Written byPatrick Howell O'Neill
It’s Friday, which means that WikiLeaks is releasing another installment from Vault 7, the cache of CIA documents on cyberwarfare. This time it’s a tool that targets Microsoft Windows and a common version of Linux.
This release comes the same day that Sweden announced it would drop its rape investigation into WikiLeaks founder Julian Assange. British authorities still have a warrant out for Assange’s arrest for failure to appear in court. The U.S. government has not said whether it will charge Assange in the releases of classified information.
The newest WikiLeaks release is focused on classified CIA malware called Athena that targets all Windows operating systems including the latest offering, Windows 10. The dates of the leaked documents show that the CIA was able to hack Windows 10 only months after it was released. The malware also targets Ubuntu v. 14.04, the most popular version of Linux.
The weapon was developed with Siege Technologies, an American military contractor that has for years been at the center of the debate over whether U.S. intelligence agencies should be developing and hoarding potent zero day vulnerabilities. Concerns intensified recently after it was determined that the WannaCry ransomware was based on a leaked NSA tool. Congress is showing more interest as a result.
“Siege Technologies provides offense-driven defensive cyber security solutions,” the company’s website reads. Jason Syversen, the company’s founder, told Bloomberg in 2014 that he prefers working in electronic warfare.
“It’s a little different than bombs and nuclear weapons — that’s a morally complex field to be in,” Syversen said. “Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.”
Siege Technologies, which was acquired in 2016 by Nehemiah Security, earned $1.4 million from Pentagon contracts last year, according to public records. It has offices in upstate New York, the Virginia suburbs of Washington, D.C., and the Boston area.
The leaked documents call Athena “very simple” malware, a fact reinforced by a technology overview showing only a few things to stand out from the crowd of espionage-ware seen across the internet today.
The Athena user guide describes “offline installation” that could be used in the case of supply chain compromise. By updating an unbooted computer’s registry, the CIA could infect a freshly purchased machine before the owner even turns it on. While this is by no means new or unique, it’s still instructive to see the malware’s user guide lay out all possible methods of infection.
WikiLeaks has published nine batches of documents in the Vault 7 series. The organization has been repeatedly accused by experts of making exaggerated and misleading claims about the contents of the leaks, most notably when the organization claimed the CIA had cracked encrypted messengers like Signal but the documents showed no such capability.
CyberScoop is continuing a review of the documents and will update this story if necessary.