Matsuda Posted August 31, 2017 Share Posted August 31, 2017 A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks, WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire, to target computers running Windows operating system. AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector. AngelFire framework consists five following components:1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up.2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system.4. BadMFS — a covert file system that attempts to install itself in non-partitioned space available on the targeted computer and stores all drivers and implants that Wolfcreek starts.5. Windows Transitory File system — a new method of installing AngelFire, which allows the CIA operator to create transitory files for specific tasks like adding and removing files to AngelFire, rather than laying independent components on disk. According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.The 32-bit version of implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2, Windows 7.Source Link to comment Share on other sites More sharing options...
A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks, WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire, to target computers running Windows operating system. AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector. AngelFire framework consists five following components:1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up.2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system.4. BadMFS — a covert file system that attempts to install itself in non-partitioned space available on the targeted computer and stores all drivers and implants that Wolfcreek starts.5. Windows Transitory File system — a new method of installing AngelFire, which allows the CIA operator to create transitory files for specific tasks like adding and removing files to AngelFire, rather than laying independent components on disk. According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.The 32-bit version of implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2, Windows 7.Source
steven36 Posted August 31, 2017 Share Posted August 31, 2017 Quote The user guide for the tools published by WikiLeaks have a change log but it contains no dates, so it is unclear what period the Angelfire tools were active. The most recent version was compatible with Windows 7, released in 2009. It is also not clear if the tool has undergone additional updates or is still in use by the CIA. http://www.ibtimes.com/wikileaks-vault-7-angelfire-framework-used-cia-windows-machines-2585080 Don't seem they have any real samples of this malware to be of any help too the security community too help people out no way that may be infected ..This is if the CIA uses this any more witch they most likely dont they know what was stolen from them for over a year now. According what was said stating in 2017 there in the process of upgrading there security but even this is a secret info but Trump touched base on it before. Still more info about stuff that was done under old government and really dont reflect on the here and now . It's been almost a year now and all I see is stuff PRE 2017 when the government was not as paranoid as they are now . Fact is the USA Government has Russian hackers helping them hack Microsoft , Google and Apple . https://www.forbes.com/sites/thomasbrewster/2017/08/30/russian-hackers-help-us-with-encryption-nightmare/ So people on the other side of world may be being sold out by there own people helping the Government spy on everyone. Money talks and BS walks and the Government has a lot of money to give too the best hackers in the world. When is any of these so called whistle blowers ever going post any info too help anyone knowing Wiki Leaks they took the info from some black hats and you dont have too worry about the CIA anymore but you have too worry about the black hats selling the malware on darknet and infecting you with it now. Link to comment Share on other sites More sharing options...
pc71520 Posted September 1, 2017 Share Posted September 1, 2017 Naughty C.I.A. Link to comment Share on other sites More sharing options...
straycat19 Posted September 1, 2017 Share Posted September 1, 2017 It would appear, based upon all the releases to date, that the hackers only accessed some type of archive storage area and not the area where current/active tools were stored. Not only is everything released so far fairly outdated (yes, even Eternalblue is ancient in software terms though people who never took appropriate action could still be affected by it), but there are no actual tools that can be evaluated. The documents could be a work of fiction. In the intelligence field, misinformation can be just as damaging as actual tools. Based on what is in the various documents, there is no way that every security expert in the world never came across some of this stuff. If you were looking for it that would be a different matter, but if you were just trying to track down a suspicious behavior of a system there would be enough footprints in the system to point you to a possible cause or causes. So it raises the questions, what is real, what is fake, what did they actually hack, or were they allowed to access certain data to spread misinformation? Anything that misdirects a target into looking in the wrong direction is a very strong 'tool' in itself. Link to comment Share on other sites More sharing options...
Rainmaker Posted September 1, 2017 Share Posted September 1, 2017 21 hours ago, Matsuda said: According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation. Not really a 'hack' if you need admin privileges to install. R Link to comment Share on other sites More sharing options...
steven36 Posted September 1, 2017 Share Posted September 1, 2017 Even the Russian news said this was buggy malware that many things was wrong with it were it could be detected and out all Vault 7 leaks so far this was the most buggy malware they ever seen the CIA may of used. LOL the joke was on wiki leaks when they posted this old crap when they got Denial-of-service attacked when posting it . Too me Assange is a one sided journalist who has been bought off . If the west does something wrong or he has info hes gun ho to leak it. But he will not leak anything about the Russian Government he turned it down . Even though Assange vowed to publish documents on any institution that resisted oversight back in 2010. He just became like this in recent years and we caught him in a big fat lie right there . Word is bond ! He sold out to a government so i take nothing he says as being honest. He has info hes hiding from the world and only post the leaks he wants you too see. Just like i take no person who cheers for any government incl my own serious there a Govt. shill too me .Many hackers , security experts and Govts all stand united on the fact they dont like this guy. He will DOX hackers , Govt .Security Firms , etc unless there not on his Agenda. And beware of people who act like they have the same political views as you..They could be the police trying earn you're trust to find you out ..Trust no one . That's why making close friends on the open internet is not a good idea. Even in real life I seen people i braked bread with and party with back in the day turn into snitches . You cant even trust people you know in real life much people you dont know who is. The USA Government even controls many outlets people use too post things against them. It's just like YouTube only reason it exist still and rights holders have not been able too sue Google and stop it is Google are USA government contractors in exchange for letting them have spy programs on there platform they give Google immunity from rights holders. Also if they wanted too they could make it really hard on Wiki Leaks too stay online with state hackers but my guess there using it for a honeypot just like they do Google sites too gather info. LOL the US Government even has control of the .org domain Wiki Leaks uses and they never had it banned . Then you wonder why many countries that are not on friendly terms with the USA ban YouTube and Google services .most likely it's because they know the CIA ,NSA and FBI use it as a honeypot. Now days the CIA dont need tools like these really , these big tech companies have let them in for immunity . Windows 10 most likely have a house in it were the CIA live . Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 2, 2017 Share Posted September 2, 2017 Link to comment Share on other sites More sharing options...
