CATEGORIES
home News

WikiLeaks Reveals CIA Man-in-the-Middle LAN Hacking Tool Archimedes

by Brandon HillSaturday, May 06, 2017, 03:55 PM EDT

WikiLeaks isn’t done exposing the CIA’s arsenal of hacking tools used to infiltrate computer systems around the globe. Last month, we told you about Weeping Angel, which targeted select Samsung Smart TVs for surveillance purposes. Today, we’re learning about Archimedes, which attacks computers attached to a Local Area Network (LAN).

Although we have no way of knowing whether Archimedes is still in use by the CIA, the details of how it is unleashed on unsuspecting parties has been revealed in full. In its teaser announcing the exploit, WikiLeaks writes, “It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA.

CIA VAULT 7

“This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.”

Archimedes is just the latest incarnation of software that was previously known as Fulcrum. WikiLeaks also provided the full documentation for Fulcrum, which goes into much greater detail about how the man-in-the-middle operation is conducted:

Fulcrum uses ARP spoofing to get in the middle of the target machine and the default gateway on the LAN so that it can monitor all traffic leaving the target machine. It is important to note that Fulcrum only establishes itself in the middle on one side of the two­-way communication channel between the target machine and the default gateway. Once Fulcrum is in the middle, it forwards all requests from the target machine to the real gateway.

Archimedes can be deployed on machines running Windows XP (32-bit), Windows Vista (64-bit) and Windows 7 (64-bit) operating systems. The CIA documentation also says that the binaries required for Archimedes/Fulcrum will “run on any reasonably modern x86-compatible hardware”.

The Fulcrum user guide gives step-by-step directions on how to Prepare, Package, and Deliver the “payload”. The “Management” portion of the directions even takes a rather humorous tone, stating:

If you are reading this then you have successfully delivered the Fulcrum packages and provided the binaries with code execution. Hoorah! At this stage, there is not much to do other than sit back and wait. The release builds of the Fulcrum binaries don’t print anything to the console nor do they log any messages, so all we hear are the sound of crickets.

Archimedes is just the latest in a number of “Vault 7” leaks that have come our way since March from WikiLeaks. And it likely won’t be the last as WikiLeaks apparently has plenty of CIA files that it is combing over, just waiting to release.

Tags:  Wikileaks, Archimedes, CIA, vault 7, fulcrum
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment