WikiLeaks’ latest release from the Vault 7 leaks, titled “Marble,” claims that the CIA can use string obfuscating algorithms to attribute cyber attacks to other countries.
WikiLeaks released the “Marble Framework” leak today on their website, describing Marble as a tool used to “hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.”
“Marble does this by hiding (‘obfuscating’) text fragments used in CIA malware from visual inspection,” WikiLeaks claims. “This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.”
Marble is reportedly an obfuscation tool that is not used as a cyber attack itself but to hide and cover up previous attacks. WikiLeaks claims it is part of the CIA’s anti-forensics approach and the CIA’s core library of cyber attacks and viruses, “Designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.”