#Vault7: How the CIA steals hacking fingerprints to cover its tracks

Get short URL

© Larry Downing / Reuters

The CIA can hide its own fingerprints from its hacking exploits and attribute blame to others, such as Russia and China, according to WikiLeaks’ Year Zero confidential data 

Every hacking technique leaves a “fingerprint” which, when collated, can be used to connect different attacks and tie them to the same culprit.

The CIA’s Remote Development Branch (RDB)’s Umbrage sub-group collects an archive of hacking exploits created by other actors, like Russia and other hackers, and leaves this false trace for others to detect.

View image on Twitter

 Follow

Christine Maguire @_ChrisMaguire

#Umbrage, a group within the CIA's Remote Devices Branch, collects stolen malware & uses it to hide its own hacking fingerprints #Vault7

11:19 PM - 7 Mar 2017

 
•  1414 Retweets
 
•  33 likes

Umbrage captures and collects keyloggers, passwords, webcam captures, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

This allows the CIA to not only steal other’s hack techniques, but falsely apportion blame to those actors.

 Follow

Kim Dotcom 

✔@KimDotcom

CIA uses techniques to make cyber attacks look like they originated from enemy state. It turns DNC/Russia hack allegation by CIA into a JOKE

7:56 PM - 7 Mar 2017

 
•  6,1926,192 Retweets
 
•  7,2747,274 likes

Hacking Team

An Umbrage document shows how the agency mined information from a breach of Italian “offensive security” vendor Hacking Team, that boasts governmental and law enforcement clients.

Some 400GB of data including “browser credential stealing” and “six different zero-day exploits” was released in the breach, which Umbrage studied and added to its repository.

DNC hack

 Follow

DeplorableRictracee @Rictracee

#Vault7 This is how the CIA uses false 'fingerprints' to frame others, such as Russia (ie DNC hack) #Vault7 #wikileaks@TuckerCarlson

6:46 PM - 7 Mar 2017

 
•  2626 Retweets
 
•  3131 likes

 Follow

Russian Hotties @hottiesfortrump

Who needs enemies like Russia when you have got friends like the CIA and the Deep State. Read #Vault7http://truthfeed.com/breaking-wikileaks-exposes-cia-hacking-secret-in-new-bombshell-series-vault-7/55662/ …

9:04 PM - 7 Mar 2017

 
•  7070 Retweets
 
•  9393 likes

In the case of the Democratic National Committee (DNC) hack, which reports have connected to Russia, the fingerprints used to link blame to Russian hackers may have been manipulated.

Crowdstrike, a private security firm linked to the Atlantic Council, found the hackers who accessed the DNC emails (and those of Clinton campaign chair John Podesta) left “clues,” which Crowdstrike attributed to Russian hackers.

Malware dug into the DNC computers was found to be programmed to communicate with IP addresses associated with Fancy Bear and Cozy Bear - hacking groups that Crowdstrike says are controlled by Russian intelligence.

Metadata found in a file contained modifications by a user using Cyrillic text and a codename Felix Edmundovich.

View image on Twitter

 Follow

John Hanson @Crayz9000

#Vault7 - there goes the whole CIA narrative about Russian hacking of the 2016 election. https://wikileaks.org/ciav7p1/ 

7:26 PM - 7 Mar 2017

 
•  131131 Retweets
 
•  117117 likes

While the documents released don’t tie Crowdstrike to the CIA’s Umbrage program, the data demonstrates how easily fingerprints can be manipulated, and how the CIA’s vast collection of existing malware can be employed to disguise its own actions.