As Microsoft recently pointed out, the stockpiling of cyber exploits by the intelligence community has been the subject of great concern for cyber security experts, putting the privacy and data of millions of users at risk. WikiLeaks, today, revealed another exploit used by the American intelligence agencies to target Windows systems.
Codenamed 'Athena', the spyware was apparently created by the CIA in conjunction with Siege Technologies, a New Hampshire cyber tech firm. Athena allows an attacker to take total control of a computer, send and retrieve data to and from remote locations, such as CIA servers, delete data and also upload other malicious code onto the computer, thereby introducing even more infections. It also works for any version of Windows from Windows XP to Windows 10, marking it as particularly potent in both its capabilities and its reach.
The operation of the malware is explained in further detail as follows:
Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.
This is the latest in Windows vulnerabilities created by intelligence agencies which have now been leaked to the public. The recent WannaCry attack was the result of such a leak and the group behind that leak has threatened the release of even more exploits next month. All of this emphasizes the need for a larger debate on the morality of intelligence agencies' creation of exploits and their reluctance to work with software vendors to patch them.