The Central Intelligence Agency can take some small comfort that as WikiLeaks was preparing for its latest dump of the spy agency's Vault7 hacking tools, a group of hackers was busy defacing WikiLeaks' homepage.
On 31 August WikiLeaks posted a link to the CIA's Engineering Development Group user manual for the implant Angelfire v2.0, but at the same time the hacking group Ourmine managed to grab WikiLeaks homepage posting a black, red and white message mocking the group and saying the takeover was in retribution for a previous doxxing by WikiLeaks on Ourmine.
(Image courtesy of @Claire_Phipps)
The WikiLeaks incident only involved a takeover of the homepage, the group claimed on Twitter that its servers were not compromised.
According to the posted manual, Angelfire is comprised of five components Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system. Each element represents a tool that moves the malware through a system that together creates, “a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7),” WikiLeaks said in a statement.
- Solartime modifies the partition boot sector to load some kernel code. That kernel code then modifies the Windows boot process so that when Windows loads boot time device drivers, an implant device driver can be loaded.
- Wolfcreek is the kernel code that Solartime executes.
- Keystone is responsible for starting user applications.
- BadMFS is a covert file system that is created at the end of the active partition. It is used to store all drivers, executables and implants that Wolfcreek will start.
- The Windows Transitory File system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire.
Angelfire is compatible with these 32-bit systems (latest service pack): XP, Windows 7 and these 64-bit systems (latest service pack): Server 2008 R2, Win7. The manual also contains a troubleshooting guide that covers several known issues and contains known causes and possible workarounds.