Vault 7

[Innocent Warrior]

From The Washington Post -

Julian Assange: The CIA director is waging war on truth-tellers like WikiLeaks By Julian Assange (April 25, 2017)

* * *

From New York City's Free Speech Radio WBAI -

Free Assange, Episode 2

http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3 …

wbai.org

* * *

NSA lost control of its cyber weapons & hid their incompetence leading to tens of thousands of sites hacked already, from LifeZette -

Shadow Brokers Leak Shows NSA Inadvertently Arms Hackers (April 25, 2017)

[sheme]

If Mr Trump sacrafices the Whistle Blowers He will lose credibility with the thinking citizens of the World, the very fact that he cannot see how much the whistle blowers have helped educate the free world and got him into the position he is in dismays me- he would instantly become "one of the Cabal" in many peoples eyes.

[Hervé]

#Vault7: WikiLeaks reveals CIA 'Scribbles' tool can track whistleblowers and foreign spies

RT
Fri, 28 Apr 2017 12:37 UTC

© Valentin Wolf / Global Look Press

A user manual describing a CIA project known as 'Scribbles' has been published by WikiLeaks, exposing the potential for the spying agency to track when documents are leaked by whistleblowers or "Foreign Intelligence Officers."

Released as part of the whistleblowing organization's 'Vault 7' series, the project is purportedly designed to allow the embedding of 'web beacon' tags into documents "likely to be stolen," according to a press release from WikiLeaks.

Dr Martin McHugh, Information Technology Programme chair at Dublin Institute of Technology, said web beacons can be used for "bad as well as good."

"Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge," he told RT.com.

"Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon."

WikiLeaks says 'Scribbles' uses similar technology, which suggests the CIA would have been able to see when sensitive documents are accessed by third parties, including when they're accessed by potential whistleblowers.

WikiLeaks‏Verified account @wikileaks

RELEASE: Full source code to the CIA's anti-leak document watermarking system "Scribbles" #Vault7 #CIA https://wikileaks.org/vault7/document/Scribbles/ …

4:25 AM - 28 Apr 2017

WikiLeaks notes that the latest iteration of the tool is dated March 1, 2016 - indicating it was used up until at least last year - and was seemingly meant to remain classified until 2066.

The 'Scribbles' User Guide explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document.

Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.

The tool was successfully tested on Microsoft Office versions 1997-2016 and documents that are not locked forms, encrypted, or password protected.

WikiLeaks‏Verified account @wikileaks

CIA's first rule of stopping the next Manning/Snowden - don't leave CIA document tracking software on suspected source's computer

3:56 AM - 28 Apr 2017
16 replies 674 retweets 809 likes

The guide notes that the program has a number of flaws.

Significantly, the watermarks were tested only with Microsoft Office applications so if the "targeted end-user" opened them with an alternative application, such as OpenOffice, they may be able to see the watermarks and URLs, potentially exposing the fact that the document is being tracked.

The tool also sometimes generates errors for temporary reasons, like when the Microsoft Office applications do not properly "clean up their resources." To rectify this the guide advises users to close all Office applications and then run Scribbles again with the same input parameters.

[Innocent Warrior]

Vault 7: Projects

RELEASE - Scribbles

Full statement on Scribbles from WikiLeaks -

28 April, 2017

Today, April 28th 2017, WikiLeaks publishes the documentation and source code for CIA's "Scribbles" project, a document-watermarking preprocessing system to embed "Web beacon"-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and classified SECRET//ORCON/NOFORN until 2066.

Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that "[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary."

According to the documentation, "the Scribbles document watermarking tool has been successfully tested on [...] Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected". But this limitation to Microsoft Office documents seems to create problems: "If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them."

Security researches and forensic experts will find more detailed information on how watermarks are applied to documents in the source code, which is included in this publication as a zipped archive.

Documents Directory HERE.

[Innocent Warrior]

Going off topic this post to support these documentaries -

The New Radical - Free One-Time Screening -

From Canadian Academy

Not attending #HotDocs17 tomorrow? See this FREE #documentary on Freedom Of Speech instead! #TheNewRadical #Assange
http://buff.ly/2pDJtaj

* * *

TRAILER: New film on the Armenian Genocide with Julian Assange, George Clooney & more- https://www.facebook.com/Architectso...type=2&theater

Genocide DENIED…is Genocide CONTINUED
Architects of Denial is a first person account of genocide through the eyes of its survivors.
We need YOUR help to spread the word

Armenian genocide search on WikiLeaks - https://search.wikileaks.org/?q=armenian+genocide

[Innocent Warrior]

Ron Paul Liberty Report - Julian Assange Speaks Out: The War On The Truth (April 27,2017)

“The CIA has been deeply humiliated as a result of our ongoing publications so this is a preemptive move by the CIA to try and discredit our publications and create a new category for Wikileaks and other national security reporters to strip them of First Amendment protections.”

Source: https://youtube.com/watch?v=QwkrtpXp-wg

Wikileaks Founder and Editor-in-Chief Julian Assange joins the Liberty Report to discuss the latest push by the Trump Administration to bring charges against him and his organization for publishing US Government documents. How will they get around the First Amendment and the Espionage Act? The US government and the mainstream media -- some of which gladly publish Wikileaks documents -- are pushing to demonize Assange in the court of public opinion.

[Innocent Warrior]

From The Future of Freedom Foundation -

CIA DIRECTOR POMPEO DOESN’T UNDERSTAND THE FIRST AMENDMENT By Jacob G Hornberger (April 27, 2017)

You would think that by the time a person becomes the Director of the CIA, he would have a correct understanding of the Constitution, which is the founding document of the federal government, which the CIA is part of. This should be especially true when the CIA Director is a former member of Congress, a graduate of West Point, and the holder of a law degree from Harvard.

Embarrassingly, such is not the case with CIA Director and former U.S. Congressman Mike Pompeo. In a speech delivered at the Center for Strategic and International Studies in Washington, D.C., Pompeo demonstrated a woeful lack of understanding of the Constitution and the Bill of Rights, specifically the First Amendment.

Referring to his belief that WikiLeaks official Julian Assange, who is a citizen of Australia, should be indicted and prosecuted by the U.S. government for revealing secrets of the U.S. national-security establishment, Pompeo stated:

Julian Assange has no First Amendment freedoms. He’s sitting in an Embassy in London. He’s not a US citizen.

That is quite an amazing statement. It’s also a misleading and fallacious one.

What Pompeo obviously doesn’t get is that no one, including American citizens, has First Amendment freedoms. There’s a simple reason for that: Freedoms don’t come from the First Amendment. Or to put it another way, the First Amendment doesn’t give anyone, including Americans, any freedoms at all.

People’s freedoms also don’t come from the Constitution. They don’t come from the federal government. They don’t come from the troops, the CIA, or the NSA either.

Freedom comes from nature and from God. Even if the Constitution had never been approved by the American people — that is, even if the federal government had never been called into existence — people would still have their fundamental, natural,God-given rights. That’s because freedom and other natural, God-given rights preexist government and, therefore, exist independently of government.

Thomas Jefferson makes this point clear in the Declaration of Independence when he points out that people are endowed with unalienable rights by nature and God, not by government or by some document that calls government into existence.

There is something else that is important to note here: As Jefferson points out, everyone, not just American citizens, is endowed with these natural, God-given rights, including life, freedom, and the pursuit of happiness. That includes people who are citizens of other countries. Citizenship has nothing to do rights that are vested in everyone by nature and God.

At the risk of belaboring the obvious, that includes Julian Assange. His freedom does not come from the Constitution or the First Amendment or by the Australian government. His freedom comes from the same source that your freedom and my freedom come from — from nature and from God.

So, what is the purpose of government? Jefferson makes it clear: Government’s job is to protect the exercise of natural or God-given rights, including liberty.

What about the First Amendment? If its purpose is not to give people rights, including freedom, what is its purpose?

The purpose of the First Amendment, in part, is to protect the preexisting, natural, God-given freedom of people to publish whatever they want, including the dark, illegal, illicit, immoral, and evil secrets of the federal government, including such dark-side, totalitarian-like nefarious activities as assassination, murder, disappearances, coups, torture, abuse, partnerships with dictators, rendition, kidnapping, illegal surveillance, rendition, destruction of incriminatory evidence, illegal invasions and wars of aggression, and secret prison facilities.

That’s what Pompeo and others of his ilk just don’t get: The purpose of the First Amendment and the rest of the Bill of Rights is to protect people from federal officials like him — officials who are hell-bent on destroying our lives, freedom, and prosperity, and well-being, all in the name of “keeping us safe” or protecting “national security.”

Our ancestors were wise people. They knew that the federal government would inevitably attract people like Pompeo. That’s why the Constitution brought into existence a government of extremely limited powers rather than a general power that would enable federal officials like Pompeo to just do the “right” thing.

That’s also why the Constitution didn’t empower the federal government to have a CIA, NSA, and standing army. Our ancestors knew that a national-security establishment would inevitably end up destroying people’s freedom in the name of “keeping them safe” and that it would inevitably try to punish people for publicizing and opposing its destruction of liberty.

