+ Reply to Thread
Page 11 of 18 FirstFirst 1 11 18 LastLast
Results 201 to 220 of 351

Thread: Vault 7

  1. Link to Post #201
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Quote Posted by Ewan (here)
    Note to others: 23 minutes before you will probably understand a word.
    Thanks, Ewan (and sorry), I thought I had it set to start at 23 minutes.

    * * *


    Full statement on Dark Matter from WikiLeaks -

    Vault 7: Projects

    Dark Matter

    Quote 23 March, 2017
    Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

    Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

    "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

    Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

    Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

    While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
    Documents Directory HERE.

    * * *

    #Vault7: Assange says WikiLeaks ‘Dark Matter’ leak ‘small example’ of what’s in store

    Quote Julian Assange answered questions on WikiLeaks latest release in ‘Vault 7,’ named ‘Dark Matter,' as well as the CIA’s ever-changing role and the impact this has on world affairs.

    The second release in the series details the techniques that WikiLeaks claims are employed by CIA assets to compromise Apple devices between the manufacturing line and the end user.

    ‘Dark Matter’ is just “a small example” of material to come, Assange said, speaking via Periscope.

    In light of these leaks, Assange warned how the CIA continues to be an agency that reports on the world and then “commits actions to overthrow governments and influence elections.”

    “Since 9/11 the CIA has overtaken the NSA as the budgetary dominant intelligence agency within the US,” Assange said, resulting in increased “institutional ambitions” for the CIA to the point where it is now commanding air force resources, Assange claimed, citing their control of drones as an example.

    “It is in some ways rivaling the FBI,” he said, “by being an armed force outside the United States, conducting interrogations, renditions and torture.”

    When answering a question from Fox News on so-called “demands” made by WikiLeaks to tech companies before handing over details of the alleged CIA exploits, Assange answered that “demands [is] a strange word to use.”

    “These exploits that are used by the CIA can affect millions of people so it has to be done cautiously. There has to be security channels involved and there has to be agreements that the vendors will in fact be responsive.”

    Assange said WikiLeaks did not publish all details of the hacking techniques revealed in the leaks as it would result in both the “good guys” and the “bad guys” getting them at the same time.

    The second release in the series details the techniques that WikiLeaks claims are employed by CIA assets to compromise Apple devices between the manufacturing line and the end user.

    On the alleged demands, Assange said a standard industry 90-day timeframe was given to tech companies for them to provide encryption keys to WikiLeaks in order for them to communicate details of the exploits.

    Assange said Microsoft contacted WikiLeaks on March 20 without “agreeing to the standard terms.” On the same day, Google also contacted the whistleblower group, refusing to agree to WikiLeaks’ terms, which Assange claims are standard, instead providing their own terms and a PGP-encrypted email.

    He did not give details on Microsoft and Google's requested terms but alluded to their “revolving door” relationship with military and security contractors as reasons for their reluctance.

    Assange said any fixes required by tech companies should take a few weeks and that the 90 day timeframe is sufficient. He added that if a company contacted them requesting more time, they’d be open to discussion.
    Last edited by Innocent Warrior; 24th March 2017 at 17:13.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  2. The Following 13 Users Say Thank You to Innocent Warrior For This Post:

    avid (23rd March 2017), bennycog (23rd March 2017), Bill Ryan (23rd March 2017), BMJ (24th March 2017), DNA (24th March 2017), Ewan (24th March 2017), Foxie Loxie (23rd March 2017), Hervé (23rd March 2017), KiwiElf (23rd March 2017), mountain_jim (23rd March 2017), Omni (23rd March 2017), ponda (24th March 2017), Shannon (31st March 2017)

  3. Link to Post #202
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    WikiLeaks Julian Assange Press Conference On CIA Hacking "Dark matter"(3/23/2017) (audio)

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  4. The Following 10 Users Say Thank You to Innocent Warrior For This Post:

    Baby Steps (24th March 2017), bennycog (23rd March 2017), Bill Ryan (23rd March 2017), BMJ (24th March 2017), DNA (24th March 2017), Foxie Loxie (23rd March 2017), ks4ever (4th April 2017), Omni (23rd March 2017), ponda (24th March 2017), Shannon (31st March 2017)

  5. Link to Post #203
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    A bit of light relief...

    According to WikiLeaks, this image has a simple code in it, can you crack it?



