Wikileaks has released information about Marble which allows CIA hackers to appear to be from another country.
By releasing information about Marble, Wikileaks raises question about what we think we know about foreign hackers. In the first installment of the Vault 7 releases, they had already raised the possibility that CIA hackers could pretend to be Russian. But Marble shows that they have a tool kit for posing as Russians or hackers from another country.
According to Wikileaks, Marble is the name of a “Framework” that enables the CIA to make sure that anything in it’s bag of cybertricks gets attributed to someone else.
Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.
Marble forms part of the CIA’s anti-forensics approach and the CIA’s Core Library of malware code. It is “[D]esigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.”
The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
The subterfuge includes using other languages besides English. Text examples include “Chinese, Russian, Korean, Arabic, and Farsi.”
Obviously, Marble could be used to conceal CIA spying. The agency could hack a database and cover their tracks by making the breach appear to have been perpetrated by Iran. But it could also be used not to gather information but spread disinformation. The goal, in that case, would not be to get needed information, but to make one country think they were being attacked by another country.
As the evidence supporting the claim that Russia hacked Hillary Clinton’s campaign falls apart, we need to not be naïve about what the CIA can do. The agency has interfered in many elections in other countries. They have also stirred up unrest and encouraged populations to distrust their governments. There is no reason to believe the CIA would treat Redstate America any differently.
Remember, though Leftists have now started labeling Wikileaks as “fake news,” they have proven quite accurate. The Daily Mail reports (emphasis added):
Earlier this month WikiLeaks published thousands of documents claiming to reveal top CIA hacking secrets, including the agency’s ability to infiltrate encrypted apps like Whatsapp, break into smart TVs and phones and program self-driving cars.
It also claims the CIA can bypass the encryption of Whatsapp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the smart phones the applications run on.
The CIA was also looking at hacking the vehicle control systems used in modern cars and trucks, WikiLeaks claims.
Wikileaks said the release of confidential documents on the agency already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.
Experts who’ve started to sift through the material said it appeared legitimate – and that the release was almost certain to shake the CIA.
Will it? Hopefully, Donald Trump will hold the agency accountable, rather than give them more power.