WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed “Marble,” the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA’s Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
“Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA,” says the whistleblowing site.
“…for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains.
The released source code archive also contains a deobfuscator to reverse CIA text obfuscation.
Since the Marble framework has now been made public, forensic investigators and anti-virus firms would be able to connect patterns and missing dots in order to reveal wrongly attributed previous cyber attacks and viruses.
While WikiLeaks suggests that Marble was in use as recently as 2016, the organization does not provide any evidence to back this claim. Experts are still analyzing the Marble release, so there’s no need to get too excited at this moment.
The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information from the agency should be held accountable by the law.