    This is gold -

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  6. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    Baby Steps (24th March 2017), Bill Ryan (23rd March 2017), DNA (24th March 2017), Foxie Loxie (23rd March 2017), ponda (24th March 2017), Satori (23rd March 2017), Shannon (31st March 2017)

  7. Link to Post #204
    UK Avalon Founder Bill Ryan's Avatar
    Join Date
    7th February 2010
    Location
    Ecuador
    Posts
    21,465
    Thanks
    74,795
    Thanked 270,116 times in 19,947 posts

    Default Re: Vault 7

    Quote Posted by Innocent Warrior (here)
    A bit of light relief...

    According to WikiLeaks, this image has a simple code in it, can you crack it?


    The repeated binary code is

    01001001
    01001111
    01000011
    00100000
    01000011
    01001001
    01000001

    Using this converter, the ASCII letter equivalents are

    I
    O
    C
    —blank—
    C
    I
    A

  8. The Following 19 Users Say Thank You to Bill Ryan For This Post:

    Baby Steps (24th March 2017), BMJ (24th March 2017), Bob (23rd March 2017), Bruno (27th March 2017), Carmody (23rd March 2017), Ewan (27th March 2017), Hervé (23rd March 2017), Innocent Warrior (23rd March 2017), KiwiElf (23rd March 2017), mab777 (24th March 2017), muxfolder (24th March 2017), norman (23rd March 2017), ponda (24th March 2017), PurpleLama (23rd March 2017), Richard S. (24th March 2017), Satori (23rd March 2017), seko (23rd March 2017), Shannon (31st March 2017), vortexpoint (24th March 2017)

  9. Link to Post #205
    Avalon Member Carmody's Avatar
    Join Date
    19th August 2010
    Location
    Winning The Galactic Lottery
    Posts
    11,379
    Thanks
    17,589
    Thanked 82,042 times in 10,210 posts

    Default Re: Vault 7

    We were aware of firmware infection by the mid 90's. This came to light in the hardware/firmware backdoors built into telecommunications systems, which were leveraged by the given security agencies of the world. Bios infection became the next big thing in standalone PC's in the mid 90's.

    This is what they speak of in this 2008 incidence of infecting new and even re-booted iphones and mac units.

    I don't write or interpret code anymore, but I do know how it works. (equivalent of at least 2 full years of university/college in code and hardware, in my earlier years)

    All you have to do to see one doorway into it is look into how companies like Cisco were forcibly taken over and who is infecting them, deflecting them from their origins.
    Last edited by Carmody; 23rd March 2017 at 22:57.
    Interdimensional Civil Servant

  10. The Following 11 Users Say Thank You to Carmody For This Post:

    Baby Steps (24th March 2017), BMJ (24th March 2017), Bruno (27th March 2017), Franny (24th March 2017), Hervé (23rd March 2017), Innocent Warrior (24th March 2017), JRS (24th March 2017), ponda (24th March 2017), Satori (24th March 2017), seko (23rd March 2017), Shannon (31st March 2017)

  11. Link to Post #206
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    From Russell Brandom -

    Quote Apple statement on this morning’s Wikileaks Vault 7 documents


    Source.

    From 9TO5Mac -

    WikiLeaks’ latest Vault 7 documents profile CIA’s exploits for Mac & iPhone

    Quote In their ongoing efforts of leaking government security documents, WikiLeaks has just dropped the latest in their Vault 7 collection. Titled “Dark Matter,” this release contains documents showcasing various projects undertaken by the CIA to infect Apple computer systems and iPhones. The Mac specific infections are considered a bit more serious to combat, considering they infect the EFI and persist even after re-installations.

    The Sonic Screwdriver project, aptly titled after a Doctor Who gadget that opens just about anything, is nefarious in the way that it can easily infect other systems. The project can be launched from a USB stick, or even on an Apple Thunderbolt-to-Ethernet adapter with modified firmware.

    According to what WikiLeaks shared, the documents state that the attack can happen even if the computer is locked down with a firmware password. This exploit sounds very similar to what Pedro Vilaca discovered mid-last year.

