WikiLeaks’ Vault 7 dump on Friday contains documents on ‘Marble’ which detail CIA hacking tactics that misdirect forensic investigators from attributing viruses, trojans and hacking attacks to the agency by inserting Russian and Chinese code fragments.
CIA's "Marble Framework" shows its hackers use potential decoy languages https://t.co/Hm3pTPSXIS
— WikiLeaks (@wikileaks) March 31, 2017
“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion”
‘Marble’ also reportedly includes a deobfuscator that can reverse CIA obfuscation which can assist forensic investigators to correctly attribute hacking attacks and viruses to the CIA.
Marble was in use in 2016 when hacks of DNC computers and Hillary Clinton’s illegal servers were reported to have been compromised by Russian hackers and media reported that a server at Trump Tower was communicating with Russians.
The Marble Framework is used for obfuscation only and does not contain any vulnerabilities or exploits by itself.