HackDig : Dig high-quality web security articles for hacker

WikiLeaks leaked documents that detail the Archimedes tool used by the CIA in MitM attacks

2017-05-05 21:25

WikiLeaks has released a news batch of documents detailing the Archimedes tool, a MitM attack tool allegedly used by the CIA to target LAN networks.

WikiLeaks has released a news batch of documents detailing a man-in-the-middle (MitM) attack tool dubbed Archimedes allegedly used by the CIA to target local networks.

The leaked documents, dated between 2011 and 2014, provide details about a tool initially codenamed Fulcrum and later renamed Archimedes by the development team.

Archimede Tool

The CIA hacking tool that allows the operators to redirect LAN traffic from a targeted computer through a machine controlled by the attackers before it is routed to the gateway.

“Archimedes is an update to Fulcrum 0.6.1.” reads the Archimedes Tool Documentation. “Archimedes is used to re­direct LAN traffic from a target’s computer through an attacker controlled computer before it is passed to the gateway. This enables the tool to inject a forged web­server response that will redirect the target’s web browser to an arbitrary location. This technique is typically used to redirect the target to an exploitation server while providing the appearance of a normal browsing session.  For more tool information please refer to the original Fulcrum 0.6.1 documentation.” 

According to the SANS instructor Jake Williams who analyzed the leaked documents, the Archimedes tool seems to be a repackaged version of popular MitM tool Ettercap.

CIA alleged targets can use the leaked information about the Archimedes tool to check if their systems had been compromised by the US Intelligence.

Potential victims can search for these hashes on their systems.

Archimedes Tool

Archimedes introduced several improvements respect the Fulcrum tool such as:

  • Support disabling the route verification check that occurs prior to exploitation.
  • Add support for a new HTTP injection method based on using a hidden IFRAME.
  • Modify the DLLs to support the Fire and Forget specification (version 2).
  • Provide a method of gracefully shutting down the tool on demand.
  • Removes the most alerting strings from the release binaries.

The tool itself is not sophisticated, it could be interesting to understand how CIA agents did use it in targeted attacks.

Pierluigi Paganini

(Security Affairs – Data Leak, AMP)

The post WikiLeaks leaked documents that detail the Archimedes tool used by the CIA in MitM attacks appeared first on Security Affairs.


Source: lmth.loot-sedemihcra-aic/gnikcah/57785/sserpdrow/oc.sriaffaytiruces

Read:2897 | Comments:0 | Tags:Breaking News Hacking Intelligence Archimedes tool CIA Vault

“WikiLeaks leaked documents that detail the Archimedes tool used by the CIA in MitM attacks”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Keywords