19 May, 2017
Today, May 19th 2017, WikiLeaks publishes documents from the “Athena” project of the CIA. “Athena” – like the related “Hera” system – provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.
According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company “… focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.”. On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.
In an email from HackingTeam (published by WikiLeaks here), Jason Syversen, founder of Siege Technologies with a background in cryptography and hacking, “… said he set out to create the equivalent of the military’s so-called probability of kill metric, a statistical analysis of whether an attack is likely to succeed. ‘I feel more comfortable working on electronic warfare,’ he said. ‘It’s a little different than bombs and nuclear weapons — that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.'”