Skip to main content
banner image
venafi logo

WikiLeaks Revelations: What Do the CIA and Cyber Adversaries Have in Common?

WikiLeaks Revelations: What Do the CIA and Cyber Adversaries Have in Common?

wikilieaks vault 8
November 14, 2017 | Emil Hanscom

WikiLeaks has significantly impacted the security industry and federal community this year. And just last week, the fallout continued.

On November 8th, WikiLeaks published a new collection of documents reportedly originating from the CIA. And, this batch of information revealed how the federal agency may have used fake web certificates to cloak clandestine activities.

According to the International Business Times: “The latest [WikiLeaks] release outlines the inner-workings of a ‘back-end’ malware tool called Hive…It is allegedly used by the clandestine service to ‘transfer exfiltrated information from target machines’ to CIA servers… The CIA uses the Hive malware system to build fake web certificates and stop anti-virus companies from accurately attributing its hacking operations.”

Overall, these revelations from WikiLeaks demonstrate how sophisticated adversaries can use machine identities, like digital certificates, to subvert traditional security controls.

“This batch from WikiLeaks is just one more example of how machine identities can be used to create deceptive attacks,” said Kevin Bocek, chief security strategist for Venafi. “But, this is not a new method of data exfiltration, state actors have been using fake machine identities for years now. For example, the APT1 group from China used fake digital certificates to trick security systems into thinking command and control systems were from IBM, Yahoo and other trusted businesses.”

So, what lessons can we learn from these new WikiLeaks revelations?

“Ultimately, the CIA’s Hive operation demonstrates why organizations need complete machine identity intelligence to protect themselves,” concludes Kevin. “This includes not only finding all certificates you use on a network, in the cloud and across the Internet, but scoring them to establish a certificate reputation. It’s like using a credit score, you need a basis to establish if certificates are real or fake, trusted or malicious.” 

How trustworthy are your digital certificates?

Like this blog? We think you will love this.
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more