> In its release, WikiLeaks said "Marble" was used to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation. The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and Persian.
The government and media pretends that attribution is a slam-dunk when it virtually never is. On the other hand, there are big career benefits to discovering the next "Chinese" malware vs. stumbling upon some US/EU script kiddy nonsense that included Chinese characters as a prank/red herring. There is incentive to misattribute & sensationalize.
I would wager that ~100% of CIA/NSA malware (or any state actor, really) has a plausible red herring cover. It would be foolish not to.
> In its release, WikiLeaks said "Marble" was used to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation. The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and Persian.
https://en.wikipedia.org/wiki/Vault_7
The government and media pretends that attribution is a slam-dunk when it virtually never is. On the other hand, there are big career benefits to discovering the next "Chinese" malware vs. stumbling upon some US/EU script kiddy nonsense that included Chinese characters as a prank/red herring. There is incentive to misattribute & sensationalize.
I would wager that ~100% of CIA/NSA malware (or any state actor, really) has a plausible red herring cover. It would be foolish not to.