International Cyber Expo International Cyber Expo
  • About Us
Monday, 13 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Alleged C.I.A. Hacking Documents Reinforce Need for SSL Traffic Inspection

by The Gurus
March 23, 2017
in This Week's Gurus
Hacker sinister threat
Share on FacebookShare on Twitter

WikiLeaks this month released thousands of documents containing several hundred million lines of code that it claims shine a light on the solutions and tactics the Central Intelligence Agency used to spy and hack into devices, including smartphones, computers and smart televisions.
While there are still questions around the documents’ authenticity, if they are legitimate they show that the C.I.A. has used sophisticated tools to, among other things, conceal malware and listen to technology in SSL encrypted traffic.
Nation states are already known to be in possession of sophisticated tools, such as those alleged by WikiLeaks, but with the attention that leaks such as this draw, the tools and ideas are now proliferating in the wild and are increasingly being used for more nefarious activities.
HIVE and Command and Control
There are numerous delivery mechanisms for the malware, but once implanted, most of them rely on some kind of Command and Control (C2) infrastructure. This infrastructure is generally used to control the malware and botnets, and it may be directly controlled by the malware operators or run on hardware compromised by the malware.
WikiLeaks alleges that the C.I.A. has a dedicated project, called HIVE, which is a multi-platform malware suite that provides Command and Control (C2) over “customisable implants for Windows, Solaris, MikroTik (used in Internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.”  HIVE specifically uses SSL (HTTPS) to cover its tracks, according to WikiLeaks.
While the use of SSL for Command and Control of malware is increasingly common, HIVE went a step further and introduced the use of client-certificate authentication, a technique that allows them to mitigate the risk of SSL interception, WikiLeaks alleges.
The Power of SSL Inspection
Although A10 is not in a position to comment on WikiLeaks’ allegations, it does highlight the importance of understanding what’s in encrypted traffic and possibly hiding in plain sight. It’s up to you as a business or a consumer to decide what traffic you determine is good and what is undesired.
There is no doubt that the concealment techniques for Command and Control traffic as used by HIVE will very soon be in public domain and will fall into the hands of bad actors who can use them for their own purposes. Even script-kiddies will have access to sophisticated tools, like those alleged by WikiLeaks and used by nation states, which will enable them to conceal their footprints.
If these techniques are allegedly being employed by Intelligence Community to protect national interests, imagine what methods APTs (advanced persistent threats) are using to hide within the SSL/TLS blind spot to target your business and intellectual property for exfiltration. The Verizon Data Breach Investigations Report indicates that 89 percent of breaches had a financial or espionage motive.
That is why being able to decrypt and inspect encrypted traffic is a wise business decision.
Defence in Depth
At A10, we encourage the use of best of breed solutions for robust security protections from the evolving threat landscape and to maximise your layers of defence. Having multiple layers of security increases the chances of catching and eradicating malware before it has the opportunity to wreak havoc. A multi-layered defence will also mitigate the risk of any single device being compromised and being rendered ineffective.
Additionally, we strongly encourage the use of a hardware security module (HSM) to safeguard and manage SSL private keys, which can be construed as master keys for any digital encrypted communications, to ensure strong authentication and privacy.
To summarise, we recommend the following to protect your organisation:

  • Maximise your layers of defence
  • Minimise the sprawl of your private keys
  • Protect private keys via HSM

By Duncan Hughes, Systems Engineering Director, EMEA, A10 Networks

Tags: attackCyberhackingsecurityTechnologyWikiLeaks
ShareTweet
Previous Post

Millions of SAP Users Exposed to Ransomware due to GUI Vulnerability

Next Post

New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol