![Kaspersky](https://www.grahamcluley.com/wp-content/uploads/2015/06/kaspersky-wide.jpeg) "Your mission, should you choose to accept it, is to Trojan everything with anything on all OSes and evade detection by all PSPs all the time." [CIA Operational Support Branch User #71473](https://wikileaks.org/ciav7p1/cms/page_2621683.html) Vault 7 reveals that the CIA had keen interest in bypassing alarms in personal security products (PSPs) like AVG and Kaspersky. Not only do numerous documents prove the CIA's interest in bypassing anti-virus systems, but several CIA developers, for example [User #1179925](https://wikileaks.org/ciav7p1/cms/space_1736706.html), were specifically assigned to projects targeting just about every anti-virus system including: * Kaspersky * AVG * Symantec * Trend Micro * Malwarebytes * Norton * McAfee * ClamAV * Panda Security * Rising * Zone Alarm * EMET (Enhanced Mitigation Experience Toolkit) * Microsoft Security Essentials * GDATA * ESET * Bitdefender * Avira This article will discuss security flaws in the commonly used anti-virus program, Kaspersky, which has been targeted and exploited by the CIA, rendering their attacks virtually undetectable to its millions of users. In addition, we uncover strong evidence by admission that the CIA was actually the anti-Kaspersky cyberweapons group known as "The Equation Group". Kaspersky is a popular personal security product (PSP) developer based in Moscow, Russia. The CIA showed particular interest in bypassing Kaspersky anti-virus programs and their attempts to do so can be found in several different documents.[(1)](https://wikileaks.org/ciav7p1/cms/page_13763143.html) Some have suggested this may be because Kaspersky has close ties with the Russian intelligence organization, FSB.[(2)](https://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies) Regardless, however, this should be cause for alarm as Kaspersky isn't just used by Russia. In fact, Kaspersky is used by over 200 million people worldwide including the United States.[(3)](http://ask.brothersoft.com/how-many-people-use-this-antivirus-how-would-you-rate-it-10365.html) Just how compromised is Kaspersky? Well... One particular document available on Vault 7 provides a script for testing whether or not a certain program will trigger Kaspersky's anti-virus alert.[(4)](https://wikileaks.org/ciav7p1/cms/page_13763143.html) It is interesting to note that in the first lines of this script the library "tybase.palantir.client" is imported, meaning that it is either dependent on or directly interfaced with components of Palantir. **DriftingShadows** can create dll files which will check for the existence of Kaspersky on the target system, check for the existence of a stop file, and will have a list of whitelisted IP addresses to target. It can then begin covertly running an exploit payload known as **GRAVITYTURN**.[(5)](https://wikileaks.org/ciav7p1/cms/page_14588388.html) Apparently DriftingShadows was also tested against AVG anti-virus successfully, but a Secret/Noforn document available in Vault 7 shows that certain instances of DriftingShadows could be caught by AVG.[(6)](https://wikileaks.org/ciav7p1/cms/page_14588112.html) Kaspersky analysts believe that several hacking tools were developed by a collective they labelled as, "Equation". Sometime in 2015, the CIA discussed Equation itself and how to avoid mistakes of its operation which led to its detection by Kaspersky.[(7)](https://wikileaks.org/ciav7p1/cms/page_14588809.html) The previously mentioned User #1179925 corrected the claim of Equation being a rogue cyberweapons group by admitting: >The Equation Group as labeled in the report does not relate to a specific group but rather a collection of tools (mostly TAO (Tailored Access Operation) some IOC (CIA Information Operations Center)). Documents also show that another tool, **Grasshopper**, was able to successfully bypass Kaspersky as well as Symantech and Windows Security Essentials systems.[(8)](https://wikileaks.org/ciav7p1/cms/page_14587218.html) This tool seems to have primarily targeted Windows systems up until Windows 8, but Grasshopper releases in Vault 7 show it was updated up until at least December 2015[(9)](https://wikileaks.org/ciav7p1/cms/page_12353659.html) and may have likely supported more recent versions. This leaves me with some intriguing conclusions. Not only does the CIA actively (and successfully) bypass all commonly used anti-virus programs, but they seem to be involved with other infamous surveillance groups such as Palantir and more. In addition, it's entirely possible the CIA and their allies may have used these cyberweapons to commit serious cybercrimes. The source for the Duqu and Duqu 2.0 attacks on Kaspersky, for instance, is still unknown, but contained several false flag indicators used to mask the attacker as being Chinese or Romanian in origin[(10)](https://wikileaks.org/ciav7p1/cms/files/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf) which is eerily reminiscent of the CIA's UMBRAGE group. Now that we know they are actually the CIA, I will look more into The Equation Group and their malware programs in an upcoming article. For now, however, it should be assumed that **anti-virus programs are not an effective countermeasure** to CIA hacks present in Vault 7.
