Language Selection

English French German Italian Portuguese Spanish

Windows Intruded by CIA

Filed under
Microsoft
Security
  • Athena

    Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

    According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

  • Microsoft held back free patch that could have slowed WannaCry

More in Tux Machines

today's howtos

KDE: Qt, Plasma, QML, Usability & Productivity

  • Qt 5.11.1 and Plasma 5.13.1 in ktown ‘testing’ repository
    A couple of days ago I recompiled ‘poppler’ and the packages in ‘ktown’ that depend on it, and uploaded them into the repository as promised in my previous post. I did that because Slackware-current updated its own poppler package and mine needs to be kept in sync to prevent breakage in other parts of your Slackware computer. I hear you wonder, what is the difference between the Slackware poppler package and this ‘ktown’ package? Simple: my ‘poppler’ package contains support for Qt5 (in addition to the QT4 support in the original package) and that is required by other packages in the ‘ktown’ repository.
  • Sixth week of coding phase, GSoC'18
    The Menus API enables the QML Plugin to add an action, separator or menu to the WebView context menu. This API is not similar to the WebExtensions Menus API but is rather Falkonish!
  • This week in Usability & Productivity, part 24
    See all the names of people who worked hard to make the computing world a better place? That could be you next week! Getting involved isn’t all that tough, and there’s lots of support available.

Programming: Python Maths Tools and Java SE

  • Essential Free Python Maths Tools
    Python is a very popular general purpose programming language — with good reason. It’s object oriented, semantically structured, extremely versatile, and well supported. Scientists favour Python because it’s easy to use and learn, offers a good set of built-in features, and is highly extensible. Python’s readability makes it an excellent first programming language. The Python Standard Library (PSL) is the the standard library that’s distributed with Python. The library comes with, among other things, modules that carry out many mathematical operations. The math module is one of the core modules in PSL which performs mathematical operations. The module gives access to the underlying C library functions for floating point math.
  • Oracle's new Java SE subs: Code and support for $25/processor/month
    Oracle’s put a price on Java SE and support: $25 per processor per month, and $2.50 per user per month on the desktop, or less if you buy lots for a long time. Big Red’s called this a Java SE Subscription and pitched it as “a commonly used model, popular with Linux distributions”. The company also reckons the new deal is better than a perpetual licence, because they involve “an up-front cost plus additional annual support and maintenance fees.”

Linux 4.18 RC2 Released From China

  • Linux 4.18-rc2
    Another week, another -rc. I'm still traveling - now in China - but at least I'm doing this rc Sunday _evening_ local time rather than _morning_. And next rc I'll be back home and over rmy jetlag (knock wood) so everything should be back to the traditional schedule. Anyway, it's early in the rc series yet, but things look fairly normal. About a third of the patch is drivers (drm and s390 stand out, but here's networking and block updates too, and misc noise all over). We also had some of the core dma files move from drivers/base/dma-* (and lib/dma-*) to kernel/dma/*. We sometimes do code movement (and other "renaming" things) after the merge window simply because it tends to be less disruptive that way. Another 20% is under "tools" - mainly due to some selftest updates for rseq, but there's some turbostat and perf tooling work too. We also had some noticeable filesystem updates, particularly to cifs. I'm going to point those out, because some of them probably shouldn't have been in rc2. They were "fixes" not in the "regressions" sense, but in the "missing features" sense. So please, people, the "fixes" during the rc series really should be things that are _regressions_. If it used to work, and it no longer does, then fixing that is a good and proper fix. Or if something oopses or has a security implication, then the fix for that is a real fix. But if it's something that has never worked, even if it "fixes" some behavior, then it's new development, and that should come in during the merge window. Just because you think it's a "fix" doesn't mean that it really is one, at least in the "during the rc series" sense. Anyway, with that small rant out of the way, the rest is mostly arch updates (x86, powerpc, arm64, mips), and core networking. Go forth and test. Things look fairly sane, it's not really all that scary. Shortlog appended for people who want to scan through what changed. Linus
  • Linux 4.18-rc2 Released With A Normal Week's Worth Of Changes
    Due to traveling in China, Linus Torvalds has released the Linux 4.18-rc2 kernel a half-day ahead of schedule, but overall things are looking good for Linux 4.18.