WikiLeaks published classified details of CIA program, Imperial, this Thursday, July 27. The confidential files included detailed information on CIA’s tools that has been created to target Apple MacOS and Linux operating systems. The information released includes technical details of the tools, however, does not include details the use of the tools.
The Imperial project tools include: Achilles, Aeris, and SeaPea.
Achilles and SeaPea are designed to target Apple MacOs operating systems, while Aeris is designed to target Linux based operating systems.
Achilles: Developed in 2011, Achilles is designed to allow CIA officials to combine malicious Trojan applications with legitimate Mac OS app into a disk image installer (.DMG) file. The binding tools gives operators the ability to select one or more specific executable for a one-time execution. Once the user, downloads, opens, and installs the infected disk image, the malicious executables begin to run in the background. When the executables begin to run, traces of it are securely removed from the downloaded application. The original application runs as it would normally and once all signs of the trojan are removed anti-virus software are unable to detect any infection. Achilles is supported by MacOS X 10.6, Apple’s Snow Leopard operating system.
SeaPea: Developed in 2011, this hacking tools is a MacOS X Rootkit designed to allow CIA officials hides specific files, processes, and socket connections from users and allows them to access the computer. This rootkit is only removedif the startup disk is reformatted or if the infected Mac is upgraded to the next version of the operating system. SeaPea is supported by Mac OS X 10.6, Snow Leopard and Mac OS X 10.7, Lion operating system.
Aeris: Aeris is designed to allows CIA officials to customize the impact depending on the type of case. Aeris, is an automated implant written in C programming language made to backdoor portable Linux based operating systems like Red Hat or Debian.