That’s why our ancestors demanded the enactment of the First Amendment and the rest of the Bill of Rights as a condition for approving the Constitution. They wanted to protect people’s fundamental rights and liberties from federal officials like Pompeo, who they knew would be the biggest threats to people’s fundamental, natural, God-given rights and freedoms.

Source.

[Innocent Warrior]

From RT -

CIA’s anti-leaking tool leaked as ‘whistleblowers watch the watchers’ (April 29, 2017)



Can systems like the CIA’s Scribbles, which has been revealed by WikiLeaks, deter whistleblowers? Do these leaks mean the US agency is going to invest more money in its security? How effectively is the agency functioning?

Former MI5 intelligence officer Annie Machon and retired US Army Colonel Ann Wright, who is also a retired US State Department official, shared their views on these and other questions with RT.

On Friday, WikiLeaks released a series of documentations on a US Central Intelligence Agency (CIA) project known as ‘Scribbles,’ which was allegedly created to allow ‘web beacon’ tags to be embedded “into documents that are likely to be copied.”

WikiLeaks began publishing a huge cache of secret documents on the CIA named ‘Vault 7’ in March.

RT: Do systems like this deter whistleblowers? And, is it true that these watermarking systems are limited to Microsoft Office documents?

Annie Machon: I’d be certainly alarmed if the CIA was only reliant on Microsoft in this day and age, but anyway. No, it is not a surprise. In fact, ironically, there was a document drawn up by the American intelligence agencies written in 2008 about how to tackle what was perceived to be an insider threat, as they called it, potential future whistleblowers. This was ironically leaked to WikiLeaks in 2010, so it came into a wider world. The knowledge has been there for many, many years to those both from the inside and those who watch from the outside that, actually, they do take whistleblowing and leaking very seriously. They are trying to take steps to try and stop it. The interesting thing about these CIA documents at the moment is that they date from between 2013 and 2016. So, whoever leaked this cache of documents that is appearing in WikiLeaks ‘Vault 7’ was probably well aware that these documents were indeed watermarked digitally, and they managed to evade that system anyway, because they successfully leaked these documents to WikiLeaks. So, who is watching watchers? Well, the whistleblowers are.

RT: Apparently, the CIA’s system didn’t come cheap. Is this a sign that a lot more money is going to be going into trying to plug those holes in future to stop whistleblowers, to plug those leaks?

AM: Probably, yes. The CIA, I think, has a budget of over $600 million a year, anyway, to develop its electronic snooping capabilities, which, actually, I thought, that’s what the NSA was supposed to be doing, not the CIA. They are supposed to be running human operatives around the world to gather preemptive intelligence about terrorist attacks, not trying to stifle whistleblowing. Yes, they seem to be getting more and more money to do this, and it seems to be a war on whistleblowers.

US govt using terrorism as rationale to undercut citizens’ privacy

Due to the leaks, US citizens are finding out that their government has been doing things that they try to rationalize by laws after the fact using the words “terrorism” and “state security” as justification, said retired United States Army Colonel Ann Wright.

RT: A CIA program to trace leaks has been leaked. What does this say about the effectiveness of the program?

Ann Wright: It sounds like the ability to keep classified information, particularly that information that really does undercut, in my opinion, the true national security of the US, which was really based on our constitution, that we do have a right to privacy, that the government should not be looking into every aspect of our daily life. We’re now finding out because of leaks that our own government has been doing things that they try to rationalize by laws after the fact. What they are doing is undercutting the privacy of people and using the name of ‘terrorism’ and ‘state security’ as the rationale. But it is not a good enough rationale for me, because looks like they are sneaking and peeking into everybody’s private life – not necessarily having anything to do with national security.

RT: WikiLeaks is continuing to leak details about the CIA’s spying tools. What does this say about how the agency is functioning at the moment?

AW: It shows that the agency itself is developing programs to have more invasions of our privacy, and it shows that some workers in the Federal government totally disagree with it. They, probably behind the scenes, have argued vigorously against these things on the basis of the constitutionality of them, the legality of them. They are being overruled by their political bosses, who go ahead and say: “We’re going to do this to the American public, or the public of the world, no matter what.” And it doesn’t have anything to do with national security.

RT: President Donald Trump and other senior US officials have repeatedly said that they are at war with whistleblowers. How much progress are they making?

AW: Certainly, the Obama administration was at war with whistleblowers, because President Obama and his administration prosecuted more people for being whistleblowers, for leaking information, or telling about programs that the public really needed to know about. These people were willing to take the consequences of what happened to them because they felt it was in the public good that the American people knew what its government was doing to us. I think the Trump administration is going to have the same challenge that the American people really want to know. We certainly are concerned about our national security, but what we’re seeing is that the US government has been using that canard to eavesdrop and spy on everyone.

Source (with interview videos).

* * *

DOJ News Conference on Threats to WikiLeaks’ Julian Assange by Attorney General Jeff Sessions (April 28, 2017)

Source: https://youtube.com/watch?v=hsARwU_VkHg

CIA Director Mike Pompeo recently called WikiLeaks a “hostile intelligence service.” Attorney General Jeff Sessions stated that Julian Assange’s arrest is a “priority” of the Trump administration. In response, numerous individuals — with differing perspectives on WikiLeaks — warn of a growing threat to press freedom.
Today at the Justice Department 2 former government officials addressed U.S. government policy toward WikiLeaks and whistleblowers:
* Ann Wright is a retired U.S. Army Reserve colonel, and a 29-year veteran of the Army and Army Reserves. As a U.S. diplomat, Wright served in Nicaragua, Grenada, Somalia, Uzbekistan, Krygyzstan, Sierra Leone, Micronesia and Mongolia and helped re-open the U.S. embassy in Afghanistan in 2001. In March of 2003, she resigned in protest over the invasion of Iraq. She is co-author of Dissent: Voices of Conscience.
* Ray McGovern, a former Army officer and CIA analyst who prepared the President’s Daily Brief (under the Nixon, Ford, and Reagan administrations), is co-founder of Sam Adams Associates for Integrity (see: samadamsaward.ch), which gave Julian Assange its annual award in 2010. Sam Adams Associates strongly opposes any attempt to deny Julian Assange the protections that are his as a journalist.
Contact at ExposeFacts (a project of the Institute for Public Accuracy):
Sam Husseini, (202) 347-0020, sam [at] accuracy dot org.

[Hervé]

Wikileaks Publishes Secret CIA Tools That Attacked Computers Inside Offices

Sputnik
World 13:23 05.05.2017
(updated 15:04 05.05.2017)

© Photo: Pixabay

WikiLeaks published on May 5 "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA.

This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session, the recent leak discovered.

WikiLeaks‏Verified account @wikileaks

Release today of CIA 'Archimedes' malware documentation includes hashes which can be used for virus detection https://wikileaks.org/vault7/document/Archimedes-1_3-Addendum/page-8 …

3:18 AM - 5 May 2017

​On March 7, WikiLeaks began publishing what it said was a large archive of classified CIA-related files. The first part of the release shed light on hacking techniques developed and employed by the agency, including programs targeting all major computer operating systems.

© AFP 2017/ SAUL LOEB

According to the website, a large archive comprising various viruses, malware, software vulnerability hacks and relevant documentation, was uncovered by US government hackers, which is how WikiLeaks gained access to some of the data from the trove. The "Year Zero" batch was followed by the "Dark Matter" released on Match 23. The third batch called "Marble" was released on March 31. The "Grasshopper" batch revealing a platform for building malware was released on April 4. The HIVE batch revealing top secret CIA virus control system was released on April 14.

The first batch of Wikileaks' CIA revelations shed light on a technology allowing to turn on a Samsung smart TV set's audio recording capabilities remotely which had been designed by the CIA and the UK Security Service MI5.

In March 2016, WikiLeaks published over 8,700 classified CIA documents that revealed the agency's hoarding hacking technologies and listed major operating system vulnerabilities.

On April 21, WikiLeaks presented a user guide for CIA's "Weeping Angel" tool, a surveillance program using Samsung smart TV sets.


Related:
Vault 7: Why WikiLeaks' Exposure May Do Damage to Ordinary Users

[Hervé]

WikiLeaks Reveals "Archimedes": Malware Used To Hack Local Area Networks

by Tyler Durden
May 5, 2017 8:55 AM

In its seventh CIA leak since March 23rd, WikiLeaks has just revealed the user manual of a CIA hacking tool known as ‘Archimedes’ which is purportedly used to attack computers inside a Local Area Network (LAN). The CIA tool works by redirecting a target's webpage search to a CIA server which serves up a webpage that looks exactly like the original page they were expecting to be served, but which contains malware. It’s only possible to detect the attack by examining the page source. Per WikiLeaks:

Today, May 5th 2017, WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

WikiLeaks‏Verified account @wikileaks

RELEASE: CIA '#Archimedes' system for exfiltration and browser hijacking. Includes manuals and binary signatures. https://wikileaks.org/vault7/releases/#Archimedes …

2:22 AM - 5 May 2017

The RT provided more details:

The Archimedes tool enables traffic from one computer inside the LAN to be redirected through a computer infected with this malware and controlled by the CIA, according to WikiLeaks.

The technique is used to redirect the target’s computer web browser to an exploitation server while appearing as a normal browsing session, the whistleblowing site said. In this way, the hackers gain an entry point that allows them access to other machines on that network.

The tool's user guide, which is dated December 2012, explains that it’s used to re-direct traffic in a Local Area network (LAN) from a "target's computer through an attacker controlled computer before it is passed to the gateway.”

This allows it to insert a false web-server response that redirects the target's web browser to a server that will exploit their system all the while appearing as if it’s a normal browsing session.

Archimedes is an update to a tool called ‘Fulcrum’ and it offers several improvements on the previous system, including providing a method of "gracefully shutting down the tool on demand.”

WikiLeaks‏Verified account @wikileaks

How is US government malware developed? WikiLeaks' release today of the CIA's 'Fulcrum' malware shows how https://wikileaks.org/vault7/document/Fulcrum-SRS-v0_6/page-7/#pagination …

3:34 AM - 5 May 2017

[Innocent Warrior]

Vault 7: Projects

RELEASE - Archimedes

Full statement on Archimedes from WikiLeaks -

5 May, 2017

Today, May 5th 2017, WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

Documents Directory HERE.

* * *

From The New American -

WikiLeaks Exposes CIA's "Archimedes" Hacking Weapon (May 6, 2017)

The latest release from WikiLeaks on the CIA’s hacking program — published Friday — reveals a tool CIA hackers use to attack a computer that is part of a Local Area Network (LAN). LANs are usually used to tie all of the computers in an office into a single network for the purposes of sharing resources including those used for security. This newly revealed CIA tool — codenamed Archimedes — turns the strength of a LAN against itself by leveraging any compromised computers against all others on the network.

As the WikiLeaks press release explains:

Today, May 5th 2017, WikiLeaks publishes "Archimedes," a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

Archimedes dates back to at least June 2011 when it was known as Fulcrum and was already in version 0.6. The most up-to-date version of the cyberweapon listed in WikiLeaks’ Wednesday publication was Archimedes 1.3 dated January 13, 2014. Like many of the other hacking tools exposed in previous publications, it is not know whether Archimedes is still being developed or used.

Archimedes works as a weapon for launching a man-in-the-middle attack. It essentially allows a CIA-controlled computer (the man in the middle) to park itself between two computers and intercept all communications between them.

In a typical man-in-the-middle attack, computer A sends a data packet (which could be anything from a file to an e-mail to a VoIP telephone call) to computer B. The man-in-the-middle intercepts the data packet and relays it on to computer B, keeping a copy of the data packet in the process. The process is repeated for all packets back and forth. It is possible — even fairly common — for the packets (especially software downloads) to be altered or replaced by a man in the middle. When that happens, the file a user thinks he downloaded is easily replace by a download that is corrupted, allowing even further disintegration of security and privacy in the form of greater attacks.

Archimedes has a weakness, though. It is unable to launch a full, two-way man-in-the-middle attack. As the manual for Fulcrum/Archimedes — which is part of the WikiLeaks publication — explains:

ARP Spoofing is a technique used on a LAN to allow an attacker’s machine to intercept data frames from peer machines that were intended for other destinations. This places the attacker’s machine in the middle of any traffic from the target’s machine to any other destination and is known more commonly as the man­in­the­middle. ARP Spoofing compromises the targets machine’s translation of IPv4 addresses into MAC addresses by sending spoofed ARP packets which associate the attacker’s MAC address with IP address of another host (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead.

Fulcrum uses ARP spoofing to get in the middle of the target machine and the default gateway on the LAN so that it can monitor all traffic leaving the target machine. It is important to note that Fulcrum only establishes itself in the middle on one side of the two­way communication channel between the target machine and the default gateway. Once Fulcrum is in the middle, it forwards all requests from the target machine to the real gateway.

So, Archimedes is designed as a cyber-espionage tool and does not appear to be able to be used for cyber-sabotage, though the CIA may have other tools for accomplishing that.

See source to read more (including links).

* * *

New York City's WBAI radio show, "Free Assange", Episode 3.

http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3

wbai.org

More: Justice For Assange

[Innocent Warrior]

Posted by Rachel (here)

Source: https://youtube.com/watch?v=1teM525rVlc

Perspective With Laura Poitras' re-cut 'Risk,' a director controversially changes her mind about Julian Assange (May 6, 2017)

* * *

From CRN -

Cisco Patches WikiLeaks Security Vulnerability Affecting Hundreds Of Devices (May 10, 2017)

Cisco has patched a critical flaw in its IOS software that affected more than 300 models of routers and switches that was discovered after WikiLeaks exposed CIA documents.

"We've spoken to a few customers about it, a few enterprise clients, and thankfully it didn't any disrupt business for us," said one top executive from a solution provider and Cisco Gold partner who did not wished to be named. "I'm glad to know they fixed the issue. … Their devices will always be a big target for attackers because Cisco is everywhere."

Cisco disclosed March 17 that it had discovered hundreds of Cisco devices were vulnerable after WikiLeaks made public a set of CIA documents referred to as the "Vault 7 leak." The security flaw stemmed from its IOS software that runs on hundreds of switches that could allow attackers to remotely executive malicious code and take control of the affected device.

Cisco's Catalyst switching models were affected most, including many of the 2960, 3560 and 3750 series as well as Cisco's IE 2000 and 4000 Industrial Ethernet switching series.

"It put some of our Catalyst customers at risk," said the Cisco Gold partner executive. "Anytime they hear about a security vulnerability, it gets their attention and we get a call."

"We've had to address a few security [vulnerabilities] regarding IOS over the years, but Cisco has been pretty quick with letting us know about them and what we should do," the partner said.

When partners were made aware of the security flaws in March, Cisco did not have any fixes or workarounds available at the time. However, the San Jose, Calif.-based networking giant said disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the vulnerability.

Cisco said an attacker could exploit the vulnerability by sending malformed Cluster Management Protocol (CMP)-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

Cisco Monday said it had released software updates that address the vulnerability, urging customers to install the fixed versions of the IOS.

Cisco's security business is the vendor's fastest-growing market segment.

Source (with links).

* * *

New York City's WBAI radio show, Julian Assange: Countdown to Freedom, Episode 4.

http://nuarchive.wbai.org/mp3/wbai_1...andyCrelof.mp3

wbai.org

More: Justice For Assange

[Bill Ryan]

Posted by Rachel (here)
Perspective With Laura Poitras' re-cut 'Risk,' a director controversially changes her mind about Julian Assange (May 6, 2017)

That's pretty disappointing. In summary, I'd say that his personality (whatever it might be) is 100% irrelevant here. It's what he's doing that counts.

I've not yet seen the film, of course, but for her to change her focus to look more on what she thinks his personality might be is surely just cheap, tabloid entertainment. What's needed (and the only thing that's important) is an analysis of the difference he might be making in the world.

[Innocent Warrior]

Posted by Bill Ryan (here)
That's pretty disappointing. In summary, I'd say that his personality (whatever it might be) is 100% irrelevant here. It's what he's doing that counts.

I've not yet seen the film, of course, but for her to change her focus to look more on what she thinks his personality might be is surely just cheap, tabloid entertainment. What's needed (and the only thing that's important) is an analysis of the difference he might be making in the world.

Completely agree and unfortunately it may prove to be a bit of blow to WikiLeaks. It's also caused me to become suspicious of Poitras, the manner in which she went about this was shifty. Piotras changed it shortly after the Cannes showing because after six years of knowing Assange she decided she didn't like his manner but, as far as I can see, she didn't bother to inform Assange of the changes (or the media), allowing him to promote the film to WikiLeaks supporters in the meantime.

[turiya]

Perhaps... just perhaps, she's been 'persuaded' to take an opposing position. The Deep State has its ways of making an offer that one can't refuse...

[Innocent Warrior]

I haven't seen Risk and don't intend to now but a comparison between earlier articles on the film and recent articles illustrates the dramatic shift in the tone of the film. As an example, here are two articles published by The Hollywood Reporter -

'Risk': Cannes Review (May 19, 2016)

Oscars: Julian Assange Doc Becomes Clear Frontrunner (April 30, 2017)

Huge contrast. From the article linked in post #272 (emphasis mine) -

But the biggest switch is the addition of Poitras' voice, via periodic readings from her production journal from the shoot, raising doubts about Assange. What had been a favorable portrait with no commentary is now a less favorable portrait with amplified skeptical commentary.

“I didn’t trust him,” is the gist of some of these voice-overs. Not only do we see Assange in a far less flattering light than we did in the previous version of "Risk," but we learn that Poitras didn’t have such fuzzy feelings toward him all along.

Either Poitras wasn't being honest in her initial portrayal of Assange with the Cannes version or she was and her voice overs from her production journal have been made up for the new version. Or, the production notes are real and Poitras has shifted from focussing more on the more important, less personal aspects of Assange, to more on who Assange is as a person, when she suddenly decided it was important to insert herself into the film as a distrusting observer, after she decided she didn't like his manner. Whatever it is and whatever the reason, Poitras has demonstrated she can't be trusted.

* * *

From The Washington Post (opinion column) -

I saw Laura Poitras’s Julian Assange movie 10 days ago. I’m still struggling with it. By Alyssa Rosenberg (May 8, 2017)

This column discusses the revelations of the movie “Risk” in detail.

“This is not the film I thought I was making. I thought I could ignore the contradictions,” Laura Poitras wrote in her production journal while filming the movie that became “Risk.” “I thought they weren’t part of the story. I was so wrong. They are the story.”

The strong temptation when faced with a set of contradictions, especially ones that involve a figure of global importance such as Julian Assange, the subject of “Risk,” is to resolve them. What’s admirable and interesting and hugely discomfiting about “Risk” is that Poitras doesn’t do so; she even extends the scope of the film’s moral dilemmas to include herself.

Poitras filmed “Risk” over a period of years, starting shortly after WikiLeaks received a trove of government documents from Bradley (now Chelsea) Manning and began to redact and release them, and continuing through Assange’s ongoing confinement in the Ecuadoran Embassy in London. This is the same period in which two Swedish women accused Assange of sexual assault, triggering the investigation that ultimately led him to seek sanctuary in the embassy, and a debate that hugely complicated not simply Assange’s reputation, but also that of the organization he founded.

The fact that the statute of limitations has expired on the charges of sexual molestation and unlawful coercion Swedish prosecutors considered bringing against him means that the charges cannot be resolved in court. A third charge, one known as “lesser-degree rape” in the Swedish judicial system, expires in 2020. Without verdicts of guilty or not guilty to rely on, observers must make their own conclusions, guided by their own algorithms, about whether they believe Assange or his accusers. And from there, they’ll have to weigh whatever decision they make against whatever esteem they have for WikiLeaks.

Poitras is there as Assange processes these developments: She films him speaking dismissively with two women who are trying to help him frame a response to the allegations that won’t make him seem anti-feminist; hanging out in the forest with a WikiLeaks lawyer to talk strategy; dyeing his hair and putting in colored contacts to diminish the chance that he’ll be recognized on his way to the embassy. What she offers viewers is an intense dose of Assange’s personality, not new information about the allegations. Poitras is interested in looking at the man, and at his transition from a sprawling English country house surrounded by beautiful woods to the claustrophobic confines of the embassy, not in acting as a substitute for the justice system.

(This quality to the film also makes the grousing of WikiLeaks lawyer Melinda Taylor that “I have no truck with this trite one-note argument that if you are a woman, you either obviously disapprove of Julian and by extension WikiLeaks (kudos, your feminist credentials remain intact), or you must be a slavish minion, who is controlled by him,” based on a description of a film she has not seen, seem particularly off-base.)

Throughout the film, Poitras struggles with higher-level questions of trust. “It’s a mystery why he trusts me because I don’t think he likes me,” she notes in one excerpt of her production journal. Later, she declines to do a favor for Assange because she has decided that she doesn’t trust him. And late in the film, she reveals information that forces us to ask why we should trust her (if in fact we do). Poitras explains that she was briefly involved with the journalist, hacker and advocate Jacob Appelbaum*, whom she filmed confronting telecommunications experts in Cairo during the Arab Spring, and who has also been accused of sexual misconduct. And she says that one of the people who said they experienced that mistreatment is one of her friends.

As with the allegations against Assange, Poitras doesn’t try to adjudicate the allegations against Appelbaum, which he denies. She also doesn’t try to make an argument one way or another about how we should feel about her in light of this information.

I’m writing this column a week after seeing “Risk,” and I don’t know the answer to that question, either. Is the revelation supposed to change the way I feel about the footage of Appelbaum in Egypt? Should I interpret this disclosure as a blanket statement of belief in women who come forward with sexual assault allegations? Do I trust Poitras less for getting involved with one of her subjects, or more for her transparency? Do I see Poitras primarily as a journalist or an artist or something in between, and depending on which one I choose, how should this revelation make me feel about her work? I do know that I think she’s neither a woman who automatically disapproves of Assange without knowing much about him, nor a slavish minion.

Maybe a different filmmaker could have provided more confident answers to these questions, arguing that Assange and Appelbaum are guilty or innocent, noble or self-aggrandizing, that on net, WikiLeaks is a force for good or evil. But I don’t think most people are just one thing, and given WikiLeaks’ influence on the most recent presidential election — really, given the ongoing global reverberations of the group’s disclosures — points are still being scored in multiple columns on that larger question. A more anti-Assange filmmaker wouldn’t have gotten the access that made “Risk” possible. A more pro-Assange documentarian wouldn’t have captured the queasiness of the evolving story.

I suspect I’ll be struggling with “Risk” for a very long time. Until I reach my conclusions, and if I never do, I’m trying to accept the discomfort I feel with the movie as the point.

Source.

[Hervé]

WikiLeaks #Vault7: 'CIA malware plants Gremlins' on Microsoft machines

RT
Fri, 12 May 2017 12:00 UTC

A screenshot contained in the leak shows evidence of a Dell machine being used by a user named 'Justin.'

WikiLeaks has released the latest installment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed 'AfterMidnight' and 'Assassin' which it says target the Microsoft Windows platform.

The latest release consists of five documents detailing the two frameworks. 'AfterMidnight' allows operators to load and execute malware on a target machine, according to a statement from WikiLeaks.

The malware, disguised as a self-persisting dynamic-link library (DLL), unique to Microsoft, executes 'Gremlins' - small payloads which run hidden on the machine subverting the functionality of software as well as surveying the target and exfiltration of data. A payload named 'AlphaGremlin' allows operators to schedule customs tasks to be executed on the machine.

Colm McGlinchey‏ @ColmMcGlinchey

'AfterMidnight' operation, detailed in latest @wikileaks #Vault7 release https://wikileaks.org/vault7/#AfterMidnight …

2:24 AM - 12 May 2017

Once installed 'AfterMidnight' uses a HTTPS listening port to check for any scheduled events. Local storage related to 'AfterMidnight' is encrypted with a key not stored on the target machine, according to a user guide provided in the leak.

According to the leak, 'Assassin' is a similar type of malware to 'AfterMidnight'. The tool's user guide describes it as "an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system."

The tool purportedly allows operators to perform specific tasks on an infected computer, periodically sending intercepted information to listening posts. It is made up of four subsystems: 'Implant', 'Builder', 'Command and Control', and 'Listening Post'.

The 'Implant' provides the core logic and functionality of the tool on a target computer. The way it's set up determines much of how the tool will behave on the target computer.

The 'Builder' arranges the Implant and 'Deployment Executables' before deployment, while the 'Command and Control' subsystem acts as an interface between the operator and the 'Listening Post.'

The 'Listening Post' allows the 'Implant' to communicate with the subsystem through a web server.

Details of the document's author are revealed in instructional screenshots of their desktop which appear in the 'AlphaGremlin' user guide. The screenshots also show a shortcut to Pidgin, an encrypted chat program, along with a folder named 'Drone.'


Related:
#Vault7: Key revelations from WikiLeaks’ release of CIA hacking tools

[Innocent Warrior]

Vault 7: Projects

RELEASE - AfterMidnight

Full statement on AfterMidnight from WikiLeaks -

12 May, 2017

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.

"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus". Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target..

Documents Directory HERE.

[Innocent Warrior]

Vault 7: Projects

RELEASE - Athena

Full statement on Athena from WikiLeaks -

19 May, 2017

Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

In an email from HackingTeam (published by WikiLeaks here), Jason Syversen, founder of Siege Technologies with a background in cryptography and hacking, "... said he set out to create the equivalent of the military’s so-called probability of kill metric, a statistical analysis of whether an attack is likely to succeed. 'I feel more comfortable working on electronic warfare,' he said. 'It’s a little different than bombs and nuclear weapons -- that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.'"

Documents Directory HERE.

[Hervé]

#Vault7 ‘Athena’: CIA’s anti-Windows malware ‘better than bombing things’


RT
Published time: 19 May, 2017 11:25
Get short URL


'Athena' is the latest in the #Vault7 series.

The latest in WikiLeaks’ series of #Vault7 leaks was released Friday detailing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems.

‘Athena’ is the latest codename for the release which consists of five documents.

In the user guide, the operating systems which can be targeted are: Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32-bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.

Once installed on a target computer, Athena will use a listening post to receive beacons from the operator, allowing it to signal and trigger additional malware payloads undetected on the target computer.

Colm McGlinchey‏ @ColmMcGlinchey 9h9 hours ago

#Athena operation in latest #Vault7 #WikiLeaks release pic.twitter.com/xT9IRIMlqP

Athena “hijacks” the DNSCACHE, a temporary database maintained by the operating system to record internet traffic on the computer, to hide its presence, according to a document contained in the leak.

The command module for Athena will only load during a signal, before being destroyed when completed.

The CIA cooperated with the private cybersecurity firm Siege Technologies to develop the Athena malware.

"I feel more comfortable working on electronic warfare… It’s a little different than bombs and nuclear weapons -- that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody," Jason Syversen, the founder of Siege Technologies, wrote in an email.

The release is the latest in WikiLeaks series of leaks, allegedly from the CIA, known as #Vault7. Previous releases showed hacking techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.

RT‏Verified account @RT_com May 12

#Vault7: WikiLeaks outlines ‘CIA malware’ targeting #Microsoft Windows https://on.rt.com/8bfv pic.twitter.com/vxSycLhdkP