
WikiLeaks: CIA source code leak shows agency impersonating Kaspersky - sparklemarkle
https://betanews.com/2017/11/10/wikileaks-vault-8-hive-cia-source-code/
======
peoplewindow
I took a look at the repository.

The fake certificates aren't signed by a legit CA. It's not actually clear if
they're in use or just examples; the code is a mess. The idea is clearly if
someone is using packet sniffing tools to monitor their network, they see
Kaspersky's name in the cert of an outbound connection and assume either:

1) It's their own AV installs grabbing updates or something similar

2) They've been hacked by teh evil ruskies

Interestingly these example certs aren't in the HEAD of the repository
(WikiLeaks provide the entire git repo with history). To find the certs they
were talking about I had to look at the first commit. At some point these
files were removed. The start of the repo is in 2013, well before the current
Red Scare.

It's unclear to me that this is the CIA impersonating Russia for political
reasons, as might be assumed from the headline, vs just using Kaspersky and
Thawte because these happen to be companies with many customers. However,
Wikileaks does say the justification is simply to hide exfiltration. We
already knew that western intelligence agencies like to frame their opponents
and cause confusion around attribution, like the neat trick NSA/GCHQ use where
they send data they want to a server controlled by someone they don't
like/some random innocent, which ignores the traffic because it's not actually
compromised. They then suck the data they want off the wire as it is
transferred.

All that said it is depressing how well US propaganda works. Look at all the
people in this thread saying, no no, it can't be true, it's from Wikileaks -
even though the code and files themselves are available to download. The
analysis they post isn't misleading either. It's pretty much describing what's
found in the repo.

edit: lol, just as I was writing this the story is flagged. What a big
surprise. We can't have anything interfering with the official narrative, now,
can we?

~~~
majewsky
> The start of the repo is in 2013, well before the current Red Scare.

"Well before"? The public part of the current Red Scare started over the
annexion of Crimea in March 2014 (and the preceding turmoil in all of the
Ukraine). 2013 is precisely the point where I would expect an intelligence
agency to start anticipating it.

~~~
peoplewindow
OK, fair enough. I guess I think of the current Russia related hysteria as
primarily about Trump and Clinton, so starting around 2 years ago. But fair
point that it goes back further.

------
arca_vorago
I hope people here are paying attention to the tactics being used to discredit
wikileaks, even here. Its about numbers. Yeah most of us know you can't prove
a negative, etc, but its about subtle influence of bias over time on the $%
that are still blinded by their unsupported belief in the Russian narrative.

------
eqmvii
After the last year, I assume anything WikiLeaks releases is /at least/
contextually misleading.

~~~
zdkl
Why is this downvoted? Is there significant evidence to suggest wikilieaks was
in fact _not_ compromised?

~~~
peoplewindow
Why are you asking anyone to prove a negative?

There is no evidence that WikiLeaks has anything to do with Russia. None
whatsoever. Whenever I've asked people why they think this, they give two
reasons:

1 - WikiLeaks hasn't published leaks about the Russian government.

2 - Assange did some TV interviews on RT years ago.

These are both laughable. Assange himself gave the obvious explanation for (1)
- they haven't done that because they didn't receive any. And it's equally
obvious why not: WikiLeaks arose to handle leaks of material that the western
press were refusing to publish for unsatisfying reasons, like the Iraq war
stuff. But the western press would salivate at the opportunity to publish
damaging leaks about the Russian government, assuming the original holder
wanted the info to appear in the west and not in, say, Russian. So why would
anyone with such material care about Wikileaks? There is no reason for them to
do so.

Regardless, attempting to divine intent from things that have _not_ happened
is hardly a good standard of evidence to use when making serious accusations.

As for the TV interviews, well, RT is a large scale news channel that has
interviewed tons of different people over the years. Appearing on a TV channel
is hardly evidence of working for the related national government. Otherwise
everyone who appears on the BBC works for the British government, anyone who
appears on Al Jazeera is in the pocket of Qatar and so on.

~~~
altcognito
1\. It is disingenuous to say that WikiLeaks doesn't publish bad news about
Russia. When panama papers came out they actually attacked the source.

2\. They are hosted out of Russia.

3\. They actively take sides in political battles. Hardly the stance of an
objective "journalistic" organization.

~~~
peoplewindow
"They attacked the source"? I had to go look for what you were talking about,
I guess it's this:

[http://www.aljazeera.com/programmes/listeningpost/2016/04/qa...](http://www.aljazeera.com/programmes/listeningpost/2016/04/qa-
julian-assange-panama-papers-160409121010398.html)

I don't see Assange attacking any sources in that Q&A. He does criticise (not
attack) the way some journalists handled it, saying they put their own spin on
things and that there should have been a bulk release. Otherwise, he argues,
the impact would be low. That seems like a reasonable opinion to hold.

