/

So people  on the other side of world may be being sold out by there own people helping the Government spy on everyone. Money talks  and BS  walks and the Government has a lot of money to give too the best hackers in the world. When is any of these so called whistle blowers ever going post any info too help anyone  knowing Wiki Leaks they took the info from some black hats  and you dont  have too worry about the CIA anymore  but you have too worry about the black hats  selling the malware on darknet and infecting you with it now.

Link to comment
Share on other sites


It would appear, based upon all the releases to date, that the hackers only accessed some type of archive storage area and not the area where current/active tools were stored.  Not only is everything released so far fairly outdated (yes, even Eternalblue is ancient in software terms though people who never took appropriate action could still be affected by it), but there are no actual tools that can be evaluated.  The documents could be a work of fiction.  In the intelligence field, misinformation can be just as damaging as actual tools.  Based on what is in the various documents, there is no way that every security expert in the world never came across some of this stuff.  If you were looking for it that would be a different matter, but if you were just trying to track down a suspicious behavior of a system there would be enough footprints in the system to point you to a possible cause or causes.  So it raises the questions, what is real, what is fake, what did they actually hack, or were they allowed to access certain data to spread misinformation?  Anything that misdirects a target into looking in the wrong direction is a very strong 'tool' in itself.

Link to comment
Share on other sites


21 hours ago, Matsuda said:

According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.

 

Not really a 'hack' if you need admin privileges to install.

 

R

Link to comment
Share on other sites


Even the Russian news  said this was buggy malware  that many things was wrong with it were it could be detected  and out all Vault 7 leaks so far this was  the  most buggy malware they ever seen the CIA may of used. LOL  the joke was on wiki leaks  when they posted this old crap when they got Denial-of-service attacked  when posting it . Too me Assange is  a one sided journalist who has been bought off . If the west  does something wrong or he has info hes gun ho to leak it.  But  he will not leak anything about the Russian Government he turned it down . Even though  Assange vowed to publish documents on any institution that resisted oversight back in 2010. He just became like this in recent years  and we caught him  in a big fat lie right there . Word is bond  !

 

He sold out to a government so i take nothing he says as being honest.  He has info hes hiding from the world and only post the leaks he wants you too see.  Just like i take no person who cheers for any government incl my own serious there a Govt. shill too me .Many hackers  , security experts  and   Govts all stand united on the fact they dont like this guy. He will DOX  hackers , Govt .Security Firms , etc   unless  there not on his Agenda.  And beware  of people  who act like they have the same political views as you..They could be the police trying earn you're trust  to find you out ..Trust no one . That's why making close friends on the open internet is not a good idea. Even in real life I seen people  i braked bread with and party with back in the day turn  into snitches . You cant even trust people you know in real life much people you dont know who is.

 

The USA Government even controls many outlets people use too post things against them.  It's just like YouTube  only reason it exist still  and rights holders  have not been able too sue Google and stop it   is Google are USA government contractors in exchange for letting them have spy programs on there platform  they give Google immunity from rights holders. Also if they wanted too they could  make it  really hard on Wiki Leaks too stay online with state hackers but my guess there using it for a honeypot just like they do Google sites too gather info. LOL  the US Government even has control  of  the .org  domain Wiki Leaks uses  and they never had it banned .

 

Then you wonder why many countries that are not on friendly terms  with the USA  ban YouTube and Google services .most likely it's because they know the CIA ,NSA and FBI use it as a honeypot.

 

Now days  the CIA dont need tools like these really , these big tech companies  have let them in for immunity . Windows 10 most likely have a house in it were the CIA live . :P

 

 

Link to comment
Share on other sites


On 9/1/2017 at 4:23 PM, steven36 said:

The USA Government even controls many outlets people use too post things against them.  It's just like YouTube  only reason it exist still  and rights holders  have not been able too sue Google and stop it   is Google are USA government contractors in exchange for letting them have spy programs on there platform  they give Google immunity from rights holders. Also if they wanted too they could  make it  really hard on Wiki Leaks too stay online with state hackers but my guess there using it for a honeypot just like they do Google sites too gather info. LOL  the US Government even has control  of  the .org  domain Wiki Leaks uses  and they never had it banned .

 

One or all of the following are true if you believe what you typed.  Your tinfoil hat fell off.  You forgot to take your meds.  You are living in the 4th Dimension.  Or you are suffering from a terminal case of *DKS.

 

*  DKS = Don't Know Shit

 

Link to comment
Share on other sites


3 hours ago, straycat19 said:

 

One or all of the following are true if you believe what you typed.  Your tinfoil hat fell off.  You forgot to take your meds.  You are living in the 4th Dimension.  Or you are suffering from a terminal case of *DKS.

 


*  DKS = Don't Know Shit

 

Seems someone got feelings ?  I dont care what you say about me , that's the difference in me and you .. in the years i been watching you.. you go around barging you buy  this or that insulting people on warez  boards  about piracy . I dont claim too know  everything like you do,  really i dont care too know everything  nothing  about the internet is going really make my life no better no how. I dont consider sitting behind a screen  ruining my eyes  the highlight of my life like you do. I just do it for fun  too pass time away .

 

You're problem is  you take the internet too serious when really no one  cares about what you have or what you say because at the end of you're rants we just go too the next topic or just hit the x on the browser and go do something more constitutive than listen you brag about what you have and what you claim too know all day.  Humans in the internet age always amuse me thinking there opinions really matter too a bunch of people they dont know in real life . Ether people are out too get what they can get  out of you for free or ether they are sucking it all in so they can use what you say against you and make fun of you  and as much ranting  as you do that list is a mile long.

 

You dont got no comeback too what i said too you in another topic that you come too this topic  and start insulting me   ..It really makes you look lame dude. But that's pretty much all you do is insult people so  i  would expect no different from you. You're ignorance shines trough from the way you treat people you think  you know everything and no one else knows  anything.. so you're beyond learning anything new,  because you think you already know it all .but you dont know shit in realty. And even if you do know something  you never have any proofs  of anything you say being factual . Witch is just as bad as not knowing anything . Since 2015 since I even noticed  you exist here i have never learned anything from you .

 

 6 Government Surveillance Programs Designed to Watch What You Do Online If you are a user of Facebook, Twitter, LinkedIn, YouTube, Craigslist or another popular site, the U.S. security state is watching you. This was before they even knew about Prism so there 7 programs we know of  and no telling how many we dont know of.

http://www.alternet.org/story/155764/6_government_surveillance_programs_designed_to_watch_what_you_do_online

Google Is As Google Does: How Google Cheats Both Sides of the DMCA Takedown Process

http://copyright.nova.edu/google-dmca-takedown-process/

Nobody else has Immunity from being sued  but big tech companies  who allow the Governments too run spy programs  on there platforms when anyone  allow things  too be shared on there servers that  break DMCA allow it there site gets shutdown unless there not a USA site and make a profit but it's fine for Google too do it  . Warez boards  and Torrent sites  on USA servers are a thing of the past .You cant tell it because most sites hide behind cloudflare making them seem too be from the USA.

 

 

People on the other side of the world sites been shut down just for  this .Like Megaupload  and Kat and what they did was run website that has things that break DMCA  on them and used servers from USA  . Google has things  that break DMCA on Youtube  and Google cloud  and Kat complied with DMCA just like Google does .

 

Google Drive has become a popular alternative to The Pirate Bay

https://thenextweb.com/google/2017/09/05/google-drive-new-pirate-bay/#.tnw_PW5hktlF

I dont know how much longer  these spy programs will do any good  when a big part of the Internets freedom of speech is being threatened people want be able too say anything for them too find out much.

 

Leaked document: EU Presidency calls for massive internet filtering

https://edri.org/leaked-document-eu-presidency-calls-for-massive-internet-filtering/

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...