X22 Report Spotlight

X22 Report News Flash

US Debt

national debt

X22 Report

Archimedes: WikiLeaks drops latest #Vault7 batch detailing network hacking tool

Original newz story - Click here

Published time: 5 May, 2017 10:15Edited time: 5 May, 2017 10:43

Get short URL

A user manual describing an alleged CIA tool known as ‘Archimedes’, purportedly used to attack computers inside a Local Area Network (LAN), has been released by WikiLeaks. The latest batch is the seventh in the whistleblowing organization’s ‘Vault 7’ series.

The Archimedes tool enables traffic from one computer inside the LAN to be redirected through a computer infected with this malware and controlled by the CIA, according to WikiLeaks.

READ MORE: #Vault7: Key revelations from WikiLeaks’ release of CIA hacking tools

The technique is used to redirect the target’s computer web browser to an exploitation server while appearing as a normal browsing session, the whistleblowing site said. In this way, the hackers gain an entry point that allows them access to other machines on that network.

The tool’s user guide, which is dated December 2012, explains that it’s used to re-direct traffic in a Local Area network (LAN) from a “target’s computer through an attacker controlled computer before it is passed to the gateway.”

This allows it to insert a false web-server response that redirects the target’s web browser to a server that will exploit their system all the while appearing as if it’s a normal browsing session.

The target of the attack is directed to a webpage that looks exactly like the original page they were expecting to be served, but which contains malware. It’s only possible to detect the attack by examining the page source.

Archimedes is an update to a tool called ‘Fulcrum’ and it offers several improvements on the previous system, including providing a method of “gracefully shutting down the tool on demand.”

READ MORE: ‘Intelligence porn’: FBI director’s new nickname for WikiLeaks

WikiLeaks has also included the Fulcrum user manual in its release, explaining that this tool can direct a target machine’s HTTP client traffic to the URL of the attacker’s choice but specifying it’s not in itself an exploit or a worm.

A worm is a computer program which replicates itself in order to spread malicious code to other computers. Fulcrum will not crash applications or operating systems on the computers it affects, according to the guide.

The guide is dated May 2011 and outlines the entire process from the configuration to the shutdown of the application.


Source: rt.com