straycat19 Posted September 6, 2017 Share Posted September 6, 2017 On 9/1/2017 at 4:23 PM, steven36 said: The USA Government even controls many outlets people use too post things against them. It's just like YouTube only reason it exist still and rights holders have not been able too sue Google and stop it is Google are USA government contractors in exchange for letting them have spy programs on there platform they give Google immunity from rights holders. Also if they wanted too they could make it really hard on Wiki Leaks too stay online with state hackers but my guess there using it for a honeypot just like they do Google sites too gather info. LOL the US Government even has control of the .org domain Wiki Leaks uses and they never had it banned . One or all of the following are true if you believe what you typed. Your tinfoil hat fell off. You forgot to take your meds. You are living in the 4th Dimension. Or you are suffering from a terminal case of *DKS. * DKS = Don't Know Shit Link to comment Share on other sites More sharing options...
steven36 Posted September 6, 2017 Share Posted September 6, 2017 3 hours ago, straycat19 said: One or all of the following are true if you believe what you typed. Your tinfoil hat fell off. You forgot to take your meds. You are living in the 4th Dimension. Or you are suffering from a terminal case of *DKS. * DKS = Don't Know Shit Seems someone got feelings ? I dont care what you say about me , that's the difference in me and you .. in the years i been watching you.. you go around barging you buy this or that insulting people on warez boards about piracy . I dont claim too know everything like you do, really i dont care too know everything nothing about the internet is going really make my life no better no how. I dont consider sitting behind a screen ruining my eyes the highlight of my life like you do. I just do it for fun too pass time away . You're problem is you take the internet too serious when really no one cares about what you have or what you say because at the end of you're rants we just go too the next topic or just hit the x on the browser and go do something more constitutive than listen you brag about what you have and what you claim too know all day. Humans in the internet age always amuse me thinking there opinions really matter too a bunch of people they dont know in real life . Ether people are out too get what they can get out of you for free or ether they are sucking it all in so they can use what you say against you and make fun of you and as much ranting as you do that list is a mile long. You dont got no comeback too what i said too you in another topic that you come too this topic and start insulting me ..It really makes you look lame dude. But that's pretty much all you do is insult people so i would expect no different from you. You're ignorance shines trough from the way you treat people you think you know everything and no one else knows anything.. so you're beyond learning anything new, because you think you already know it all .but you dont know shit in realty. And even if you do know something you never have any proofs of anything you say being factual . Witch is just as bad as not knowing anything . Since 2015 since I even noticed you exist here i have never learned anything from you . 6 Government Surveillance Programs Designed to Watch What You Do Online If you are a user of Facebook, Twitter, LinkedIn, YouTube, Craigslist or another popular site, the U.S. security state is watching you. This was before they even knew about Prism so there 7 programs we know of and no telling how many we dont know of. http://www.alternet.org/story/155764/6_government_surveillance_programs_designed_to_watch_what_you_do_online Google Is As Google Does: How Google Cheats Both Sides of the DMCA Takedown Process http://copyright.nova.edu/google-dmca-takedown-process/ Nobody else has Immunity from being sued but big tech companies who allow the Governments too run spy programs on there platforms when anyone allow things too be shared on there servers that break DMCA allow it there site gets shutdown unless there not a USA site and make a profit but it's fine for Google too do it . Warez boards and Torrent sites on USA servers are a thing of the past .You cant tell it because most sites hide behind cloudflare making them seem too be from the USA. People on the other side of the world sites been shut down just for this .Like Megaupload and Kat and what they did was run website that has things that break DMCA on them and used servers from USA . Google has things that break DMCA on Youtube and Google cloud and Kat complied with DMCA just like Google does . Google Drive has become a popular alternative to The Pirate Bay https://thenextweb.com/google/2017/09/05/google-drive-new-pirate-bay/#.tnw_PW5hktlF I dont know how much longer these spy programs will do any good when a big part of the Internets freedom of speech is being threatened people want be able too say anything for them too find out much. Leaked document: EU Presidency calls for massive internet filtering https://edri.org/leaked-document-eu-presidency-calls-for-massive-internet-filtering/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.