CIA developed a code to frame Kaspersky Lab, WikiLeaks reports

On Nov. 9, WikiLeaks released the source code for an American cyberweapon, Hive, which cybercriminals working for the CIA have used to control malware that they deploy on infected computers.

According to the report, which is named Vault 8, the CIA-operated malware could mask itself under fake certificates and impersonate companies, namely Kaspersky Lab.

"Hive solves a critical problem for malware operators at the CIA," WikiLeaks said in a statement. "Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the Internet."

Hive can do multiple operations using multiple implants on targeted computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use.

WikiLeaks began to publish documents on Hive in April this year, and the malware is used by the CIA to hack, record and even control modern hi-tech appliances worldwide.

The source code of the malicious program indicates that Hive was able to impersonate existing entities to conceal suspicious traffic from the user who was spied on. The extraction of information would be misattributed to an impersonated company.

According to WikiLeaks, at least three examples in the code show that Hive is able to impersonate Kaspersky Lab, which has repeatedly been accused by U.S. officials of involvement in alleged Russian state-run hacking of the U.S. presidential election.

In September, the U.S. Department of Homeland Security (DHS) ordered all government agencies to stop using the company’s products and to remove them from computers because of the "information security risks presented by the use of Kaspersky products on federal information systems."

"We’ve investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," Eugene Kaspersky, the company’s founder, wrote on Twitter yesterday.

The responses of his followers vary from "Eugene, keep me safe," to "Kaspersky is trying to use Vault 8 to corroborate that the CIA was responsible for Kaspersky ‘hacks’. By saying the certificates are not in fact KAV (Kaspersky - RB), he can try to deny they were stealing their clients data."

Kaspersky Lab has repeatedly denied cooperating with any government entity, including Russia’s. The company stated its products can’t be used for spying as they lack any functionality beyond the advertised purpose. To prove its innocence, the company opened the source code of its software to independent review last month.

If using any of Russia Beyond's content, partly or in full, always provide an active hyperlink to the original material.