New dump discloses three different CIA hacking tools

Jul 29, 2017 06:57 GMT  ·  By

WikiLeaks has recently revealed another set of hacking tools that have been used by the CIA to break into systems, this time not powered by Windows, but by Linux and Mac OS X.

The dump indicates that CIA’s hacking tools were part of a project called “Imperial” and which consisted of 3 different solutions that were supposed to help the agency infiltrate into non-Windows computers and either get control of the devices in the background or steal information without users noticing it.

Achilles, SeaPea, and Aeris

First and foremost, it was Achilles, a dedicated solution that the CIA used to integrate Trojan apps into legitimate DMG files that Apple customers used to install apps on their computers.

The binding tool was created with Bash, WikiLeaks explains, and was capable of removing all traces once the Trojan was deployed on the system, leaving the compromised DMG file entirely clean. This means that antivirus solutions that were installed after the system was compromised could not detect anything wrong with the DMG file, which made it pretty impossible to determine how the system was infected.

According to the leaked documents, Achilles was created by the CIA in 2011 and was specifically aimed at Apple Mac OS X Snow Leopard (version 10.6).

The second Mac OS X hacking tool was called SeaPea and enabled the CIA to steal files and information from Apple devices without users even noticing anything unusual. SeaPea required root access to the device and there is a good chance that the CIA operators used it together with a different malware that could help them get administrator privileges.

Once again, the hacking tool was created for Mac OS X Snow Leopard (version 10.6), but this time Mac OS X Lion (version 10.7) was also targeted.

And last but not least, it’s the third hacking solution that’s called Aeris and which is aimed at portable Linux operating systems, including Debian, CentOS, and Red Hat, but also at FreeBSD and Solaris.

WikiLeaks says Aeris allowed for more complex impacts on the targeted systems, as it supported “ automated file exfiltration, configurable beacon interval and jitter, stand-alone and Collide-based HTTPS LP support and SMTP protocol support — all with TLS encrypted communications with mutual authentication.”