+ Reply to Thread
Page 12 of 18 FirstFirst 1 2 12 18 LastLast
Results 221 to 240 of 352

Thread: Vault 7

  1. Link to Post #221
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,765
    Thanks
    60,315
    Thanked 95,326 times in 15,478 posts

    Default Re: Vault 7

    Vault 7, part 4: WikiLeaks release shows CIA 'Grasshopper' used stolen malware from the 'Russian mafia'

    RT
    Fri, 07 Apr 2017 20:19 UTC


    © Toru Hanai / Reuters

    WikiLeaks has released the fourth part of 'Vault 7', named 'Grasshopper', the latest in a series of leaks detailing alleged CIA hacking techniques. It details malicious software WikiLeaks claims was taken from "suspected Russian organized crime."

    The latest release consists of 27 documents WikiLeaks claims come from the CIA's 'Grasshopper framework', a platform for building malware for use on Microsoft Windows operating systems.

    In a statement from WikiLeaks, 'Grasshopper' was described as providing the CIA with the ability to build a customized implant which will behave differently, depending on the security capabilities of a computer.

    Quote
    WikiLeaks‏Verified account @wikileaks

    CIA malware "Grasshpper" includes "Stolen Goods" which was taken from "suspected Russian organized crime" https://wikileaks.org/vault7/?#Grasshopper … #Vault7


    3:04 AM - 7 Apr 2017
    Quote
    WikiLeaks‏Verified account @wikileaks

    RELEASE: CIA malware for Windows "Grasshopper" -- which includes its own language https://wikileaks.org/vault7/?g#Grasshopper …


    2:54 AM - 7 Apr 2017

    According to WikiLeaks, Grasshopper performs "a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration."


    This allows CIA operators to detect if a target device is running a specific version of Microsoft Windows or if an antivirus is running, according to the statement.

    Quote
    WikiLeaks‏Verified account @wikileaks

    CIA malware "Grasshopper" re-installs itself every 22 hours by corrupting Windows Update--even if is disabled. https://wikileaks.org/vault7/?g4#grasshopper …


    5:26 AM - 7 Apr 2017

    Grasshopper allows tools to be installed and run on a machine without detection using PSP avoidance, allowing it to avoid Personal Security Products such as 'MS Security Essentials', 'Rising', 'Symantec Endpoint' or 'Kaspersky IS'.


    One of the so-called persistence mechanisms, which allows malware to avoid detection and remain on a computer system indefinitely, is known as 'Stolen Goods'.

    In the WikiLeaks release, it is credited to Umbrage, a group within the CIA's Remote Development Branch (RDB) which was linked in the 'Year Zero' release to collecting stolen malware and using it to hide its own hacking fingerprints.

    The components of the Stolen Goods mechanism were taken from a malware known as Carperb, "a suspected Russian organized crime rootkit," alleges WikiLeaks.

    Stolen Goods targets the boot sequence of a Windows machine, loading a driver onto the system that allows it to continue executing code when the boot process is finished.

    WikiLeaks confirmed that the CIA did not merely copy and paste the suspected Russian malware but appropriated "[the] persistence method, and parts of the installer," which were then modified to suit the CIA's purposes.

    The latest release came with an emblem containing a grasshopper and the words: "Look before you leap," a possible reference to how the latest leaked tools would allow the CIA to prepare a machine for future hacking, without raising suspicion.

    The rootkits can be installed and used as a 'man on the inside' who can allow more malicious software through undetected in future, if the CIA felt it necessary. If suspicions were raised on initial installation, they would know not to proceed with a more extensive operation.

    Also detailed in the release are Buffalo and Bamboo, modules that hide malware inside DLL's, a collection of shared libraries, on a Windows system.

    The two modules operate in slightly different ways: Buffalo runs immediately on installation whereas Bamboo requires a reboot to function properly.

    The goal of today's release is to help users seeking to defend their systems against any existing compromised security systems, Wikileaks stated.

    Also detailed in the release is ScheduledTask, a component of 'Grasshopper' that allows it to utilize Windows Task Scheduler to schedule executables.

    The component would allow the executables to automatically run at startup or logon, before killing it at the end of its duration. Included in ScheduledTask are commands that allow the executables names and description to be hidden.

    The release is the fourth in a series called 'Vault 7' which WikiLeaks claims contains documents taken from within the CIA. Releases so far include 'Zero Days' which detailed the CIA's hacking of Samsung smart TVs and 'Marble', which allowed the CIA to disguise their hacks and attribute them to someone else, including Russia.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  2. The Following 12 Users Say Thank You to Hervé For This Post:

    bennycog (8th April 2017), Bill Ryan (8th April 2017), BMJ (12th April 2017), Ewan (8th April 2017), Innocent Warrior (8th April 2017), KiwiElf (8th April 2017), mab777 (9th April 2017), Nasu (10th April 2017), norman (7th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (7th April 2017), The Freedom Train (18th April 2017)

  3. Link to Post #222
    United States Avalon Guide: Here to help
     
    Ron Mauer Sr's Avatar
    Join Date
    5th January 2011
    Location
    Virginia
    Age
    78
    Posts
    2,059
    Thanks
    12,911
    Thanked 16,501 times in 1,997 posts

    Default Re: Vault 7

    How can hacking be avoided?
    I am suspicious of every software update.

    Are we more protected with Linux or Apple?
    Does running Malwarebytes help?

  4. The Following 10 Users Say Thank You to Ron Mauer Sr For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Innocent Warrior (8th April 2017), Ivanhoe (10th April 2017), KiwiElf (8th April 2017), Muzz (8th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), skogvokter (9th April 2017), The Freedom Train (18th April 2017)

  5. Link to Post #223
    Avalon Member norman's Avatar
    Join Date
    25th March 2010
    Location
    too close to the hot air exhaust
    Age
    64
    Posts
    5,703
    Thanks
    8,212
    Thanked 28,920 times in 5,011 posts

    Default Re: Vault 7

    Quote Posted by Ron Mauer Sr (here)
    How can hacking be avoided?
    I am suspicious of every software update.

    Are we more protected with Linux or Apple?
    Does running Malwarebytes help?
    Malwarebytes is on the list of CIA compromised anti malware apps. Just about all the brands we know are in the list. They have a hack for apple machines that inserts itself into the firmware that boots the machine up, so no, apple is not safe either. I've heard of a big weakness in the linux kernel but I don't remember reading anything specific about the CIA's exploits of it.
    .................................................. my first language is TYPO..............................................

  6. The Following 9 Users Say Thank You to norman For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Ewan (8th April 2017), KiwiElf (8th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (8th April 2017), skogvokter (9th April 2017), The Freedom Train (18th April 2017)

  7. Link to Post #224
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    Quote Posted by Ron Mauer Sr (here)
    How can hacking be avoided?
    I am suspicious of every software update.

    Are we more protected with Linux or Apple?
    Does running Malwarebytes help?
    If a good hacker really wants to get into your computer, they probably will, however, the more security measures you take, the safer your information is. Put opaque tape over your camera lens and tape over your microphone. Store all files you want to keep private on an external hard drive. I also keep an old computer that never gets connected to the internet for working on private files.

    Apple's response to Vault 7's Dark Matter release was arrogant, dismissive and misleading. See post #206 for more information on Apple. See the post following this one for Nicko van Someren's (chief technology officer at The Linux Foundation) official statement in response to Vault 7.

    I highly recommend reading the attachments in the Articles On Bypassing PSPs page of the hacking tools section of Vault 7, that page contains a list of articles/papers on techniques for bypassing personal security products. You can start with the introduction, the conclusion and recommendations sections and then dig into the body for more information if you like, the bodies also contain helpful information, like information on antivirus propaganda, for example.

    Direct links to the attachments -

    Breaking Antivirus Software

    Bypass Antivirus Dynamic Analysis: Limitations of the AV model and how to exploit them

    From the conclusion section of the second attachment -

    Quote If I may give some humble recommendations against malwares I would say:

    Never run as administrator if you don’t have to. This is a golden rule, it can avoid 99% malwares without having an AV. This has been the normal way of doing things for Linux users for years. It is in my opinion the most important security measure.

    Harden the systems, recent versions of Windows have really strong security features, use them.

    Invest in Network Intrusion Detection Systems and monitor your network. Often, malware infections are not detected on the victims PC but thanks to weird NIDS or firewall logs.

    If you can afford it, use several AV products from different vendors. One product can cover the weakness of another, also there are possibilities that products coming from a country will be friendly to this country government malwares.

    If you can afford it use other kind of security products from different vendors.

    Last but not least, human training. Tools are nothing when the human can be exploited.
    Another useful resource is WikiLeaks' "Are Your Devices Compromised by the CIA?" research challenge. If you would like to find information on particular companies and products mentioned in the CIA hacking tools section of Vault 7, there is a list of them and links to relevant items in the publication, in the WikiLeaks Research Challenge wiki. You will see the researchers have marked some as "Targeted", this does not necessarily mean other items not marked as targeted don't have vulnerabilities. See post #193 for more information and links.

    Some information about this thread -

    WikiLeaks tweets information about the Vault 7 publications, amongst information about other publications and topics. Amongst other items, I have posted most of the information on Vault 7 tweeted by WikiLeaks here, so members and guests of Avalon don't have to sift through WikiLeaks' Twitter line to find important Vault 7 information.

    This thread also serves as a historical record of the Vault 7 publications, it includes links to each release of the Vault 7 publications, articles about information gleaned from the releases and other information like the responses of relevant parties.

    Some releases contain information which is of more interest to tech companies and journalists (also political), while other sections will be of more interest to individuals as users of tech. I have updated the OP of this thread with each release, those updates serve as a directory and each update contains a link to the post containing the new release, marking each new section of the Vault 7 thread. The updates also include a brief description of the release. If important information arises about a previous release, I'll link to the post containing that information in my last post of that section of the thread.
    Last edited by Innocent Warrior; 8th April 2017 at 13:05. Reason: typos, grammar, formatting
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  8. The Following 15 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Debra (8th April 2017), Ewan (8th April 2017), Hervé (8th April 2017), KiwiElf (8th April 2017), mab777 (9th April 2017), Muzz (8th April 2017), Nasu (10th April 2017), Omni (8th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (8th April 2017), skogvokter (9th April 2017), StandingWave (8th April 2017), The Freedom Train (18th April 2017)

  9. Link to Post #225
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    Inquirer article -

    The Linux Foundation responds to Wikileaks' CIA hacking revelations (March 9, 2017)

    Firm says open source nature of OS makes it more secure than closed system

    THE LINUX FOUNDATION has become the latest firm to responded to the revelations that its products have been compromised by the CIA.

    Wikileaks on Tuesday published 8,761 documents dubbed 'Year Zero', the first part in a series of leaks on the agency that Wikileaks has dubbed 'Vault 7'.

    The whistleblowing foundation claims the document dump reveals full details of the CIA's 'global covert hacking program', including 'weaponised exploits' used against operating systems including Android, iOS, Linux, macOS, Windows and "even Samsung TVs, which are turned into cover microphones".

    In a statement given to INQ, Nicko van Someren, chief technology officer at The Linux Foundation said that the open source nature of Linux means its continuously updated with security fixes, unlike other operating systems.

    "Linux is a very widely used operating system, with a huge installed base all around the world, so it is not surprising that state agencies from many countries would target Linux along with the many closed source platforms that they have sought to compromise," he said.


    "Linux is an incredibly active open source project. Thousands of professional developers and volunteers - including many of the most talented in the world - are constantly contributing improvements and fixes to the project. This allows the kernel team to release updates every few days - one of the fastest release cycles in the industry. Rapid release cycles enable the open source community to fix vulnerabilities and release those fixes to users faster.

    "Further, The Linux Foundation's Core Infrastructure Initiative (CII), which has the backing of many leading technology companies, is working to actively assist open source projects globally to help them develop their code using best practices proven to yield more secure results. Decades of software development tell us software will never be bug-free.

    "Through the work of open source communities, assistance from programs like CII and engagement with a vast pool of talent and support from contributing companies, we can enable open source software communities to continue producing some of the most secure software on the planet."

    The leaked documents claim that CIA's Mobile Devices Branch has created multiple tools for hacking both Android and iOS smartphones, enabling it to remotely acquire location data, audio and text communications, and to switch on the phones' camera and microphones at will.

    Apple has released a statement and claims it has already fixed many of the vulnerabilities exploited by the CIA.

    "The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way," a spokesperson told the BBC.

    "Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 per cent of users running the latest version of our operating system.

    "While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.

    "We always urge customers to download the latest iOS to make sure they have the most recent security update."

    Google, echoing Apple's remarks, telling Mashable: "As we've reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities.

    "Our analysis is ongoing and we will implement any further necessary protections. We've always made security a top priority and we continue to invest in our defences."

    Microsoft's Windows OS is also named also a target, with Wikileaks noting that "the CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware."

    In response, Microsoft said vaguely that it is "are aware of the report in question" and "urgently looking into the matter."

    Perpahs one of Wikileaks' most shocking revelations was that the CIA is also targeting Samsung smart TVs using a surveillance technique dubbed 'Weeping Angel', which was reportedly created in partnership with the UK's MI5.

    This tool allegedly allows government agencies to place Samsung TVs into "fake-off mode", that allows conversations to be recorded even when the television appears to be switched off.

    Samsung has responded and, like Microsoft, said it's urgently looking into it.

    "Protecting consumers' privacy and the security of our devices is a top priority at Samsung," a spokesperson said. "We are aware of the report in question and are urgently looking into the matter."

    Naturally, human rights watchdog Privacy International has been quick to comment on the revelations.

    "If today's leaks are authenticated, they demonstrate what we've long been warning about government hacking powers - that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated," a spokesperson told the INQUIRER.

    "Insufficient security protections in the growing amount of devices connected to the internet or so-called "smart" devices, such as Samsung Smart TVs, only compound the problem, giving governments easier access to our private lives. If the CIA knew of security weaknesses in the devices many of us use - from "smart" phones to "smart" TVs - they should have been working with companies to fix the vulnerabilities, not exploit them.

    "Privacy International continues to fight for transparency and accountability around government hacking and sharing powers, as well as improvements in the security of our networks and devices.

    "Without such, we increasingly face a world where we are vulnerable in ways most of us cannot imagine, and our governments contribute to the problem as often as they try to fix it."

    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  10. The Following 10 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Ewan (8th April 2017), fourty-two (8th April 2017), Hervé (8th April 2017), KiwiElf (9th April 2017), muxfolder (10th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), The Freedom Train (18th April 2017)

  11. Link to Post #226
    UK Avalon Founder Bill Ryan's Avatar
    Join Date
    7th February 2010
    Location
    Ecuador
    Posts
    24,664
    Thanks
    97,560
    Thanked 312,127 times in 23,154 posts

    Default Re: Vault 7

    Quote Posted by Sam Hunter (here)
    Merge Alert -

    http://projectavalon.net/forum4/show...?95892-Vault-7

    Mod note from Bill: Yes, Merged.
    I also moved the thread from Current Events to Conspiracy Research, although maybe it should now really be in Surveillance and Personal Security.

    A further note: Yes, all this definitely should be in Surveillance and Personal Security, and I've moved the thread there with a one month expiring redirect.

  12. The Following 8 Users Say Thank You to Bill Ryan For This Post:

    avid (8th April 2017), BMJ (12th April 2017), Innocent Warrior (8th April 2017), KiwiElf (9th April 2017), Nasu (10th April 2017), Ron Mauer Sr (8th April 2017), Star Tsar (8th April 2017), The Freedom Train (18th April 2017)

  13. Link to Post #227
    UK Avalon Member Clear Light's Avatar
    Join Date
    8th September 2015
    Age
    50
    Posts
    972
    Thanks
    1,776
    Thanked 5,150 times in 917 posts

    Default Re: Vault 7

    Quote Posted by norman (here)
    Quote Posted by Ron Mauer Sr (here)
    How can hacking be avoided?
    I am suspicious of every software update.

    Are we more protected with Linux or Apple?
    Does running Malwarebytes help?
    Malwarebytes is on the list of CIA compromised anti malware apps. Just about all the brands we know are in the list. They have a hack for apple machines that inserts itself into the firmware that boots the machine up, so no, apple is not safe either. I've heard of a big weakness in the linux kernel but I don't remember reading anything specific about the CIA's exploits of it.
    Oh, really ? Please could you share your source for this assertion Norman as I haven't been able to verify it thus far other than to find mention of Malwarebytes on a WikiLeaks hosted page (here) which lists numerous "Personal Security Products (PSPs)". And if you click on the Malwarebytes link itself, there isn't much to see, like nothing at all !

    My point is that even though the title of the document is "Vault 7: CIA Hacking Tools Revealed", this doesn't necessarily imply that ALL of the aforementioned PSPs are already compromised does it eh ?


  14. The Following 5 Users Say Thank You to Clear Light For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (8th April 2017), The Freedom Train (18th April 2017)

  15. Link to Post #228
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    Excerpt from Newsweek article, PRIVACY EXPERTS SAY CIA LEFT AMERICANS OPEN TO CYBER ATTACKS (April 8, 2017, originally published by International Business Times)

    The government enacted the Vulnerabilities Equities Process to reduce the unnecessary stockpiling of exploits. The procedure was meant to provide guidelines for agencies like the C.I.A. for notifying companies when dangerous issues are discovered in their devices. The measure was put in place during the Obama administration to prevent cyber attacks from terrorist networks and foreign governments, including Russia and China. But the C.I.A. completely ignored the Vulnerabilities Equity Process, instead exploring ways to use exploits for their own purposes, according to the Electronic Frontier Foundation, an international nonprofit digital rights group that reviewed a copy of the practice after filing a Freedom of Information Act request.

    "It appears the CIA didn't even use the [Vulnerabilities Equity Process]," said Cindy Cohn, executive director of the Electronic Frontier Foundation. "That’s worrisome, because we know these agencies overvalue their offensive capabilities and undervalue the risk to the rest of us."

    The CIA said it refuses to comment on any purported confidential documents but defended its use of exploits in common products by way of a press release following WikiLeaks' initial data dump earlier this month. The agency said it wasn’t using the tools to target U.S. citizens but instead to "aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nations states and other adversaries."

    The agency may have left millions open to the exact attacks it said it was trying to prevent, regardless of its intentions, by not reporting those flaws to major companies, said Justin Cappos, a professor in the Computer Science and Engineering department at New York University.

    "Now those blueprints are out there for hackers around the world, for anyone who wants to access this information and use it to compromise all these products," Cappos said. "You have to ask yourself: If the government knows of a problem in your phone that bad guys could use to hack your phone and have the ability to spy on you, is that a weakness that they themselves should use for counterterrorism, or for their own spying capabilities, or is it a problem they should fix for everyone?"

    If one thing was clear through WikiLeaks’ latest release, it's that flaws in technology will always exist, while many—including the U.S. government—continue to learn of more ways to use them as tools for digital espionage. Digital privacy advocates say the tides will only begin to turn when consumers begin demanding a basic threshold of online security from companies and their governments.

    When asked how to describe the thousands of pages of complex data and its implications for typical Americans, Cohn offered a real-world scenario.

    "If the C.I.A. was walking past your front door and saw that your lock was broken, they should at least tell you and maybe even help you get it fixed," Cohn said.

    But the federal agency doesn't appear to be helping Americans protect themselves from intrusion. Instead, the C.I.A. was building secret tunnels, discovering other ways to break into their homes and not telling them about their broken locks.

    "And worse, they then lost track of the information they had kept from you so that now criminals and hostile foreign governments know about your broken lock," Cohn continued. "Stripped of the digital trappings, that is what happened here."
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  16. The Following 9 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (8th April 2017), BMJ (12th April 2017), Ewan (8th April 2017), Hervé (8th April 2017), KiwiElf (9th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (8th April 2017), The Freedom Train (18th April 2017)

  17. Link to Post #229
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,765
    Thanks
    60,315
    Thanked 95,326 times in 15,478 posts

    Default Re: Vault 7

    Quote Posted by Clear Light (here)
    Quote Posted by norman (here)
    [...]
    Malwarebytes is on the list of CIA compromised anti malware apps.[...]
    Oh, really ? Please could you share your source for this assertion Norman as I haven't been able to verify it thus far [...]
    Check Norman's post here and follow the links: http://projectavalon.net/forum4/show...=1#post1141374
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  18. The Following 4 Users Say Thank You to Hervé For This Post:

    Bill Ryan (8th April 2017), Clear Light (8th April 2017), Nasu (10th April 2017), The Freedom Train (18th April 2017)

  19. Link to Post #230
    UK Avalon Member Clear Light's Avatar
    Join Date
    8th September 2015
    Age
    50
    Posts
    972
    Thanks
    1,776
    Thanked 5,150 times in 917 posts

    Default Re: Vault 7

    Quote Posted by Hervé (here)
    Quote Posted by Clear Light (here)
    Quote Posted by norman (here)
    [...]
    Malwarebytes is on the list of CIA compromised anti malware apps.[...]
    Oh, really ? Please could you share your source for this assertion Norman as I haven't been able to verify it thus far [...]
    Check Norman's post here and follow the links: http://projectavalon.net/forum4/show...=1#post1141374
    Oh, thanks for that Hervé ... and as it turns out the links in the TechTalk article, that Norman posted, point to the same WikiLeaks material I was referring to !

  20. The Following 4 Users Say Thank You to Clear Light For This Post:

    Bill Ryan (9th April 2017), Hervé (8th April 2017), Nasu (10th April 2017), The Freedom Train (18th April 2017)

  21. Link to Post #231
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    This deserves a thread of its own but I don't have the time. ZeroHedge has laid it out -

    Hacker Group Releases Password To NSA's "Top Secret Arsenal" In Protest Of Trump Betrayal (April 8, 2017)

    Last August, the intel world was abuzz following the news that a previously unknown hacker collective, "The Shadow Brokers" had hacked and released legitimate hacking tools from the NSA's own special-ops entity, the "Equation Group", with initial speculation emerging that the Russians may have penetrated the US spy agency as suggested by none other than Edward Snowden. The Shadow Brokers released a bunch of the organization's hacking tools, and were asking for 1 million bitcoin (around $568 million at the time) to release more files, however failed to find a buyer.

    Attention then shifted from Russians after some speculated that the agency itself may be housing another "mole" insider. At the time, a former NSA source told Motherboard, that “it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers." As famed NSA whistleblower William Binney - who exposed the NSA's pervasive surveillance of Americans long before Snowden confirmed it - said, “My colleagues and I are fairly certain that this was no hack, or group for that matter, This ‘Shadow Brokers’ character is one guy, an insider employee."

    In a subsequent Reuters op-ed by cybersecurity expert James Bamford, author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America, and columnist for Foreign Policy magazine, he said that seemed as the most probable explanation, and that Russia had nothing to do with this latest - and most provocative yet - hack.

    Since then, the Shadow Broker group, whose origin and identity still remains a mystery, disappeared from the radar only to emerge today, when in an article posted on Medium, the group wrote an op-ed, much of it in broken English, in which it slammed Donald Trump's betrayal of his core "base", and the recent attack on Syria, urging Trump to revert to his original promises and not be swept away by globalist and MIC interests, but far more imporantly, released the password which grants access to what Edward Snowden moments ago called the NSA's "Top Secret arsenal of digital weapons."

    The article begins with the group explaining why it is displeased with Trump.

    Quote Don’t Forget Your Base

    Respectfully, what the **** are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

    Good Evidence:

    #1—Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
    #2—Backtracked on Obamacare
    #3—Attacked the Freedom Causcus (TheMovement)
    #4—Removed Bannon from the NSC
    #5—Increased U.S. involvement in a foreign war (Syria Strike)

    The peoples whose voted for you, voted against the Republican Party, the party that tried to destroying your character in the primaries. The peoples who voted for you, voted against the Democrat Party, the party that hates, mocks, and laughs at you. Without the support of the peoples who voted for you, what do you think will be happening to your Presidency? Without the support of the people who voted for you, do you think you’ll be still making America great again? Do you be remembering when you were sitting there at the Obama Press Party and they were all laughing at you? Do you be remembering when you touring the country and all those peoples believed in you and supported you? You were those peoples hope. How do you be thinking it will be feeling when those people turn on you? Will they be laughing at you, hating you, and mocking you too?

    TheShadowBrokers doesn’t want this to be happening to you, Mr. Trump. TheShadowBrokers is wanting to see you succeed.
    The hackers then ask Trump whose war is he fighting:

    Quote If you made deal(s) be telling the peoples about them, peoples is appreciating transparency. But what kind of deal can be resulting in chemical weapons used in Syria, Mr. Bannon’s removal from the NSC, US military strike on Syria, and successful vote for SCOTUS without change rules? Mr. Trump whose war are you fighting? Israeli Nationalists’ (Zionist) and Goldman Sachs’ war? Chinese Globalists’ and Goldman Sachs war? Is not looking like you fighting the domestic wars, the movement elected you to be fighting. You not being in office three months and already you looking like the MIIC’s bitch with John McCain and Chuck Schumer double dutch ruddering each other in the corner over dead corpses.
    The post continues by exposing what the ShadowBrokers believe is the general mindset of Trump's support base:

    Quote Your Supporters:
    Don’t care what is written in the NYT, Washington Post, or any newspaper, so just ignore it.
    Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.
    Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.
    Don’t care if your popular or nice, get er done, Obama’s fail, thinking he could create compromise. No compromise.
    Don’t want foreign wars, Do want domestic wars, “drain the swamp”, “destroy the nanny state”
    Don’t care about your faith, you sound like a smuck when you try to say god things
    DO support the ideologies and policies of Steve Bannon, Anti-Globalism, Anti-Socialism, Nationalism, Isolationism
    In the article, the ShadowBrokers also touch upon what until recently was the primary topic of the daily news cycle, namely the whether Russia is behind this (and any other black hat intel hacking operation):

    Quote For peoples still being confused about TheShadowBrokers and Russia. If theshadowbrokers being Russian don’t you think we’d be in all those U.S. government reports on Russian hacking? TheShadowBrokers isn’t not fans of Russia or Putin but “The enemy of my enemy is my friend.” We recognize Americans’ having more in common with Russians than Chinese or Globalist or Socialist. Russia and Putin are nationalist and enemies of the Globalist, examples: NATO encroachment and Ukraine conflict. Therefore Russia and Putin are being best allies until the common enemies are defeated and America is great again.
    The report than goes on to suggest that the hacking group is in fact comprised mostly of former US spies: "President Trump, theshadowbrokers is offering our services to you and your administration. Did you know most of theshadowbrokers’ members have taken the oath “…to protect and defend the constitution of the United States against all enemies foreign and domestic…”. Yes sir! Most of us used to be TheDeepState everyone is talking about."

    Then something changed, and the collective notes that "TheDeepState is being the enemy of the constitution, individualism, life, liberty, and the pursuit of happiness. With the right funding we can recruit some of the best hacker intel peoples in United States and world. “Unmasking” is being new buzz word, so we use. TheShadowBrokers is being happy to unmask anyone we considering to be an enemy of the Constitution of the United States."

    Quote Enemies like John McCain. Something doesn’t rub theshadowbrokers rite about Vietnam War POW who at every opportunity seeks to do violence to others via the proxy of young service men and women. If anyone should be being pacifist, slow to pick fight it should be being former POW. TheShadowBrokers is sure if we “unmasking”, Senator McCain, Magog itself might come out, many defense contractors, Saudi Princes, and possibly little Vietnamese boy he shares with Senator Lindsey Graham, not cool! Mr. Trump we know you are having DOJ and FBI, so why you be needing theShadowBrokers? You don’t, but theshadowbrokers is confused. Why haven’t you served search warrant to NYT, Washington Post, Goldman Sacks, Jeff Bezos, and all other Globalist for investigation and prosecution of treason, sedition, and un-American activities during a time of war?
    It was the conclusion to the post, however, that was most interesting - in it the Shadow Brokers urges Trump to be the "real deal" and has released the password to the NSA hacking tool binaries that made so much news last summer:

    Quote Mr. President Trump theshadowbrokers sincerely is hoping you are being the real deal and that you received this as constructive criticism toward #MAGA. Some American’s consider or maybe considering TheShadowBrokers traitors. We disagreeing. We view this as keeping our oath to protect and defend against enemies foreign and domestic. TheShadowBrokers wishes we could be doing more, but revolutions/civil wars taking money, time, and people. TheShadowBrokers has is having little of each as our auction was an apparent failure. Be considering this our form of protest. The password for the EQGRP-Auction-Files is CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN
    Shortly after the blog post hit, Wikileaks noticed:

    Quote Shadow Brokers releases password to NSA hacking tool binaries from 2013 as "protest" over "abandoning base" https://medium.com/@shadowbrokerss/d...e-867d304a94b1
    Even Edward Snowden got involved

    Quote NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it.
    1) https://github.com/x0rz/EQGRP
    2)https://medium.com/@shadowbrokerss/d...e-867d304a94b1
    Quote Bitter lesson:
    When any government conceals knowledge of vulnerabilities in common software, those vulns will be found and used by enemies. https://twitter.com/Snowden/status/850766326943690752
    Quote NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it.
    1) https://github.com/x0rz/EQGRP
    2) https://medium.com/@shadowbrokerss/d...e-867d304a94b1
    Quote Bitter lesson:
    When any government conceals knowledge of vulnerabilities in common software, those vulns will be found and used by enemies. https://twitter.com/Snowden/status/850766326943690752
    Quote Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so... (1/2)
    *
    Quote ...much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal.
    Quote Finally: irrefutable evidence that I never cooperated with Russian intel. No country trades away spies, as the rest would fear they're next. https://twitter.com/CNBCnow/status/830190986697523203
    As per Wikileaks, the released information include "browsable decrypted Shadow Brokers "NSA" hacking tools+docs files corresponding to password released today", and that "Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system"

    Quote Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system https://github.com/x0rz/EQGRP
    Quote Chinese targets found in today's "Shadow Brokers|" NSA cyber weapons dump, e.g https://github.com/x0rz/EQGRP/blob/m...cript.txt#L728
    The github depository of the released code can be found here.



    Other hackers organizations confirm, the key released by the ShadowBrokers has been verified:

    Quote The @shadowbrokerss key to eqgrp-auction-file.tar.xz.gpg is legit.
    Inside the NSA dump among many other findings, we find hundreds of NSA attacks on China, as well as penetration attempts in which the NSA "pretends" to be China so one wonders how difficult it would be for the NSA to pretend they are, oh, say Russia?

    Additionally, today's revelation exposes hacking attacks on EU states, as well as Latin America, Russia, China, Japan and South East Asia. Among the contents one also finds the hacking configuration for China Mobile, the world's largest mobile telecom company by number of subscribers (just under 900 million) and market cap.

    Another example shows the NSA's EquationGroup tool (ELECTRICSLIDE) impersonating a Chinese browser with fake Accept-Language.

    Quote One of the #EquationGroup tool (ELECTRICSLIDE) impersonates a Chinese browser with fake Accept-Languagehttps://github.com/x0rz/EQGRP/blob/33810162273edda807363237ef7e7c5ece3e4100/Linux/bin/electricslide.pl …
    We are in the process of further exploring the disclosed data, and will present any notable revelations in due course, however we find it quite interesting that now that the "rogue" element in the intel community appears to have given up on Trump, they are bypassing the president and taking their war with the "deep state" directly to the people.

    Finally, a rhetorical question from Julian Assange on today's revelations:

    Quote If #ShadowBrokers are intelligence then NSA lost a calamitous amount of cyber weapons to Russia or China et al before election. Did Obama:
    Know and cover it up
    Wasn't told--NSA cover up
    other (see my reply)
    Source (has links to each tweet).

    * ZeroHedge didn't include this tweet, I added it in, as it is the second part of Snowden's previous tweet.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  22. The Following 14 Users Say Thank You to Innocent Warrior For This Post:

    avid (9th April 2017), Ba-ba-Ra (9th April 2017), Baby Steps (9th April 2017), Bill Ryan (9th April 2017), Ewan (9th April 2017), Hervé (9th April 2017), JRS (9th April 2017), KiwiElf (9th April 2017), Muzz (9th April 2017), Nasu (10th April 2017), norman (9th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (9th April 2017), The Freedom Train (18th April 2017)

  23. Link to Post #232
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,765
    Thanks
    60,315
    Thanked 95,326 times in 15,478 posts

    Default Re: Vault 7

    Shadow Brokers hackers release NSA hacking tools to punish Trump for ‘abandoning’ his base

    RT
    Published time: 9 Apr, 2017 02:51
    Edited time: 9 Apr, 2017 08:12

    [full article: https://www.rt.com/usa/384082-shadow...assword-trump/ (most of it a duplicate of above post ^^^)]


    [...]

    Shadow Brokers listed some of the reasons they were unhappy with Trump in a Medium blog post:

    “Goldman Sachs (TheGlobalists) and Military Industrial Intelligence Complex (MIIC), cabinet, #2 — Backtracked on Obamacare, #3 — Attacked the Freedom Caucus (TheMovement), #4 — Removed Bannon from the NSC, #5 — Increased U.S. involvement in a foreign war (Syria Strike).”

    The group also criticized Trump for launching the cruise missile strike against Syria, saying: “Whose war are you fighting? Israeli Nationalists’ (Zionist) and Goldman Sachs’ war? Chinese Globalists’ and Goldman Sachs war? Is not looking like you fighting the domestic wars, the movement elected you to be fighting.”

    The group earlier attempted to auction the “best files” for more 1 million Bitcoin, but abandoned the plan in January.

    The post seemingly lends clues as to the identity of the group. “Did you know most of theshadowbrokers’ members have taken the oath ‘…to protect and defend the constitution of the United States against all enemies foreign and domestic…’.” it reads. “Yes sir! Most of us used to be TheDeepState everyone is talking about.”

    While the Shadow Brokers were accused of being Russians, several NSA insiders earlier told the media that signs pointed to it being someone within the NSA.


    Related:
    What the hack? The leaks that shaped 2016
    Hacking group offers ‘stolen NSA cyber-weapons’ in bitcoin auction
    ‘You’re welcome’: Snowden casts light on NSA hack
    Trump to Congress on Syria strike: US to take additional action to further its national interests
    Leak in-house? NSA data dump could be work of insider
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  24. The Following 11 Users Say Thank You to Hervé For This Post:

    Ba-ba-Ra (9th April 2017), Bill Ryan (9th April 2017), BMJ (12th April 2017), Ewan (9th April 2017), Innocent Warrior (9th April 2017), KiwiElf (9th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (9th April 2017), The Freedom Train (18th April 2017), uzn (9th April 2017)

  25. Link to Post #233
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    Quote There was an Australian TV movie, Underground, aired in Australia in 2012.

    Another one, covering the past six years, on the way -



    Quote Published on Apr 9, 2017
    Showtime Documentary Films will release RISK, the latest documentary from Academy Award winner Laura Poitras (CITIZENFOUR). Filmed over six years including through the 2016 presidential election and up to the present moment, RISK takes viewers closer than they have ever been before to Julian Assange and those who surround him. With unprecedented access, Poitras give us the WikiLeaks story from the inside, allowing viewers to understand our current era of massive leaks, headline-grabbing news, and the revolutionary impact of the internet on global politics. RISK is a portrait of power, principles, betrayal, and sacrifice when the stakes could not be any higher. It is a first-person geopolitical thriller told from the perspective of a filmmaker immersed in the worlds of state surveillance and the cypherpunk movement. RISK confirms Poitras' directorial ability to record history as it unfolds on camera, and craft narratives at the highest level. Showtime Networks has partnered with NEON to release RISK theatrically nationwide, with a television premiere on SHOWTIME this summer.
    The snippet where Assange says, "to make it clear, we don't have a problem, you have a problem" is from this clip - https://video.twimg.com/ext_tw_video...QIZtchfPDM.mp4
    Last edited by Innocent Warrior; 11th May 2017 at 23:12. Reason: added link
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  26. The Following 11 Users Say Thank You to Innocent Warrior For This Post:

    avid (10th April 2017), Bill Ryan (10th April 2017), BMJ (12th April 2017), Debra (10th April 2017), Ewan (10th April 2017), Hervé (10th April 2017), KiwiElf (17th April 2017), Nasu (10th April 2017), Reinhard (20th April 2017), sunflower (11th April 2017), The Freedom Train (18th April 2017)

  27. Link to Post #234
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    Democracy Now interviews Julian Assange (Vault 7 also discussed) -

    A New McCarthyism: Julian Assange Accuses Democrats of Blaming Russia & WikiLeaks for Clinton Loss (April 10, 2017)

    As President Trump’s presidency nears its first 100 days, Trump and his campaign are facing multiple investigations over whether the campaign colluded with Russian officials to influence the 2016 presidential election. In a Democracy Now! exclusive, we speak with a man who has been at the center of much discussion of Russian election meddling: Julian Assange, the founder of WikiLeaks.

    Just before the Democratic National Convention last July, WikiLeaks published 20,000 internal emails from the Democratic National Committee. Then, between October 7 and Election Day, WikiLeaks would go on to publish 20,000 of Clinton campaign chair John Podesta’s emails, generating a rash of negative stories about the Clinton campaign. Intelligence agencies have pinned the email hacking on Russians. WikiLeaks maintains Russia was not the source of the documents.

    For more, we speak with Julian Assange from the Ecuadorean Embassy in London.

    Video of interview (skip to 14:20 for Assange) - https://hot.dvlabs.com/democracynow/360/dn2017-0410.mp4

    Source.

    * * *

    Leading US anti-virus maker Symantec states that it has detected CIA infestation in 16 countries--including the US, from Symantec -

    Longhorn: Tools used by cyberespionage group linked to Vault 7

    First evidence linking Vault 7 tools to known cyberattacks.

    Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.

    The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group.

    Who is Longhorn?

    Longhorn has been active since at least 2011. It has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets. Longhorn has infiltrated governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors. All of the organizations targeted would be of interest to a nation-state attacker.

    Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally.

    The link to Vault 7

    A number of documents disclosed by WikiLeaks outline specifications and requirements for malware tools. One document is a development timeline for a piece of malware called Fluxwire, containing a changelog of dates for when new features were incorporated. These dates align closely with the development of one Longhorn tool (Trojan.Corentry) tracked by Symantec. New features in Corentry consistently appeared in samples obtained by Symantec either on the same date listed in the Vault 7 document or several days later, leaving little doubt that Corentry is the malware described in the leaked document.

    Early versions of Corentry seen by Symantec contained a reference to the file path for the Fluxwire program database (PDB) file. The Vault 7 document lists removal of the full path for the PDB as one of the changes implemented in Version 3.5.0.

    Up until 2014, versions of Corentry were compiled using GCC. According to the Vault 7 document, Fluxwire switched to a MSVC compiler for version 3.3.0 on February 25, 2015. This was reflected in samples of Corentry, where a version compiled on February 25, 2015 had used MSVC as a compiler.

    A second Vault 7 document details Fire and Forget, a specification for user-mode injection of a payload by a tool called Archangel. The specification of the payload and the interface used to load it was closely matched in another Longhorn tool called Backdoor.Plexor.

    A third document outlines cryptographic protocols that malware tools should follow. These include the use of inner cryptography within SSL to prevent man-in-the-middle (MITM) attacks, key exchange once per connection, and use of AES with a 32-bit key. These requirements align with the cryptographic practices observed by Symantec in all of the Longhorn tools.

    Other Vault 7 documents outline tradecraft practices to be used, such as use of the Real-time Transport Protocol (RTP) as a means of command and control (C&C) communications, employing wipe-on-use as standard practice, in-memory string de-obfuscation, using a unique deployment-time key for string obfuscation, and the use of secure erase protocols involving renaming and overwriting. Symantec has observed Longhorn tools following all of these practices. While other malware families are known to use some of these practices, the fact that so many of them are followed by Longhorn makes it noteworthy.

    Global reach: Longhorn’s operations

    While active since at least 2011, with some evidence of activity dating back as far as 2007, Longhorn first came to Symantec’s attention in 2014 with the use of a zero-day exploit (CVE-2014-4148) embedded in a Word document to infect a target with Plexor.

    The malware had all the hallmarks of a sophisticated cyberespionage group. Aside from access to zero-day exploits, the group had preconfigured Plexor with a proxy address specific to the organization, indicating that they had prior knowledge of the target environment.

    To date, Symantec has found evidence of Longhorn activities against 40 targets spread across 16 different countries. Symantec has seen Longhorn use four different malware tools against its targets: Corentry, Plexor, Backdoor.Trojan.LH1, and Backdoor.Trojan.LH2.

    Before deploying malware to a target, the Longhorn group will preconfigure it with what appears to be target-specific code words and distinct C&C domains and IP addresses for communications back to the attackers. Longhorn tools have embedded capitalized code words, internally referenced as “groupid” and “siteid”, which may be used to identify campaigns and victims. Over 40 of these identifiers have been observed, and typically follow the theme of movies, characters, food, or music. One example was a nod to the band The Police, with the code words REDLIGHT and ROXANNE used.

    Longhorn’s malware has an extensive list of commands for remote control of the infected computer. Most of the malware can also be customized with additional plugins and modules, some of which have been observed by Symantec.

    Longhorn’s malware appears to be specifically built for espionage-type operations, with detailed system fingerprinting, discovery, and exfiltration capabilities. The malware uses a high degree of operational security, communicating externally at only select times, with upload limits on exfiltrated data, and randomization of communication intervals—all attempts to stay under the radar during intrusions.

    For C&C servers, Longhorn typically configures a specific domain and IP address combination per target. The domains appear to be registered by the attackers; however they use privacy services to hide their real identity. The IP addresses are typically owned by legitimate companies offering virtual private server (VPS) or webhosting services. The malware communicates with C&C servers over HTTPS using a custom underlying cryptographic protocol to protect communications from identification.

    Prior to the Vault 7 leak, Symantec’s assessment of Longhorn was that it was a well-resourced organization which was involved in intelligence gathering operations. This assessment was based on its global range of targets and access to a range of comprehensively developed malware and zero-day exploits. The group appeared to work a standard Monday to Friday working week, based on timestamps and domain name registration dates, behavior which is consistent with state-sponsored groups.

    Symantec’s analysis uncovered a number of indicators that Longhorn was from an English-speaking, North American country. The acronym MTWRFSU (Monday Tuesday Wednesday ThuRsday Friday Saturday SUnday) was used to configure which day of the week malware would communicate with the attackers. This acronym is common in academic calendars in North America. Some of the code words found in the malware, such as SCOOBYSNACK, would be most familiar in North America. In addition to this, the compilation times of tools with reliable timestamps indicate a time zone in the Americas.

    Distinctive fingerprints

    Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide. Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault 7.

    Throughout its investigation of Longhorn, Symantec’s priority has been protection of its customers. Through identifying different strains of Longhorn malware, connecting them to a single actor, and learning more about the group’s tactics and procedures, Symantec has been able to better defend customer organizations against this and similar threats. In publishing this new information, Symantec’s goal remains unchanged: to reassure customers that it is aware of this threat and actively working to protect them from it.

    Protection

    Symantec and Norton products protect against Longhorn malware with the following detections:

    Backdoor.Plexor
    Trojan.Corentry
    Backdoor.Trojan.LH1
    Backdoor.Trojan.LH2

    Source (with links and table showing Corentry version numbers and compilation dates compared to Fluxwire version numbers and changelog dates disclosed in Vault 7).

    * * *

    CIA attacks against finance, telecoms, energy and aerospace detected in Europe, Asia & U.S. as a result of Vault 7, from Ars Technica -

    Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA (April 10, 2017)

    WikiLeaks dump identical to operation that has been hacking governments since 2011.

    Malware that WikiLeaks purports belongs to the Central Intelligence Agency has been definitively tied to an advanced hacking operation that has been penetrating governments and private industries around the world for years, researchers from security firm Symantec say.

    Longhorn, as Symantec dubs the group, has infected governments and companies in the financial, telecommunications, energy, and aerospace industries since at least 2011 and possibly as early as 2007. The group has compromised 40 targets in at least 16 countries across the Middle East, Europe, Asia, Africa, and on one occasion, in the US, although that was probably a mistake.

    Uncanny resemblance

    Malware used by Longhorn bears an uncanny resemblance to tools and methods described in the Vault7 documents. Near-identical matches are found in cryptographic protocols, source-code compiler changes, and techniques for concealing malicious traffic flowing out of infected networks. Symantec, which has been tracking Longhorn since 2014, didn't positively link the group to the CIA, but it has concluded that the malware Longhorn used over a span of years is included in the Vault7 cache of secret hacking manuals that WikiLeaks says belonged to the CIA. Virtually no one is disputing WikiLeaks' contention that the documents belong to the US agency.

    "Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide," Symantec researchers wrote in a blog post published Monday. "Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault7."

    Exhibit A in Symantec's case are Vault7 documents describing malware called Fluxwire. The changelog tracking differences from one version to the next match within one to a few days the changes Symantec found in a Longhorn trojan known as Corentry. Early versions of Corentry also show that its developers used the same program database file location specified in the Fluxwire documentation. A change in Fluxwire version 3.5.0 that removes the database file path also matches changes Symantec tracked in Corentry. Up until 2014, Corentry source code was compiled using the GNU Compiler Collection. Then on February 25, 2015, it started using the Microsoft Visual C++ compiler. The progression matches changes described in Vault7 documentation.

    Yet more similarities are found in a Vault7 malware module loader called Archangel and a specification for installing those modules known as Fire and Forget. The specification and modules described match almost perfectly with a Longhorn backdoor that Symantec calls Plexor.

    Another Vault7 document prescribes the use of inner cryptography within communications already encrypted using the secure sockets layer protocol, performing key exchanges once per connection, and the use of the Advanced Encryption Standard with a 32-bit key. Still other Vault7 documents outline the use of the real-time transport protocol to conceal data sent to command-and-control servers and a variety of similar "tradecraft practices" to keep infections covert. While malware from other groups uses similar techniques, few use exactly the same ones described in the Vault7 documents.

    See source to read more (with links).

    * * *

    Tweets from Snowden on Shadow Brokers' NSA leak (click on quoted tweets to open for more info) -

    https://twitter.com/Snowden/status/851130375741075456
    https://twitter.com/Snowden/status/851128375397810176
    https://twitter.com/Snowden/status/851122119442403329
    https://twitter.com/Snowden/status/851121195147767808
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  28. The Following 11 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (10th April 2017), BMJ (12th April 2017), Clear Light (10th April 2017), Ewan (10th April 2017), Hervé (10th April 2017), KiwiElf (17th April 2017), Nasu (10th April 2017), Paul (11th April 2017), Reinhard (20th April 2017), sunflower (11th April 2017), The Freedom Train (18th April 2017)

  29. Link to Post #235
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    RELEASE - Hive


    Full statement on Hive from WikiLeaks -

    Vault 7: Projects

    Hive

    14 April, 2017

    Today, April 14th 2017, WikiLeaks publishes six documents from the CIA's HIVE project created by its "Embedded Development Branch" (EDB).

    HIVE is a back-end infrastructure malware with a public-facing HTTPS interface which is used by CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets. HIVE is used across multiple malware implants and CIA operations. The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.

    Anti-Virus companies and forensic experts have noticed that some possible state-actor malware used such kind of back-end infrastructure by analyzing the communication behaviour of these specific implants, but were unable to attribute the back-end (and therefore the implant itself) to operations run by the CIA. In a recent blog post by Symantec, that was able to attribute the "Longhorn" activities to the CIA based on the Vault 7, such back-end infrastructure is described:

    For C&C servers, Longhorn typically configures a specific domain and IP address combination per target. The domains appear to be registered by the attackers; however they use privacy services to hide their real identity. The IP addresses are typically owned by legitimate companies offering virtual private server (VPS) or webhosting services. The malware communicates with C&C servers over HTTPS using a custom underlying cryptographic protocol to protect communications from identification.

    The documents from this publication might further enable anti-malware researchers and forensic experts to analyse this kind of communication between malware implants and back-end servers used in previous illegal activities.

    Documents Directory HERE.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  30. The Following 6 Users Say Thank You to Innocent Warrior For This Post:

    Bill Ryan (15th April 2017), Ewan (14th April 2017), Hervé (14th April 2017), KiwiElf (17th April 2017), Reinhard (20th April 2017), The Freedom Train (18th April 2017)

  31. Link to Post #236
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    From The Washington Post, opinion by Julian Assange -

    Julian Assange: WikiLeaks has the same mission as The Post and the Times (April 11, 2017)

    On his last night in office, President Dwight D. Eisenhower delivered a powerful farewell speech to the nation — words so important that he’d spent a year and a half preparing them. “Ike” famously warned the nation to “guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.”

    Much of Eisenhower’s speech could form part of the mission statement of WikiLeaks today. We publish truths regarding overreaches and abuses conducted in secret by the powerful.

    Our most recent disclosures describe the CIA’s multibillion-dollar cyberwarfare program, in which the agency created dangerous cyberweapons, targeted private companies’ consumer products and then lost control of its cyber-arsenal. Our source(s) said they hoped to initiate a principled public debate about the “security, creation, use, proliferation and democratic control of cyberweapons.”

    The truths we publish are inconvenient for those who seek to avoid one of the magnificent hallmarks of American life — public debate. Governments assert that WikiLeaks’ reporting harms security. Some claim that publishing facts about military and national security malfeasance is a greater problem than the malfeasance itself. Yet, as Eisenhower emphasized, “Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.”

    Quite simply, our motive is identical to that claimed by the New York Times and The Post — to publish newsworthy content. Consistent with the U.S. Constitution, we publish material that we can confirm to be true irrespective of whether sources came by that truth legally or have the right to release it to the media. And we strive to mitigate legitimate concerns, for example by using redaction to protect the identities of at-risk intelligence agents.

    Dean Baquet, executive editor of the New York Times, defended publication of our “stolen” material last year: “I get the argument that the standards should be different if the stuff is stolen and that should influence the decision. But in the end, I think that we have an obligation to report what we can about important people and important events.” David Lauter, Washington bureau chief of the Los Angeles Times, made a similar argument: “My default position is democracy works best when voters have as much information as possible . . . And that information often comes from rival campaigns, from old enemies, from all sorts of people who have motives that you might look at and say, ‘that’s unsavory.’ ”

    The media has a long history of speaking truth to power with purloined or leaked material — Jack Anderson’s reporting on the CIA’s enlistment of the Mafia to kill Fidel Castro; the Providence Journal-Bulletin’s release of President Richard Nixon’s stolen tax returns; the New York Times’ publication of the stolen “Pentagon Papers”; and The Post’s tenacious reporting of Watergate leaks, to name a few. I hope historians place WikiLeaks’ publications in this pantheon. Yet there are widespread calls to prosecute me.

    President Thomas Jefferson had a modest proposal to improve the press: “Perhaps an editor might begin a reformation in some such way as this. Divide his paper into 4 chapters, heading the 1st, ‘Truths.’ 2nd, ‘Probabilities.’ 3rd, ‘Possibilities.’ 4th, ‘Lies.’ The first chapter would be very short, as it would contain little more than authentic papers, and information.” Jefferson’s concept of publishing “truths” using “authentic papers” presaged WikiLeaks.

    People who don’t like the tune often blame the piano player. Large public segments are agitated by the result of the U.S. presidential election, by public dissemination of the CIA’s dangerous incompetence or by evidence of dirty tricks undertaken by senior officials in a political party. But as Jefferson foresaw, “the agitation [a free press] produces must be submitted to. It is necessary, to keep the waters pure.”

    Vested interests deflect from the facts that WikiLeaks publishes by demonizing its brave staff and me. We are mischaracterized as America-hating servants to hostile foreign powers. But in fact I harbor an overwhelming admiration for both America and the idea of America. WikiLeaks’ sole interest is expressing constitutionally protected truths, which I remain convinced is the cornerstone of the United States’ remarkable liberty, success and greatness.

    I have given up years of my own liberty for the risks we have taken at WikiLeaks to bring truth to the public. I take some solace in this: Joseph Pulitzer, namesake of journalism’s award for excellence, was indicted in 1909 for publishing allegedly libelous information about President Theodore Roosevelt and the financier J.P. Morgan in the Panama Canal corruption scandal. It was the truth that set him free.

    Source (with links).

    CIA Dir Pompeo claims "Assange has no 1st Amendment freedoms" after Washington Post Opinion Editorial -

    CIA chief knocks Assange, but deems Wikileaks 'intelligence agency' (April 13, 2017)



    Quote CIA Director Mike Pompeo tore into Julian Assange, the founder of whistleblowing website Wikileaks, while simultaneously calling the project aimed at government transparency one of a few "non-state intelligence agencies." Without specifying what other agencies the director was referring to, Pompeo made it clear that he regards Assange as dangerous to the US as any other terrorist organization.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  32. The Following 10 Users Say Thank You to Innocent Warrior For This Post:

    avid (15th April 2017), Bill Ryan (15th April 2017), Ewan (14th April 2017), Hervé (14th April 2017), JRS (16th April 2017), KiwiElf (17th April 2017), Reinhard (20th April 2017), Ron Mauer Sr (14th April 2017), sunflower (14th April 2017), The Freedom Train (18th April 2017)

  33. Link to Post #237
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,765
    Thanks
    60,315
    Thanked 95,326 times in 15,478 posts

    Default Re: Vault 7

    Hackers expose NSA financial spying arsenal, global banking system potentially at risk

    RT
    Fri, 14 Apr 2017 22:08 UTC


    © Monika Skolimowska / Global Look Press

    Hacking group Shadow Brokers has released a data dump allegedly stolen from the NSA detailing the agency's ability to hack international banks, including the SWIFT network, via Windows PCs and servers used for global financial transfers.

    The group's latest release, dubbed 'Lost in Translation,' lists Qatar First Investment Bank, Dubai Gold and Commodities Exchange and Tadhamon International Islamic Bank as allegedly compromised.

    It's now feared that one of the world's most secure methods of making payment orders has been irrevocably compromised with the NSA's sophisticated arsenal of hacking tools now freely available online.

    This latest leak of US government agency cyber weapons comes just one month after revelations that the CIA had also lost its own array of cyber weaponry on the dark web.

    SWIFT is used by banks in the transfer trillions of dollars each day. It boasts 11,000 banking and securities organizations in 200 countries across the world as members of its community.

    The financial institutions are listed in the documents with a note beside each saying, "box has been implanted and we are collecting" - jargon used by the NSA to indicate spyware has been successfully implanted on a computer, reports Wired.

    IP addresses listed alongside the institutions do not correspond to machines at the institutions, according to security researcher Matt Suiche.

    Instead the IP addresses are listed to machines at EastNets, the largest SWIFT Bureau in the Middle East, managing payments for financial clients.

    "This is the equivalent of hacking all the banks in the region without having to hack them individually," Suiche said.

    In a tweet, EastNets claimed there was no credibility to claims their machines were compromised.

    Quote
    No credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau... https://t.co/LUYUBwg7k0
    — EastNets (@EastNets) April 14, 2017
    However, NSA whistleblower Edward Snowden took to Twitter to call EastNets' bluff.

    Quote
    Edward Snowden‏Verified account @Snowden

    Edward Snowden Retweeted Kevin Beaumont
    This. Their systems were inarguably and very seriously hacked.
    Edward Snowden added,
    Kevin BeaumontVerified account @GossiTheDog
    Replying to @GossiTheDog
    Members of press, please challenge EastNet statements rather than simply reprinting. They're demonstrably untrue.
    12:31 PM - 14 Apr 2017
    In addition, he stated that any and all financial services systems that operate Windows are vulnerable to attack, as the NSA's hacking arsenal is now widely available and relatively easy to use for anyone with the requisite skill set.

    Quote
    Edward Snowden‏Verified account @Snowden

    Edward Snowden Retweeted Hacker Fantastic
    This is not a drill: #NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft.
    Edward Snowden added,
    Hacker Fantastic @hackerfantastic
    This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.
    11:19 AM - 14 Apr 2017
    In a statement to Wired, Microsoft said, "We are reviewing the report and will take the necessary actions to protect our customers."

    Last week, the Shadow Brokers protested Donald Trump's involvement in Syria when they released a password that unlocked a trove of NSA exploits. The release was accompanied by the message "Don't forget your base."

    In a blog post, the Shadow Brokers said the latest leak may not be their last, saying "Maybe if all surviving WWIII theshadowbrokers be seeing you next week. Who knows what we having next time?"
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  34. The Following 10 Users Say Thank You to Hervé For This Post:

    avid (15th April 2017), bennycog (18th April 2017), Bill Ryan (15th April 2017), Ewan (15th April 2017), Flash (17th April 2017), Innocent Warrior (18th April 2017), JRS (16th April 2017), KiwiElf (17th April 2017), Reinhard (20th April 2017), The Freedom Train (18th April 2017)

  35. Link to Post #238
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,765
    Thanks
    60,315
    Thanked 95,326 times in 15,478 posts

    Default Re: Vault 7

    Shadow Brokers leak: Links NSA with US-Israeli Stuxnet malware that targeted Iran's nuclear program

    RT
    Mon, 17 Apr 2017 17:26 UTC


    © Computerworld

    Malicious computer malware that caused substantial damage to Iran's nuclear program may be the work of the NSA, researchers burrowing into the latest leak from hacking group Shadow Brokers have discovered within the computer data. A tool found in Friday's leak matched one used by the notorious Stuxnet malware.

    First detected in 2010, Stuxnet is believed to be the joint work of the US and Israel; a claim that Edward Snowden backed up in a 2013 interview but which has never been acknowledged by either government. Designed to target industrial control systems used in infrastructure facilities, Stuxnet modifies data on controller software affecting their automated processes.

    Computer code found in last week's leak from Shadow Brokers, alleged to have been stolen from the NSA, was also found to match that used in Stuxnet. Officials, who spoke under anonymity to The Washington Post, said in 2012 that the worm, developed under George W. Bush's administration and continued under Barack Obama's, was designed to damage Iran's nuclear capabilities. When it infected Iran's nuclear facility in Natanz, it reportedly destroyed a fifth of their centrifuges after causing them to spin out of control, all the while relaying readings back to technicians at the plant that operations were normal.

    "There is a strong connection between Stuxnet and the Shadow Brokers dump," Symantec researcher Liam O'Murchu told Motherboard. "But not enough to definitively prove a connection." A definite link will be almost impossible to prove as Stuxnet's script was later copied and used in an open-source hacking toolkit, allowing it to be replicated numerous times online.

    However, O'Murchu said the script found in Friday's leak was last compiled on September 9, 2010 - three months after Stuxnet was first identified and shortly before it was added to the hacking toolkit. Also contained in the leak was ASCII art of a medal with the words "Won the gold medal!!!" above it. Stuxnet was reportedly given the codename "Olympic Games."

    Quote


    Hacker Fantastic‏ @hackerfantastic Apr 14

    ETERNALCHAMP - YOU HAVE WON A GOLD MEDAL! operation olympic games anyone? #0day hacks XP, 2003, Vista, 2008, 7 and Win8. pic.twitter.com/2IxQUnW79t
    Security architect Kevin Beaumont tweeted the results of an antivirus program check on the Shadow Brokers' exploits leaked on Friday, which returned that it had detected Stuxnet.

    The latest evidence against the NSA was contained in Friday's leak from Shadow Brokers, which also detailed hacks aimed at Windows PCs and the SWIFT network, used to process payment orders.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  36. The Following 10 Users Say Thank You to Hervé For This Post:

    bennycog (18th April 2017), Bill Ryan (17th April 2017), Clear Light (17th April 2017), Ewan (18th April 2017), Flash (17th April 2017), Foxie Loxie (17th April 2017), Innocent Warrior (18th April 2017), KiwiElf (17th April 2017), Reinhard (20th April 2017), The Freedom Train (18th April 2017)

  37. Link to Post #239
    UK Avalon Member Clear Light's Avatar
    Join Date
    8th September 2015
    Age
    50
    Posts
    972
    Thanks
    1,776
    Thanked 5,150 times in 917 posts

    Default Re: Vault 7

    Quote Posted by Hervé (here)
    Shadow Brokers leak: Links NSA with US-Israeli Stuxnet malware that targeted Iran's nuclear program

    RT
    Mon, 17 Apr 2017 17:26 UTC


    © Computerworld

    [snip]

    Stuxnet was reportedly given the codename "Olympic Games."

    [snip]
    Ah, as is mentioned many times in the film Zero Days (2016) :

    Quote A documentary thriller about the world of cyberwar. For the first time, the film tells the complete story of Stuxnet, a piece of self-replicating computer malware (known as a "worm" for its ability to burrow from computer to computer on its own) that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. This is the most comprehensive accounting to date of how a clandestine mission hatched by two allies with clashing agendas opened forever the Pandora's Box of cyberwarfare.
    And it just so happens, if you're interested, that you can download a copy of Zero Days here (via WeTransfer, for seven days only)

  38. The Following 6 Users Say Thank You to Clear Light For This Post:

    Ewan (18th April 2017), Franny (18th April 2017), Hervé (18th April 2017), Innocent Warrior (18th April 2017), Reinhard (20th April 2017), The Freedom Train (18th April 2017)

  39. Link to Post #240
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,437
    Thanks
    24,093
    Thanked 25,119 times in 3,119 posts

    Default Re: Vault 7

    WikiLeaks statement responding to CIA Director Mike Pompeo -



    Source.

    * * *

    From The Intercept -

    Trump’s CIA Director Pompeo, Targeting WikiLeaks, Explicitly Threatens Speech and Press Freedoms (April 14, 2017)

    IN FEBRUARY, after Donald Trump tweeted that the U.S. media were the “enemy of the people,” the targets of his insult exploded with indignation, devoting wall-to-wall media coverage to what they depicted as a grave assault on press freedoms more befitting of a tyranny. By stark and disturbing contrast, the media reaction yesterday was far more muted, even welcoming, when Trump’s CIA Director, Michael Pompeo, actually and explicitly vowed to target freedoms of speech and press in a blistering, threatening speech he delivered to the D.C. think tank Center for Strategic and International Studies.

    What made Pompeo’s overt threats of repression so palatable to many was that they were not directed at CNN, the New York Times or other beloved-in-D.C. outlets, but rather at WikiLeaks, more marginalized publishers of information, and various leakers and whistleblowers, including Chelsea Manning and Edward Snowden.

    Trump’s CIA Director stood up in public and explicitly threatened to target free speech rights and press freedoms, and it was almost impossible to find even a single U.S. mainstream journalist expressing objections or alarm, because the targets Pompeo chose in this instance are ones they dislike – much the way that many are willing to overlook or even sanction free speech repression if the targeted ideas or speakers are sufficiently unpopular.

    Decreeing (with no evidence) that WikiLeaks is “a non-state hostile intelligence service often abetted by state actors like Russia” a belief that has become gospel in establishment Democratic Party circles – Pompeo proclaimed that “we have to recognize that we can no longer allow Assange and his colleagues the latitude to use free speech values against us.” He also argued that while WikiLeaks “pretended that America’s First Amendment freedoms shield them from justice,” but: “they may have believed that, but they are wrong.”

    He then issued this remarkable threat: “To give them the space to crush us with misappropriated secrets is a perversion of what our great Constitution stands for. It ends now.” At no point did Pompeo specify what steps the CIA intended to take to ensure that the “space” to publish secrets “ends now.”



    BEFORE DELVING INTO the chilling implications of the CIA Director’s threats, let’s take note of an incredibly revealing irony in what he said. This episode is worth examining because it perfectly illustrates the core fraud of U.S. propaganda.

    In vilifying WikiLeaks, Pompeo pronounced himself “quite confident that had Assange been around in the 1930s and 40s and 50s, he would have found himself on the wrong side of history.” His rationale: “Assange and his ilk make common cause with dictators today.”

    But the Mike Pompeo who accused Assange of “making common cause with dictators” is the very same Mike Pompeo who – just eight weeks ago – placed one of the CIA’s most cherished awards in the hands of one of the world’s most savage tyrants, who also happens to be one of the U.S. Government’s closest allies. Pompeo traveled to Riyadh and literally embraced and honored the Saudi royal next-in-line to the throne.

    This nauseating event – widely covered by the international press yet almost entirely ignored by the U.S. media – was celebrated by the Saudi-owned outlet Al Arabiya: “The Saudi Crown Prince Mohammed bin Nayef bin Abdulaziz al-Saud, Deputy Prime Minister and Minister of Interior, received a medal on Friday from the CIA . . . . The medal, named after George Tenet, was handed to him by CIA Director Micheal Pompeo after the Crown Prince received him in Riyadh on Friday in the presence of Deputy Crown Prince Mohammad bin Salman al-Saud, Deputy Prime Minister and Minister of Defense.”



    See source to read more (with links).

    * * *

    From the Washington Examiner -

    Roger Stone: CIA Director Mike Pompeo should resign after ripping WikiLeaks (April 15, 2017)

    Roger Stone said on Friday that CIA Director Mike Pompeo should resign after he delivered a speech this week rebuking WikiLeaks.

    During that address Thursday in Washington, D.C., Pompeo said: "It's time to call out WikiLeaks for what it really is, a non-state hostile intelligence service often abetted by state actors like Russia."

    When asked to react to that speech in a Newsmax TV interview, Stone said there is no convincing evidence to support this assertion. "The bureaucrats and career CIA are spinning a B.S. narrative," he said.

    "Mr. Pompeo is so dumb that he is buying," added Stone before calling for Pompeo's departure. "This really raises questions about his qualifications and his ability to do the job."

    See source to read more.

    * * *

    U.S. Libertarian candidate: CIA chief Pompeo treats American people as enemies



    Source.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  40. The Following 3 Users Say Thank You to Innocent Warrior For This Post:

    Ewan (19th April 2017), Hervé (18th April 2017), Reinhard (20th April 2017)

+ Reply to Thread
Page 12 of 18 FirstFirst 1 2 12 18 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts