WikiLeaks has released the user guide, demo and more of a new spy malware strain allegedly created and used by the CIA. The spyware targets all Windows versions and allows attackers to completely hijack computers, steal data and send it to CIA severs, delete data and upload malicious software. According to WikiLeaks' documents, the spyware was created by the CIA, with help from a private New Hampshire-based cybersecurity firm called Siege Technologies.
According to the leaked user manual, the spyware has two modules. While Athena, the primary module, targets Windows XP to 10, the secondary module dubbed Hera targets Windows 8 through Windows 10.
"'Athena' - like the related 'Hera' system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10)," WikiLeaks said in a statement.
When was Athena created and what does it do?
Documents leaked by WikiLeaks, dated between September 2015 and February 2016, indicate that the spyware was created in August 2015, a mere month after Microsoft released Windows 10. The dates indicate that despite Microsoft's firm statements on how difficult it is for Windows 10 to be compromised, just months after the new operating system's launch, the CIA likely had the ability to hack Windows 10.
"Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation," WikiLeaks said.
Although in essence Athena is not all that different from other standard cyberespionage malware strains, according to the documents released by WikiLeaks, the spyware has been designed to evade security detection software, specifically Kaspersky's antivirus software.
Siege Technolgies founder Jason Syversen said his firm was working on a system that would help the US military determine whether a cyberweapon was effective or not, the equivalent of the military's "kill metric" for classic weapons.
"I feel more comfortable working on electronic warfare," a 2014 Bloomberg article quoted Syversen as saying. "It's a little different than bombs and nuclear weapons — that's a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody."
WikiLeaks has not provided any evidence suggesting the CIA used Athena. However, such a comprehensive spyware would likely be considered a major asset in the spy agency's cyber arsenal.
WikiLeaks' latest CIA Vault 7 release comes on the heels of a major victory for the whistleblowing group and its founder Julian Assange as Swedish prosecutors announced that they are dropping their alleged rape investigation against the WikiLeaks founder.
Despite the victory, Assange remains under threat of arrest if he steps out of the Ecuadorian embassy where he has been residing since 2012. The UK police said that Assange would be arrested if he left the Ecuadorian embassy over the "much less serious offence" of failing to surrender to the UK courts in 2012.