2\. I looked at their IP addresses. They appear to have three datacenters, at
least being advertised to me, one in Russia, one in the Netherlands and one in
Norway. From a political perspective having servers in a place unfriendly to
America, given how many of their leaks are about the US establishment, seems
pretty sensible to me. But saying they are "hosted out of Russia" is extremely
misleading, a lie of omission.

3\. How are they "actively taking sides in political battles"? They leak what
they get. If they didn't, leakers would go elsewhere to get their info out,
it's not like Wikileaks has a monopoly on leaking. This is just slander and
smearing.

~~~
aljones
It is at least a hypocritical opinion. Podesta's emails were not bulk
released. Wikileaks did put their own spin on them.

Do you know that they leak what they get? Cause there are credible accusations
by former members that they do not.

~~~
peoplewindow
Podesta's emails _were_ bulk released:

[https://wikileaks.org/podesta-emails/](https://wikileaks.org/podesta-emails/)

You can search by text, attachment filename or email ID. How is that not bulk
released?

 _Do you know that they leak what they get?_

It's common sense that they do. These leaks come in the form of digital files,
not papers. People give material to WikiLeaks so it gets published. If they
gave material to WikiLeaks and nothing happened they'd just find another way
to leak the same material - like Snowden when he went to Greenwald and Poitras
instead of Assange.

This is why the idea that WikiLeaks is somehow a part of the Russian
government is so mind-bendingly stupid propaganda. How would they hold
anything back? Not only is there no motive and no evidence with these
allegations, there isn't even common sense!

------
shell_scripter
US committing crimes does not attract much discussion these days.

------
monochromatic
So did the CIA hack the DNC’s servers or what?

~~~
davidsong
It would be hilarious if the reason for the Kaspersky ban is because NSA can't
tell whether it's Russia or the CIA behind the hacks.

------
YPCrumble
Has anyone looked at the Hive repository and could point to the parts that
show that the agency is impersonating Kaspersky?

~~~
andreasley
On WikiLeaks' web based repository browser, some files referencing Kaspersky
can be found here: [1] (e.g. client.crt and kaspersky.conf). In the dump, the
files are in the directory /client/ssl up to commit da81be4.

[1]
[https://wikileaks.org/vault8/document/repo_hive/client/ssl/C...](https://wikileaks.org/vault8/document/repo_hive/client/ssl/CA/)

------
ja30278
I don't understand the fixation with Wikileaks' motive. That seems independent
of whether their information is true or false.

~~~
peoplewindow
Shoot the messenger in the hope the message doesn't get out. Look at this
story. Flagged. Apparently one yesterday too. Lots of people want the "all
Russian people and companies are working together to ensure everything I
disagree with happens" line to stick, but US intelligence agencies
impersonating Russian firms undermines that angle. So it's gotta go.

~~~
mirimir
Well, enough accounts with enough karma obviously don't want anything
favorable about WikiLeaks on HN. But then, HN has no pretensions about
impartiality. And I must admit that, overall, the system works quite well.

------
fenk85
Wikileaks sort of lost all credibility the moment they decided to become a
tool for Putin and Co

~~~
jernejzen
Any proof for that claim?

~~~
varjag
Here:
[https://twitter.com/wikileaks/status/717458064324964352](https://twitter.com/wikileaks/status/717458064324964352)

Don't thank me.

~~~
ryanlol
This seems like a perfectly reasonable tweet in the context of discussions
about Russian meddling, clearly it happens on both sides.

~~~
varjag
And we clearly see which side Wikileaks is on.

~~~
ryanlol
How so?

~~~
varjag
They attempt to discredit Panama Papers, a leak that uncovered vast volumes of
corruption worldwide.

They try to tarnish it by associating with Soros conspiracy, which is near
exclusively done by people supporting authoritarian regimes. A good marker on
its own.

They present Russia as the target/victim of the Papers, despite them
implicating a number of Western European politicians and Ukraine's president.

Unless one tries to be deliberately thick it's fairly clear which side they
are on.

~~~
whamlastxmas
I consider myself a fairly reasonable person and it's not as clear as you make
it sound without having your own bias influencing it. Saying only facists are
against Soros is silly. Soros has inarguably had a massive influence on
politics and there are many reasons to dislike the platforms he's supported.

~~~
varjag
I didn't say only fascists, I said authoritarian types. And I maintain people
ambivalent or opposed to them are not prone to Soros conspiracy theories.

Make a thought experiment. Would you say you do not in any way support the
policies and rhetoric of Orban, Putin, Trump, Assad, Chavez/Maduro? Without
ifs, buts and what-about-Obamas.

------
gressquel
This article was on HN yesterday and got downvoted/flagged. Seems like the
russian trolls are back in action.

------
varjag
OK, if "CIA impersonated Kaspersky" it is of course implied they stole the NSA
tools to frame benign Russian government. NSA tools were revealed by Wikileaks
in "Vault 7". This revelation comes as WL's "Vault 8".

Does that mean WL got Vault 7 from CIA and Vault 8 from Russian FSB?

Assange, you sad confused crackpot…

