CIA-Malware des Tages: Athena
Today, May 19th 2017, WikiLeaks publishes documents from the "Athena"
project of the CIA. "Athena" - like the related "Hera" system -
provides remote beacon and loader capabilities on target computers
running the Microsoft Windows operating system (from Windows XP to
Windows 10). Once installed, the malware provides a beaconing
capability (including configuration and task handling), the memory
loading/unloading of malicious payloads for specific tasks and the
delivery and retrieval of files to/from a specified directory on the
target system. It allows the operator to configure settings during
runtime (while the implant is on target) to customize it to an
operation.
According to the documentation (see Athena Technology Overview), the
malware was developed by the CIA in cooperation with Siege
Technologies, a self-proclaimed cyber security company based in New
Hampshire, US. On their website, Siege Technologies states that the
company "... focuses on leveraging offensive cyberwar technologies and
methodologies to develop predictive cyber security solutions for
insurance, government and other targeted markets.". On November 15th,
2016 Nehemiah Security announced the acquisition of Siege Technologies.
In an email from HackingTeam (published by WikiLeaks here), Jason
Syversen, founder of Siege Technologies with a background in
cryptography and hacking, "... said he set out to create the equivalent
of the military’s so-called probability of kill metric, a statistical
analysis of whether an attack is likely to succeed. 'I feel more
comfortable working on electronic warfare,' he said. 'It’s a little
different than bombs and nuclear weapons -- that’s a morally complex
field to be in. Now instead of bombing things and having collateral
damage, you can really reduce civilian casualties, which is a win for
everybody.'"