The dump by WikiLeaks has indicated that CIA’s hacking tools were part of a project called “Imperial."
The dump by WikiLeaks has indicated that CIA’s hacking tools were part of a project called “Imperial” which consisted of 3 different solutions which were supposed to help the agency infiltrate into non-Windows computers and either get control of the devices in the background or steal information from systems without the users noticing it.
Firstly, it was Achilles, a dedicated solution which the CIA had used to integrate Trojan apps into legitimate DMG files which Apple customers have used to install apps on their computers.
The binding tools were created with Bash, WikiLeaks has explained. The tools were capable of removing all traces once the Trojan was deployed on the system, leaving the compromised DMG file entirely clean. This meant that antivirus solutions which were installed after the system was compromised were unable to detect anything wrong with the DMG file. This meant it became pretty impossible to track down how the system was infected.
According to the leaked documents, Achilles was created by the CIA in 2011 and was specifically aimed at Apple Mac OS X Snow Leopard (version 10.6). The second Mac OS X hacking tool is called SeaPea. This tool assisted the CIA in stealing files and information from users without them noticing it was gone.
SeaPea required root access to the device and there is a good chance that the CIA operators used it together with a different malware that could help them get administrator privileges.
So again the hacking tool was created for Mac OS X Snow Leopard (version 10.6), but this time Mac OS X Lion (version 10.7) was also targeted.
And finally, it’s the third hacking tool that’s called Aeris and which is aimed at portable Linux operating systems, including Debian, CentOS, and Red Hat, but also at FreeBSD and Solaris.
WikiLeaks has stated that Aeris allowed for complex impacts on the targeted systems, as it supported “automated file exfiltration, configurable beacon interval and jitter, stand-alone and Collide-based HTTPS LP support and SMTP protocol support — all with TLS encrypted communications with mutual authentication.”