Wikileaks Reveals Hive: The CIA’s Top Secret Virus Control System
April 17, 2017
Wikileaks’ latest release comes on the heels of CIA director Mike Pompeo’s aggressive statements against the transparency organization in which he labeled them “non-state hostile intelligence service.”
MINNEAPOLIS – Early Friday morning, Wikileaks released its fifth batch of Vault 7 documents exposing the U.S. Central Intelligence Agency’s hacking techniques. The latest release, titled “Hive,” exposes the agency’s multi-platform malware suite that allows the CIA to monitor targets via malware as well as the ability to realize specific tasks on compromised machines.
Hive is said to provide customizable implants for a variety of operating systems for distinct types of devices, not just computers, tablets, and phones. Among the platforms vulnerable to Hive include Linux, Windows, Solaris, MikroTik (used in Internet routers), and AVTech Network Video Recorders (often used in CCTV recording). First released in 2010, Hive is essentially an “implant” that functions as both a beacon and shell, allowing CIA hackers to gain a foothold in devices that allow them to deploy any number of other tools, such as those detailed in previous releases.
Wikileaks has described Hive’s function as a “back-end infrastructure malware” that uses public HTTPS interfaces which provide “unsuspicious-looking cover domains” to hide its presence on infected devices. Each of those domains is linked to an IP address at a commercial Virtual Private Server (VPS) provider, which forwards all incoming traffic to what is termed a “Blot” server. All re-directed traffic is then examined by CIA hackers to see if it contains a valid beacon. If it does, then a tool handler – called Honeycomb in the released documents – and the CIA then begins initiating other actions on the target computer. The released user guide shows that Hive allows for the uploading and deleting of files as well as the execution of applications on the device.