    The other CIA exploit projects stem around remaining EFI-persistent after installation. EFI, or Extensible Firmware Interface, is Apple’s equivalent to the BIOS seen in PC systems. As it’s “baked-in” to each Mac, removing or clearing the EFI doesn’t occur when re-installing macOS from scratch. In the new “Dark Matter” release WikiLeaks shares that DarkSeaSkies specifically implants itself into the EFI on MacBook Air computers. They state it is a combination of the DarkMatter, SeaPea, and NightSkies tools that “implant” themselves into the EFI, kernel-space, and user-space respectively.

    Potentially scarier in this release is the manual for the NightSkies tool made specifically for iPhone. NightSkies version 1.2 had been out since 2008 and according to WikiLeaks was specifically designed to be installed on “factory fresh iPhones.” This has led WikiLeaks to believe that “the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”

    In regards to that last comment, Will Strafach, security researcher, shared that WikiLeaks’ release today shows no indication that phones off the supply chain were being directly infected. According to Strafach, “The mention of ‘supply chain’ is misleading because it is not substantiated in the source documents. The terminology used was “factory fresh” which indicates it is just a new device, but does not mean there was any sort of infection at a factory. Further, other documents make it clear that this toolset is intended for use on a device that will be given to the target by the operator or asset.”

    As with most of these leaks in the previous weeks, many of these releases dictate software vulnerabilities that no longer exist. Strafach took to Twitter to remind others that none of these vulnerabilites are new or should be of concern.

    Quote I truly hope it goes without saying, but if not: I have verified that the new release contains nothing of concern. most things are ancient.
    From the short WikiLeaks summary shared today, all of these vulnerabilities required physical access to the victim’s machines. The most recent security releases all seem to stem from years old vulnerabilities that Apple has already acknowledged as being fixed.

    While these vulnerabilities may be patched and fixed on those on the most up-to-date software, it still begs the question what else exists that has yet to be disclosed.
    Source.

    From WikiLeaks -

    Quote WikiLeaks #Vault7 shows CIA has been infecting supply chains for at least 8 years
    https://wikileaks.org/vault7/darkmat...e-2/#efmAnvAqf

    More: https://search.wikileaks.org/?query=...levant#results


    Source.

    Quote Apple's claim that it has "fixed" all "vulnerabilities" described in DARKMATTER is duplicitous. EFI is a systemic problem, not a zero-day.
    Source.

    Quote Darkmatter+Triton can be remotely installed
    CIA has 2016 version: DerStake2.0
    EFI is not fixable "vulnerability"
    https://wikileaks.org/vault7/darkmatter
    Source.
    Last edited by Innocent Warrior; 24th March 2017 at 16:37. Reason: added WikiLeaks tweet
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  12. The Following 11 Users Say Thank You to Innocent Warrior For This Post:

    Baby Steps (24th March 2017), bennycog (24th March 2017), Bill Ryan (24th March 2017), BMJ (24th March 2017), Debra (25th March 2017), DNA (24th March 2017), Ewan (27th March 2017), Hervé (24th March 2017), KiwiElf (27th March 2017), ponda (24th March 2017), Shannon (31st March 2017)

  13. Link to Post #207
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Ex-cyber security chief says Government is 'using' Westminster attack to grab unnecessary spying powers

    Quote The Ministry of Defence’s former cyber security chief has accused the Government of trying to “use” the devastating Westminster attack to grab unnecessary and intrusive surveillance powers.

    Major General Jonathan Shaw said ministers were attempting to “use the moment” to push for security services having more control, despite there being only a weak case for it.

    Home Secretary Amber Rudd has turned up the heat on internet firms, saying it is “completely unacceptable” that authorities cannot look at encrypted social media messages of attacker Khalid Masood, but her words come as debate continues over allowing spy agencies further intrusive powers – only last year Parliament granted them sweeping new capabilities.
    Read more.

    * * *

    RAND study: Zero Days, Thousands of Nights--The Life & Times of Zero-Day Vulnerabilities and Their Exploits (PDF)
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  14. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (27th March 2017), BMJ (27th March 2017), Ewan (27th March 2017), Flash (31st March 2017), KiwiElf (27th March 2017), Paul (27th March 2017), Shannon (31st March 2017)

  15. Link to Post #208
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,067 times in 15,476 posts

    Default Re: Vault 7

    #Vault7: WikiLeaks reveals ‘Marble’ tool could mask CIA hacks with Russian, Chinese, Arabic

    RT
    Published time: 31 Mar, 2017 10:14
    Edited time: 31 Mar, 2017 12:10
    Get short URL


    © Karl-Josef Hildenbrand / www.globallookpress.com

    WikiLeaks’ latest batch of documents, named ‘Marble’, details CIA hacking tactics and how they can hamper forensic investigators from attributing viruses, trojans and hacking attacks to the spy agency . The tool was in use as recently as 2016.

    The third release, which contains 676 source code files for the agency’s secret anti-forensics framework, is part of the CIA’s Core Library of malware, according to a statement from WikiLeaks.

    WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified, meaning the agency allows another party to be blamed for the hack.

    A Marble framework document reveals it supports the ability to “add foreign languages” to malware. “Now comes the fun stuff,” it reads, listing Chinese, Russian, Korean, Arabic and Farsi in example code, indicating the potential for the CIA to divert attention to international actors.

    Quote
    Christine Maguire‏ @_ChrisMaguire

    Within @wikileaks #Vault7 #Marble release, instructions on adding foreign language to algorithms to hide #CIA malware & hacks #dnchack

    4:19 AM - 31 Mar 2017
    It’s “designed to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.

    “This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains, “But there are other possibilities, such as hiding fake error messages.”

    The code also contains a ‘deobfuscator’ which allows the CIA text obfuscation to be reversed. “Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA.”

    Previous Vault7 releases have referred to the CIA’s ability to mask its hacking fingerprints.

    WikiLeaks claims the latest release will allow for thousands of viruses and hacking attacks to be attributed to the CIA.

    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA Vault 7 Part 3 "Marble" -- thousands of CIA viruses and hacking attacks could now be attributed https://wikileaks.org/vault7/?marble9#Marble%20Framework … #Vault7

    3:36 AM - 31 Mar 2017
    Related:
    #Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracks
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  16. The Following 8 Users Say Thank You to Hervé For This Post:

    Bill Ryan (31st March 2017), Ewan (31st March 2017), Flash (31st March 2017), Innocent Warrior (31st March 2017), KiwiElf (31st March 2017), mab777 (31st March 2017), PathWalker (1st April 2017), Shannon (31st March 2017)

  17. Link to Post #209
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7


    Full statement on Marble Framework from WikiLeaks -

    Vault 7: Projects

    Marble Framework

    Quote 31 March, 2017
    Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

    Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

    Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

    The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

    The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

    The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  18. The Following 4 Users Say Thank You to Innocent Warrior For This Post:

    Ewan (1st April 2017), Hervé (31st March 2017), KiwiElf (31st March 2017), Shannon (31st March 2017)

  19. Link to Post #210
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Interview: Barrett Brown on #Vault7 and the information-security-complex HERE.

    * * *

    From article, A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense -



    * * *

    EFF Director: WikiLeaks Move to Share CIA Hacking Tools with Tech Giants Could "Make Us All Safer"



    Quote DN! talks with Electronic Frontier Foundation Executive Director Cindy Cohn about thousands of documents WikiLeaks published this week, dubbed "Vault 7," that describe CIA programs to hack into both Apple and Android cellphones, smart TVs and even cars. Some of the released documents describe tools to take over entire phones, allowing the CIA to then bypass encrypted messenger programs such as Signal, Telegram and WhatsApp. Other documents outline a CIA and British intelligence program called "Weeping Angel," through which the spy agency can hack into a Samsung smart television and turn it into a surveillance device that records audio conversations, even when it appears to be off. Other documents outline how the CIA has used the U.S. Consulate in Frankfurt, Germany, as a covert base to spy on Europe, the Middle East and Africa. "It’s extremely troubling that the CIA was keeping all of this information rather than giving it to the tech companies so that they could fix these problems and make us all safer," Cohn notes.
    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  20. The Following 8 Users Say Thank You to Innocent Warrior For This Post:

    avid (1st April 2017), Baby Steps (3rd April 2017), Ewan (1st April 2017), Hervé (31st March 2017), JRS (31st March 2017), KiwiElf (31st March 2017), PathWalker (1st April 2017), Shannon (31st March 2017)

  21. Link to Post #211
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Vault 7

    Quote Posted by Innocent Warrior (here)
    Interview: Barrett Brown on #Vault7 and the information-security-complex HERE.

