+ Reply to Thread
Page 16 of 18 FirstFirst 1 6 16 18 LastLast
Results 301 to 320 of 351

Thread: Vault 7

  1. Link to Post #301
    United States Avalon Guide: Here to help
     
    Ron Mauer Sr's Avatar
    Join Date
    5th January 2011
    Location
    Virginia
    Age
    77
    Posts
    1,931
    Thanks
    12,582
    Thanked 15,113 times in 1,867 posts

    Default Re: Vault 7

    I wonder how much of the spyware goes away if one switches from Microsoft to Linux.

    I get a "The server's certificate is unknown" message whenever use Filezilla to upload a file. Never had this issue months ago.
    OS is Windows 10.

  2. The Following 2 Users Say Thank You to Ron Mauer Sr For This Post:

    Foxie Loxie (1st July 2017), gnostic9 (30th June 2017)

  3. Link to Post #302
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Elsa


    Full statement on Elsa from WikiLeaks -

    28 June, 2017

    Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.

    The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device.

    Documents Directory HERE.





    * * *

    Vault 7: Projects

    RELEASE - OutlawCountry


    Full statement on OutlawCountry from WikiLeaks -

    29 June, 2017

    Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

    The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

    Documents Directory HERE.

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  4. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (30th June 2017), ceetee9 (24th August 2017), Foxie Loxie (1st July 2017), Hervé (30th June 2017), Nasu (7th September 2017), Openmindedskeptic (30th June 2017), Reinhard (30th June 2017)

  5. Link to Post #303
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    CIA hacking tool 'OutlawCountry' targets Linux operating system

    RT
    Thu, 29 Jun 2017 18:08 UTC


    © Jan Woitas/Global Look Press

    WikiLeaks has published leaked documents purportedly from 'OutlawCountry', an alleged CIA program designed to overcome and alter firewalls on a Linux operating device.

    An apparent user guide bearing the symbol of the US Central Intelligence Agency was published on the WikiLeaks website Thursday.


    "OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA-controlled machines for ex- and infiltration purposes," WikiLeaks said in a statement.

    A type of malware, the virus targets a very specific version of the Linux operating system. "The target must be running a compatible 64-bit version of CentOS/RHEL 6.x (kernel version 2.6.32)," the program's user guide says.


    © WikiLeaks

    The reasons for installing the bug are not explained in the OutlawCountry engineering guide, other than it gives users the opportunity to alter a computer's security settings.

    OutlawCountry is made up of a file that creates a "hidden netfilter table" or new set of firewall settings, the user manual states.

    "With knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules," the document reads.

    All evidence of the virus is destroyed when the netfilter table is removed by the operator.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  6. The Following 9 Users Say Thank You to Hervé For This Post:

    3(C)+me (10th August 2017), Bill Ryan (30th June 2017), Foxie Loxie (1st July 2017), Innocent Warrior (1st July 2017), Nasu (7th September 2017), norman (30th June 2017), Omni (23rd July 2017), Reinhard (30th June 2017), Ron Mauer Sr (30th June 2017)

  7. Link to Post #304
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    From Hot For Security -

    WikiLeaks Vault 7 – ELSA: How the CIA can use WiFi to find you anywhere (June 29, 2016)



    If anyone still has doubts that the US Central Intelligence Agency (CIA) can track nearly anyone, anytime, anywhere, a new Vault 7 disclosure from WikiLeaks may dispel them.

    The CIA likely used malware codenamed ELSA to pinpoint and, presumably, track target Windows users over long periods, by hacking into WiFi radios on laptops – even when not connected to the Internet.

    ELSA works by triangulating the location of the target laptop as its WiFi radios actively listen for public access points whose ESS identifier, MAC address and signal strength are recorded at regular intervals. The malware stores the information in an encrypted file on the target computer itself.

    The CIA can then decrypt the data, compare the exfiltrated information against public geo-location databases from Google or Microsoft, and locate the device, with longitude and latitude, and a timestamp.

    “The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors,” according to the non-profit.

    ELSA can be customized to match environmental and operational factors, including sampling interval, maximum logfile size, invocation and persistence. Using the same geo-location databases maintained by Internet giants, additional back-end software can generate a tracking profile.

    Two weeks ago, in a similar Vault 7 dump, WikiLeaks revealed how the CIA could use a malware “implant” (codenamed CherryBlossom) to turn at least 25 WiFi router and access point models into surveillance posts.

    And two weeks before the CherryBlossom leak, WikiLeaks made a new disclosure from the Agency’s Pandemic project that allegedly “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

    The CIA is apparently sitting on a trove of surveillance tools, but WikiLeaks has so far failed to prove the agency is abusing them.

    Source (contains links).

    * * *

    THE ENCRYPTION DEBATE SHOULD END RIGHT NOW (June 30, 2017)



    WHEN LAW ENFORCEMENT argues it needs a “backdoor” into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization. If you leave a key under the doormat, a seminal 2015 paper argues, a burglar eventually finds it. And now recent events suggest an even simpler rebuttal: Why entrust a key to someone who gets robbed frequently?

    This aptly describe US intelligence services of late. In March, WikiLeaks released nearly 9,000 documents exposing the CIA’s hacking arsenal. More so-called Vault 7 secrets trickled out as recently as this week. And then there’s the mysterious group or individual known as the Shadow Brokers, which began sharing purported NSA secrets last fall. April 14 marked its biggest drop yet, a suite of hacking tools that target Windows PCs and servers to devastating effect.

    The fallout from the Shadow Brokers has proven more concrete than that of Vault 7; one of its leaked exploits, EternalBlue, facilitated last month’s WannaCry ransomware meltdown. A few weeks later, EternalBlue and two other pilfered NSA tools helped advance the spread of Petya, a ransomware outbreak that looks more and more like an act of cyberwar against Ukraine.

    Petya would have caused damage absent EternalBlue, and the Vault 7 dump hasn’t yet resulted in a high-profile hack. But that all of this has fallen into public hands shifts the nature of the encryption debate from hypothetical concern that someone could reverse-engineer a backdoor to acute awareness that someone could just steal it. In fact, it should end any debate all together.

    “The government asking for backdoor access to our assets is ridiculous,” says Jake Williams, founder of Rendition Infosec, “if they can't first secure their own classified hacking tools.”

    See source for full article (including links).
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  8. The Following 9 Users Say Thank You to Innocent Warrior For This Post:

    3(C)+me (10th August 2017), avid (14th July 2017), Bill Ryan (1st July 2017), Foxie Loxie (1st July 2017), Hervé (1st July 2017), Nasu (7th September 2017), Omni (23rd July 2017), Openmindedskeptic (1st July 2017), Reinhard (1st July 2017)

  9. Link to Post #305
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - BothanSpy


    Full statement on BothanSpy from WikiLeaks -

    6 July, 2017

    Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

    BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

    Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  10. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    avid (14th July 2017), Bill Ryan (11th July 2017), Hervé (14th July 2017), mab777 (11th July 2017), Nasu (7th September 2017), Omni (11th July 2017), Reinhard (26th August 2017)

  11. Link to Post #306
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Highrise


    Full statement on Highrise from WikiLeaks -

    13 July, 2017

    Today, July 13th 2017, WikiLeaks publishes documents from the Highrise project of the CIA. HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post (LP) by proxying "incoming" and "outgoing" SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.

    Documents Directory HERE.

    CIA Android phone SMS proxy 'HighRise' which masquerades as 'TideCheck' to form a covert messaging network -





    From HighRise v2.0 User’s Guide.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  12. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    avid (14th July 2017), Bill Ryan (13th July 2017), Hervé (14th July 2017), mab777 (14th July 2017), Openmindedskeptic (14th July 2017), Reinhard (26th August 2017)

  13. Link to Post #307
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    From The Hacker News -

    How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet) (July 13, 2017)



    WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak, this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones.

    Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones.

    However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool.

    But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used.

    Explained: How CIA Highrise Project Works

    In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, malware has an alternative way to send stolen data to the attackers i.e. via SMS.

    But for collecting stolen data via SMS, one has to deal with a major issue – to sort and analyse bulk messages received from multiple targeted devices.

    To solve this issue, the CIA created a simple Android application, dubbed Highrise, which works as an SMS proxy between the compromised devices and the listening post server.

    "There are a number of IOC tools that use SMS messages for communication and HighRise is a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post" by proxying ""incoming" and "outgoing" SMS messages to an internet LP," the leaked CIA manual reads.

    What I understood after reading the manual is that CIA operatives need to install an application called "TideCheck" on their Android devices, which are set to receive all the stolen data via SMS from the compromised devices.

    The last known version of the TideCheck app, i.e. HighRise v2.0, was developed in 2013 and works on mobile devices running Android 4.0 to 4.3, though I believe, by now, they have already developed an updated versions that work for the latest Android OS.



    Once installed, the app prompts for a password, which is "inshallah," and after login, it displays three options:
    1. Initialize — to run the service.
    2. Show/Edit configuration — to configure basic settings, including the listening post server URL, which must be using HTTPS.
    3. Send Message — allows CIA operative to manually (optional) submit short messages (remarks) to the listening post server.

    Once initialized and configured properly, the app continuously runs in the background to monitor incoming messages from compromised devices; and when received, forwards every single message to the CIA's listening post server over a TLS/SSL secured Internet communication channel.

    See source to read full article (with links).
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  14. The Following 10 Users Say Thank You to Innocent Warrior For This Post:

    3(C)+me (10th August 2017), avid (14th July 2017), Bill Ryan (13th July 2017), Hervé (14th July 2017), JRS (14th July 2017), mab777 (14th July 2017), Omni (14th July 2017), onawah (14th July 2017), Openmindedskeptic (14th July 2017), Reinhard (26th August 2017)

  15. Link to Post #308
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - UCL / Raytheon


    Full statement on UCL / Raytheon from WikiLeaks -

    19 July, 2017

    Today, July 19th 2017, WikiLeaks publishes documents from the CIA contractor Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project. The documents were submitted to the CIA between November 21st 2014 (just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse) and September, 11th 2015. They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field.

    Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.

    Documents Directory HERE.

