Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

WikiLeaks: CIA Impersonated Kaspersky Labs as a Cover for its Malware Operations

November 20, 2017

SC Media reported on November 10^th that WikiLeaks, under its new Vault 8 series of released documents, has unveiled what it says is the source code to a CIA tool, called Hive, that is used to conceal espionage actions when the Agency implants malware.

Hive reputedly lets the CIA to covertly communicate with its software by making it hard or impossible to trace the malware back to the spy organization by utilizing a cover domain. Part of this, WikiLeaks said, is using fake digital certificates that impersonate other legitimate web groups, including Kaspersky Labs.

Kaspersky Labs CEO Eugene Kaspersky confirmed WikiLeaks' statement, saying, "We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected."

WikiLeaks said the CIA registers a nondescript cover domain for each of its operations and runs these domains from a rented commercial server as a VPS that is modified with CIA code. "These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'," WikiLeaks said in a statement.

WikiLeaks alleges that part of the CIA's obfuscation methodology has it using faked digital certificates that are created by impersonating legitimate organizations – like Kaspersky Labs.

Now, even if the CIA believes this method is necessary, it could use faked digital certificates of non-controversial legitimate organizations. Tarring and feathering Kaspersky Labs seems like deliberate sullying of a major security player, one which is deeply respected by many cybersecurity folks. Remember when we used to think of ourselves as the good guys? I miss those days.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

WikiLeaks: CIA Impersonated Kaspersky Labs as a Cover for its Malware Operations

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer