In WikiLeaks’ newest Vault 8 series of CIA-linked revelations, the whistleblower website has exposed source codes for the agency’s secret malware controller called Hive which masks communications with targeted computers by falsely attributing them to a trusted domain and issuing fake certificates on its behalf.
The chief executive of the Kaspersky Lab software firm has confirmed that leaked digital authentication certificates issued in its name were fake after WikiLeaks published more proof of CIA online spying.
“We’ve investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected,” Eugene Kaspersky tweeted late on Thursday.
WikiLeaks said that three examples included in the source code built a fake certificate for the Moscow-based anti-virus company, pretending to be signed by a Thawte Premium Server CA in Cape Town.