post_id | 2,251,579 |
---|---|
author | rebelskum |
permlink | vault-7-s-driftingshadows-the-cia-s-cyberwar-against-kaspersky-and-anti-virus-software |
category | technology |
json_metadata | "{"app": "steemit/0.1", "format": "markdown", "links": ["https://wikileaks.org/ciav7p1/cms/page_2621683.html", "https://wikileaks.org/ciav7p1/cms/space_1736706.html", "https://wikileaks.org/ciav7p1/cms/page_13763143.html", "https://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies", "http://ask.brothersoft.com/how-many-people-use-this-antivirus-how-would-you-rate-it-10365.html", "https://wikileaks.org/ciav7p1/cms/page_14588388.html", "https://wikileaks.org/ciav7p1/cms/page_14588112.html", "https://wikileaks.org/ciav7p1/cms/page_14588809.html", "https://wikileaks.org/ciav7p1/cms/page_14587218.html", "https://wikileaks.org/ciav7p1/cms/page_12353659.html", "https://wikileaks.org/ciav7p1/cms/files/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf"], "image": ["https://www.grahamcluley.com/wp-content/uploads/2015/06/kaspersky-wide.jpeg"], "tags": ["technology", "politics", "news", "wikileaks", "vault7"]}" |
created | 2017-03-25 22:18:30 |
last_update | 2017-03-26 17:59:45 |
depth | 0 |
children | 2 |
net_rshares | 3,283,597,095,680 |
last_payout | 2017-04-25 23:12:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 2.202 SBD |
curator_payout_value | 0.568 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 5,401 |
author_reputation | 30,045,385,302,046 |
root_title | "Vault 7's DriftingShadows: The CIA's cyberwar against Kaspersky and anti-virus software" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 0 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
fuzzyvest | 0 | 1,871,833,895,922 | 40% | ||
boy | 0 | 3,866,034,905 | 100% | ||
bue-witness | 0 | 4,713,533,244 | 100% | ||
bunny | 0 | 743,047,083 | 100% | ||
bue | 0 | 75,719,411,471 | 100% | ||
mini | 0 | 2,066,653,785 | 100% | ||
moon | 0 | 263,104,667 | 100% | ||
pairmike | 0 | 3,766,522,726 | 1% | ||
proctologic | 0 | 3,800,073,013 | 1% | ||
healthcare | 0 | 770,696,147 | 100% | ||
daniel.pan | 0 | 1,218,759,661 | 100% | ||
konelectric | 0 | 415,969,829 | 1% | ||
alexgr | 0 | 23,885,843,286 | 100% | ||
helen.tan | 0 | 352,652,343 | 100% | ||
forrestwillie | 0 | 498,653,952 | 1% | ||
andrei | 0 | 238,932,231 | 1% | ||
fyrstikken | 0 | 52,877,081,743 | 1% | ||
slowwalker | 0 | 386,108,386,645 | 15% | ||
furion | 0 | 341,031,752,075 | 75% | ||
jamesjarman | 0 | 1,708,062,308 | 1% | ||
juvyjabian | 0 | 711,022,049 | 1% | ||
karenmckersie | 0 | 2,296,950,919 | 1% | ||
youngkim | 0 | 471,004,562 | 1% | ||
dirty.hera | 0 | 56,018,467 | 1% | ||
gomeravibz | 0 | 1,794,641,280 | 1% | ||
craigslist | 0 | 521,642,962 | 100% | ||
timelapse | 0 | 463,443,482 | 1% | ||
steemitqa | 0 | 289,960,636 | 1% | ||
darthnava | 0 | 436,491,252 | 1% | ||
cryptos | 0 | 80,195,207,284 | 60% | ||
lasseehlers | 0 | 1,195,756,319 | 1% | ||
shadowspub | 0 | 588,556,320 | 1% | ||
runridefly | 0 | 7,909,544,050 | 24% | ||
barrydutton | 0 | 2,080,138,531 | 1% | ||
