Wikileaks has published the latest documents from the Vault7 cache of malware linked to US intelligence agencies.
In addition to development logs, Wikileaks has also published the source code - meaning that hackers across the world will now, no doubt, be poring over the code and the documents to try and work out ways to incorporate the malware, or ideas from the malware, into their own creations.
"Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention," explains Wikileaks.
It continues: "Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet.
Wikileaks is now releasing source for exploits in Vault 7. Do they remember what happened last time such exploit code was leaked? Standby for another wannacry.— Alan Woodward (@ProfWoodward) November 9, 2017
"Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
"Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use.
"The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customised according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a ‘hidden' CIA server."
The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website, explains Wikileaks. However, for someone perusing the website with a machine infected with CIA malware will authenticate in the background.
"Traffic from [malware] implants is sent to an implant operator management gateway called Honeycomb while all other traffic go to a cover server that delivers the non-suspicious content for all other users."
Furthermore, Wikileaks reveals, the CIA faked digital certificates from Kaspersky and Thawte in order to try and mask the malicious activity.
"Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server Certificate Authority, Cape Town."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago