Wikileaks: ‘Marble’ is proof that CIA disguises hacks as Russian

The Vault 7 release by WikiLeaks contains a series of documents, named "Marble", detailing how CIA hacking tactics misdirect forensic investigators from attributing viruses, trojans and attacks.

Published: April 1, 2017, 9:36 am

    Read more

    After the release of “Year Zero” and “Dark Matter”, WikiLeaks has now released the third batch of stolen CIA documents. It doesn’t focus on tech companies, but on the American spy agency itself.

    Previous Vault7 releases have revealed the CIA’s ability to mask its hacking fingerprints. It has now been revealed how the CIA inserts code fragments in foreign languages, and the tactic has been in use as recently as 2016.

    According to the WikiLeaks release: “The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.”

    By doing so, it creates a means for virus writers to pretend that the malware was created by a speaker of a range of foreign languages. But not any foreign languages of course, because the languages are those of the US’s main cyber-adversaries – Russia, North Korea, China and Iran.

    WikiLeaks suggests that this tech would trick security analysts to into thinking they were, for example, dealing with the Russians or the Chinese PLA.

    The whistleblower believes that potentially “thousands” of cyber attacks could thus be attributed to the CIA, while the blamed is wrongly placed on foreign governments, noting that the CIA technique is the digital equivalent of a tool which disguises the English text on US produced weapons systems before they are provided to insurgents.

    WikiLeaks said Marble is able to hide fragments of texts that would allow for the author of the malware to be identified, “designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms” often link malware to a specific developer.

    The source code released reveals Marble contains test examples in Russian, Korean, Arabic, Chinese and Farsi.

    “This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” according to WikiLeaks, “But there are other possibilities, such as hiding fake error messages.”

    The code also contains a “deobfuscator” which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.”

    “Marble forms part of the CIA’s anti-forensics approach. […] This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

    “The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.”

    The Marble release appears authentic because WikiLeaks used “primary source documents,” John Kiriakou, former CIA analyst and whistleblower, told RT.

    The first set of leaks, released on 7 March, described exploits used to compromise vulnerable Android devices, Apple iPhones, Samsung TVs, Windows PCs, and Macs.

    Two weeks later, it leaked how the CIA was able to buy Apple Macs and iPhones, install spyware on them, and give them to targets. WikiLeaks spun this to suggest this might be happening in the factory, but the suggestion was unsupported by the leaked documents.

    El Reg has independently confirmed that Assange and his co-workers have entered into talks with Microsoft, unlike whistleblower Edward Snowden, who unequivocally shared all the documents with the public without making any demands to the publications or companies.

    Consider donating to support our work

    Help us to produce more articles like this. FreeWestMedia is depending on donations from our readers to keep going. With your help, we expose the mainstream fake news agenda.

    Keep ​your language polite​. Readers from many different countries visit and contribute to Free West Media and we must therefore obey the rules in​,​ for example​, ​Germany. Illegal content will be deleted.

    If you have been approved to post comments without preview from FWM, you are responsible for violation​s​ of​ any​ law. This means that FWM may be forced to cooperate with authorities in a possible crime investigation.

    If your comments are subject to preview ​by FWM, please be patient. We continually review comments but depending on the time of day it can take up to several hours before your comment is reviewed.

    We reserve the right to del​ete​ comments that are offensive, contain slander or foul language, or are irrelevant to the discussion.

    No comments.

    By submitting a comment you grant Free West Media a perpetual license to reproduce your words and name/web site in attribution. Inappropriate and irrelevant comments will be removed at an admin’s discretion. Your email is used for verification purposes only, it will never be shared.

    Americas

    Ohio disaster: When hedge funds manage rail traffic

    East PalestineAfter the derailment of a freight train loaded with highly toxic chemicals in the US state of Ohio, a devastating environmental catastrophe may now be imminent. The wagons burned for days, and a "controlled" explosion by the authorities released dangerous gases into the environment.

    US President Biden orders ‘spy’ balloon to be shot down

    WashingtonThe US President gave the order to shoot down China's "spy balloon". The balloon had caused US Secretary of State Blinken to cancel a trip to Beijing. In the meantime, a second balloon was sighted.

    US is heading for a financial ‘catastrophe’ US Treasury Secretary warns

    WashingtonOn January 19, 2023, the United States hit its debt ceiling of $31.4 trillion. The country faces a recession if it defaults on its debt, the US Treasury Secretary warned in an interview. Her warning underscored the danger of printing money.

    Gun violence: More risk in Chicago and Philadelphia than Iraq, Afghanistan

    Providence, Rhode IslandA striking statistic: young Americans are several times more likely to be injured by a gun in cities like Chicago and Philadelphia than they are while serving as a soldier in a foreign country.

    Elon Musk, the first person in history to destroy $200 billion in a year

    Never before in human history has a person lost as much money in one year as Elon Musk did in 2022. The Tesla and Twitter boss lost $200 billion last year. However, with his remaining $137 billion, he is still the second richest person in the world.

    Extreme cold and winter storms sweep across US

    More than a million households without electricity, thousands of canceled flights, temperatures in the double-digit minus range and already 41 fatalities: The US is being overwhelmed by an enormous cold wave.

    Soros sponsors violent leftists and anti-police lobby as US crime surges

    WashingtonThe mega-speculator and "philanthropist" George Soros remains true to himself – he has been sponsoring anti-police left-wing groups with billions of dollars.

    FTX Founder Sam Bankman-Fried arrested after crypto billions go missing

    NassauHe is no longer sitting in his fancy penthouse, but in a cell in the Bahamas: Sam Bankman-Fried (30), founder of the crypto company FTX, is said to be responsible for the theft of 37 billion euros. An interesting fact is that media in the EU have so far kept this crime thriller almost completely secret.

    How Twitter helped Biden win the US presidency

    WashingtonThe short message service Twitter massively influenced the US presidential election campaign two years ago in favor of the then candidate Joe Biden. The then incumbent Donald Trump ultimately lost the election. Internal e-mails that the new owner, Elon Musk, has now published on the short message service show how censorship worked on Twitter. The 51-year-old called it the “Twitter files”.

    Alberta PM suspends cooperation with WEF

    EdmontonThe newly elected Premier Danielle Smith of the province of Alberta in Canada has recently made several powerful statements against the globalist foundation World Economic Forum and its leader Klaus Schwab. She has also decided to cancel a strange consulting agreement that WEF had with the state.

    Go to archive