The CIA Used Hacking Tools to Break into Linux and Mac OS X Systems

WikiLeaks has revealed three more hacking tools used by the CIA to break into systems. However, this time the tools do not affect only Windows computers but also machines running Mac OS X and Linux. The new set of malicious programs are part of a project named "Imperial" and, supposedly, the purpose of the agency was to take control over targeted devices in the background, or to steal information from them without the users noticing that there is something wrong.

The names of the three new tools are Achilles, SeaPea, and Aeris. The most significant of the three appears to be Achilles. It was created by the agency in 2011 with the specific purpose of hacking Apple Mac OS X Snow Leopard version 10.6. Achilles represents a dedicated solution that the CIA used to inject malicious Trojan applications into DMG files which Apple users need in order to be able to install applications on their computers.

WikiLeaks reveals that the Trojan deployed by Achilles on the infected devices was capable of removing all its traces on the system, leaving the affected DMG files entirely clean. This way, any anti-malware products that were installed and run on the machine after the infection could not detect that the DMG files have been compromised. That made it also very hard for the researchers to find out how the machine was hacked after the infection got detected.

SeaPea was the second hacking tool developed by the CIA to target Mac computers, whereby apart from targeting MAC OS X Show Leopard version 10.6, it could also affect MAC OS X Lion version 10.7. SeaPea's goal was to steal files and other relevant data from the compromised device whereby the malware was designed to work in the background so that the user does not notice anything of the malware's operation. It is very likely that the agents needed to use SeaPea together with some different type of malware because SeaPea requires root access to the device and another tool was necessary to provide the attackers with administrator privileges.

The third tool named Aeris was created to infect Linux systems, including CentOS, Debian, FreeBSD, Red Hat, and Solaris. The experts say that Aeris has the ability to conduct more complex attacks, like extracting files automatically. This third hacking tools also allows for "configurable beacon interval and jitter, stand-alone and Collide-based HTTPS LP support and SMTP protocol support". All these functions could be performed through TLS encrypted communications with mutual authentication.