Ready to Start Your Career?

UNM4SK3D: CIA, Dragonfly 2.0, and Siri

Olivia 's profile image

By: Olivia

September 8, 2017



As expected, Wikileaks has added yet another leak to the Vault 7 collection, one that leaves Harry Potter fans speculating. This time, rather than being a hacking tool or surveillance method focused leak, this project focuses on a Missile Control System, complete with blueprints. 'Project Protego' as it's called, is a PIC-based missile control system installed onboard a Pratt and Whitney Aircraft (PWA). It has the ability to hit air-to-air and air-to-ground targets using its' missile launch system. Four secret documents, along with "37 related documents (proprietary hardware/software manuals from Microchip Technology Inc)," detail system design, configuration and Protego structure images. These documents also suggest that "all micro-controller units exchange data and signals over encrypted and authenticated channels." The missile will only launch, however, when the Master Processor (MP) receives three valid signals.While there is no confirmation as to why this project was included in the repositories belonging to the CIA's Engineering Development Group, now in possession by Wikileaks, but it was noted that Protego was developed in partnership with one of a major defense contractor, Raytheon. You may recall Raytheon as the agency hired by the CIA for analyzing advanced malware and hacking techniques used in the wild by hackers and cyber criminals. Individuals have speculated that the name of the project, 'Protego' specifically, derives from the magical Shield Charm used in the Harry Potter movies, meaning the objective of this missile control system could be to defend something secret (a facility or base), from external physical attacks. Mischief managed?
The missile system has micro-controllers for the missile itself ('Missile Smart Switch', MSS), the tube ('Tube Smart Switch', TSS) and the collar (which holds the missile before and at launch time). -Wikileaks
Want to get caught up on last week's Vault 7 leak? Read the September 1st edition of UNM4SK3D for details.


It appears 'Dragonfly,' a well-resourced, Eastern European hacking group has reemerged on the cyber scene, this time with the campaign 'Dragonfly 2.0,' meaning a potential 'lights out' for the United States and European energy sectors.Over the past couple years, Dragonfly has been responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies across the globe. Back in 2014, reports circulated about the group's ability to mount sabotage operations against petroleum pipeline operators, electricity generation firms and other Industrial Control Systems (ICS) equipment providers in the energy sector. Now, researchers from Symantec are warning on their new 2.0 campaign, saying "the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so."Although Symantec researchers did not find any evidence of the use of zero day vulnerabilities, researchers did find the group utilizing publically available administration tools like PowerShell, PsExec, and Bitsadmin, which makes attribution more difficult. In their latest report, Symantec outlines many of Dragonfly's activities including: targeting the critical energy sectors in the U.S., Turkey, and Switzerland, using a toolkit called Phishery to perform email-based attacks that host template injection attack, and spreading malware that involves multiple remote access Trojans masquerading as Flash updates called Backdoor.Goodor, Backdoor.Dorshel and Trojan.Karagany.B. Attacks against energy grids are not new, but the resurfacing of this threatening group is a terrifying reminder of the threat looming in the 'dark.'
The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future. -Symantec
Get further insight on Dragonfly 2.0 in this post from Tripwire.


"Siri, browse the Dark Web." This could be the command a hacker gives to the virtual assistant on your phone, leaving your device open to being manipulated, a team of security researchers from China's Zhejiang University reports. Looks like it may be time to revert back to flip phones. The researchers have discovered a cunning new way of activating your voice recognition systems without uttering a word, allowing hackers to make calls, send text messages, and browse malicious websites on the Internet without user permission. This tactic is made possible by exploiting a security vulnerability that is common across all major voice assistants. Lovingly named the 'DolphinAttack,' this technique works by feeding the AI assistants (Siri, Alexa, etc.) commands in ultrasonic frequencies. These frequencies are too high for humans to hear but are audible to the microphones on smart devices. Using 'DolphinAttack,' criminals can 'silently' whisper into your smartphones to hijack the voice assistants, and forcing them to execute tasks even if you have lock features installed.In the researcher's experiment testing this technique, they "first translated human voice commands into ultrasonic frequencies (over 20 kHz), then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery—which costs less than $3." The malicious capabilities possible range from visiting a malicious website and spying to injecting fake information, DOS attacks, and concealing attacks. Perhaps most terrifying, The Hacker News reports,"the attack works on every major voice recognition platform, affecting every mobile platform including iOS and Android. So, whether you own an iPhone, a Nexus, or a Samsung, your device is at risk." Not to mention that the voice commands can be accurately "interpreted by the speech recognition (SR) systems on all the tested hardware" and work even if the hacker does not have direct access to your device.
DolphinAttack voice commands, though totally inaudible and therefore imperceptible to [a] human, can be received by the audio hardware of devices, and correctly understood by speech recognition systems. -Zhejiang University researchers
This isn't the first time audio capabilities have been under attack. Dubbed “Speake(a)r,” the malicious code is able to hijack a computer to record audio even when its’ microphone is disabled or completely disconnected from the computer. Dive into this previous edition of 'UNM4SK3D' for more.

#factbyte, a Washington, D.C.-based publisher of informational websites on higher education, has ranked the top 20 schools for cybersecurity, based on subject expertise, scholarship opportunities, and designation as a national security agency national center of academic excellence in cyber defense. Purdue University received the top ranking. olivia2Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.
Schedule Demo