WikiLeaks Vault 7

WikiLeaks dumped today the documentation of a new supposed CIA hacking tool called Archimedes, which the Agency had used to perform Man-in-the-Middle attacks on local networks.

According to the nine leaked documents, this tool was previously named Fulcrum but was renamed to Archimedes when it reached v1.

Timestamps in the documents reveal the tool was developed and most likely used between 2011 and 2014.

The Archimedes manual describes the tool's purpose as follows.

Archimedes is used to redirect LAN traffic from a target’s computer through an attacker controlled computer before it is passed to the gateway. This enables the tool to inject a forged web server response that will redirect the target’s web browser to an arbitrary location. This technique is typically used to redirect the target to an exploitation server while providing the appearance of a normal browsing session.

As you can see, the tool does not execute the MitM attack itself, but only redirects the target's traffic to another PC on the same network. That second machine will be responsible for breaking down connections, reading the user's traffic, and then relaying the traffic to the LAN's gateway server.

Archimedes a repackaged version of Ettercap?

The tool itself is very simple, as Jake Williams, founder of Rendition Infosec, writes on Twitter. In fact, according to a quick analysis, the tool isn't even original, appearing to be a repackaged version of Ettercap, an open source toolkit for MitM attacks.

The most interesting detail in the entire leak are the MD5 hashes for each of the Archimedes files. Security researchers can now take these hashes and scan artifacts from previous cyber-incidents and see cases where the tool might have been deployed, but they failed to detect it at the time.

The Archimedes leak is part of a WikiLeaks series called "Vault 7," during which the non-profit organization has dumped the documentation and user manuals of several hacking tools WikiLeaks claims belong to the CIA. WikiLeaks says it received these tools from hackers and whistleblowers.

You can follow our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
DarkSeaSkies - tools for hacking iPhones and Macs
Scribble - beaconing system for Office documents