    * * *

    From article, A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense -
    Quote That (NSA) policy overwhelmingly emphasizes offensive cyber-security capabilities over defensive measures, ... even as an increasing number of U.S. organizations have been hit by hacks attributed to foreign governments.
    So ... what are the odds that many of the "hacks attributed to foreign governments" are actually attacks by the NSA itself, or other intelligence agencies and corporations working with the NSA, on U.S. organizations, made to appear as attacks by foreign governments ?

    In other words, perhaps the problem is not so much that the NSA is not making enough of an effort to defend U.S. organizations, but rather that the NSA is making too much of an effort to attack them ?

  22. The Following 4 Users Say Thank You to Paul For This Post:

    BMJ (7th April 2017), Foxie Loxie (31st March 2017), KiwiElf (31st March 2017), Shannon (31st March 2017)

  23. Link to Post #212
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    If they weren’t forgoing the security of the customers of the tech companies to be on the offensive then perhaps, but they are, so it’s both, they’re attacking too much and not defending enough.

    When protecting the security of the government doesn’t equate to protecting the citizens, then perhaps the policies of the intel agencies need to be rectified.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  24. The Following User Says Thank You to Innocent Warrior For This Post:

    KiwiElf (1st April 2017)

  25. Link to Post #213
    Avalon Member norman's Avatar
    Join Date
    25th March 2010
    Location
    too close to the hot air exhaust
    Age
    64
    Posts
    4,884
    Thanks
    7,333
    Thanked 22,779 times in 4,212 posts

    Default Re: Vault 7

    Vault 7, so far, is only confirming what we already pretty much knew. If we could see a possibility, we could see the likelihood that the agencies would be doing it.

    I'm still waiting for leaks that will change my overall view that in the eyes of the severely dis informed masses all Wikileaks ever seems to do is drop info bombs on nationhood. Most people don't get into the nuances of globalist operations versus national security operations. It's all government to them.
    .................................................. my first language is TYPO..............................................

  26. The Following User Says Thank You to norman For This Post:

    PathWalker (1st April 2017)

  27. Link to Post #214
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Quote Vault 7, so far, is only confirming what we already pretty much knew.
    As in proving it, with evidence.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  28. The Following 5 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (1st April 2017), Hervé (2nd April 2017), JRS (4th April 2017), KiwiElf (1st April 2017), Muzz (3rd April 2017)

  29. Link to Post #215
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Critical Takeaways from WikiLeaks 'Vault 7' Release

    Quote WikiLeaks’ recent release, collectively dubbed “Vault 7”, made public thousands of documents and files that the organization claimed were sourced from a high-security network within the CIA – or at least what was supposed to be one.

    According to WikiLeaks, this archive of data was circulating “in an unauthorized manner” among former US government hackers and contractors, including one who provided the Vault 7 information to WikiLeaks. The documents themselves, if genuine, reveal several alarming realities about the proliferation of high-quality malware, as well as the privacy risks presented by the hacking of connected devices that the average person uses every day.

    While the revelations may be unsettling, they also shine valuable light on pertinent cybersecurity challenges faced by organizations today, and the nature of the security measures required to proactively address these concerns. Here are three particularly critical cybersecurity issues that the WikiLeaks release brings into stark focus:

    1) Insider threats remain a dangerous risk area that perimeter security measures cannot address

    Whether you believe the WikiLeaks release is a bold stand for government transparency that should be celebrated, or a dangerous exposure of critical state secrets, this story actually includes two incidents of sensitive data revealed by insiders with access. The Vault 7 leak stipulates that the CIA created and then lost control of powerful malware and other tools for circumventing security measures on most popular computers and devices.

    If accurate, these tools may now be in the hands of hackers and other entities with bad intentions. Just as the Vault 7 information was given to WikiLeaks by an insider, the CIA’s hacking arsenal was supposedly exposed in the same manner.

    Enterprises spend a collective $12 billion dollars each year on cybersecurity solutions designed to protect sensitive data by safeguarding against perimeter breaches. However, these solutions are powerless against the threat of insiders with valid access and credentials leaking data. Research from IBM found that 60% of all cybersecurity attacks involve insiders, with three-quarters of those insiders acting maliciously, and the remainder inadvertently – but no less dangerously – supporting the attacks. A separate study by Accenture discovered that 69% reported experiencing such an attack within the past year.

    Faced with insider threats, organizations should look to IT strategies capable of proactively identifying sensitive information on their networks, and safeguarding it across all endpoints and data storage locations. Such solutions can protect sensitive data from being disseminated by insiders with access, whether on purpose or by mistake.

    2) Malware and other hacking tools are more prevalent and capable than ever

    A major implication of the Vault 7 release is that individual hackers may now be able to conduct cyber-attacks with a sophistication previously only seen in state-sponsored actions. While unique malware often plays a role in major cyber-attacks, the quality and dangers presented by the available tools present a heightened new level of risk.

    In response, businesses should continue to deploy the most robust perimeter security they can muster, while preparing for the eventuality that highly-capable attacks will indeed penetrate this first line of defense. Anticipating this, perimeter security should be teamed with endpoint security able to detect, mitigate, and recover from any risk posed by these threats.

    3) “Edgepoints” are a new frontier rife with security vulnerabilities

    Privacy is a function of cybersecurity just as much as safeguarding information is, and a listening device or compromised camera can expose an organization’s sensitive data just as surely as malware can. Among the most frightening revelations in the Vault 7 leak is the thought that all the connected devices in our lives can be hacked and repurposed for surveillance.

    The Internet of Things is growing rapidly, with manufacturers producing myriad connected devices with little regard for security – and sometimes none whatsoever. However, these vulnerable “edgepoints” are just as critical to organizational security as any endpoint device. Both the IoT industry and internal security measures must evolve to treat them as such.

    The cybersecurity landscape suggested by WikiLeaks may be one where an organization’s defenses no longer have an effective perimeter, but it doesn’t have to be one with no secrets or privacy. Given our hyper-connected world and the fearsome tools now at a would-be attacker’s disposal, breaches will occur.

    However, with the right strategies and solutions in place to safeguard sensitive data at the device level, organizations can ensure that that’s as far as hackers get.
    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  30. The Following 3 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (3rd April 2017), Ewan (1st April 2017), KiwiElf (1st April 2017)

  31. Link to Post #216
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Excerpt from article, Vault 7: Marble Framework Reveals How the CIA Evaded Forensics & Attributed Malware to Other Countries

    Quote How does Marble work

    Marble is extremely complex and its main goal is “obfuscation.” Within the framework, the CIA had a number of techniques as well as an actual executable file to perform the task automatically.

    The framework is extremely detailed and takes 4 to 5 steps to entirely execute. It starts by scrambling and alternating sources files based on an algorithm chosen from the list. A utility called, Mibster, “keeps a clean copy of the original source and replaces it with the scrambled versions of strings/data as well as supplies the unscramble function.”

    There are 6 different utilities that the CIA must use for the framework to fully execute, including Marble, Mibster, Mender, Warble, Carble, and Validator. However, Mibster takes a majority of the work. Mibster works in a combination of 5 steps:
    1. First it parses the Marble.h header file to generate a pool of available algorithms
    2. It then randomly chooses an algorithm from the pool and uses is to generate obfuscated versions of strings in source files. The Mibster verifies the scrambled string does not contain 3 consecutive characters that are the same as the original string (fails out if this is not true – Visual Studio error).
    3. Saves a copy of all source files that need modified. If it fails to create copies of the source, the Mibster fails out without modifying anything.
    4. Modifies all source by replacing the defined strings with an “insert” that is generated by the Marble.
    5. Generates a receipt file that contains the framework version, algorithm used, and strings that were obfuscated.

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  32. The Following 5 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (3rd April 2017), BMJ (7th April 2017), Ewan (1st April 2017), Hervé (2nd April 2017), KiwiElf (1st April 2017)

  33. Link to Post #217
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    BBC article -

    CIA operations may be disrupted by new Wikileaks' data release

    Current spying campaigns run by the CIA could be disrupted, say experts, after more data on the agency's hacking techniques was released by Wikileaks.

    CIA code that obscures malware's origins was detailed in the latest release by the whisteblowing site.

    The code could be used to create a "signature" for CIA malware, said one virus hunter.

    The information is part of a larger cache about CIA hacking tools that started to be released last month.

    The release of the information could be "one of the most technically damaging" said Nicholas Weaver, a computer security researcher at the University of California in Berkeley, in an interview with the Washington Post.

    "It seems designed to directly disrupt ongoing CIA operations and attribute previous operations," he said.

    'Deeply troubled'

    Before now, the information released about the CIA's hacking tools by Wikileaks has largely been only text describing many different ways the agency spies on targets.

    The latest release differs as it involves actual code used to hide the ultimate origins of malware used by the US organisation.

    It shows the obfuscation techniques used to make it harder to reverse engineer malware to unmask who made it.

    Included in the code library are fragments of Chinese and Farsi that are intended to be used in malware, as well as methods of moving data around that seek to thwart tools examining whether different samples have anything in common.

    Jake Williams, founder of security firm Rendition InfoSec, said the release was "significant".

    "It allows the attribution of previously discovered malware to the CIA specifically," he wrote, adding that the code samples could add up to a signature for spotting agency work.

    "It is likely that malware has been discovered previously which was not attributed to CIA then, but can be today thanks to the release of the code," he said.

    The CIA would not comment on the authenticity of the information released by Wikileaks, but a spokesman said Americans should be "deeply troubled" by the organisation's actions.

    "Dictators and terrorists have no better friend in the world than Julian Assange, as theirs is the only privacy he protects," said the spokesman.

    Source.

    According to this Washington Post article, the CIA's spokesman is Dean Boyd.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  34. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    bennycog (8th April 2017), Bill Ryan (3rd April 2017), Eram (3rd April 2017), Ewan (3rd April 2017), Hervé (3rd April 2017), KiwiElf (3rd April 2017)

  35. Link to Post #218
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    RELEASE - Grasshopper


    Full statement on Grasshopper from WikiLeaks -

    Vault 7: Projects

    Grasshopper

    Quote 7 April, 2017

    Today, April 7th 2017, WikiLeaks releases Vault 7 "Grasshopper" -- 27 documents from the CIA's Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems.

    Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to "perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration". Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular Antivirus product is running or not.

    Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). The requirement list of the Automated Implant Branch (AIB) for Grasshopper puts special attention on PSP avoidance, so that any Personal Security Products like 'MS Security Essentials', 'Rising', 'Symantec Endpoint' or 'Kaspersky IS' on target machines do not detect Grasshopper elements.

    One of the persistence mechanisms used by the CIA here is 'Stolen Goods' - whose "components were taken from malware known as Carberp, a suspected Russian organized crime rootkit." confirming the recycling of malware found on the Internet by the CIA. "The source of Carberp was published online, and has allowed AED/RDB to easily steal components as needed from the malware.". While the CIA claims that "[most] of Carberp was not used in Stolen Goods" they do acknowledge that "[the] persistence method, and parts of the installer, were taken and modified to fit our needs", providing a further example of reuse of portions of publicly available malware by the CIA, as observed in their analysis of leaked material from the italian company "HackingTeam".

    The documents WikiLeaks publishes today provide an insight into the process of building modern espionage tools and insights into how the CIA maintains persistence over infected Microsoft Windows computers, providing directions for those seeking to defend their systems to identify any existing compromise.
    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  36. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    bennycog (8th April 2017), Bill Ryan (8th April 2017), Ewan (7th April 2017), JRS (7th April 2017), KiwiElf (7th April 2017), mountain_jim (7th April 2017)

  37. Link to Post #219
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    From WikiLeaks -

    Quote CIA malware "Grasshopper" re-installs itself every 22 hours by corrupting Windows Update--even if is disabled. https://wikileaks.org/vault7/?g4#grasshopper


    Source.

