Suspected CIA spying tools linked to hacks in 16 countries

Symantec has connected WikiLeaks' dumped CIA files to a hacking team called Longhorn

The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.

The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.

Those targets include governments and organizations in the financial, telecom, IT and aerospace sectors, among others, Symantec said, without disclosing specific names.

Victim computers were located in the Middle East, Europe, Asia, Africa -- and at one point, even the U.S., where the CIA is barred from conducting electronic surveillance.

"On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally," Symantec said.

The CIA has declined to say whether the documents dumped by WikiLeaks are authentic. But security researchers suspect that the dumped files deal a damaging blow to the U.S. spy agency by exposing its secret hacking operations.

On Monday, Symantec said there was “little doubt” a link existed between Longhorn and the hacking techniques described in the dumped documents.

The security firm has found Longhorn using four different malware tools, two of which match details disclosed in the dumped files.

For instance, the suspected CIA files describe a piece of malware known as Fluxwire, and provide a changelog of dates for when new features were added. Those dates align with changes Symantec noticed in a Trojan program used by Longhorn that had been discovered in 2015.

Another CIA file described a malware payload specification that matched another Longhorn-deployed Trojan, which can open a backdoor in a Windows PC.

In 2014, this Trojan was used with a little-known vulnerability that can exploit a Microsoft Word document to hack a target, Symantec said.

Some evidence shows that Longhorn may date back as far as 2007, according to Symantec. But prior to the WikiLeaks dump, the security firm had only concluded that the group was well-resourced, devoted to intelligence gathering, and probably English-speaking.

WikiLeaks hasn't released much of the source code to the suspected CIA hacking tools. However, the files -- which are largely made up of user manuals and other documents -- will nevertheless help both security firms and foreign governments to detect the spy agency's techniques, experts say.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?