    * * *

    From UCL / Raytheon release, CIA-Rayethon analysis of HammerToss malware -

    (S//NF) FireEye -- HammerToss - Stealthy Tactics



    * * *

    CIA Director Mike Pompeo FULL Interview Aspen Security Forum (July 20, 2017)

    Pompeo on Wikileaks at 25:45

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  16. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    A Voice from the Mountains (23rd July 2017), Bill Ryan (23rd July 2017), fourty-two (23rd July 2017), Hervé (23rd July 2017), onawah (23rd July 2017), Reinhard (26th August 2017)

  17. Link to Post #309
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    CIA ability to trojan Apple OS exposed in latest hacking release

    RT
    Published time: 27 Jul, 2017 10:53
    Get short URL



    WikiLeaks claim the leaks came from within the CIA. © Global Look Press

    The CIA’s alleged ability to trojan an Apple OS disk image has been exposed in ‘Imperial,’ the latest release from WikiLeaks Vault 7 series. This new batch is made of three hacking exploits, ‘Achilles,’ ‘SeaPea’ and ‘Aeris.’

    ‘Achilles’ is detailed by WikiLeaks in a statement as producing one or more operators to access an OS X disk image, and execute operations one time. The OS X disk image contains the contents and structure of the device’s storage.

    Intel Core 2 Processor and OS X are required on the target's computer for ‘Achilles’ to operate, according to a user guide.

    ‘Imperial’ is part of a series by the whistleblowers named ‘Vault 7’ which began in March and has seen releases from WikiLeaks on an almost weekly basis.

    WikiLeaks claims the leaks, which detail hacking exploits, come from a computer within the CIA, who would not comment on their alleged origin.

    Also detailed in ‘Imperial’ is ‘SeaPea’ which targets Apple devices, providing stealth and tool-launching capabilities to the OS X Rootkit. Running on Mac OSX 10.6 and 10.7 it hides files and directories, socket connections and processes, according to WikiLeaks.

    OSX 10.6 and 10.7 are more commonly known as Snow Leopard and Lion respectively, released by Apple in 2009 and supported until 2016.

    ‘SeaPea’ is installed using root access and remains on the device until either the hard drive is reformatted or the system is upgraded.

    ‘Aeris’ is detailed in the release as being an automated implant written in the C programming language, compatible with POSIX, a portable operating system interface for Unix. Once installed it allows for file exfiltration of files and encrypted communications.

    Previous released material from ‘Vault 7’ exposed hacking exploits which weaponized smartphones and used Smart TVs to spy.

    READ MORE: #Vault7: 85% of world’s smart phones ‘weaponized’ by CIA
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  18. The Following 8 Users Say Thank You to Hervé For This Post:

    3(C)+me (10th August 2017), Bill Ryan (28th July 2017), Blacklight43 (27th July 2017), Innocent Warrior (5th August 2017), Nasu (7th September 2017), Omni (28th July 2017), Perdido (31st July 2017), Reinhard (26th August 2017)

  19. Link to Post #310
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    Dumbo: WikiLeaks reveals CIA system to take over webcams, microphones

    RT
    Published time: 3 Aug, 2017 09:30
    Edited time: 3 Aug, 2017 11:01
    Get short URL


    © Dado Ruvic / Reuters

    Details of the CIA’s Dumbo project, a system that manipulates devices such as webcams and microphones on Microsoft Windows-operating systems, have been published by WikiLeaks. The program also corrupts video recordings, according to the leaked documents.

    The whistleblowing organization released the files as part of its Vault 7 series on the CIA’s hacking capabilities.

    According to Wikileaks, the technology is intended for use where the deployment of a special branch within the CIA’s Center for Cyber Intelligence could be compromised.

    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA project 'Dumbo' to switch off security webcams and corrupt recordings to hide physical intrusions https://wikileaks.org/vault7/#Dumbo


    3:50 AM - 3 Aug 2017
    Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system, according to the documents.

    The earliest Dumbo document released by WikiLeaks is dated June 25, 2012. The Tool Delivery Review document states that the system’s capabilities are being requested by the CIA’s special branch to “deter home security systems that may identify officers or prevent operations.”


    © WikiLeaks

    The program has to be executed “directly from a USB thumb drive,” according to a field guide for the system released by WikiLeaks on Thursday. The document indicates that the thumb drive has to be connected to the machine for Dumbo to work: “For the log to be maintained, the thumb drive Dumbo is executed from must remain plugged into the system throughout the duration of the operation.

    “Logging entries are also preceded by a header labeling if the entry is good, bad, or simply informative,” the field guide notes. “The following shows an example log excerpt:"


    © WikiLeaks

    It identifies installed devices such as webcams and microphones, locally or connected by wireless (Bluetooth, WiFi) or wired networks, and it can block all processes related to the devices, including recording and monitoring.

    A user guide dated June 2015 sets out Dumbo’s capacity to mute microphones, disable all network adapters, and suspend camera recording. The program notifies its operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.

    WikiLeaks suggests that by deleting or manipulating recordings the operator can create fake – or destroy real – evidence of their intrusion into the device.

    The documents say Dumbo operates on 32bit Windows XP, Windows Vista, and newer versions of the Windows operating system, but is not supported for 64bit Windows XP, or Windows versions prior to XP.