    Quote CIA docs show that its "Stolen Goods" malware is based on code from "suspected Russian mafia" #Vault7 https://wikileaks.org/vault7/?g4#Grasshopper


    Source.

    Quote CIA Vault 7 Part 4 "Grasshopper" released today reveals new CIA malware signatures https://wikileaks.org/vault7/?g2#grasshopper … #vault7


    Source.
    Last edited by Innocent Warrior; 7th April 2017 at 15:04. Reason: added tweet
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  38. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    bennycog (8th April 2017), Bill Ryan (8th April 2017), BMJ (7th April 2017), Ewan (7th April 2017), JRS (7th April 2017), KiwiElf (7th April 2017)

  39. Link to Post #220
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Repubblica article by Stefania Maurizi - Wikileaks, nuovo colpo alla Cia: "Ecco come riesce a infettare tanti computer senza farsi scoprire"

    NSA historian James Bamford says that CIA led cyber attack on Iranian centrifuges, from Stefania Maurizi -

    James Bamford to La Repubblica on #WikiLeaks #CIA #Vault7

    «There have been different revelations by WikiLeaks over the last month, I thought they were very interesting because the Nsa specialises in stealing information and the Cyber Command is only used during active war or in a kind of situation like Afghanistan, but the Cia uses its cyber capabilities for launching its cover wars, like the Stuxnet attacks. So, seeing this leak on what types of cyber attacks they can do is very interesting. They are different in the sense that the Nsa is doing eavesdropping on large access points, instead the Cia is more targeted on individual-type of attacks. One the most recent revelations, Marble Framework, was very interesting because it shows how the Cia can manipulate cyber attacks for making them look as if they come from some other places».

    How good the Cia guys are at doing cyber operations?

    «I think that Stuxnet shows the problems and it was the Cia that created Stuxnet along with Israel. That is what my sources told me: it was is a Cia job. It is indeed Cia's job to do the covert attacks, the Nsa can't legally do a cyberweapon-type attack, because the Nsa is part of the Department of Defense and that is why they created the Cyber Command: it can do cyberattacks only when there is an actual conflict or a situation like Afghanistan, but there are many other countries around the world where there are no conflicts and that is where the Cia comes in. The Cia is used for doing covert operations. The Cia was responsible for developing Stuxnet. It had the help of the Nsa and the Israelis, but actually pushing the button and launching the attack that has to be done by the Cia, but they screwed up, because they told the President at the time, president Bush and then president Obama: don't worry because the virus impacting on the Iranian nuclear facilities is not going to escape, it just attacks the centrifuges and even if the virus escapes it will not affect any other computer, and even if it escapes, nobody will be able to tell where it came from. It did escape, it did attack other computers - hundreds of thousands of computers - and it was identified as coming from the US in about a couple of months. Everything proved wrong and that is why they were very reluctant under Obama to pursue cyberwarfare, they were reluctant in doing this on North Korea»
    «Before Stuxnet, Iran never had a Cyber Command and cyber attack capabilities. After Stuxnet, they developed one, and they began attacking the Aramco computers and banks in New York. Stuxnet ended up to be very meager, because it destroyed just a small percentage of their centrifuges and they just replaced them, so ultimately it was a disaster».

    Is this Stuxnet disaster one of the reasons why we need acountability when it comes to the Cia cyber warfare capabilities?

    «Definitely, Stuxnet was an act of war: it destroyed a portion of a country's infrastructure that was not attacking or threatening us. It had repercussions: it destroyed 30,000 computers. We have little oversight when it comes to cyberattacks and the repercussions can be very bad, we need oversight on that: this Administration is unpredictable, when it comes to intelligence and warfare, Obama was far more reluctant in launching cyberwar, they were very worried, having seen the disaster of Stuxnet. Trump people are totally unpredictable, they seem to want to attack everybody they don't like- such as North Korea, Syria and Iran, which is just insane because weaponised cyber attacks can lead to war».

    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  40. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    bennycog (8th April 2017), Bill Ryan (8th April 2017), Ewan (7th April 2017), Hervé (7th April 2017), JRS (7th April 2017), KiwiElf (7th April 2017)

+ Reply to Thread
Page 11 of 18 FirstFirst 1 11 18 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts