pixel_dreams - Fotolia

CIA hacking tools for Mac OS and Linux exposed by WikiLeaks

WikiLeaks has exposed hacking tools targeting the Mac and Linux operating systems in the latest of its series of leaks allegedly from the US Central Intelligence Agency

A Central Intelligence Agency (CIA) project called “Imperial” included three hacking tools for infiltrating the Mac and Linux operating systems, according to the latest “Vault 7” leaks.

The documents allegedly come from an isolated, high-security network inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.

WikiLeaks claims that a source provided portions of an archive of the CIA’s hacking arsenal, including malware, viruses, trojans, weaponised “zero day” exploits and malware remote control systems that was circulated among former US government hackers and contractors in an unauthorised manner.

The latest documents to be leaked detail hacking tools called Achilles, Aeris and SeaPea. 

According to the documents, Achilles is aimed at enabling CIA agents to “trojan an [Mac] OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution”.

SeaPea is designed to function as a Mac OS X rootkit for versions 10.6 and 10.7 to allow CIA agents to infiltrate a system while it reboots to carry out monitoring operations and launch tools.

SeaPea’s manual was previously released by WikiLeaks in another Vault 7 release named DarkSeaSkies, which detailed hacking tools targeting Macs and iPhones.

Aeris is described as an automated implant written in the C programming language that targets Linux distributions, including Debian, Red Hat, Solaris, FreeBSD and CentOS.

The documents claim Aeris is designed to function as a backdoor to these Linux distributions and can be used to build customised implants tailored for specific operations.

Read more about cyber weapons

Aeris supports “automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication”, according to WikiLeaks.

WikiLeaks says the documents indicate the scope of the CIA’s global covert hacking programme, its malware arsenal and dozens of “zero day” weaponised exploits against a wide range of US and European company products.

WikiLeaks claims that since 2001, the CIA has gained political and budgetary pre-eminence over the US National Security Agency (NSA) and built its own group of hackers.

By the end of 2016, says WikiLeaks, the CIA’s hacking division had more than 5,000 registered users and had produced more than 1,000 hacking systems, trojans, viruses and other “weaponised” malware, creating, in effect, its “own NSA” but with “even less accountability”.

WikiLeaks said the source of the Vault 7 leaks suggested there were policy questions that urgently needed to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.

“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons,” said WikiLeaks.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close