Wikileaks Unveils CIA’s Man-in-the-Middle Attack Tool

Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks.

Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA.

This latest batch is the 7th release in the whistleblowing organization’s ‘Vault 7’ series.

Dubbed Archimedes, the newly released CIA tool, dumped on Friday, purportedly used to attack computers inside a Local Area Network (LAN).

According to the leaked documents, this MitM tool was previously named ‘Fulcrum’ but later was renamed to ‘Archimedes’ with several improvements on the previous version, like providing a way to “gracefully shutting down the tool on demand,” and adding “support for a new HTTP injection method based on using a hidden iFrame.”

The leaked documents describe Archimedes as a tool that lets users redirect LAN traffic from a targeted computer through a malware-infected computer controlled by the CIA before the traffic is passed on to the gateway, which is known as man-in-the-middle (MitM) attack.

The tool in itself is very simple without any extraordinary capabilities, as there are many MitM tools available on the Internet that anyone can be download and use it to target users on the local network.

Rendition Infosec founder Jake Williams also pointed out that the tool is not even originally developed by the CIA, rather appears to be a repackaged version of Ettercap – an open source toolkit for MitM attacks.

Williams also noted that the potential CIA targets could even use the leaked information to see whether their computers had been targeted by the agency.

Last week, WikiLeaks dumped source code for a more interesting CIA tool known as “Scribbles,” a piece of software allegedly designed to embed ‘web beacons’ into confidential documents, allowing the spying agency to track insiders and whistleblowers.

Since March the Whistleblowing website has published 7 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches: