CIA Forged Digital Certs Imitating Kaspersky Lab

DooKey · Nov 10, 2017

Wikileaks released more intel today that shows digital certificates for the authentication of implants are generated by the CIA to impersonate existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. Digital certificates and faking them are one of the big things these days when it comes to hacking. Leave it to the CIA to jump right on-board with the rest of the hackers out there. Not that I'm surprised or anything.

Hackers are increasingly abusing digital certs to smuggle malware past security scanners. Malware-slinging miscreants may not even need to control a code-signing certificate. Security researchers from the University of Maryland found that simply copying an authenticode signature from a legitimate file to a known malware sample – which results in an invalid signature – can result in antivirus products failing to detect it.

gxp500 · Nov 10, 2017

"shocked"

Mugato · Nov 10, 2017

Totally shocked...are we SURE it was the Russians? Yeah, thats what I thought.

-PK- · Nov 10, 2017

Mugato said:
Totally shocked...are we SURE it was the Russians? Yeah, thats what I thought.

Faking a digital certificate sounds completely unrelated. They're using their own servers to sign their own digital certificate to allow installers to appear legitimate at first glance. This is something you do to target someone or hide on a corporate network. This isn't something that you would use to send source code samples to Moscow.

otherweeb · Nov 10, 2017

Spies still spying and water still wet, more news of the same at the top of the hour!

theBrownLlama · Nov 11, 2017

so, they have been investigating themselves after all this time.

velusip · Nov 11, 2017

Russia must have infiltrated the CIA and made it look like the CIA infiltrated Kapersky in order to make it look like Russia infiltrated Kapersky to infiltrate the CIA. Wait.

BloodyIron · Nov 11, 2017

How can you trust any AV after shit like this? If they're willing to impersonate Kaspersky, what's to stop them from doing the same to any other AV? (I mean, apart from the technical hurdles).

If you still somehow aren't yet aware, AV is snake oil.

ArFLaserBear · Nov 11, 2017

BloodyIron said:
How can you trust any AV after shit like this? If they're willing to impersonate Kaspersky, what's to stop them from doing the same to any other AV? (I mean, apart from the technical hurdles).

If you still somehow aren't yet aware, AV is snake oil.

I'm guessing that it''s less likely they would go after US based for the more undercover stuff to not get blamed for stuff locally... But yea today's modern OS you tend to need less AV for regular people with minor (un)common sense..

atp1916 · Nov 11, 2017

Wait till Trump is officially absolved all of this business.

People gonna lose their minds.

CIA Forged Digital Certs Imitating Kaspersky Lab

DooKey

[H]F Junkie

gxp500

Gawd

Mugato

Muh Feelz!

-PK-

[H]ard|Gawd

otherweeb

Gawd

theBrownLlama

Gawd

velusip

[H]ard|Gawd

BloodyIron

2[H]4U

ArFLaserBear

n00b

atp1916

[H]ard|DCoTM x1