New WikiLeaks 'Vault 8' release reveals CIA's cyber-espionage source code
New "Vault 8" files outlines the inner-workings of a "back-end" malware called Hive.
Whistleblowing website WikiLeaks has released a fresh batch of secret documentation allegedly pilfered from inside the US Central Intelligence Agency (CIA).
Dubbed "Vault 8", the publication is being described as a way for "investigative journalists, forensic experts and the general public" to better understand the agency's hacking tools.
The previous batch of leaks – "Vault 7" – ran from 23 March to 7 September this year and detailed some of the methods that CIA officers have used to infiltrate the computers and smartphones of their targets.
The latest release outlines the inner-workings of a "back-end" malware tool called Hive, formerly touted by WikiLeaks back in April. It is allegedly used by the clandestine service to "transfer exfiltrated information from target machines" to CIA servers.
On Thursday (9 November), WikiLeaks said the new data was "source code and development logs" linked to Hive.
The whistleblowing site – spearheaded by Julian Assange – claimed it was not publishing any vulnerabilities or security bugs that could be exploited by others.
It said: "Using Hive, even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet.
"Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
"Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention."
According to WikiLeaks, the CIA uses the Hive malware system to build fake web certificates and stop anti-virus companies from accurately attributing its hacking operations.
It said the documents show how the agency is able to "impersonate" Kaspersky Lab, a Moscow-based cybersecurity company that has recently been criticised by US politicians.
That angle was quickly jumped upon by Russian state media, RT and Sputnik.
The anti-secrecy website said the initial batch of files comprised of 8,761 documents and files taken from "an isolated, high-security network situated inside the CIA's Centre for Cyber Intelligence in Langley, Virginia". It remains unclear how many entries Vault 8 will consist of.
"The disclosure is exceptional from a political, legal and forensic perspective," Assange said in March this year, describing the initial cache of leaked documentation.
To this day, the CIA has not confirmed the authenticity of the data. It previously asserted that the leak was "designed to damage the Intelligence Community's ability to protect America".
WikiLeaks hit headlines in a major way last year after becoming entwined in the narrative of the alleged Russian influence campaign during the 2016 presidential election.
It released tens of thousands of emails stolen from Democratic Party figures – but has repeatedly maintained that the material was not obtained from Kremlin-linked hacking groups. WikiLeaks founder Assange remains at the Ecuadorian Embassy in London under political asylum.
In the wake of the leak, not everyone was convinced the release would be harmless.
"Wikileaks is now releasing source for exploits in Vault 7," tweeted University of Surrey computer scientist Alan Woodward. "Do they remember what happened last time such exploit code was leaked? Standby for another wannacry," he added, referencing a global malware outbreak.