    Related:
    CIA ability to trojan Apple OS exposed in latest hacking release
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  20. The Following 7 Users Say Thank You to Hervé For This Post:

    3(C)+me (10th August 2017), avid (11th August 2017), Bill Ryan (3rd August 2017), Innocent Warrior (5th August 2017), mab777 (3rd August 2017), Omni (3rd August 2017), Openmindedskeptic (3rd August 2017)

  21. Link to Post #311
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    En bref:

    According to WikiLeaks, this is how the CIA spies on your everyday life

    RT
    Fri, 04 Aug 2017 13:54 UTC


    © Saul Loeb / AFP

    WikiLeaks' latest release from the Vault 7 series of CIA leaks, sheds more light on how ordinary people can be easily tracked and targeted by the US intelligence agency through everyday electronic devices.

    Since March 7, WikiLeaks has revealed CIA hacking techniques used to weaponize mobile phones, conduct surveillance via smart TVs, and load and execute malware on a 'target machine'.

    In light of Thursday's 20th release from Vault 7, RT looks back at the most explosive revelations from the CIA's hacking arsenal, showing how the intelligence agency could spy on you in your own home.

    Home Security Systems
    The 'Dumbo' program is purportedly designed to manipulate home security systems, altering the functionality of webcams and microphones on Microsoft Windows-operating systems and corrupting video recordings.

    WikiLeaks suggested that this allows the operator to create fake - or destroy real - evidence of their intrusion into the device.

    Smart TVs
    Many of the exploits revealed through the leaked Vault 7 documents appear designed to target ordinary individuals through commonly used devices.

    The CIA allegedly has access to a range of tools that even target Samsung TVs under its 'Weeping Angel' program. The project involves infiltrating the smart TVs to transform them into covert microphones, which can record and store audio.

    Android devices
    Google's Android operating system was found to have 24 'zero days' - the codename used by the CIA for tools to identify and exploit vulnerabilities and secretly collect data on individuals.

    The OS is used in 85 percent of the world's smart phones, including Samsung and Sony.

    By exploiting gaps in the OS, it's possible to access data from social messaging platforms, including WhatsApp, Weibo, Telegram and Signal before encryption is applied.

    Another program appears specifically designed to target mobile devices running Android 4.0 to 4.3, allowing a third party to intercept and redirect SMS messages.

    Apple products
    Apple products are not immune to the CIA's hacking tools either. In fact, Vault 7 revealed a specific division dedicated to the hacking of Apple devices.

    A tool known as 'NightSkies' specifically targets Apple products including the iPhone and Macbook Air. It purportedly even allows the CIA to infiltrate factory-fresh iPhones and track and control them remotely, providing "full remote command and control."

    WiFi
    WiFi can be easily exploited by the agency for spying, according to a number of leaks. One program called Cherry Blossom allegedly targets WiFi devices to monitor, control and manipulate the Internet traffic of connected users.

    No physical access is needed to implant the firmware on a wireless device, as some devices allow their firmware to be upgraded over a wireless link.

    Another malware called Elsa tracks WiFi-enabled devices running Microsoft Windows, allowing the CIA to gather location data on a target's device and monitor their patterns and habits.

    The malware allows the CIA to track the geo-location of wifi-enabled devices even when they are not connected to the internet.

    Microsoft
    Most of the malware referenced throughout the leaks is designed for use on the widely popular Microsoft Windows operating systems.

    Many of these programs focus on uploading the malware via removable devices such as USB drives. Some, such as the 'brutal kangaroo' project, are designed to hide themselves from detection, and can even infect devices that have never been connected to the internet by air gap jumping.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  22. The Following 9 Users Say Thank You to Hervé For This Post:

    3(C)+me (10th August 2017), avid (11th August 2017), Bill Ryan (5th August 2017), fourty-two (4th August 2017), Innocent Warrior (5th August 2017), Nasu (7th September 2017), onawah (4th August 2017), Openmindedskeptic (5th August 2017), Reinhard (26th August 2017)

  23. Link to Post #312
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Imperial


    Full statement on Imperial from WikiLeaks -

    27 July, 2017

    Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

    Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

    Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

    SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

    Documents Directory HERE.

    * * *

    From Imperial release -


    'Aeris' implant targeting Debian, Red Hat, Solaris, FreeBSD and Centos user - User Guide



    'rootkit' to hide CIA activities on the Apple Macs it infiltrates - Sea Pea User Guide



    'Achilles' tool to infect Mac OS X disk images (".dmg") - Achilles User Guide



    * * *

    Vault 7: Projects

    RELEASE - Dumbo


    Full statement on Dumbo from WikiLeaks -

    3 August, 2017

    Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

    Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

    Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

    Documents Directory HERE.

    * * *

    From The Hacker News -

    This is How CIA Disables Security Cameras During Hollywood-Style Operations (Aug 2, 2017)



    In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence.

    Whenever I see such scenes in a movie, I wonder and ask myself: Does this happen in real-life?

    Yes, it does, trust me—at least CIA agents are doing this.

    WikiLeaks has just unveiled another classified CIA project, dubbed 'Dumbo,' which details how CIA agents hijack and manipulate webcams and microphones in Hollywood style "to gain and exploit physical access to target computers in CIA field operations."

    The Dumbo CIA project involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi.

    Once identified, the Dumbo program allows the CIA agents to:
    • Mute all microphones
    • Disables all network adapters
    • Suspends any processes using a camera recording device
    • Selectively corrupted or delete recordings

    However, there are two dependencies for a successful operation:
    • Dumbo program requires SYSTEM level privilege to run.
    • The USB drive must remain plugged into the system throughout the operation to maintain control over connected surveillance devices.

    This project is being used by the CIA's Physical Access Group (PAG)—a special branch within the Center for Cyber Intelligence (CCI) which is tasked to gain and exploit physical access to target computers in CIA field operations.

    Source (with links).
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  24. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    avid (11th August 2017), Bill Ryan (5th August 2017), Hervé (5th August 2017), mab777 (7th August 2017), Nasu (7th September 2017), Openmindedskeptic (5th August 2017), Reinhard (5th August 2017)

  25. Link to Post #313
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Related

    Wikileaks RELEASE: Macron Campaign Emails, 21,075 verified searchable emails from the campaign of President Macron (custom search).





    25,439 email attachments associated with #Macron's presidential campaign HERE.

    Project Avalon thread: Wikileaks Dumps 72,000 Hacked Macron Emails


    Miscellaneous Information about the CIA

    CIA archives: Kennedy assassination may have been CIA blowback, from Politico -
    How the CIA Came to Doubt the Official Story of JFK’s Murder (Aug 3, 2017)
    Newly released documents from long-secret Kennedy assassination files raise startling questions about what top agency officials knew and when they knew it.



    * * *

    Whistleblowing is ‘the patriotic thing’ – fmr CIA analyst (July 27, 2017)


    Duration: 7:50

    * * *

    CIA Director Mike Pompeo on "non state intelligence services"--which he has previously defined to be Wikileaks, from The Washington Free Beacon's article -
    Director Pompeo Details How the CIA Is Changing Under President Trump (July 26, 2017)



    * * *

    From Physicians for Human Rights -
    The CIA’s Program of Human Experimentation (July 25, 2017)
    An interview with Physicians for Human Rights’ Sarah Dougherty

    * * *

    From FAIR -
    Media Mourn End of CIA Killing Syrians and Strengthening Al Qaeda (July 27, 2017)


    Julian Assange

    Assange on Putin, refugee ban, US justice system together Barrett Brown and more (July 25, 2017) -
    http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3
    Last edited by Innocent Warrior; 5th August 2017 at 09:10.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  26. The Following 8 Users Say Thank You to Innocent Warrior For This Post:

    3(C)+me (10th August 2017), avid (5th August 2017), Bill Ryan (5th August 2017), Ewan (24th August 2017), Hervé (5th August 2017), Nasu (7th September 2017), Reinhard (5th August 2017), uzn (25th August 2017)

  27. Link to Post #314
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    WikiLeaks 'Vault 7' release: CIA CouchPotato tool 'captures video stream images remotely'

    RT
    Thu, 10 Aug 2017 12:50 UTC


    © Gary Hershorn / Reuters

    The CIA has developed a top-secret program allowing users to remotely hack and capture still images of video streams, according to the latest release from WikiLeaks.

    Dubbed 'CouchPotato,' a user guide to the tool uploaded by WikiLeaks says that it utilizes ffmpeg software, which produces libraries and programs for handling multimedia data to decode streaming connections.

    The user guide is dated February 2014 and the document front page is marked: "Classified By: 2273504" and "Declassify On: 25X1, 20620712."

    "Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams," a statement on the WikiLeaks site reads.

    Just one part of the document appears to have been redacted, an index page at the beginning under a heading marked "Authority."


    © WikiLeaks.org

    Some of the advice laid out in the guide warns that, in certain circumstances, the tool "can leak memory and also leave file handles open." It also recommends setting an expiration period for the tool so that, when this period has elapsed, "CouchPotato will exit."

    "This is a highly recommended option when collecting video," the document adds.

    Thursday's release is the latest in the whistleblowing organization's ongoing 'Vault 7' series of leaks purportedly from inside the CIA.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  28. The Following 6 Users Say Thank You to Hervé For This Post:

    avid (11th August 2017), Bill Ryan (11th August 2017), Ewan (24th August 2017), Innocent Warrior (10th August 2017), muxfolder (12th August 2017), Reinhard (26th August 2017)

  29. Link to Post #315
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - CouchPotato


    Full statement on CouchPotato from WikiLeaks -

    10 August, 2017

    Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.

    Documents Directory HERE.



    Related

    Formerly Jailed CIA Whistleblower John Kiriakou: Jeff Sessions Is Extending Obama's War on Leaks (August 8, 2017)

    Attorney General Jeff Sessions has announced that the FBI has formed a new team focused on investigating potential leaks to the press. During a press conference on Friday, Sessions said that leak investigations have tripled since President Donald Trump took office. Civil liberties groups criticized Sessions’s remarks. Ben Wizner of the ACLU said, "A crackdown on leaks is a crackdown on the free press and on democracy as a whole." We speak with John Kiriakou, the former CIA analyst who exposed the Bush-era torture program and became the only official jailed in connection with it.

    See source to listen (includes transcript).


    CIA: Miscellaneous

    Interview with former UK ambassador, Craig Murray on CIA & torture, Wikileaks and more -
    https://archives.kpfa.org/data/20170807-Mon1700.mp3

    From the ACLU -

    JUDGE DENIES PSYCHOLOGISTS’ EFFORT TO STOP LAWSUIT FILED BY ACLU ON BEHALF OF CIA TORTURE VICTIMS (August 7, 2017)

    SPOKANE, Wash. — A federal lawsuit against the two psychologists who designed and implemented the CIA torture program cleared the final legal hurdle before a scheduled trial, a first for a case involving CIA torture.

    The lawsuit was brought by the American Civil Liberties Union on behalf of Suleiman Abdullah Salim, Mohamed Ahmed Ben Soud, and the family of Gul Rahman, who froze to death in a secret CIA prison. They were tortured using methods developed by the CIA-contracted psychologists, James Mitchell and John “Bruce” Jessen.

    Both sides had filed motions for summary judgement, which were argued last Friday in federal district court. At the hearing, Judge Justin Quackenbush denied the ACLU’s motion and said he was inclined to deny the psychologists’ motion to end the case also, but he did not definitely make a ruling that day. Today in a written opinion, the judge denied the psychologists’ motion. The ruling means the case is scheduled to go to trial on September 5 and expected to last two to three weeks.

    See source for full article.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  30. The Following 8 Users Say Thank You to Innocent Warrior For This Post:

    avid (11th August 2017), Ba-ba-Ra (24th August 2017), Bill Ryan (11th August 2017), Ewan (24th August 2017), JRS (11th August 2017), Nasu (7th September 2017), Openmindedskeptic (11th August 2017), Reinhard (26th August 2017)

  31. Link to Post #316
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    CIA’s secret spy tool helps agency steal data from NSA & FBI, WikiLeaks reveals

    RT
    Published time: 24 Aug, 2017 11:29
    Edited time: 24 Aug, 2017 14:17
    Get short URL


    © Pascal Lauener / Reuters

    Details of an alleged CIA project that allows the agency to secretly extract biometric data from liaison services such as the NSA, the DHS and the FBI have been published by WikiLeaks.

    Documents from the CIA’s ‘ExpressLane’ project were released by the whistleblowing organization as part of its ongoing ‘Vault 7’ series on the intelligence agency’s alleged hacking capabilities.

    Quote
    RT America‏Verified account @RT_America


    Dumbo: #WikiLeaks reveals #CIA system to take over webcams, microphones https://on.rt.com/8jez

    8:46 AM - 3 Aug 2017
    A branch within the CIA – known as Office of Technical Services (OTS) – provides a biometric collection system to liaison services around the world “with the expectation for sharing of the biometric takes collected on the systems,” according to a file released by WikiLeaks.

    ExpressLane, however, suggests the system has inadequacies as it was developed as a covert information collection tool to secretly exfiltrate data collections from such systems provided to liaison services.

    The user guide for the tool states that it was developed to support the branch in its efforts to verify that this data is also being shared with the agency.
    “ExpressLane v3.1.1 provides an ability to disable the biometric software if liaison doesn’t provide the Agency with continued access.”
    ExpressLane is installed and run under the guise of upgrading the biometric software by OTS agents that visit the liaison sites.

    © Wikileaks
    “OTS/i2c plans to revisit these sites with the cover of upgrading the biometric software to perform a collection against the biometric takes,” a CIA document outlining test procedures for the project states.
    Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration is disguised behind a Windows installation splash screen.


    © Wikileaks

    ExpressLane was intended to remain secret until 2034, according to the files which originate from 2009.

    The core components of the OTS system are based on products from Cross Match – a US company specializing in biometric software for law enforcement and the Intelligence Community.

    In 2011, it was reported that the US military used one of the company’s products to identify Osama bin Laden during the assassination operation in Pakistan.

    The White House and Department of Defense said facial recognition technology was one of the techniques used to identify Bin Laden but Cross Match’s involvement was not confirmed.

    READ MORE: CIA CouchPotato tool ‘captures video stream images remotely’ – WikiLeaks
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  32. The Following 8 Users Say Thank You to Hervé For This Post:

    Ba-ba-Ra (24th August 2017), Bill Ryan (24th August 2017), Ewan (24th August 2017), Innocent Warrior (24th August 2017), Nasu (7th September 2017), Noelle (24th August 2017), Openmindedskeptic (25th August 2017), Reinhard (26th August 2017)

  33. Link to Post #317
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - ExpressLane


    Full statement on ExpressLane from WikiLeaks -

    24 August, 2017

    Today, August 24th 2017, WikiLeaks publishes secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services -- which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

    The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

    ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.

    The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.

    Documents Directory HERE.

    * * *

    From Security Week -

    WikiLeaks: CIA Secretly Collected Data From Liaison Services
    (August 24, 2017)

    WikiLeaks has published another round of Vault 7 documents, this time describing a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to secretly collect biometric data from the agency’s liaison services.

    The leaked documents, marked as “secret,” appear to reveal that the CIA’s Office of Technical Services (OTS) and Identity Intelligence Center (I2C), both part of the agency’s Directorate of Science and Technology, have provided liaison services with a system that collects biometric information.

    According to WikiLeaks, these liaison services include other U.S. government agencies, such as the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

    In order to ensure that liaison services share the collected biometric data, the CIA has developed a tool called ExpressLane, which secretly copies the data collected by the biometric software and disables this software if continued access is not provided to the agency.

    The documents show that ExpressLane is installed on the targeted system by an OTS officer claiming to perform an upgrade to the biometric system from a USB drive. ExpressLane displays a bogus update screen for a period of time specified by the agent, while in the background the targeted biometric data is compressed, encrypted and copied to the officer’s USB drive.

    The files copied to the USB drive are later extracted at headquarters using a different utility called ExitRamp.

    Another feature of ExpressLane allows the agency to ensure that the biometric software is disabled after a specified number of days unless action is taken. When the tool is installed, a kill date, which specifies when the biometric software will stop functioning, is set (the default value is 6 months in the future). If an agent does not return with the ExpressLane USB drive within that period, the license for the biometric software expires. Whenever ExpressLane is run on the targeted system, the kill date is extended.

    This helps the is helps the CIA ensure that the collected biometric data ends up in its possession, and provides a way for the agency to disable the biometric software if access is no longer granted.

    See source for full article.

    * * *

    ExpressLane: Covert CIA operation to give allies biometric identity systems--then steal the population's identities -







    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  34. The Following 7 Users Say Thank You to Innocent Warrior For This Post:

    Ba-ba-Ra (24th August 2017), Bill Ryan (24th August 2017), Ewan (25th August 2017), Hervé (25th August 2017), Nasu (7th September 2017), Openmindedskeptic (25th August 2017), Reinhard (26th August 2017)

  35. Link to Post #318
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,060 times in 15,476 posts

    Default Re: Vault 7

    Not Their Finest Work: CIA #Angelfire Windows Hacking Tool Was Riddled With Bugs

    Sputnik 18:55 31.08.2017
    (updated 18:56 31.08.2017)


    © Sputnik/ Iliya Pitalev

    WikiLeaks has published its latest instalment of documents in the Vault 7 series, containing information on Angelfire – a tool the US Central Intelligence Agency (CIA) employed to load and execute malware, targeting Microsoft Windows operating systems and computers. Its user manual suggests the application was riddled with issues.

    According to the leaked user manual, Angelfire is comprised of five components; Solartime, malware that modifies a computer's boot sector in order to load Wolfcreek; Wolfcreek, a self-loading driver for loading other drivers and user-mode applications; Keystone, responsible for starting other implants (technical term for malware); BadMFS, a covert file system which stores all other components, and encrypts and hides them.

    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA 'Angelfire' covert Windows malware system https://wikileaks.org/vault7/#Angelfire … #vault7


    3:58 AM - 31 Aug 2017
    37 replies 775 retweets 633 likes

    In essence, Angelfire is but another resource in the CIA's apparently vast hacking arsenal, aimed at Windows users.

    However, there is much to suggest the tool is a sub-par effort — despite BadMFS' obfuscatory promise, and the manual's claim that Angelfire aims to provide a "robust environment" for users, its authors concede there are "some limitations" they should be aware of prior to use.

    A lengthy table listing issues then-known to the tool's development team follows.

    Sloppy Work
    The litany of bugs identified by developers suggests Angelfire could even fail at the first hurdle. Its initial compotnent, Solartime, does a heuristic check of an operating system at boot time to determine if it's possible to patch it — yet, it's possible this check will succeed, while the OS has changed in a manner that would cause a crash if patched.

    "The heuristic algorithm is imperfect and can still have false positives. Solartime has a more restrictive setting that will only allow the patch to proceed if the OS has not changed. The downside is, if a new service pack or hotfix is applied, Solartime will not launch on bootup," the manual says.

    Quote
    dalmoz‏ @dalmoz_

    One-liner for testing the presence of CIA's AngelFire malware #WikiLeaks Grab here: https://gist.github.com/dalmoz/2f513f30da675c6212e0532451265b65 …



    4:03 AM - 31 Aug 2017
    1 reply 31 retweets 52 likes

    Furthermore, BadMFS cannot be installed if there is insufficient space on a drive, raising the prospect users could be alerted to the existence of the allegedly covert file with a standard system warning that it could not be copied. To remedy this prospective blunder, the manual suggests shrinking the file, to a minimum of two megabytes in size.

    Other glitches could similarly notify users of the presence of malicious software installed — or in the process of being installed — on their computers.

    For example, anti-virus and cybersecurity products could detect the presence of BadMFS by the existence of a file named "zf" — and users may see popup alerts if one of the Angelfire components crashed, which other issues suggest is a likely eventuality.

    In addition, the Keystone component always disguises as a "C:\Windows\system32\svchost.exe" process, which would be inconsistent with the actual svchost.exe path on a system

    Quote
    Catalin Cimpanu‏ @campuscodi 6h6 hours ago

    CIA Developed Windows Malware That Alters Boot Sector to Load More Malware https://www.bleepingcomputer.com/news/security/cia-developed-windows-malware-that-alters-boot-sector-to-load-more-malware/ … #wikileaks #CIA #vault7

    1 reply 4 retweets 6 likes


    Catalin Cimpanu‏ @campuscodi 6h6 hours ago

    #Vault7: The Angelfire framework is made up of 5 components: Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system

    1 reply 2 retweets 0 likes


    Catalin Cimpanu‏ @campuscodi 6h6 hours ago

    This is how they work together:


    1 reply 0 retweets 1 like

    Catalin Cimpanu‏ @campuscodi

    WikiLeaks/CIA docs say Angelfire works only on XP, Win7, and Server 2008 R2 (64bit)


    3:14 AM - 31 Aug 2017
    1 reply 0 retweets 4 likes

    Replying to @campuscodi
    Unlike previous releases, Angelfire comes with a bunch of known issues. Tables span over 3 pages


    0 replies 0 retweets 2 likes

    Other issues have no remedy — for instance, if Angelfire's container file is deleted, but Angelfire has not been uninstalled, it will continue to work on reboot until the disk clusters the container file occupies are overwritten by the computer's file system.

    If this happens, the integrity check of the container file will fail, and Angelfire will allow the boot process to continue as normal — again allowing users to unthinkingly evade the tool's clutches.

    In sum, Angelfire was evidently far from the CIA's best work — other tools in the intelligence agency's technological armory, documented in previous Vault 7 releases, appear to have been far more effective.

    We Have the Technology
    • CherryBlossom was a tool via which the agency sought to leverage common vulnerabilities in WiFi routers, sold by companies such as D-Link and Linksys. The techniques ranged from hacking network passwords to rewriting device firmware to remotely monitor traffic flowing across a target's network. The CIA's router-hacking approach began with a tool — "Claymore" — that scanned a network to identify devices, and then launched two exploiters — "Tomato" and "Surfside" — which stole WiFi devices' administrative passwords.
    • HighRise was an Android application designed for Android mobile devices, which provided a redirector function for SMS messaging — in effect, allowing the CIA to intercept and redirect any text messages received by a particular device.
    • Dumbo allowed for the identification, control and manipulation of webcams and computer microphones, on any computer running Microsoft Windows. CIA agents could record and monitor all audio/visual traffic from and to that resource, and delete or manipulate recordings to hide actual evidence of the intrusion operation.
    • DarkSeaSkies allowed agents to execute malicious code from an USB, CD, DVD, or portable hard drive, during a Mac's boot-up, even if the Mac's firmware is password-protected.


    Related:
    #Angelfire: WikiLeaks Reveals CIA Method for Loading Your PC With Spyware
    Last edited by Hervé; 31st August 2017 at 16:36.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  36. The Following 6 Users Say Thank You to Hervé For This Post:

    Bill Ryan (31st August 2017), Innocent Warrior (7th September 2017), Nasu (7th September 2017), norman (31st August 2017), Reinhard (1st September 2017), uzn (31st August 2017)

  37. Link to Post #319
    Avalon Member uzn's Avatar
    Join Date
    7th March 2015
    Location
    Earth for now
    Posts
    1,388
    Thanks
    4,332
    Thanked 10,454 times in 1,354 posts

    Default Re: Vault 7



    Assange:
    Paper publishes highly suspect US intelligence document on ISIS attack in Barcelona ahead of Catalan referendum.
    https://twitter.com/wikileaks/status/903081437888483328

    Spanish interview of Hernandez Direktor of El Periódico (spanish newspaper)
    http://www.ccma.cat/catradio/alacart.../audio/973124/

  38. The Following 4 Users Say Thank You to uzn For This Post:

    Bill Ryan (1st September 2017), Hervé (2nd September 2017), Innocent Warrior (7th September 2017), Nasu (7th September 2017)

  39. Link to Post #320
    Australia Avalon Member Innocent Warrior's Avatar
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,377
    Thanks
    23,784
    Thanked 24,327 times in 3,059 posts

    Default Re: Vault 7

    Quote Posted by Rachel (here)
    Quote Posted by Rachel (here)
    Ronald Bernard Luciferian Banking Testimony (April 22, 2017)

    For anyone interested, full PDF, scanned copy, dated 1934 - THE PROTOCOLS OF ZION
    Real Big Power: Revelations by insider Ronald Bernard-part 2 (Uploaded June 9, 2017)
    Ronald Bernard - PART 3, revelations from an insider (uploaded August 22, 2017)

    * * *

    Have CIA spies already stolen India's national ID card database?
    From GGI News - How CIA Spies Access India’s Biometric Aadhaar Database (Aug 25, 2017)
    See also Aadhaar in the hand of spies

    From The Hindu - UIDAI refutes Wikileaks reports of Aadhaar data snoop, says system is secure (Aug 27, 2017)

    * * *

    Vault 7: Projects

    RELEASE - Angelfire


    Full statement on Angelfire from WikiLeaks -

    31 August, 2017

    Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

    Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

    Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as "C:\Windows\system32\svchost.exe" and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

    BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf".

    The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the 'UserInstallApp'.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  40. The Following 5 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (7th September 2017), Hervé (7th September 2017), JRS (7th September 2017), Nasu (7th September 2017), Ron Mauer Sr (7th September 2017)

+ Reply to Thread
Page 16 of 18 FirstFirst 1 6 16 18 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts