[WikiLeaks.org] On March 31st, 2017, WikiLeaks released their latest data dump regarding the CIA's secret anti-forensic network called the Marble Framework.

According to their site, "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA."

The data released describes tactics Marble uses to hide, or obfuscate, text fragments used in CIA malware. This tool is equivallent to a non-digital method of covering english language text on weapon systems produced in the U.S. before releasing them to insurgents who are secretly backed by the CIA.

According to WikiLeaks, "Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is '[D]esigned to allow for flexible and easy-to-use obfuscation' as 'string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.'"

A "deobfuscator" is also included in the Marble source code which is used to reverse CIA text obfuscation.

"Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015." - WikiLeaks.org

After analyzing the source code, test examples were discovered in multiple languages including Chinese, Russian, Korean, Arabic, Farsi as well as English.

WikiLeaks reports, "This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."

Learn more from the source. Click here.

#wikileaks #vault7 #vault7marble #cia #forensics #antiforensics