+ Reply to Thread
Page 15 of 15 FirstFirst 1 5 15
Results 281 to 299 of 299

Thread: Vault 7

  1. Link to Post #281
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Promo for new German-Spanish film on the legal fight surrounding Assange (english subtitles) -

    Hacking Justice



    Quote Published on May 19, 2017

    Click here to register
    http://www.docsonline.tv/world-premie...

    When you're more than a journalist, you need more than a lawyer !

    May 19th 2017, Swedish Prosecutor Marianne Ny drops charges against Julian Assange.

    A victory for international legal team lead by Judge Garzon, over a four year endeavour documented by "Hacking Justice", unique film available on the topic with non-infringed image rights from all appearing parties.

    Baltasar Garzon, 58, is an analogue man, barely speaks english, is bad with computers. But he plays a major global role within the digital world. He took upon coordinating the international legal teams preparing the upcoming defense of WikiLeaks founder Julian Assange. Garzon is one of the world’s leading authorities upholding the principle of Universal Jurisdiction, defending in this case freedom of press but also fundamental human rights. With a unique access, the film witnesses the struggle for the control of information, the growing influence of intelligence services, the lack of transparency, the role of the mass media and the difficult balance of individual rights and state security.
    Awesome team and they don't get paid, a clip from the film of the legal team at work can be viewed here.

    * * *

    Podcast: WBAI Free Assange #5 -- interview with police corruption whistleblowers, Frank Serpico -

    http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3

    wbai.org
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  2. The Following 12 Users Say Thank You to Rachel For This Post:

    A Voice from the Mountains (22nd May 2017), Bill Ryan (22nd May 2017), Daughter of Time (23rd May 2017), Debra (23rd May 2017), Ewan (22nd May 2017), Hervé (23rd May 2017), mab777 (22nd May 2017), Nasu (22nd June 2017), onawah (23rd May 2017), Ron Mauer Sr (22nd May 2017), Sierra (3rd June 2017), StandingWave (22nd May 2017)

  3. Link to Post #282
    France Moderator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    12,663
    Thanks
    39,123
    Thanked 61,545 times in 11,418 posts

    Default Re: Vault 7

    'Bigger than WannaCry': New malware employs 7 NSA exploits, Croatian expert warns

    RT
    Mon, 22 May 2017 15:43 UTC


    © Thomas Samson / AFP

    Seven cyber exploits purportedly stolen from the US National Security Agency (NSA) have been identified in 'EternalRocks', a new type of malware detected by a Croatian tech security advisor.

    Similar to the WannaCry malware which struck hundreds of thousands of computers worldwide this month, EternalRocks apparently draws on NSA-identified network exploits EternalBlue, EternalChampion, EternalRoman, and EternalSynergy.

    The worm utilizes DoublePulsar, Architouch and SMBtouch, a series of tools released in an apparent NSA leak by hacking group ShadowBrokers.


    Quote
    Miroslav Stampar‏ @stamparm

    Info on (new) EternalRocks worm can be found on https://github.com/stamparm/EternalRocks/ …. Will keep it updated, along with @_jsoo_

    5:43 AM - 18 May 2017 8 replies 145 retweets 140 likes
    The virus's characteristics were identified by Miroslav Stampar, a Croatian security expert for the country's Computer Emergency Response Team (CERT). He is also listed as a Croatian chapter member of the Honeynet Project, a volunteer network for "security research."

    Quote
    Miroslav Stampar‏ @stamparm

    Just captured 406ac1595991ea7ca97bc908a6538131 and 5c9f450f2488140c21b6a0bd37db6a40 in MS17-010 honeypot. MSIL/.NET #WannaCry copycat(s)


    8:28 AM - 17 May 2017 5 replies 76 retweets 88 likes
    In a breakdown published online, Stampar outlines how the "cyberweapon" downloads in two separate stages, with the second running 24 hours later to avoid detection.

    "After about six to eight hours of analysis, I found how to provoke the second stage," said Stampar when contacted by RT.com. "I got kind of excited and scared as somebody had successfully, and professionally, packed all SMB exploits from ShadowBroker's dump.

    "I predicted that something bigger than WannaCry is coming," he added.

    Stampar explains that EternalRocks sits anonymously on the target device, but can be activated later for more malicious purposes: "It's sole purpose at this moment is propagation and waiting for further command and control updates. As I see it, it is a prelude," he said.

    Quote
    Miroslav Stampar‏ @stamparm

    Conclusion: delayed downloader for https://ubgdgno5eswkhmpy[.]onion/updates/download?id=PC which seem to be a full scale cyber weapon

    5:46 PM - 17 May 2017 1 reply 8 retweets 13 likes
    Microsoft was forced to patch discontinued operating systems earlier this month after WannaCry exploited vulnerabilities in its software.

    The patch came after more than 200,000 devices became infected with WannaCry, which encrypts computer files and demands victims to pay a ransom for their release. The wide-reaching ransomware blitz crippled parts of the UK National Health Service.

    Last week, Quarkslab security advisor Adrien Guinet released information about a method for decrypting WannaCry. The 'WannaKey' tool was published to Github but only helps users with the Windows XP operating system.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  4. The Following 9 Users Say Thank You to Hervé For This Post:

    A Voice from the Mountains (2nd June 2017), bennycog (2nd June 2017), Bill Ryan (2nd June 2017), Daughter of Time (23rd May 2017), Debra (23rd May 2017), Ewan (23rd May 2017), Nasu (22nd June 2017), Rachel (23rd May 2017), Sierra (3rd June 2017)

  5. Link to Post #283
    United States Avalon Member onawah's Avatar
    Join Date
    28th March 2010
    Posts
    7,899
    Thanks
    19,427
    Thanked 33,737 times in 6,663 posts

    Default Re: Vault 7

    That link doesn't work
    Quote Posted by Rachel (here)

    Click here to register
    http://www.docsonline.tv/world-premie...
    It's:
    http://www.docsonline.tv/world-premi...acking-justice
    Last edited by onawah; 23rd May 2017 at 16:55.
    Each breath a gift...
    _____________

  6. The Following 4 Users Say Thank You to onawah For This Post:

    Bill Ryan (2nd June 2017), Nasu (22nd June 2017), Omnisense (24th May 2017), Rachel (23rd May 2017)

  7. Link to Post #284
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Pandemic


    Full statement on Pandemic from WikiLeaks -

    1 June, 2017

    Today, June 1st 2017, WikiLeaks publishes documents from the "Pandemic" project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. "Pandemic" targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).

    As the name suggests, a single computer on a local network with shared drives that is infected with the "Pandemic" implant will act like a "Patient Zero" in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  8. The Following 11 Users Say Thank You to Rachel For This Post:

    A Voice from the Mountains (2nd June 2017), avid (3rd June 2017), bennycog (2nd June 2017), Bill Ryan (2nd June 2017), Hervé (2nd June 2017), mab777 (8th June 2017), Nasu (22nd June 2017), Openmindedskeptic (2nd June 2017), Reinhard (3rd June 2017), Sierra (3rd June 2017), uzn (3rd June 2017)

  9. Link to Post #285
    United States Avalon Member A Voice from the Mountains's Avatar
    Join Date
    24th September 2014
    Location
    Appalachia
    Posts
    1,249
    Thanks
    4,177
    Thanked 5,661 times in 1,140 posts

    Default Re: Vault 7

    I just saw in a Wikileaks tweet earlier today that they have a new release out.

    Only people on my Twitter feed are Wikileaks and Trump. Other than that Twitter can go to hell.


    Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago.
    Last edited by A Voice from the Mountains; 2nd June 2017 at 16:07.

  10. The Following User Says Thank You to A Voice from the Mountains For This Post:

    Rachel (3rd June 2017)

  11. Link to Post #286
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Quote Posted by A Voice from the Mountains (here)
    Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago.
    Too slow, they tweeted it 20 hours before the tweet you saw.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  12. The Following User Says Thank You to Rachel For This Post:

    A Voice from the Mountains (4th June 2017)

  13. Link to Post #287
    United States Avalon Member A Voice from the Mountains's Avatar
    Join Date
    24th September 2014
    Location
    Appalachia
    Posts
    1,249
    Thanks
    4,177
    Thanked 5,661 times in 1,140 posts

    Default Re: Vault 7

    Quote Posted by Rachel (here)
    Quote Posted by A Voice from the Mountains (here)
    Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago.
    Too slow, they tweeted it 20 hours before the tweet you saw.
    Twitter really is garbage and would be just as bad if not worse than Facebook with censorship if more people actually gave a damn about it. The only reason I even got it was to get Trump's tweets and I think they know that if they banned him like they were considering before, they'd probably really go out of business. They don't provide advertizers with any meaningful return on investment and they were caught fabricating data to make it look better.

    I just got locked out of my Twitter account earlier today for stuff I was posting that they didn't like, so I just made another account. I went back and looked and none of my tweets were even showing anyway. On a different account I couldn't find them anywhere, not even with the tweets they separate out as potentially offensive (which apparently includes politically incorrect speech).

    If anybody wants to find me, my new handle on there is Barack_Obama_US_Kang lol. @obama_KangOfUS

  14. The Following 3 Users Say Thank You to A Voice from the Mountains For This Post:

    Bill Ryan (17th June 2017), Hervé (9th June 2017), Rachel (4th June 2017)

  15. Link to Post #288
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    From Hot For Security -

    Vault 7: WikiLeaks exposes Pandemic, CIA infection tool for Windows machines (Jun 2, 2017)



    After having disclosed information about CIA’s spyware tool Athena only last week, WikiLeaks has published new information from Pandemic, another alleged CIA project that “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

    Part of the Vault 7 series of documents that were either leaked following an inside job or stolen from the CIA by hackers, Pandemic basically turns Windows machines from a targeted network into Patient Zero. It then covertly infects other computers linked to the system by delivering infected versions of the requested files. Because it is very persistent, the original source of infection is difficult to detect.

    Pandemic only takes 10 to 15 minutes to install and replaces up to 20 programs, according to a user manual, which doesn’t thoroughly describe how it is actually installed on a targeted file server. The project allegedly dates from April 2014 to January 2015.

    See SOURCE to read more (including links).

    * * *


    Podcast: WBAI Free Assange #6 (30/5/17) -- Interview: former UK ambassador Craig Murray discussing UK election and Assange detention.

    http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3

    wbai.org


    Assange on the DC leak war -



    Published on Jun 1, 2017
    Quote This week Co-Founder of WikiLeaks Julian Assange discusses the War of Leaks in DC, who has the best secret security forces around the world, and how the public largely benefits from transparency and sharing of information. Porter and Buck have a debate on what constitutes a whistleblower and the motivations behind those who come forward.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  16. The Following 6 Users Say Thank You to Rachel For This Post:

    aoibhghaire (22nd June 2017), Bill Ryan (17th June 2017), Foxie Loxie (17th June 2017), Hervé (9th June 2017), mab777 (9th June 2017), PathWalker (9th June 2017)

  17. Link to Post #289
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Cherry Blossom


    Full statement on Cherry Blossom from WikiLeaks -

    15 June, 2017

    Today, June 15th 2017, WikiLeaks publishes documents from the CherryBlossom project of the CIA that was developed and implemented with the help of the US nonprofit Stanford Research Institute (SRI International).

    CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for "Man-In-The-Middle" attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.

    The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.

    Missions may include tasking on Targets to monitor, actions/exploits to perform on a Target, and instructions on when and how to send the next beacon. Tasks for a Flytrap include (among others) the scan for email addresses, chat usernames, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser (e.g., to Windex for browser exploitation) or the proxying of a Target’s network connections. FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the Flytrap’s WLAN/LAN for further exploitation. When the Flytrap detects a Target, it will send an Alert to the CherryTree and commence any actions/exploits against the Target. The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  18. The Following 7 Users Say Thank You to Rachel For This Post:

    aoibhghaire (22nd June 2017), Bill Ryan (17th June 2017), Foxie Loxie (17th June 2017), Hervé (17th June 2017), mab777 (22nd June 2017), Nasu (22nd June 2017), Openmindedskeptic (18th June 2017)

  19. Link to Post #290
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Cherry Bomb: Cherry Blossom (CB) User’s Manual HERE (PDF).



    * * *

    WBAI interview with Jesselyn Radack & Christine Assange on whistleblower issues and Assange asylum .
    http://nuarchive.wbai.org/mp3/wbai_1...170001brad.mp3

    Review of Laura Poitras' "Risk" by human rights lawyer Renata Avila on WBAI.
    https://soundcloud.com/user-10880948...tras-film-risk

    wbai.org

    From Electric Frontier Foundation - As the Espionage Act Turns 100, We Condemn Threats Against Wikileaks (June 14, 2017)

    * * *

    Quote Posted by Rachel (here)
    Ronald Bernard Luciferian Banking Testimony (April 22, 2017)

    For anyone interested, full PDF, scanned copy, dated 1934 - THE PROTOCOLS OF ZION
    Real Big Power: Revelations by insider Ronald Bernard-part 2 (Uploaded June 9, 2017)
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  20. The Following 7 Users Say Thank You to Rachel For This Post:

    aoibhghaire (22nd June 2017), bennycog (17th June 2017), Bill Ryan (17th June 2017), Foxie Loxie (17th June 2017), mab777 (22nd June 2017), Nasu (22nd June 2017), Omnisense (20th June 2017)

  21. Link to Post #291
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    Vault 7: Projects

    RELEASE - Brutal Kangaroo


    Full statement on Brutal Kangaroo from WikiLeaks -

    22 June, 2017

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

    The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  22. The Following 8 Users Say Thank You to Rachel For This Post:

    aoibhghaire (22nd June 2017), Bill Ryan (22nd June 2017), Bruno (22nd June 2017), JRS (22nd June 2017), mab777 (22nd June 2017), muxfolder (22nd June 2017), Nasu (22nd June 2017), Openmindedskeptic (23rd June 2017)

  23. Link to Post #292
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7


    From Brutal Kangaroo release, CIA air-gap jumping virus 'Emotional Simian' -

    Emotional Simian v2.3 - User Guide - https://wikileaks.org/vault7/documen..._3-User_Guide/





    * * *

    Finale of WBAI's "Julian Assange Countdown to Freedom" with NSA's Thomas Drake and film maker John Pilger.
    https://www.wbai.org/archive-popup.p...andyCrelof.mp3

    Former CIA, NSA & FBI senior officers on the five year detention of Julian Assange -

    Binney, McGovern, Rowley: WikiLeaks and the Global Information War (June 20, 2017)

    On today's episode of Loud & Clear, Brian Becker is joined by Ray McGovern, an activist and a former CIA analyst; by Coleen Rowley, a former FBI special agent and whistleblower; and by Bill Binney, a former NSA technical director and whistleblower.

    Monday, June 19 marks five years since Wikileaks founder Julian Assange sought asylum in Ecuador. In the half a decade since then, Assange has been prevented by British authorities from leaving the Ecuadorian embassy in London despite the UN finding last year that he has been the subject of arbitrary detention. His case and the campaign against Wikileaks have caused a global debate over whistleblowing that rages to this day.

    Full episode HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  24. The Following 5 Users Say Thank You to Rachel For This Post:

    aoibhghaire (22nd June 2017), Bill Ryan (22nd June 2017), Hervé (22nd June 2017), mab777 (22nd June 2017), Nasu (22nd June 2017)

  25. Link to Post #293
    France Moderator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    12,663
    Thanks
    39,123
    Thanked 61,545 times in 11,418 posts

    Default Re: Vault 7

    #Vault7: CIA’s secret cyberweapon can infiltrate world’s most secure networks

    RT
    Published time: 22 Jun, 2017 11:47
    Get short URL


    © Joe Raedle / AFP

    WikiLeaks’ latest release in its Vault7 series details how the CIA’s alleged ‘Brutal Kangaroo’ program is being used to penetrate the most secure networks in the world.

    Brutal Kangaroo, a tool suite for Microsoft Windows, targets closed air gapped networks by using thumb drives, according to WikiLeaks.

    Air gapping is a security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks.

    Quote

    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA 'Brutal Kangaroo' thumb drive air gap jumping virus attack suite https://wikileaks.org/vault7/#Brutal%20Kangaroo …


    2:14 AM - 22 Jun 2017

    32 replies 952 retweets 869 likes
    These networks are used by financial institutions, military and intelligence agencies, the nuclear power industry, as well as even some advanced news networks to protect sources, according to La Repubblica journalist Stefania Maurizi.

    These newly released documents show how closed networks not connected to the internet can be compromised by this malware. However, the tool only works on machines with a Windows operating system.

    Firstly, an internet-connected computer within the targeted organization is infected with the malware. When a user inserts a USB stick into this computer, the thumbdrive itself is infected with a separate malware.

    Once this is inserted into a single computer on the air gapped network the infection jumps – like a kangaroo – across the entire system, enabling sabotage and data theft.

    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA air-gap jumping virus 'Emotional Simian' https://wikileaks.org/vault7/document/Emotional_Simian-v2_3-User_Guide/ …




    2:36 AM - 22 Jun 2017
    21 replies 970 retweets 849 likes
    If multiple computers on the closed network are under CIA control, they “form a covert network to coordinate tasks and data exchange,” according to Wikileaks.

    Data can be returned to the CIA once again, although this does depend on someone connecting the USB used on the closed network computer to an online device.

    Quote
    Julian Assange‏ @JulianAssange

    CIA's Brutal Kangaroo air-gap jumping virus smuggles out stolen data in images on USB sticks @softwarnet https://wikileaks.org/vault7/#Brutal%20Kangaroo …




    3:01 AM - 22 Jun 2017
    18 replies 454 retweets 457 likes
    While it may not appear to be the most efficient CIA project, it allows the intelligence agency to infiltrate otherwise unreachable networks.

    This method is comparable to the Stuxnet virus, a cyberweapon purportedly built by the US and Israel. Stuxnet is thought to have caused substantial damage to Iran's nuclear program in 2010.

    The CIA allegedly began developing the Brutal Kangaroo program in 2012 – two years after Stuxnet incident in Iran.

    The most recent of these files were to intended to remain secret until at least 2035. The documents released by WikiLeaks are dated February 2016, indicating that the scheme was likely being used until that point.


    Related:
    ‘CIA’s Cherry Bomb’: WikiLeaks #Vault7 reveals wireless network targets
    Shadow Brokers leak links NSA to alleged US-Israeli Stuxnet malware that targeted Iran
    Last edited by Hervé; 22nd June 2017 at 16:16.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  26. The Following 7 Users Say Thank You to Hervé For This Post:

    Bill Ryan (22nd June 2017), Bruno (22nd June 2017), Foxie Loxie (24th June 2017), muxfolder (23rd June 2017), Nasu (22nd June 2017), Omnisense (23rd June 2017), Rachel (23rd June 2017)

  27. Link to Post #294
    Avalon Member Omnisense's Avatar
    Join Date
    1st February 2011
    Location
    Pacific NW
    Posts
    2,994
    Thanks
    11,254
    Thanked 17,872 times in 2,678 posts

    Default Re: Vault 7

    What an amazing thread this is. Thanks to all contributors.
    Victory Over Oppression
    Films | Music | About PSYOPS

  28. The Following 5 Users Say Thank You to Omnisense For This Post:

    Bill Ryan (24th June 2017), Foxie Loxie (24th June 2017), Hervé (25th June 2017), Openmindedskeptic (23rd June 2017), Rachel (23rd June 2017)

  29. Link to Post #295
    Avalon Member Omnisense's Avatar
    Join Date
    1st February 2011
    Location
    Pacific NW
    Posts
    2,994
    Thanks
    11,254
    Thanked 17,872 times in 2,678 posts

    Default Re: Vault 7

    And just to give an idea of the absurdity of the U.S Government:
    Victory Over Oppression
    Films | Music | About PSYOPS

  30. The Following 5 Users Say Thank You to Omnisense For This Post:

    Bill Ryan (24th June 2017), Foxie Loxie (24th June 2017), Hervé (25th June 2017), LadyM (23rd June 2017), Rachel (23rd June 2017)

  31. Link to Post #296
    United States Avalon Member Openmindedskeptic's Avatar
    Join Date
    11th March 2013
    Posts
    322
    Thanks
    448
    Thanked 1,243 times in 296 posts

    Default Re: Vault 7

    Quote Posted by Omnisense (here)
    What an amazing thread this is. Thanks to all contributors.
    This is probably my favorite thread on the forum at this time. I check in every Friday to see if there are any new developments.
    Last edited by Openmindedskeptic; 23rd June 2017 at 21:00.
    “He who gains victory over other men is strong; he who gains victory over himself is all powerful” Lao-Tzu

  32. The Following 5 Users Say Thank You to Openmindedskeptic For This Post:

    Bill Ryan (24th June 2017), Foxie Loxie (24th June 2017), Hervé (25th June 2017), Omnisense (23rd June 2017), Rachel (23rd June 2017)

  33. Link to Post #297
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    CIA - Stuxnet connection.

    From Flashpoint -

    WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits (June 23, 2017)



    On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by using weaponized USB drives as an exfiltration channel. Per the documentation, deployment of the tool takes place by unwitting targets; however, the use of such tools could also easily be deployed purposefully by complicit insider actors.

    Brutal Kangaroo

    Brutal Kangaroo is a suite of tools that can be used to attack air-gapped networks by using weaponized USB drives as a covert channel. For configuration, an attacker would have the ability to pick how the tool is delivered; the tool can be set to no configuration, EzCheese, “Lachesis” LinkFiles, or “RiverJack” LinkFiles. EzCheese, Lachesis, and RiverJack appear to be LNK exploits that can be used to gain access to a system with little to no user interaction. Brutal Kangaroo also has the ability to read configuration files and compress the data, making detection and analysis much more difficult.

    EzCheese

    EzCheese is an LNK exploit which can be used to exploit systems via USB drives. The payload can be configured to use an x86 or x64 DLL file, which can be executed simply by viewing the directory in Explorer. Per the documentation released by WikiLeaks, EzCheese was patched as of March 2015; analysis suggests that EzCheese is the LNK exploit patched in CVE-2015-0096. Open Source analysis of Microsoft patches issued during this period identify two exploits using LNK files, CVE-2010-2568 (MS10-046) and CVE-2015-0096. CVE-2015-0096 is particularly interesting, as this exploit uses the same flaw as MS10-046, which was not fully patched by Microsoft. MS10-046 was made public with the analysis of “Stuxnet,” and was an LNK exploit identified inside of the binary file. Stuxnet was used to attack air-gapped networks with weaponized USB drives, suggesting an overlap of tactics, techniques, and procedures (TTPs).

    Lachesis (Okabi Links)

    Lachesis can be deployed using autorun.inf on a USB drive when a drive is inserted into a machine, and can also be configured with an x86 or x64 DLL’s for code execution. This works for Windows 7 systems, and the CVE for this exploit is currently unknown.

    RiverJack (Okabi Links)

    RiverJack is another technique for launching exploits via USB. To launch, RiverJack uses the library-ms functionality to gain execution. Per the documentation, LNK files can be set to hidden and it is not necessary to view these files for deployment. This exploit works against Windows 7, 8, and 8.1; the current CVEs surrounding this technique are currently unknown.

    Emotional Simian

    Emotional Simian is a data collections tool that can be used to gather files from infected systems and store them on USB drives. This tool can be configured to find files based on certain patterns, such as by filenames or extensions. File collection can occur on target systems based on modified and accessed dates in order to not collect duplicate files. Emotional Simian can also be configured to remove itself from an infected machine based on the date of the system; by default, it is set to remove itself after two years.

    While this can be deployed by witting participants and insiders, the main deployment method is intended to be covert via unwitting hosts. In order to compromise the air-gapped systems, attackers will infect systems to which they have access, which are known as the “primary host.” Once a USB drive from this host has been compromised, it can be plugged into an air-gapped system where data collection begins; the data can then be saved to a separate partition on the USB drive. Once data is collected and the USB is plugged back into the primary host, other tools can be used to siphon the data off of the system. The data is then later processed.

    Shadow

    Once the USB tools have been deployed inside of a network, Shadow can be used to set up covert channels which can be used to send files back and forth. Similar to Emotional Simian, Shadow can be configured to collect certain files based on filename patterns and modified times. USB drives can be configured to be converted into Shadow drives, which allocate 10 percent of a USB drive partition for moving files. Infected systems can receive packet broadcasts with instructions and collected files can be assembled for post-processing. If pieces are missing, the tool will label chunks as missing; these missing pieces of data can be collected and reassembled later.

    Assessment

    While the tools described are used primarily by nation-state actors for covert data collections against unwitting victims, the tools could be used by a malicious insider for covertly collecting files. Flashpoint assesses with moderate confidence that the March 2015 patching of LNK exploit CVE-2015-0096 is likely EzCheese, which was an extension of patch MS10-046. MS10-046 was exploited by Stuxnet to attack air-gapped networks via USB drives, which is a significantly overlapping tactic, technique, and procedure (TTP) between Stuxnet and Brutal Kangaroo. LNK exploits are dangerous as they require little to no user interaction, and infection can occur simply by having the file rendered on the system.

    Nine days prior to the release of the new Vault 7 dump, Microsoft patched CVE-2017-8464, which was described as a remote code execution vulnerability using LNK exploits; this exploit was rated as critical and in the wild. In the patch notice, Microsoft mentioned that the code could be used and deployed to removable drives to infect hosts. Microsoft did not provide the source of where the information on the vulnerability came from; it is currently unknown if CVE-2017-8464 fixes the LNK exploits described above.

    For mitigations, Flashpoint recommends monitoring USB drive use because it is the primary deployment vector for these tools. LNK files should not typically be on USB drives; their presence may serve as an early warning of potentially suspicious activities.

    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  34. The Following 7 Users Say Thank You to Rachel For This Post:

    avid (24th June 2017), Bill Ryan (24th June 2017), Foxie Loxie (24th June 2017), Hervé (25th June 2017), mab777 (27th June 2017), Omnisense (Yesterday), Openmindedskeptic (27th June 2017)

  35. Link to Post #298
    Australia Moderator Rachel's Avatar
    Join Date
    30th October 2014
    Posts
    2,335
    Thanks
    14,794
    Thanked 15,483 times in 2,057 posts

    Default Re: Vault 7

    From Forbes:Security -

    Wikileaks: CIA Stuxnet-Like Attacks Hacked Unconnected PCs Via USB (June 22, 2017)



    The latest release from the Wikileaks Vault7 files, widely believed to contain details on the hacking techniques of the CIA, has revealed malware aimed at infecting so-called “air-gapped” PCs, those computers not connected to the internet, using USB sticks. The hacks exposed by Julian Assange’s organization Thursday exploit vulnerabilities similar to those used in the infamous Stuxnet attacks, believed to have been perpetrated by the US and Israel to infect nuclear plants in Iran, which also used thumb drives to spread into critical systems.

    Wikileaks’ “Brutal Kangaroo” leak includes an array of manuals allegedly from the CIA’s Information Operations Unit. One user guide dated February 2016 explained how the Brutal Kangaroo suite included “Drifting Deadline,” malware designed to first infect a computer and then any plugged-in thumb drive. As soon as a target moved that USB stick over to a non-connected – i.e. “air-gapped” – computer, the infection would spread.

    The final step, using software called Shadow, would “create a custom covert network within the target closed network,” from where the CIA could carry out further attacks and surveillance.

    Perhaps the most impressive aspect of the attack was an exploit of a vulnerability that ran as soon as a user simply looked at files on the thumb drive in Windows Explorer. They didn’t even need to open any of the files, just peruse them, to get infected, explained an independent researcher going by the name x0rz. That particular part of the Brutal Kangaroo exploit kit was similar to one abused by Stuxnet, in that it was delivered via malicious .lnk files. Industrial systems and terrorist groups using disconnected computers were likely the targets of the CIA malware, said x0rz.

    Microsoft and Wikileaks working together?

    Intriguingly, Microsoft just patched a vulnerability affecting Windows’ processing of .lnk files, and to exploit it only required the icon of a specially-crafted shortcut be processed by the target PC. That sounds identical to the CIA attack.

    The tech titan said that flaw had previously been exploited too. But it didn’t give any details on who disclosed the bug, leading x0rz and others to speculate Wikileaks properly informed Microsoft of the issue before releasing the Brutal Kangaroo files today, despite having some disputes with tech providers about how it would work with them to patch. x0rz guessed that the “Okabi” exploit named in the user guide was the one that was patched and that Wikileaks, rather than the CIA, was the one that disclosed to Microsoft. An older exploit that formed part of the Brutal Kangaroo arsenal, called EZCheese, was patched in 2015 before being replaced.

    “This new Wikileaks leak confirms that [the .lnk vulnerability] is most likely tied to the CIA’s air-gap framework… It was definitely a related flaw,” said Hacker House co-founder Mathew Hickey.

    “We’re currently looking into this and have nothing to share at this time,” a Microsoft spokesperson said.

    The CIA hadn’t returned a request for comment at the time of publication. The CIA has neither confirmed nor denied whether any of the Wikileaks files are legitimate. But it did criticize Assange’s group following past releases, which included iPhone, Mac, Windows and Wi-Fi hacks. “The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” a spokesperson said in March.

    Such attacks on air-gapped systems have long been known, though rarely seen outside of the academic world. In April last year, researchers showed how subtle changes in smart lightbulb intensity could reveal data to an outside observer, while this February an attack was showcased that had LED lights relay data in a similar way, but to a drone floating outside an office.

    Source (contains links).

    * * *


    From VOA -

    CIA Chief: Intel Leaks on the Rise, Cites Leaker 'Worship' (June 25, 2017)



    WASHINGTON —
    CIA Director Mike Pompeo says he thinks disclosure of America's secret intelligence is on the rise, fueled partly by the “worship” of leakers like Edward Snowden.

    “In some ways, I do think it's accelerated,” Pompeo told MSNBC in an interview that aired Saturday. “I think there is a phenomenon, the worship of Edward Snowden, and those who steal American secrets for the purpose of self-aggrandizement or money or for whatever their motivation may be, does seem to be on the increase.”

    Pompeo said the United States needs to redouble its efforts to stem leaks of classified information.

    “It's tough. You now have not only nation states trying to steal our stuff, but non-state, hostile intelligence services, well-funded -- folks like WikiLeaks, out there trying to steal American secrets for the sole purpose of undermining the United States and democracy,” Pompeo said.

    Besides Snowden, who leaked documents revealing extensive U.S. government surveillance, WikiLeaks recently released nearly 8,000 documents that it says reveal secrets about the CIA's cyberespionage tools for breaking into computers. WikiLeaks previously published 250,000 State Department cables and embarrassed the U.S. military with hundreds of thousands of logs from Iraq and Afghanistan.

    There are several other recent cases, including Chelsea Manning, the Army private formerly known as Bradley Manning. She was convicted in a 2013 court-martial of leaking more than 700,000 secret military and State Department documents to WikiLeaks while working as an intelligence analyst in Iraq. Manning said she leaked the documents to raise awareness about the war's impact on innocent civilians.

    Last year, former NSA contractor Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was accused of removing highly classified information, storing it in an unlocked shed and in his car and home. Court documents say investigators seized, conservatively, 50 terabytes of information, or enough to fill roughly 200 laptop computers.

    Pompeo said the Trump administration is focused on stopping leaks of any kind from any agency and pursuing perpetrators. “I think we'll have some successes both on the deterrence side - that is stopping them from happening - as well as on punishing those who we catch who have done it,” Pompeo said.

    See source for full article.

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  36. The Following 6 Users Say Thank You to Rachel For This Post:

    avid (27th June 2017), Bill Ryan (27th June 2017), Foxie Loxie (27th June 2017), Hervé (27th June 2017), Omnisense (Yesterday), PathWalker (27th June 2017)

  37. Link to Post #299
    France Moderator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    12,663
    Thanks
    39,123
    Thanked 61,545 times in 11,418 posts

    Default Re: Vault 7

    WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices

    Sputnik World 16:53 28.06.2017


    © AP Photo/ Carolyn Kaster

    The WikiLeaks whistleblowing website published documents, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.

    MOSCOW (Sputnik) — The WikiLeaks whistleblowing website on Wednesday released a new batch of CIA documents from the so-called Vault 7 project, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.
    “Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system … If it [device] is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp,” WikiLeaks said in a press release.
    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA 'ELSA' implant to geolocate laptops+desktops by intercepting the surrounding WiFi signals https://wikileaks.org/vault7/#Elsa




    5:19 AM - 28 Jun 2017

    According to the statement, the malware, once it is persistently installed on a targeted device, does not have to be connected to the internet to continue collection of data.
    “Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device,” WikiLeaks said.
    The whistleblowing platform released what appears to be the CIA's user manual for the ELSA project as evidence. WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.

    ...

    Related:
    WikiLeaks Releases New Batch of CIA Documents From "Pandemic" Project
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  38. The Following 5 Users Say Thank You to Hervé For This Post:

    Bill Ryan (Yesterday), fourty-two (Yesterday), Foxie Loxie (Yesterday), mab777 (Yesterday), Omnisense (Yesterday)

+ Reply to Thread
Page 15 of 15 FirstFirst 1 5 15

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts