The Central Intelligence Agency can take some small comfort that as WikiLeaks was preparing for its latest dump of the spy agency's Vault7 hacking tools, a group of hackers was busy defacing WikiLeaks' homepage.
On August 31 WikiLeaks posted a link to the CIA's Engineering Development Group user manual for the implant Angelfire v2.0, but at the same time the hacking group Ourmine managed to grab WikiLeaks homepage posting a black, red and white message mocking the group and saying the takeover was in retribution for a previous doxxing by WikiLeaks on Ourmine.
(Image courtesy of @Claire_Phipps)
The WikiLeaks incident only involved a takeover of the homepage, the group claimed on Twitter that its servers were not compromised.
WikiLeaks servers have not been hacked.— WikiLeaks (@wikileaks) August 31, 2017
According to the posted manual, Angelfire is comprised of five components Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system. Each element represents a tool that moves the malware through a system that together creates, “a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7),” WikiLeaks said in a statement.
Angelfire is compatible with these 32-bit systems (latest service pack): XP, Windows 7 and these 64-bit systems (latest service pack): Server 2008 R2, Win7. The manual also contains a troubleshooting guide that covers several known issues and contains known causes and possible workarounds.