CIA hacking tools for Mac OS and Linux exposed by WikiLeaks

A Central Intelligence Agency (CIA) project called “Imperial” included three hacking tools for infiltrating the Mac and Linux operating systems, according to the latest “Vault 7” leaks.

The documents allegedly come from an isolated, high-security network inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.

WikiLeaks claims that a source provided portions of an archive of the CIA’s hacking arsenal, including malware, viruses, trojans, weaponised “zero day” exploits and malware remote control systems that was circulated among former US government hackers and contractors in an unauthorised manner.

The latest documents to be leaked detail hacking tools called Achilles, Aeris and SeaPea. 

According to the documents, Achilles is aimed at enabling CIA agents to “trojan an [Mac] OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution”.

SeaPea is designed to function as a Mac OS X rootkit for versions 10.6 and 10.7 to allow CIA agents to infiltrate a system while it reboots to carry out monitoring operations and launch tools.

SeaPea’s manual was previously released by WikiLeaks in another Vault 7 release named DarkSeaSkies, which detailed hacking tools targeting Macs and iPhones.

Aeris is described as an automated implant written in the C programming language that targets Linux distributions, including Debian, Red Hat, Solaris, FreeBSD and CentOS.

The documents claim Aeris is designed to function as a backdoor to these Linux distributions and can be used to build customised implants tailored for specific operations.

Aeris supports “automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication”, according to WikiLeaks.

WikiLeaks says the documents indicate the scope of the CIA’s global covert hacking programme, its malware arsenal and dozens of “zero day” weaponised exploits against a wide range of US and European company products.

WikiLeaks claims that since 2001, the CIA has gained political and budgetary pre-eminence over the US National Security Agency (NSA) and built its own group of hackers.

By the end of 2016, says WikiLeaks, the CIA’s hacking division had more than 5,000 registered users and had produced more than 1,000 hacking systems, trojans, viruses and other “weaponised” malware, creating, in effect, its “own NSA” but with “even less accountability”.

WikiLeaks said the source of the Vault 7 leaks suggested there were policy questions that urgently needed to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.

“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons,” said WikiLeaks.