WikiLeaks has revealed that CIA had written a code to "impersonate" Russia-based Kaspersky Lab, which had been used at least three times.
According to the whisteblowing organization's press release dedicated to Vault-8 documents, "WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware."
WikiLeaks has explained that "Hive" source code ensured the covert delivery of gathered intelligence to the CIA, which allows the US intelligence to impersonate other entities in order to mask its presence.
"The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated," WikiLeaks said, adding that the use of Hive makes virus attribution to the CIA difficult,
According to the "Hive" release by WikiLeaks as part of Vault-7, the virus control system "provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA."
On March 7, WikiLeaks released the first part of what it called an unprecedentedly large archive of CIA-related classified documents, comprising various viruses, malware, software vulnerability hacks and relevant documentation, which was initially uncovered by US government hackers. As WikiLeaks has gained access to some of the data from the trove, the White House has condemned the leaks, stressing that those responsible for leaking classified information should be held accountable in accordance with the law.
Pressure on Kaspersky in US
WikiLeaks' release came amid increased pressure on the Russian IT company in the US, with US Acting Homeland Security Secretary Elaine Duke ordering all the country's federal departments and agencies to stop using Kaspersky Lab products within the next 90 days, saying the company's products allegedly represented a threat to security.
The company has also announced that it would submit its source code for an independent review within a new information transparency policy to ensure trust on the side of its clients.
Kaspersky Lab is one of the largest private cybersecurity companies in the world, which has been working in the field since 1997. The company's technologies protect over 400 million users and 270,000 corporate clients. Kaspersky Lab works in almost 200 countries and territories and has 37 headquarters in 32 countries.