steemitguide | 0 | 595,313,408 | 1% | ||
richardcrill | 0 | 1,360,122,201 | 1% | ||
oldstone | 0 | 17,822,694,900 | 100% | ||
mindhunter | 0 | 1,494,661,745 | 1% | ||
patelincho | 0 | 256,113,780 | 1% | ||
heroic15397 | 0 | 14,258,524,056 | 100% | ||
surpassinggoogle | 0 | 520,949,448 | 1% | ||
steemsports | 0 | 169,848,604,707 | 65% | ||
giantbear | 0 | 1,361,779,837 | 1% | ||
stray | 0 | 476,456,410 | 1% | ||
daisyd | 0 | 391,057,871 | 1% | ||
jmehta | 0 | 93,855,885 | 100% | ||
whatageek | 0 | 871,156,631 | 1% | ||
johnathanhenry | 0 | 120,350,825 | 100% | ||
j3dy | 0 | 6,883,524,272 | 100% | ||
grildrig | 0 | 10,028,501,260 | 100% | ||
butan | 0 | 105,139,815 | 1% | ||
seablue | 0 | 2,100,466,951 | 1% | ||
v4vapid | 0 | 31,155,512,049 | 100% | ||
hammaraxx | 0 | 2,510,320,411 | 100% | ||
meysam | 0 | 630,393,009 | 1% | ||
jphenderson | 0 | 1,745,215,786 | 100% | ||
mandireiserra | 0 | 18,345,249,951 | 100% | ||
personz | 0 | 29,790,660,791 | 100% | ||
driptorchpress | 0 | 91,405,999 | 1% | ||
borepstein | 0 | 9,407,322,553 | 100% | ||
shaunmza | 0 | 7,841,497,620 | 80% | ||
animal-shelter | 0 | 9,417,134,792 | 100% | ||
steemfeed | 0 | 3,157,307,539 | 100% | ||
rebelskum | 0 | 25,491,340,970 | 100% | ||
cwatch | 0 | 149,086,277 | 1% | ||
willsplace | 0 | 64,334,439 | 1% | ||
ambyr00 | 0 | 3,024,334,200 | 1% | ||
inity | 0 | 3,298,111,288 | 100% | ||
hagbardceline | 0 | 32,438,790,968 | 100% | ||
mycryptomark | 0 | 67,466,728 | 1% | ||
thedegensloth | 0 | 125,803,961 | 1% | ||
xinta | 0 | 433,395,202 | 100% | ||
franzia | 0 | 274,044,148 | 100% | ||
nsraphryu1 | 0 | 295,767,755 | 100% | ||
shawnwaldow | 0 | 363,880,093 | 100% |
Thanks for the updates, keep em coming!
post_id | 2,257,350 |
---|---|
author | inity |
permlink | re-rebelskum-vault-7-s-driftingshadows-the-cia-s-cyberwar-against-kaspersky-and-anti-virus-software-20170326t143500206z |
category | technology |
json_metadata | "{"app": "steemit/0.1", "tags": ["technology"]}" |
created | 2017-03-26 14:35:00 |
last_update | 2017-03-26 14:35:00 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2017-04-25 23:12:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 39 |
author_reputation | 2,576,980,374,514 |
root_title | "Vault 7's DriftingShadows: The CIA's cyberwar against Kaspersky and anti-virus software" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Excellent work sir.
post_id | 2,263,699 |
---|---|
author | shawnwaldow |
permlink | re-rebelskum-vault-7-s-driftingshadows-the-cia-s-cyberwar-against-kaspersky-and-anti-virus-software-20170327t034931914z |
category | technology |
json_metadata | "{"app": "steemit/0.1", "tags": ["technology"]}" |
created | 2017-03-27 03:49:36 |
last_update | 2017-03-27 03:49:36 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2017-04-25 23:12:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 19 |
author_reputation | 0 |
root_title | "Vault 7's DriftingShadows: The CIA's cyberwar against Kaspersky and anti-virus software" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |