Last month, WikiLeaks dumped a trove of documents called Vault7. While most people wound up focusing on the least interesting aspect, namely that the CIA was exploiting publicly known vulnerabilities in the Internet of Things, the documents did detail a complex, powerful set of hacking tools that the CIA may have been using. Now, it looks a whole lot more likely, as researchers have found those tools in the wild, and, in fact, have been finding them since as early as 2011 and possibly as far back as 2007.
Symantec has issued an analysis comparing the dumped documents to a group it calls Longhorn. Longhorn is almost certainly a state-sponsored hacking group operating in North America on a 9-to-5 weekday schedule, which Symantec determined with date stamps, use of American pop culture terms like “Scoobysnack,” and other indicators. More tellingly, though, the tools are almost completely similar:
Malware used by Longhorn bears an uncanny resemblance to tools and methods described in the Vault7 documents. Near-identical matches are found in cryptographic protocols, source-code compiler changes, and techniques for concealing malicious traffic flowing out of infected networks….
“Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide. Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault7.”
While there has been deafening silence from Washington about whether the WikiLeaks documents are accurate, which many are interpreting as an implicit statement they’re accurate, we may never know for sure. While this looks fairly damning, nobody can actually prove the CIA has breached their systems, which is the only way any real action could be taken. So, mostly, this is embarrassing to the CIA, but the big question many have to ask is what’ll happen now that its tools are out there for anyone to use.
(via Ars Technica)