Group items tagged

As the latest installment of it’s ‘Vault 7’ series, WikiLeaks has just dropped a user manual describing a CIA project known as ‘Scribbles’ (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon’s creator without being detected. Per WikiLeaks’ press release:

Today, April 28th 2017, WikiLeaks publishes the documentation and source code for CIA’s “Scribbles” project, a document-watermarking preprocessing system to embed “Web beacon”-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and classified SECRET//ORCON/NOFORN until 2066. Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that “[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary.”

The ‘Scribbles’ User Guide explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document. Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.

And here is the full press release from WikiLeaks: Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.   Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.   "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.   Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.   Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.   While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

The U.S. government must get a grip on the massive opening that the CIA, through its misfeasance, nonfeasance and malfeasance, has created. If Tuesday’s WikiLeaks document dump is authentic, as it appears to be, then the agency left open electronic gateways that make all Americans vulnerable to spying, eavesdropping and technological manipulation that could bring genuine harm. That the CIA has reached into the lives of all Americans through its wholesale gathering of the nation’s “haystack” of information has already been reported. It is bad enough that the government spies on its own people. It is equally bad that the CIA, through its incompetence, has opened the cyberdoor to anyone with the technological skills and connections to spy on anyone else. The constant erosion of privacy at the hands of the government and corporations has annihilated the concept of a “right to privacy,” which is embedded in the rationale of the First, Third, Fourth, Ninth and Fourteenth Amendments to the U.S. Constitution. It is becoming increasingly clear that we are sliding down the slippery slope toward totalitarianism, where private lives do not exist.

We have entered a condition of constitutional crisis that requires a full-throated response from the American people. I have repeatedly warned about the dangers of the Patriot Act and its successive iterations, the execrable national security letters that turn every FBI agent into a star chamberlain, the dangers of fear-based security policies eroding our republic. We have crossed the threshold of a cowardly new world, and it’s time we tell the government and the corporations who have intruded to stop it. 

The first “false flag” operation conducted by the CIA’s UMBRAGE program - exposed by Wikileaks’ release of the “Vault 7” documents - may have involved planting “proof” that led to the approval of a request to wiretap Trump Tower last October.