Welcome to the next in Liberty Nation’s series on the surveillance state and what it means to you. As reported in Liberty Nation, on March 8, 2017, by Leesa K. Donner and Kit Perez, Wikileaks, the international non-profit that focuses a spotlight on every unsavory secret of government skullduggery that it can get its hands on, began exposing a series of CIA hacking tools that they refer to as Vault 7. Sunday, May 5, they dropped their newest Vault 7 document set, Archimedes.
Let’s take a second to bring the non-techies up to speed. First, in local area networks (LANs), the kind that exists in your house or business, computers talk by sending electronic packets of information back and forth. To know what computer gets what information the computers inform each other of their names, and each computer maintains a table of who is who. This system trusts that every computer reports its name correctly. Second, every network has a specialized computer called a gateway, also known as a router, which sends traffic from the local network onto other networks, including the internet. In your home, your gateway is likely to be your cable modem or similar device.
Archimedes, which was in use in 2012, takes advantage of that trust. A CIA hacker infects a computer on the LAN with Archimedes, and it broadcasts messages telling the computer that they want to compromise your computer and make Archimedes the gateway. Archimedes becomes a “man in the middle,” intercepting all traffic between the target and then forwards it to the gateway. Why this traffic? Because that is where your computer sends all Internet communications, and that is where the magic happens.
Once Archimedes is the man in the middle, it uses a technique called HTTP traffic injection. This method allows Archimedes to listen for specific requests, and respond to them with its instructions. So, if the target says, for example, “how do I get to abc.com?”, Archimedes passes that request along, but quickly responds, as though it was the gateway, “go to address X.” Of course, address X is a web server on the internet that looks just like abc.com but is just chock full of special malware. The kind of malware that the web server downloads depend on the vulnerabilities of the computer, but it isn’t impossible to install a remote access tool (RAT) which would allow remote control of the desktop.
There are a few things to balance when deciding whether or not to be particularly alarmed about Archimedes. First, somebody has to infect a machine on the LAN physically. That can be good or bad. If you only have a wired network, somebody has to break in and put their hands on your hardware. But most people and businesses run wireless networks, and those are much easier to compromise. With the right equipment, software, and adequate time, a machine running Archimedes can inject itself onto a wireless network from a very long distance. Second, Archimedes is not an advanced tool. Hackers have been using a very similar application, called Ettercap, out in the wild for a very long time. Third, Archimedes and its parent Fulcrum are old technology. While they are an effective means to target a specific LAN, there are much better ways to infect hundreds, thousands, or millions of computers with malware. As Ars Technica reported a few years ago, the NSA started installing their firmware into Cisco routers by intercepting shipments between the factory and end user. Ars Technica has also shed some light on how the “Great Firewall of China,” a system of routers and network equipment designed to prevent Chinese people from viewing censored web content, was weaponized. Visitors to a website in China had their computers infected with code that made them part of a robot army which launched a massive denial-of-service attack against GitHub, a popular website for programmers.
What this means to you is that governments now possess practical methods to infect millions of computers on the internet with malware, simply by controlling the focal points that traffic passes through, and redirecting traffic to their web servers, which install malware when you view their pages.
So, while WikiLeaks’ new revelation is helpful to remind us that the intelligence community has been spying on us, Archimedes is nothing new, and not particularly scary in the context of the other Vault 7 releases.
The takeaway for our readers should be that the internet is not a safe space. If you have a secret sauce formula, don’t keep it on a machine that uses networks. Don’t use wireless networks for computers that handle sensitive data. Always use secure passwords, two-factor authentication, and encryption wherever possible. Don’t open links in emails. Don’t use websites you don’t trust and use https everywhere for those you do trust. Always use a good VPN. If you don’t ever want your internet history used against you, use Tails OS. Absolute privacy in the modern age is impossible, but to maximize your privacy, visit EFF.ORG and regularly and implement their suggestions.