WikiLeaks publishes the CIA source code used to disguise its relevance to cyber attacks

WikiLeaks has released nearly 676 of the source code files of a new framework called Marble, a system Wikileaks claims to be used by the CIA.

According to WikiLeaks, version 1.0 of this framework was released in 2015, and the CIA has continued to use it ever since.

The files that are part of these official leaked documents for the framework describe it as a framework "designed to allow more flexible and easy to use confusion when developing different tools". These types of techniques are used by many malware developers to block researchers and hide the source of attack.

During the first round of WikiLeaks files during the recent wave of leaks known as Volt 7, information shows that the CIA learned from the mistakes of the National Security Agency (NSA) after its group, the Equation Group, was revealed by some security researchers. It is clear that CIA staff have learned that using some special encryption is one of the biggest errors of the National Security Agency, because it allowed researchers to link different malware to the same developer.

This framework allows the creation of a kind of confusion in a particular tool using some random techniques to prevent information security experts and investigators from linking the tool to a particular developer.

During its analysis of the source code of the Marble framework, Wikileaks found some test examples written in Russian, Chinese, Arabic, Korean and Persian, suggesting that the agency had used the framework to deceive investigators by believing that its tools were developed by individuals speaking one of these languages.