+ Reply to Thread
Page 16 of 16 FirstFirst 1 6 16
Results 301 to 309 of 309

Thread: Vault 7

  1. Link to Post #301
    United States Avalon Greeter: Here to help
     
    Ron Mauer Sr's Avatar
    Join Date
    5th January 2011
    Location
    Lovingston, VA
    Age
    74
    Posts
    1,580
    Thanks
    10,621
    Thanked 12,238 times in 1,521 posts

    Default Re: Vault 7

    I wonder how much of the spyware goes away if one switches from Microsoft to Linux.

    I get a "The server's certificate is unknown" message whenever use Filezilla to upload a file. Never had this issue months ago.
    OS is Windows 10.

  2. The Following 2 Users Say Thank You to Ron Mauer Sr For This Post:

    Foxie Loxie (1st July 2017), gnostic9 (30th June 2017)

  3. Link to Post #302
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Elsa


    Full statement on Elsa from WikiLeaks -

    28 June, 2017

    Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.

    The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device.

    Documents Directory HERE.





    * * *

    Vault 7: Projects

    RELEASE - OutlawCountry


    Full statement on OutlawCountry from WikiLeaks -

    29 June, 2017

    Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

    The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

    Documents Directory HERE.

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  4. The Following 5 Users Say Thank You to Rachel For This Post:

    Bill Ryan (30th June 2017), Foxie Loxie (1st July 2017), Hervé (30th June 2017), Openmindedskeptic (30th June 2017), Reinhard (30th June 2017)

  5. Link to Post #303
    France Moderator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    12,783
    Thanks
    40,065
    Thanked 62,321 times in 11,536 posts

    Default Re: Vault 7

    CIA hacking tool 'OutlawCountry' targets Linux operating system

    RT
    Thu, 29 Jun 2017 18:08 UTC


    © Jan Woitas/Global Look Press

    WikiLeaks has published leaked documents purportedly from 'OutlawCountry', an alleged CIA program designed to overcome and alter firewalls on a Linux operating device.

    An apparent user guide bearing the symbol of the US Central Intelligence Agency was published on the WikiLeaks website Thursday.


    "OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA-controlled machines for ex- and infiltration purposes," WikiLeaks said in a statement.

    A type of malware, the virus targets a very specific version of the Linux operating system. "The target must be running a compatible 64-bit version of CentOS/RHEL 6.x (kernel version 2.6.32)," the program's user guide says.


    © WikiLeaks

    The reasons for installing the bug are not explained in the OutlawCountry engineering guide, other than it gives users the opportunity to alter a computer's security settings.

    OutlawCountry is made up of a file that creates a "hidden netfilter table" or new set of firewall settings, the user manual states.

    "With knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules," the document reads.

    All evidence of the virus is destroyed when the netfilter table is removed by the operator.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  6. The Following 7 Users Say Thank You to Hervé For This Post:

    Bill Ryan (30th June 2017), Foxie Loxie (1st July 2017), norman (30th June 2017), Omnisense (23rd July 2017), Rachel (1st July 2017), Reinhard (30th June 2017), Ron Mauer Sr (30th June 2017)

  7. Link to Post #304
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    From Hot For Security -

    WikiLeaks Vault 7 – ELSA: How the CIA can use WiFi to find you anywhere (June 29, 2016)



    If anyone still has doubts that the US Central Intelligence Agency (CIA) can track nearly anyone, anytime, anywhere, a new Vault 7 disclosure from WikiLeaks may dispel them.

    The CIA likely used malware codenamed ELSA to pinpoint and, presumably, track target Windows users over long periods, by hacking into WiFi radios on laptops – even when not connected to the Internet.

    ELSA works by triangulating the location of the target laptop as its WiFi radios actively listen for public access points whose ESS identifier, MAC address and signal strength are recorded at regular intervals. The malware stores the information in an encrypted file on the target computer itself.

    The CIA can then decrypt the data, compare the exfiltrated information against public geo-location databases from Google or Microsoft, and locate the device, with longitude and latitude, and a timestamp.

    “The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors,” according to the non-profit.

    ELSA can be customized to match environmental and operational factors, including sampling interval, maximum logfile size, invocation and persistence. Using the same geo-location databases maintained by Internet giants, additional back-end software can generate a tracking profile.

    Two weeks ago, in a similar Vault 7 dump, WikiLeaks revealed how the CIA could use a malware “implant” (codenamed CherryBlossom) to turn at least 25 WiFi router and access point models into surveillance posts.

    And two weeks before the CherryBlossom leak, WikiLeaks made a new disclosure from the Agency’s Pandemic project that allegedly “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

    The CIA is apparently sitting on a trove of surveillance tools, but WikiLeaks has so far failed to prove the agency is abusing them.

    Source (contains links).

    * * *

    THE ENCRYPTION DEBATE SHOULD END RIGHT NOW (June 30, 2017)



    WHEN LAW ENFORCEMENT argues it needs a “backdoor” into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization. If you leave a key under the doormat, a seminal 2015 paper argues, a burglar eventually finds it. And now recent events suggest an even simpler rebuttal: Why entrust a key to someone who gets robbed frequently?

    This aptly describe US intelligence services of late. In March, WikiLeaks released nearly 9,000 documents exposing the CIA’s hacking arsenal. More so-called Vault 7 secrets trickled out as recently as this week. And then there’s the mysterious group or individual known as the Shadow Brokers, which began sharing purported NSA secrets last fall. April 14 marked its biggest drop yet, a suite of hacking tools that target Windows PCs and servers to devastating effect.

    The fallout from the Shadow Brokers has proven more concrete than that of Vault 7; one of its leaked exploits, EternalBlue, facilitated last month’s WannaCry ransomware meltdown. A few weeks later, EternalBlue and two other pilfered NSA tools helped advance the spread of Petya, a ransomware outbreak that looks more and more like an act of cyberwar against Ukraine.

    Petya would have caused damage absent EternalBlue, and the Vault 7 dump hasn’t yet resulted in a high-profile hack. But that all of this has fallen into public hands shifts the nature of the encryption debate from hypothetical concern that someone could reverse-engineer a backdoor to acute awareness that someone could just steal it. In fact, it should end any debate all together.

    “The government asking for backdoor access to our assets is ridiculous,” says Jake Williams, founder of Rendition Infosec, “if they can't first secure their own classified hacking tools.”

    See source for full article (including links).
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  8. The Following 7 Users Say Thank You to Rachel For This Post:

    avid (14th July 2017), Bill Ryan (1st July 2017), Foxie Loxie (1st July 2017), Hervé (1st July 2017), Omnisense (23rd July 2017), Openmindedskeptic (1st July 2017), Reinhard (1st July 2017)

  9. Link to Post #305
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - BothanSpy


    Full statement on BothanSpy from WikiLeaks -

    6 July, 2017

    Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

    BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

    Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  10. The Following 5 Users Say Thank You to Rachel For This Post:

    avid (14th July 2017), Bill Ryan (11th July 2017), Hervé (14th July 2017), mab777 (11th July 2017), Omnisense (11th July 2017)

  11. Link to Post #306
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Highrise


    Full statement on Highrise from WikiLeaks -

    13 July, 2017

    Today, July 13th 2017, WikiLeaks publishes documents from the Highrise project of the CIA. HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post (LP) by proxying "incoming" and "outgoing" SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.

    Documents Directory HERE.

    CIA Android phone SMS proxy 'HighRise' which masquerades as 'TideCheck' to form a covert messaging network -





    From HighRise v2.0 User’s Guide.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  12. The Following 5 Users Say Thank You to Rachel For This Post:

    avid (14th July 2017), Bill Ryan (13th July 2017), Hervé (14th July 2017), mab777 (14th July 2017), Openmindedskeptic (14th July 2017)

  13. Link to Post #307
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    From The Hacker News -

    How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet) (July 13, 2017)



    WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak, this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones.

    Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones.

    However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool.

    But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used.

    Explained: How CIA Highrise Project Works

    In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, malware has an alternative way to send stolen data to the attackers i.e. via SMS.

    But for collecting stolen data via SMS, one has to deal with a major issue – to sort and analyse bulk messages received from multiple targeted devices.

    To solve this issue, the CIA created a simple Android application, dubbed Highrise, which works as an SMS proxy between the compromised devices and the listening post server.

    "There are a number of IOC tools that use SMS messages for communication and HighRise is a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post" by proxying ""incoming" and "outgoing" SMS messages to an internet LP," the leaked CIA manual reads.

    What I understood after reading the manual is that CIA operatives need to install an application called "TideCheck" on their Android devices, which are set to receive all the stolen data via SMS from the compromised devices.

    The last known version of the TideCheck app, i.e. HighRise v2.0, was developed in 2013 and works on mobile devices running Android 4.0 to 4.3, though I believe, by now, they have already developed an updated versions that work for the latest Android OS.



    Once installed, the app prompts for a password, which is "inshallah," and after login, it displays three options:
    1. Initialize — to run the service.
    2. Show/Edit configuration — to configure basic settings, including the listening post server URL, which must be using HTTPS.
    3. Send Message — allows CIA operative to manually (optional) submit short messages (remarks) to the listening post server.

    Once initialized and configured properly, the app continuously runs in the background to monitor incoming messages from compromised devices; and when received, forwards every single message to the CIA's listening post server over a TLS/SSL secured Internet communication channel.

    See source to read full article (with links).
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  14. The Following 8 Users Say Thank You to Rachel For This Post:

    avid (14th July 2017), Bill Ryan (13th July 2017), Hervé (14th July 2017), JRS (14th July 2017), mab777 (14th July 2017), Omnisense (14th July 2017), onawah (14th July 2017), Openmindedskeptic (14th July 2017)

  15. Link to Post #308
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,430
    Thanks
    15,379
    Thanked 16,029 times in 2,138 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - UCL / Raytheon


    Full statement on UCL / Raytheon from WikiLeaks -

    19 July, 2017

    Today, July 19th 2017, WikiLeaks publishes documents from the CIA contractor Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project. The documents were submitted to the CIA between November 21st 2014 (just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse) and September, 11th 2015. They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field.

    Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.

    Documents Directory HERE.

    * * *

    From UCL / Raytheon release, CIA-Rayethon analysis of HammerToss malware -

    (S//NF) FireEye -- HammerToss - Stealthy Tactics



    * * *

    CIA Director Mike Pompeo FULL Interview Aspen Security Forum (July 20, 2017)

    Pompeo on Wikileaks at 25:45

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  16. The Following 5 Users Say Thank You to Rachel For This Post:

    A Voice from the Mountains (23rd July 2017), Bill Ryan (23rd July 2017), fourty-two (23rd July 2017), Hervé (23rd July 2017), onawah (23rd July 2017)

  17. Link to Post #309
    France Moderator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    12,783
    Thanks
    40,065
    Thanked 62,321 times in 11,536 posts

    Default Re: Vault 7

    CIA ability to trojan Apple OS exposed in latest hacking release

    RT
    Published time: 27 Jul, 2017 10:53
    Get short URL



    WikiLeaks claim the leaks came from within the CIA. © Global Look Press

    The CIA’s alleged ability to trojan an Apple OS disk image has been exposed in ‘Imperial,’ the latest release from WikiLeaks Vault 7 series. This new batch is made of three hacking exploits, ‘Achilles,’ ‘SeaPea’ and ‘Aeris.’

    ‘Achilles’ is detailed by WikiLeaks in a statement as producing one or more operators to access an OS X disk image, and execute operations one time. The OS X disk image contains the contents and structure of the device’s storage.

    Intel Core 2 Processor and OS X are required on the target's computer for ‘Achilles’ to operate, according to a user guide.

    ‘Imperial’ is part of a series by the whistleblowers named ‘Vault 7’ which began in March and has seen releases from WikiLeaks on an almost weekly basis.

    WikiLeaks claims the leaks, which detail hacking exploits, come from a computer within the CIA, who would not comment on their alleged origin.

    Also detailed in ‘Imperial’ is ‘SeaPea’ which targets Apple devices, providing stealth and tool-launching capabilities to the OS X Rootkit. Running on Mac OSX 10.6 and 10.7 it hides files and directories, socket connections and processes, according to WikiLeaks.

    OSX 10.6 and 10.7 are more commonly known as Snow Leopard and Lion respectively, released by Apple in 2009 and supported until 2016.

    ‘SeaPea’ is installed using root access and remains on the device until either the hard drive is reformatted or the system is upgraded.

    ‘Aeris’ is detailed in the release as being an automated implant written in the C programming language, compatible with POSIX, a portable operating system interface for Unix. Once installed it allows for file exfiltration of files and encrypted communications.

    Previous released material from ‘Vault 7’ exposed hacking exploits which weaponized smartphones and used Smart TVs to spy.

    READ MORE: #Vault7: 85% of world’s smart phones ‘weaponized’ by CIA
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  18. The Following User Says Thank You to Hervé For This Post:

    Blacklight43 (Today)

+ Reply to Thread
Page 16 of 16 FirstFirst 1 6 16

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts