Steve Pieczenik - where are you?

He's here - Conservative Triad Attacked! (http://stevepieczenik.com/conservative-triad-attacked/), largely in agreement with you.


* * *


I'm posting this video as an example of what WikiLeaks refers to as the deep state...

xiAQXfX0Bcg

Going a little off topic but this testimony is compelling and I'm sold, wow. If he's who this site (https://ragnarokherald.com/2017/04/22/mega-breaking-whistleblower-testimony/) says he is, then wow again. This was posted 11 hours ago and, as far as I can see, the original video without english subtitles has only been out for a month (according to the video on what looks like Bernard's website).

Deeper, deep state...

Ronald Bernard Luciferian Banking Testimony (https://vimeo.com/214341041) (April 22, 2017)

For anyone interested, full PDF, scanned copy, dated 1934 - THE PROTOCOLS OF ZION (https://www.portalestoria.net/IMAGES%20313/protocols%20-%20en.pdf)

WikiLeaks Vault 7 part VI: Weeping Angel is listening... (April 21, 2017)

https://steemitimages.com/0x0/https://steemitimages.com/DQmSm8rTvM9PxEAcpNugoVebEgVqT8vS1BpaP3Rj6H1cXhe/image.png

Today WikiLeaks released another set of Vault 7 documents, this time on "Weeping Angel" - an implant designed for Samsung F Series Smart Televisions. This would be the second major CIA tool which notably references the British television show, Dr. Who, alongside "Sonic Screwdriver" in Dark Matter.

The tools in Weeping Angel allow the CIA to record audio from the built-in microphones of these TVs in addition to exfiltrating and storing data on their memory. Weeping Angel was derived from yet another tool called "Extending" which was originally developed by the British intelligence agency, MI5.

The classification marks of the User Guide, namely "UK EYES ONLY", hint that is was originally written by the MI5/BTSS and later shared with the CIA. Both agencies collaborated on the further development of the malware and coordinated their work in Joint Development Workshops.

This article will break down Weeping Angel bit by bit, but the original documents from WikiLeaks can be found here.

Other parts to this series include:

Part I: The CIA and NyanCat: The hackers and tools of Vault 7's "Year Zero"
Part II: "Dark Matter" - All your Macintosh are belong to CIA
Part III: Marble Framework - The CIA's cloaking device for hackers
Part IV: Grasshopper and more research challenges!
Part V: HIVE, Longhorn and the CIA's reign of cyberterror

Extending

As mentioned earlier the entirety of Weeping Angel was based on British spyware known as Extending. Extending is configured on a Linux PC, and then deployed onto the TV using a USB stick. Audio files can then be extracted using a USB stick or setting up a Wi-Fi hotspot with-in range of the TV. It is also possible to listen to audio exfiltration live, using the Live Listen Tool, designed for use on a Windows OS. The implant can be uninstalled by inserting a USB stick into the TV or configuring a Death Date.

Essentially the operative must have "close access" to the TV system itself in order to physically load the malware. Afterwards, however, audio and data exfiltration can be accessed remotely. One particularly unnerving feature of Extending was its ability to "fake-off record":


EXTENDING will continue to record audio, even whilst the TV appears to be off. This is achieved by intercepting the command for the TV to switch-off and turning off the TV screen, leaving the processor running.

Methods of detection and weaknesses

Documentation for Extending includes several "known issues" and bugs which make the operation of Extending apparent to the target or hinder Extending's functions:

Microphone Sharing

The current implant cannot share the microphone with other applications. Therefore if Voice Recognition is turned on, or if an application such as Skype is started, our application will close its access to the microphone. When the other application stops using the microphone again, EXTENDING will start recording again. In future releases of the implant we will be able to record from the microphone simultaneously with other applications.

Fake-off – TV Communications

When the TV is in Fake-off mode the processor functionality has not been limited. Practically, this means that the TV will still flash the LEDs on USB drives when they are inserted and continue to send packets on the network. Many Smart TVs do this as part of their functionality; however Samsung TVs do not normally. As an improvement for the next release of the implant we hope to reduce the processor functionality when the implant enters Fake-off mode. This will involve just recording from the TV, and only connecting to the SSIDs set in the implant Settings file.

Fake-off – LED

When the TV is in Fake-off mode the “Samsung” LED at the front and centre of the TV remains on.

Wi-Fi Interference

The EXTENDING implant will interrupt a user’s use of the wireless card on the TV. If a target is
connected to their home wireless network, then EXTENDING will break this connection when it detects the presence of the SSID it wishes to connect to.

audioRecordingMode=0

When operating in audioRecordingMode=0 (not recording any audio) the implant will stop running when fake-off mode is entered. The source of this problem has been located and will be fixed in the next release.

Lag before application starts

The implant is started by the TV when the TV powers on. It can take up to 30 seconds from the user turning the TV on for EXTENDING to start running. As the exploit relies on being started by the TV then there is no way to avoid this.

A Side-effect of this is that if the user turns the TV on and then off quickly and before EXTENDING has started up, then the TV does not enter Fake-off mode. The next time the TV is turned on, the implant will still start as normal, however we will have missed a period of Fake-off recording.

Smart HUB setup

To install our application the Smart HUB needs to be setup and the license agreements accepted. It is only possible to do this with an internet connection.

Smart HUB Storage Available

When on the Smart Hub “More Apps” page the available storage space is shown in the bottom right hand corner. If the implant is configured to record audio to the “mtd_rwcommon” folder area, then this storage will appear fuller as the implant records audio. However it is impossible to discover what is using this storage without exploiting the TV to gain command line access. Limiting the “storageFoldermaxStorage” setting has reduced the potential impact of this.

Source (https://steemit.com/wikileaks/@rebelskum/wikileaks-vault-7-part-vi-weeping-angel) (with links, including links to other parts of his Vault 7 series).

I wonder if installing a power switch between the TV and power outlet, when turned off, can defeat the ability of the TV recording room conversations and sending them to unknown locations using the internet.
35197

I wonder if installing a power switch between the TV and power outlet, when turned off, can defeat the ability of the TV recording room conversations and sending them to unknown locations using the internet.
35197

We have switches on our power outlets so I was confused at first, until I remembered you don't have switches on your outlets. It needs to be switched on, so yeah that would work.

Until you got a switch, after you've been using it and turned it off, you could turn it back on and turn it back off after a couple of seconds and, due to the lag, EXTENDING wouldn't have time to start running and they don't have any way around that.

You'd still have the problem of when the TV is on, if you can use it all as normal with voice recognition on then that would deal with it but they're fixing that weakness.

That's all short of taking it back to the shop if you saw the LED still on when it was in fake off mode and getting your money back because it's 'broken'. That way you make it Samsung's best interest to make sure the CIA doesn't 'break' their products.

I wouldn't be at all surprised to find that some of those huge TVs even have rechargable battery cells on the circuit board inside them that can run low power activities for a day or two even when isolated from the mains. If the signal transmission is done over wifi it could still be sending something unless the whole wifi hub is off.

I know nothing about TV so take that as a very non expert view.

I wouldn't be at all surprised to find that some of those huge TVs even have rechargable battery cells on the circuit board inside them that can run low power activities for a day or two even when isolated from the mains. If the signal transmission is done over wifi it could still be sending something unless the whole wifi hub is off.

I know nothing about TV so take that as a very non expert view.

Yeah, I thought of that too, that or they're still using power for the processor while in off mode, however, Samsung TVs typically don't (see the "Fake-off – TV Communications" section) and considering they achieve fake off mode by intercepting the command for the TV to turn off and just turn off the TV screen to leave the processor running, and they lose recording time when Extended doesn't have time to start running, I figure that's not an issue with the Samsung TVs.

I'm no expert either though.

Heads up: Leaders from the Five Eyes intelligence network to meet in New Zealand - may be related... (in fact, they are here now).

Revealed: The 'very, very important' people coming to NZ

Isaac Davison
Isaac Davison is a NZ Herald political reporter.
3:56 PM Thursday Apr 20, 2017

The highly secretive meeting being held in Queenstown this weekend is a gathering of intelligence and security agencies related to the Five Eyes spying network, the Herald understands.

Among the people believed to be attending are Federal Bureau of Investigation (FBI) director James Comey and Central Intelligence Agency (CIA) director Mike Pompeo.

It is understood about 15 agencies which carry out intelligence for Five Eyes - the spying partnership of the United States, Australia, Canada, the United Kingdom and New Zealand - are attending the conference.

In a statement released yesterday, a spokesman for Prime Minister Bill English confirmed a number of senior officials were coming for a conference hosted by the Government, but would not reveal what the conference was.

"Due to specific security requirements we cannot comment further at this time. However, as police have pointed out they are not aware of a visit to Queenstown by a current or former head of state."

Speculation about the visit was sparked after the Otago Daily Times reported a "very, very important person" was set to arrive in the region and strong security measures were underway in preparation.

The ODT said it was understood the operation would continue for about a week with golf featuring on the itinerary...


More at links...

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11842034

http://www.stuff.co.nz/national/91689421/Several-VIPs-jetting-in-this-weekend-PMs-office

http://www.washingtonexaminer.com/cia-fbi-directors-heading-to-secret-spy-alliance-meeting-in-new-zealand-report/article/2620837

http://www.newshub.co.nz/home/politics/2017/04/world-s-top-spies-meet-in-queenstown.html

..that moron Pompeo as the new head of the CIA.

A moron and insane. I liked it better when I just thought they were liars.

According to Duane Clarridge (chief of CIA's Latin American division 1981-1987), their national security interests give them the right to do what they do to other countries, to protect themselves, because they end up protecting all of us, and "let's not forget that". O_o

"We'll intervene whenever we decide it's in our national security interest to intervene, and if you don't like it, lump it, get used to it, world."

njQHp5vNXQ0


The ODT said it was understood the operation would continue for about a week with golf featuring on the itinerary...

Wanna borrow some roos?.

http://i.imgur.com/sTjZepT.gif

Absolutely psychopatic comments from the ex-CIA chief in South America. You want to see psychopathy in action, there it is. And we know all too well that he national interest have to do with US corporate interest in Chile in this case, not anything that would threaten the US as such other than economic greed.

As for no more than 200 death Under Pinochet, this shows us how psychopath justify their interventions, their stance. Little death for our interests to prosper. We do understand what is happening in Syria with such comments: nobody cares if few children have been gazed and died, in fact, and mostly not the CIA, it is obvious here. When they say they attack because children were gazed, they are lying, there is other objectives and the children are used for those. And they blind themselves to the truth and reality of others lifes.

Alone, by myself, with the tiny minuscule group of Chileans I knew in the eighties, there were more than 200 of their family members who had died or disapeared. And I knew about nobody. This CIA chief is flatly lying. It has to be in the tens of thousands.




..that moron Pompeo as the new head of the CIA.

A moron and insane. I liked it better when I just thought they were liars.

According to Duane Clarridge (chief of CIA's Latin American division 1981-1987), their national security interests give them the right to do what they do to other countries, to protect themselves, because they end up protecting all of us, and "let's not forget that". O_o

"We'll intervene whenever we decide it's in our national security interest to intervene, and if you don't like it, lump it, get used to it, world."

njQHp5vNXQ0


The ODT said it was understood the operation would continue for about a week with golf featuring on the itinerary...

Wanna borrow some roos?.

http://i.imgur.com/sTjZepT.gif

Alone, by myself, with the tiny minuscule group of Chileans I knew in the eighties, there were more than 200 of their family members who had died or disapeared. And I knew about nobody. This CIA chief is flatly lying. It has to be in the tens of thousands.

The CIA rationalise their crimes and lie about what they can't rationalise, they can't at all be trusted. Duane Clarridge's attitude is not unique, we can see it being played out all the time.

The following quote is from Global Research's article, The CIA’s “Operation Condor”: Latin America’s Dirty War, Death Squads and The Disappeared (http://www.globalresearch.ca/the-cias-operation-condor-dirty-war-death-squads-and-the-disappeared/5327003).


And so the continental scale covert extermination campaign that was Condor vanished from Latin America leaving an estimated toll of 35,000 people dead (more than 10,000 of them in Argentina) and leaving their grieving families still trying to learn what had happened to their disappeared love ones. And while Condor was proceeding, the rightist military regimes in each of these Latin American countries were carrying out mass murders of citizens that resulted in the deaths and disappearances of an estimated 350,000 people and the imprisonment and torture of hundreds of thousands of others. Millions of people also became exiles and political refugees.

https://pbs.twimg.com/media/C-VaaaHUAAAMkGo.jpg

From The Washington Post -

Julian Assange: The CIA director is waging war on truth-tellers like WikiLeaks (https://www.washingtonpost.com/opinions/julian-assange-the-cia-director-is-waging-war-on-truth-tellers-like-wikileaks/2017/04/25/b8aa5cfc-29c7-11e7-a616-d7c8a68c1a66_story.html?tid=ss_tw&utm_term=.f98ec5282ae4) By Julian Assange (April 25, 2017)

* * *

From New York City's Free Speech Radio WBAI -

Free Assange, Episode 2

http://nuarchive.wbai.org/mp3/wbai_170425_170001randyCrelof.mp3 …

wbai.org (https://www.wbai.org)

* * *

NSA lost control of its cyber weapons & hid their incompetence leading to tens of thousands of sites hacked already, from LifeZette -

Shadow Brokers Leak Shows NSA Inadvertently Arms Hackers (http://www.lifezette.com/polizette/shadow-brokers-leak-shows-nsa-inadvertently-arms-hackers/) (April 25, 2017)

If Mr Trump sacrafices the Whistle Blowers He will lose credibility with the thinking citizens of the World, the very fact that he cannot see how much the whistle blowers have helped educate the free world and got him into the position he is in dismays me- he would instantly become "one of the Cabal" in many peoples eyes.

#Vault7: WikiLeaks reveals CIA 'Scribbles' tool can track whistleblowers and foreign spies (https://www.rt.com/news/386433-wikileaks-cia-scribbles-microsoft-office/)

RT (https://www.rt.com/news/386433-wikileaks-cia-scribbles-microsoft-office/)
Fri, 28 Apr 2017 12:37 UTC


https://www.sott.net/image/s19/392589/large/590316cbc46188ca0a8b45c2.jpg (https://www.sott.net/image/s19/392589/full/590316cbc46188ca0a8b45c2.jpg)
© Valentin Wolf / Global Look Press


A user manual describing a CIA project known as 'Scribbles' has been published by WikiLeaks, exposing the potential for the spying agency to track when documents are leaked by whistleblowers or "Foreign Intelligence Officers."

Released as part of the whistleblowing organization's 'Vault 7' series, the project is purportedly designed to allow the embedding of 'web beacon' tags into documents "likely to be stolen," according (https://wikileaks.org/vault7/#Scribbles) to a press release from WikiLeaks.

Dr Martin McHugh, Information Technology Programme chair at Dublin Institute of Technology, said web beacons can be used for "bad as well as good."

"Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge," he told RT.com.

"Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon."

WikiLeaks says 'Scribbles' uses similar technology, which suggests the CIA would have been able to see when sensitive documents are accessed by third parties, including when they're accessed by potential whistleblowers.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: Full source code to the CIA's anti-leak document watermarking system "Scribbles" #Vault7 (https://twitter.com/hashtag/Vault7?src=hash) #CIA (https://twitter.com/hashtag/CIA?src=hash) https://wikileaks.org/vault7/document/Scribbles/ … (https://t.co/WfSLrFf2ig)


https://pbs.twimg.com/media/C-fwWRYW0AAzft6.jpg

4:25 AM - 28 Apr 2017 WikiLeaks notes that the latest iteration of the tool is dated March 1, 2016 - indicating it was used up until at least last year - and was seemingly meant to remain classified until 2066.

The 'Scribbles' User Guide (https://wikileaks.org/vault7/document/Scribbles_v1_0_RC1-User_Guide/) explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document.

Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.

The tool was successfully tested on Microsoft Office versions 1997-2016 and documents that are not locked forms, encrypted, or password protected.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

CIA's first rule of stopping the next Manning/Snowden - don't leave CIA document tracking software on suspected source's computer


https://pbs.twimg.com/media/C-fpJgIXgAALK-2.jpg

3:56 AM - 28 Apr 2017
16 replies 674 retweets 809 likes The guide notes that the program has a number of flaws.

Significantly, the watermarks were tested only with Microsoft Office applications so if the "targeted end-user" opened them with an alternative application, such as OpenOffice, they may be able to see the watermarks and URLs, potentially exposing the fact that the document is being tracked.

The tool also sometimes generates errors for temporary reasons, like when the Microsoft Office applications do not properly "clean up their resources." To rectify this the guide advises users to close all Office applications and then run Scribbles again with the same input parameters.

Vault 7: Projects

RELEASE - Scribbles


https://wikileaks.org/vault7/logo@400.png

Full statement on Scribbles from WikiLeaks -

28 April, 2017

Today, April 28th 2017, WikiLeaks publishes the documentation and source code for CIA's "Scribbles" project, a document-watermarking preprocessing system to embed "Web beacon"-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and classified SECRET//ORCON/NOFORN until 2066.

Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that "[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary."

According to the documentation, "the Scribbles document watermarking tool has been successfully tested on [...] Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected". But this limitation to Microsoft Office documents seems to create problems: "If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them."

Security researches and forensic experts will find more detailed information on how watermarks are applied to documents in the source code, which is included in this publication as a zipped archive.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

Going off topic this post to support these documentaries -


https://pbs.twimg.com/media/C-b9s2qWsAIB1HM.jpg

The New Radical - Free One-Time Screening -

From Canadian Academy (https://twitter.com/TheCdnAcademy/status/857651728732368896)


Not attending #HotDocs17 tomorrow? See this FREE #documentary on Freedom Of Speech instead! #TheNewRadical #Assange
http://buff.ly/2pDJtaj

* * *


https://scontent-syd2-1.xx.fbcdn.net/v/t1.0-9/18057906_1887006034894546_56168573818887081_n.jpg?oh=b2e1b400d7d8053dd4896fa0c14e4520&oe=598B52C5

TRAILER: New film on the Armenian Genocide with Julian Assange, George Clooney & more- https://www.facebook.com/ArchitectsofDenial/videos/vb.1880832922178524/1885036015091548/?type=2&theater

Genocide DENIED…is Genocide CONTINUED
Architects of Denial is a first person account of genocide through the eyes of its survivors.
We need YOUR help to spread the word

Armenian genocide search on WikiLeaks - https://search.wikileaks.org/?q=armenian+genocide

Ron Paul Liberty Report - Julian Assange Speaks Out: The War On The Truth (April 27,2017)

“The CIA has been deeply humiliated as a result of our ongoing publications so this is a preemptive move by the CIA to try and discredit our publications and create a new category for Wikileaks and other national security reporters to strip them of First Amendment protections.”

QwkrtpXp-wg

Wikileaks Founder and Editor-in-Chief Julian Assange joins the Liberty Report to discuss the latest push by the Trump Administration to bring charges against him and his organization for publishing US Government documents. How will they get around the First Amendment and the Espionage Act? The US government and the mainstream media -- some of which gladly publish Wikileaks documents -- are pushing to demonize Assange in the court of public opinion.

From The Future of Freedom Foundation -

CIA DIRECTOR POMPEO DOESN’T UNDERSTAND THE FIRST AMENDMENT By Jacob G Hornberger (April 27, 2017)

You would think that by the time a person becomes the Director of the CIA, he would have a correct understanding of the Constitution, which is the founding document of the federal government, which the CIA is part of. This should be especially true when the CIA Director is a former member of Congress, a graduate of West Point, and the holder of a law degree from Harvard.

Embarrassingly, such is not the case with CIA Director and former U.S. Congressman Mike Pompeo. In a speech delivered at the Center for Strategic and International Studies in Washington, D.C., Pompeo demonstrated a woeful lack of understanding of the Constitution and the Bill of Rights, specifically the First Amendment.

Referring to his belief that WikiLeaks official Julian Assange, who is a citizen of Australia, should be indicted and prosecuted by the U.S. government for revealing secrets of the U.S. national-security establishment, Pompeo stated:


Julian Assange has no First Amendment freedoms. He’s sitting in an Embassy in London. He’s not a US citizen.

That is quite an amazing statement. It’s also a misleading and fallacious one.

What Pompeo obviously doesn’t get is that no one, including American citizens, has First Amendment freedoms. There’s a simple reason for that: Freedoms don’t come from the First Amendment. Or to put it another way, the First Amendment doesn’t give anyone, including Americans, any freedoms at all.

People’s freedoms also don’t come from the Constitution. They don’t come from the federal government. They don’t come from the troops, the CIA, or the NSA either.

Freedom comes from nature and from God. Even if the Constitution had never been approved by the American people — that is, even if the federal government had never been called into existence — people would still have their fundamental, natural,God-given rights. That’s because freedom and other natural, God-given rights preexist government and, therefore, exist independently of government.

Thomas Jefferson makes this point clear in the Declaration of Independence when he points out that people are endowed with unalienable rights by nature and God, not by government or by some document that calls government into existence.

There is something else that is important to note here: As Jefferson points out, everyone, not just American citizens, is endowed with these natural, God-given rights, including life, freedom, and the pursuit of happiness. That includes people who are citizens of other countries. Citizenship has nothing to do rights that are vested in everyone by nature and God.

At the risk of belaboring the obvious, that includes Julian Assange. His freedom does not come from the Constitution or the First Amendment or by the Australian government. His freedom comes from the same source that your freedom and my freedom come from — from nature and from God.

So, what is the purpose of government? Jefferson makes it clear: Government’s job is to protect the exercise of natural or God-given rights, including liberty.

What about the First Amendment? If its purpose is not to give people rights, including freedom, what is its purpose?

The purpose of the First Amendment, in part, is to protect the preexisting, natural, God-given freedom of people to publish whatever they want, including the dark, illegal, illicit, immoral, and evil secrets of the federal government, including such dark-side, totalitarian-like nefarious activities as assassination, murder, disappearances, coups, torture, abuse, partnerships with dictators, rendition, kidnapping, illegal surveillance, rendition, destruction of incriminatory evidence, illegal invasions and wars of aggression, and secret prison facilities.

That’s what Pompeo and others of his ilk just don’t get: The purpose of the First Amendment and the rest of the Bill of Rights is to protect people from federal officials like him — officials who are hell-bent on destroying our lives, freedom, and prosperity, and well-being, all in the name of “keeping us safe” or protecting “national security.”

Our ancestors were wise people. They knew that the federal government would inevitably attract people like Pompeo. That’s why the Constitution brought into existence a government of extremely limited powers rather than a general power that would enable federal officials like Pompeo to just do the “right” thing.

That’s also why the Constitution didn’t empower the federal government to have a CIA, NSA, and standing army. Our ancestors knew that a national-security establishment would inevitably end up destroying people’s freedom in the name of “keeping them safe” and that it would inevitably try to punish people for publicizing and opposing its destruction of liberty.

That’s why our ancestors demanded the enactment of the First Amendment and the rest of the Bill of Rights as a condition for approving the Constitution. They wanted to protect people’s fundamental rights and liberties from federal officials like Pompeo, who they knew would be the biggest threats to people’s fundamental, natural, God-given rights and freedoms.

Source (http://www.fff.org/2017/04/27/cia-director-pompeo-doesnt-understand-first-amendment/).

From RT -

CIA’s anti-leaking tool leaked as ‘whistleblowers watch the watchers’ (April 29, 2017)

https://cdn.rt.com/files/2017.04/original/59045330c461884b088b45ca.jpg

Can systems like the CIA’s Scribbles, which has been revealed by WikiLeaks, deter whistleblowers? Do these leaks mean the US agency is going to invest more money in its security? How effectively is the agency functioning?

Former MI5 intelligence officer Annie Machon and retired US Army Colonel Ann Wright, who is also a retired US State Department official, shared their views on these and other questions with RT.

On Friday, WikiLeaks released a series of documentations on a US Central Intelligence Agency (CIA) project known as ‘Scribbles,’ which was allegedly created to allow ‘web beacon’ tags to be embedded “into documents that are likely to be copied.”

WikiLeaks began publishing a huge cache of secret documents on the CIA named ‘Vault 7’ in March.

RT: Do systems like this deter whistleblowers? And, is it true that these watermarking systems are limited to Microsoft Office documents?

Annie Machon: I’d be certainly alarmed if the CIA was only reliant on Microsoft in this day and age, but anyway. No, it is not a surprise. In fact, ironically, there was a document drawn up by the American intelligence agencies written in 2008 about how to tackle what was perceived to be an insider threat, as they called it, potential future whistleblowers. This was ironically leaked to WikiLeaks in 2010, so it came into a wider world. The knowledge has been there for many, many years to those both from the inside and those who watch from the outside that, actually, they do take whistleblowing and leaking very seriously. They are trying to take steps to try and stop it. The interesting thing about these CIA documents at the moment is that they date from between 2013 and 2016. So, whoever leaked this cache of documents that is appearing in WikiLeaks ‘Vault 7’ was probably well aware that these documents were indeed watermarked digitally, and they managed to evade that system anyway, because they successfully leaked these documents to WikiLeaks. So, who is watching watchers? Well, the whistleblowers are.

RT: Apparently, the CIA’s system didn’t come cheap. Is this a sign that a lot more money is going to be going into trying to plug those holes in future to stop whistleblowers, to plug those leaks?

AM: Probably, yes. The CIA, I think, has a budget of over $600 million a year, anyway, to develop its electronic snooping capabilities, which, actually, I thought, that’s what the NSA was supposed to be doing, not the CIA. They are supposed to be running human operatives around the world to gather preemptive intelligence about terrorist attacks, not trying to stifle whistleblowing. Yes, they seem to be getting more and more money to do this, and it seems to be a war on whistleblowers.

US govt using terrorism as rationale to undercut citizens’ privacy

Due to the leaks, US citizens are finding out that their government has been doing things that they try to rationalize by laws after the fact using the words “terrorism” and “state security” as justification, said retired United States Army Colonel Ann Wright.

RT: A CIA program to trace leaks has been leaked. What does this say about the effectiveness of the program?

Ann Wright: It sounds like the ability to keep classified information, particularly that information that really does undercut, in my opinion, the true national security of the US, which was really based on our constitution, that we do have a right to privacy, that the government should not be looking into every aspect of our daily life. We’re now finding out because of leaks that our own government has been doing things that they try to rationalize by laws after the fact. What they are doing is undercutting the privacy of people and using the name of ‘terrorism’ and ‘state security’ as the rationale. But it is not a good enough rationale for me, because looks like they are sneaking and peeking into everybody’s private life – not necessarily having anything to do with national security.

RT: WikiLeaks is continuing to leak details about the CIA’s spying tools. What does this say about how the agency is functioning at the moment?

AW: It shows that the agency itself is developing programs to have more invasions of our privacy, and it shows that some workers in the Federal government totally disagree with it. They, probably behind the scenes, have argued vigorously against these things on the basis of the constitutionality of them, the legality of them. They are being overruled by their political bosses, who go ahead and say: “We’re going to do this to the American public, or the public of the world, no matter what.” And it doesn’t have anything to do with national security.

RT: President Donald Trump and other senior US officials have repeatedly said that they are at war with whistleblowers. How much progress are they making?

AW: Certainly, the Obama administration was at war with whistleblowers, because President Obama and his administration prosecuted more people for being whistleblowers, for leaking information, or telling about programs that the public really needed to know about. These people were willing to take the consequences of what happened to them because they felt it was in the public good that the American people knew what its government was doing to us. I think the Trump administration is going to have the same challenge that the American people really want to know. We certainly are concerned about our national security, but what we’re seeing is that the US government has been using that canard to eavesdrop and spy on everyone.

Source (https://www.rt.com/op-edge/386601-wikileaks-cia-vault-documents-leak/) (with interview videos).

* * *

DOJ News Conference on Threats to WikiLeaks’ Julian Assange by Attorney General Jeff Sessions (April 28, 2017)

hsARwU_VkHg


CIA Director Mike Pompeo recently called WikiLeaks a “hostile intelligence service.” Attorney General Jeff Sessions stated that Julian Assange’s arrest is a “priority” of the Trump administration. In response, numerous individuals — with differing perspectives on WikiLeaks — warn of a growing threat to press freedom.
Today at the Justice Department 2 former government officials addressed U.S. government policy toward WikiLeaks and whistleblowers:
* Ann Wright is a retired U.S. Army Reserve colonel, and a 29-year veteran of the Army and Army Reserves. As a U.S. diplomat, Wright served in Nicaragua, Grenada, Somalia, Uzbekistan, Krygyzstan, Sierra Leone, Micronesia and Mongolia and helped re-open the U.S. embassy in Afghanistan in 2001. In March of 2003, she resigned in protest over the invasion of Iraq. She is co-author of Dissent: Voices of Conscience.
* Ray McGovern, a former Army officer and CIA analyst who prepared the President’s Daily Brief (under the Nixon, Ford, and Reagan administrations), is co-founder of Sam Adams Associates for Integrity (see: samadamsaward.ch), which gave Julian Assange its annual award in 2010. Sam Adams Associates strongly opposes any attempt to deny Julian Assange the protections that are his as a journalist.
Contact at ExposeFacts (a project of the Institute for Public Accuracy):
Sam Husseini, (202) 347-0020, sam [at] accuracy dot org.

Wikileaks Publishes Secret CIA Tools That Attacked Computers Inside Offices (https://sputniknews.com/world/201705051053304895-wikileaks-cia-archimedes/)

Sputnik
World (https://sputniknews.com/world/) 13:23 05.05.2017
(updated 15:04 05.05.2017)


https://cdn3.img.sputniknews.com/images/104490/19/1044901939.jpg
© Photo: Pixabay


WikiLeaks published on May 5 "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA.

This technique is used by the CIA (https://sputniknews.com/world/201704141052639103-wikileaks-hive-cia-vault-7/) to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session, the recent leak discovered.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

Release today of CIA 'Archimedes' malware documentation includes hashes which can be used for virus detection https://wikileaks.org/vault7/document/Archimedes-1_3-Addendum/page-8 … (https://t.co/wkLiuM1iaW)


https://pbs.twimg.com/media/C_Dj-b5W0AA82j6.jpg
3:18 AM - 5 May 2017 ​On March 7, WikiLeaks began publishing (https://sputniknews.com/world/201703071051342572-wikileaks-cia-series/) what it said was a large archive of classified CIA-related files. The first part of the release shed light on hacking techniques developed and employed by the agency, including programs targeting all major computer operating systems.


https://cdn4.img.sputniknews.com/images/102664/33/1026643375.jpg
© AFP 2017/ SAUL LOEB


According to the website, a large archive comprising various viruses, malware, software vulnerability hacks and relevant documentation, was uncovered by US government hackers, which is how WikiLeaks gained access to some of the data from the trove. The "Year Zero" batch was followed by the "Dark Matter (https://sputniknews.com/world/201703231051885831-wikileaks-vault7-dark-matter/)" released on Match 23. The third batch called "Marble (http://sputniknews.com/world/20170331/1052155800.html)" was released on March 31. The "Grasshopper (http://sputniknews.com/world/20170407/1052399678.html)" batch revealing a platform for building malware was released on April 4. The HIVE batch (http://sputniknews.com/world/20170414/1052639103.html) revealing top secret CIA virus control system was released on April 14.

The first batch of Wikileaks' CIA revelations shed light on a technology (http://sputniknews.com/asia/20170308/1051378562.html) allowing to turn on a Samsung smart TV set's audio recording capabilities remotely which had been designed by the CIA and the UK Security Service MI5.

In March 2016, WikiLeaks published over 8,700 classified CIA documents that revealed the agency's hoarding hacking technologies and listed major operating system vulnerabilities.

On April 21, WikiLeaks presented a user guide for CIA's "Weeping Angel" tool (https://sputniknews.com/science/201704211052850713-weeping-angel-wikileaks-cia-mi5-hacking-tool/), a surveillance program using Samsung smart TV sets.


Related:
Vault 7: Why WikiLeaks' Exposure May Do Damage to Ordinary Users (https://sputniknews.com/politics/201704171052715000-wikileaks-data-vault7-cia/)

WikiLeaks Reveals "Archimedes": Malware Used To Hack Local Area Networks (http://www.zerohedge.com/news/2017-05-05/wikileaks-reveals-archimedes-malware-used-hack-local-area-networks)

http://www.zerohedge.com/sites/default/files/pictures/picture-5.jpg (http://www.zerohedge.com/users/tyler-durden)by Tyler Durden (http://www.zerohedge.com/users/tyler-durden)
May 5, 2017 8:55 AM

In its seventh CIA leak since March 23rd, WikiLeaks has just revealed the user manual of a CIA hacking tool known as ‘Archimedes’ which is purportedly used to attack computers inside a Local Area Network (LAN). The CIA tool works by redirecting a target's webpage search to a CIA server which serves up a webpage that looks exactly like the original page they were expecting to be served, but which contains malware. It’s only possible to detect the attack by examining the page source. Per WikiLeaks (https://wikileaks.org/vault7/releases/#Archimedes):
Today, May 5th 2017, WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.



https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA '#Archimedes (https://twitter.com/hashtag/Archimedes?src=hash)' system for exfiltration and browser hijacking. Includes manuals and binary signatures. https://wikileaks.org/vault7/releases/#Archimedes … (https://t.co/XWr33GMGDN)


https://pbs.twimg.com/media/C_DXcvaWsAEm8pN.jpg

2:22 AM - 5 May 2017 The RT (https://www.rt.com/viral/387216-wikileaks-cia-vault-7/) provided more details:
The Archimedes tool enables traffic from one computer inside the LAN to be redirected through a computer infected with this malware and controlled by the CIA, according to WikiLeaks.

The technique is used to redirect the target’s computer web browser to an exploitation server while appearing as a normal browsing session, the whistleblowing site said. In this way, the hackers gain an entry point that allows them access to other machines on that network.

The tool's user guide, which is dated December 2012, explains that it’s used to re-direct traffic in a Local Area network (LAN) from a "target's computer through an attacker controlled computer before it is passed to the gateway.”

This allows it to insert a false web-server response that redirects the target's web browser to a server that will exploit their system all the while appearing as if it’s a normal browsing session.
Archimedes is an update to a tool called ‘Fulcrum’ and it offers several improvements on the previous system, including providing a method of "gracefully shutting down the tool on demand.”




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

How is US government malware developed? WikiLeaks' release today of the CIA's 'Fulcrum' malware shows how https://wikileaks.org/vault7/document/Fulcrum-SRS-v0_6/page-7/#pagination … (https://t.co/wrke6MC5ex)


https://pbs.twimg.com/media/C_DmwC0XgAAeG24.jpg



https://pbs.twimg.com/media/C_DnejCWsAE2Np-.jpg

3:34 AM - 5 May 2017

Vault 7: Projects

RELEASE - Archimedes


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Archimedes from WikiLeaks -

5 May, 2017

Today, May 5th 2017, WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From The New American -

WikiLeaks Exposes CIA's "Archimedes" Hacking Weapon (May 6, 2017)

The latest release from WikiLeaks on the CIA’s hacking program — published Friday — reveals a tool CIA hackers use to attack a computer that is part of a Local Area Network (LAN). LANs are usually used to tie all of the computers in an office into a single network for the purposes of sharing resources including those used for security. This newly revealed CIA tool — codenamed Archimedes — turns the strength of a LAN against itself by leveraging any compromised computers against all others on the network.

As the WikiLeaks press release explains:


Today, May 5th 2017, WikiLeaks publishes "Archimedes," a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.

The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

Archimedes dates back to at least June 2011 when it was known as Fulcrum and was already in version 0.6. The most up-to-date version of the cyberweapon listed in WikiLeaks’ Wednesday publication was Archimedes 1.3 dated January 13, 2014. Like many of the other hacking tools exposed in previous publications, it is not know whether Archimedes is still being developed or used.

Archimedes works as a weapon for launching a man-in-the-middle attack. It essentially allows a CIA-controlled computer (the man in the middle) to park itself between two computers and intercept all communications between them.

In a typical man-in-the-middle attack, computer A sends a data packet (which could be anything from a file to an e-mail to a VoIP telephone call) to computer B. The man-in-the-middle intercepts the data packet and relays it on to computer B, keeping a copy of the data packet in the process. The process is repeated for all packets back and forth. It is possible — even fairly common — for the packets (especially software downloads) to be altered or replaced by a man in the middle. When that happens, the file a user thinks he downloaded is easily replace by a download that is corrupted, allowing even further disintegration of security and privacy in the form of greater attacks.

Archimedes has a weakness, though. It is unable to launch a full, two-way man-in-the-middle attack. As the manual for Fulcrum/Archimedes — which is part of the WikiLeaks publication — explains:


ARP Spoofing is a technique used on a LAN to allow an attacker’s machine to intercept data frames from peer machines that were intended for other destinations. This places the attacker’s machine in the middle of any traffic from the target’s machine to any other destination and is known more commonly as the man­in­the­middle. ARP Spoofing compromises the targets machine’s translation of IPv4 addresses into MAC addresses by sending spoofed ARP packets which associate the attacker’s MAC address with IP address of another host (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead.

Fulcrum uses ARP spoofing to get in the middle of the target machine and the default gateway on the LAN so that it can monitor all traffic leaving the target machine. It is important to note that Fulcrum only establishes itself in the middle on one side of the two­way communication channel between the target machine and the default gateway. Once Fulcrum is in the middle, it forwards all requests from the target machine to the real gateway.

So, Archimedes is designed as a cyber-espionage tool and does not appear to be able to be used for cyber-sabotage, though the CIA may have other tools for accomplishing that.

See source (https://www.thenewamerican.com/tech/computers/item/25968-wikileaks-exposes-cia-s-archimedes-hacking-weapon) to read more (including links).

* * *

New York City's WBAI radio show, "Free Assange", Episode 3.

http://nuarchive.wbai.org/mp3/wbai_170502_170002randyCrelof.mp3

wbai.org (https://www.wbai.org)

More: Justice For Assange (https://justice4assange.com)

1teM525rVlc

Perspective With Laura Poitras' re-cut 'Risk,' a director controversially changes her mind about Julian Assange (http://www.latimes.com/entertainment/movies/la-et-mn-laura-poitras-risk-20170505-story.html) (May 6, 2017)

* * *

From CRN -

Cisco Patches WikiLeaks Security Vulnerability Affecting Hundreds Of Devices (May 10, 2017)

Cisco has patched a critical flaw in its IOS software that affected more than 300 models of routers and switches that was discovered after WikiLeaks exposed CIA documents.

"We've spoken to a few customers about it, a few enterprise clients, and thankfully it didn't any disrupt business for us," said one top executive from a solution provider and Cisco Gold partner who did not wished to be named. "I'm glad to know they fixed the issue. … Their devices will always be a big target for attackers because Cisco is everywhere."

Cisco disclosed March 17 that it had discovered hundreds of Cisco devices were vulnerable after WikiLeaks made public a set of CIA documents referred to as the "Vault 7 leak." The security flaw stemmed from its IOS software that runs on hundreds of switches that could allow attackers to remotely executive malicious code and take control of the affected device.

Cisco's Catalyst switching models were affected most, including many of the 2960, 3560 and 3750 series as well as Cisco's IE 2000 and 4000 Industrial Ethernet switching series.

"It put some of our Catalyst customers at risk," said the Cisco Gold partner executive. "Anytime they hear about a security vulnerability, it gets their attention and we get a call."

"We've had to address a few security [vulnerabilities] regarding IOS over the years, but Cisco has been pretty quick with letting us know about them and what we should do," the partner said.

When partners were made aware of the security flaws in March, Cisco did not have any fixes or workarounds available at the time. However, the San Jose, Calif.-based networking giant said disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the vulnerability.

Cisco said an attacker could exploit the vulnerability by sending malformed Cluster Management Protocol (CMP)-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

Cisco Monday said it had released software updates that address the vulnerability, urging customers to install the fixed versions of the IOS.

Cisco's security business is the vendor's fastest-growing market segment.

Source (http://www.crn.com/news/networking/300084981/cisco-patches-wikileaks-security-vulnerability-affecting-hundreds-of-devices.htm?utm_content=buffer77137&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer) (with links).

* * *

New York City's WBAI radio show, Julian Assange: Countdown to Freedom, Episode 4.

http://nuarchive.wbai.org/mp3/wbai_170509_170002randyCrelof.mp3

wbai.org (https://www.wbai.org)

More: Justice For Assange (https://justice4assange.com)

Perspective With Laura Poitras' re-cut 'Risk,' a director controversially changes her mind about Julian Assange (http://www.latimes.com/entertainment/movies/la-et-mn-laura-poitras-risk-20170505-story.html) (May 6, 2017)



That's pretty disappointing. In summary, I'd say that his personality (whatever it might be) is 100% irrelevant here. It's what he's doing that counts.

I've not yet seen the film, of course, but for her to change her focus to look more on what she thinks his personality might be is surely just cheap, tabloid entertainment. What's needed (and the only thing that's important) is an analysis of the difference he might be making in the world.

That's pretty disappointing. In summary, I'd say that his personality (whatever it might be) is 100% irrelevant here. It's what he's doing that counts.

I've not yet seen the film, of course, but for her to change her focus to look more on what she thinks his personality might be is surely just cheap, tabloid entertainment. What's needed (and the only thing that's important) is an analysis of the difference he might be making in the world.

Completely agree and unfortunately it may prove to be a bit of blow to WikiLeaks. It's also caused me to become suspicious of Poitras, the manner in which she went about this was shifty. Piotras changed it shortly after the Cannes showing because after six years of knowing Assange she decided she didn't like his manner but, as far as I can see, she didn't bother to inform Assange of the changes (or the media), allowing him to promote the film to WikiLeaks supporters in the meantime.

Perhaps... just perhaps, she's been 'persuaded' to take an opposing position. The Deep State has its ways of making an offer that one can't refuse...

I haven't seen Risk and don't intend to now but a comparison between earlier articles on the film and recent articles illustrates the dramatic shift in the tone of the film. As an example, here are two articles published by The Hollywood Reporter -

'Risk': Cannes Review (http://www.hollywoodreporter.com/review/risk-cannes-review-895667) (May 19, 2016)

Oscars: Julian Assange Doc Becomes Clear Frontrunner (http://www.hollywoodreporter.com/race/oscars-julian-assange-doc-becomes-clear-frontrunner-998846) (April 30, 2017)

Huge contrast. From the article linked in post #272 (emphasis mine) -


But the biggest switch is the addition of Poitras' voice, via periodic readings from her production journal from the shoot, raising doubts about Assange. What had been a favorable portrait with no commentary is now a less favorable portrait with amplified skeptical commentary.

“I didn’t trust him,” is the gist of some of these voice-overs. Not only do we see Assange in a far less flattering light than we did in the previous version of "Risk," but we learn that Poitras didn’t have such fuzzy feelings toward him all along.

Either Poitras wasn't being honest in her initial portrayal of Assange with the Cannes version or she was and her voice overs from her production journal have been made up for the new version. Or, the production notes are real and Poitras has shifted from focussing more on the more important, less personal aspects of Assange, to more on who Assange is as a person, when she suddenly decided it was important to insert herself into the film as a distrusting observer, after she decided she didn't like his manner. Whatever it is and whatever the reason, Poitras has demonstrated she can't be trusted.

* * *

From The Washington Post (opinion column) -

I saw Laura Poitras’s Julian Assange movie 10 days ago. I’m still struggling with it. By Alyssa Rosenberg (May 8, 2017)

This column discusses the revelations of the movie “Risk” in detail.

“This is not the film I thought I was making. I thought I could ignore the contradictions,” Laura Poitras wrote in her production journal while filming the movie that became “Risk.” “I thought they weren’t part of the story. I was so wrong. They are the story.”

The strong temptation when faced with a set of contradictions, especially ones that involve a figure of global importance such as Julian Assange, the subject of “Risk,” is to resolve them. What’s admirable and interesting and hugely discomfiting about “Risk” is that Poitras doesn’t do so; she even extends the scope of the film’s moral dilemmas to include herself.

Poitras filmed “Risk” over a period of years, starting shortly after WikiLeaks received a trove of government documents from Bradley (now Chelsea) Manning and began to redact and release them, and continuing through Assange’s ongoing confinement in the Ecuadoran Embassy in London. This is the same period in which two Swedish women accused Assange of sexual assault, triggering the investigation that ultimately led him to seek sanctuary in the embassy, and a debate that hugely complicated not simply Assange’s reputation, but also that of the organization he founded.

The fact that the statute of limitations has expired on the charges of sexual molestation and unlawful coercion Swedish prosecutors considered bringing against him means that the charges cannot be resolved in court. A third charge, one known as “lesser-degree rape” in the Swedish judicial system, expires in 2020. Without verdicts of guilty or not guilty to rely on, observers must make their own conclusions, guided by their own algorithms, about whether they believe Assange or his accusers. And from there, they’ll have to weigh whatever decision they make against whatever esteem they have for WikiLeaks.

Poitras is there as Assange processes these developments: She films him speaking dismissively with two women who are trying to help him frame a response to the allegations that won’t make him seem anti-feminist; hanging out in the forest with a WikiLeaks lawyer to talk strategy; dyeing his hair and putting in colored contacts to diminish the chance that he’ll be recognized on his way to the embassy. What she offers viewers is an intense dose of Assange’s personality, not new information about the allegations. Poitras is interested in looking at the man, and at his transition from a sprawling English country house surrounded by beautiful woods to the claustrophobic confines of the embassy, not in acting as a substitute for the justice system.

(This quality to the film also makes the grousing of WikiLeaks lawyer Melinda Taylor that “I have no truck with this trite one-note argument that if you are a woman, you either obviously disapprove of Julian and by extension WikiLeaks (kudos, your feminist credentials remain intact), or you must be a slavish minion, who is controlled by him,” based on a description of a film she has not seen, seem particularly off-base.)

Throughout the film, Poitras struggles with higher-level questions of trust. “It’s a mystery why he trusts me because I don’t think he likes me,” she notes in one excerpt of her production journal. Later, she declines to do a favor for Assange because she has decided that she doesn’t trust him. And late in the film, she reveals information that forces us to ask why we should trust her (if in fact we do). Poitras explains that she was briefly involved with the journalist, hacker and advocate Jacob Appelbaum*, whom she filmed confronting telecommunications experts in Cairo during the Arab Spring, and who has also been accused of sexual misconduct. And she says that one of the people who said they experienced that mistreatment is one of her friends.

As with the allegations against Assange, Poitras doesn’t try to adjudicate the allegations against Appelbaum, which he denies. She also doesn’t try to make an argument one way or another about how we should feel about her in light of this information.

I’m writing this column a week after seeing “Risk,” and I don’t know the answer to that question, either. Is the revelation supposed to change the way I feel about the footage of Appelbaum in Egypt? Should I interpret this disclosure as a blanket statement of belief in women who come forward with sexual assault allegations? Do I trust Poitras less for getting involved with one of her subjects, or more for her transparency? Do I see Poitras primarily as a journalist or an artist or something in between, and depending on which one I choose, how should this revelation make me feel about her work? I do know that I think she’s neither a woman who automatically disapproves of Assange without knowing much about him, nor a slavish minion.

Maybe a different filmmaker could have provided more confident answers to these questions, arguing that Assange and Appelbaum are guilty or innocent, noble or self-aggrandizing, that on net, WikiLeaks is a force for good or evil. But I don’t think most people are just one thing, and given WikiLeaks’ influence on the most recent presidential election — really, given the ongoing global reverberations of the group’s disclosures — points are still being scored in multiple columns on that larger question. A more anti-Assange filmmaker wouldn’t have gotten the access that made “Risk” possible. A more pro-Assange documentarian wouldn’t have captured the queasiness of the evolving story.

I suspect I’ll be struggling with “Risk” for a very long time. Until I reach my conclusions, and if I never do, I’m trying to accept the discomfort I feel with the movie as the point.

Source (https://www.washingtonpost.com/news/act-four/wp/2017/05/08/i-saw-laura-poitrass-julian-assange-movie-10-days-ago-im-still-struggling-with-it/?utm_term=.ba71f4c7e19b).

WikiLeaks #Vault7: 'CIA malware plants Gremlins' on Microsoft machines (https://www.rt.com/viral/388075-wikileaks-cia-microsoft-malware/)

RT (https://www.rt.com/viral/388075-wikileaks-cia-microsoft-malware/)
Fri, 12 May 2017 12:00 UTC


https://cdn.rt.com/files/2017.05/original/59159194c36188db088b45a5.jpg
A screenshot contained in the leak shows evidence of a Dell machine being used by a user named 'Justin.'


WikiLeaks has released the latest installment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed 'AfterMidnight' and 'Assassin' which it says target the Microsoft Windows platform.

The latest release consists of five documents detailing the two frameworks. 'AfterMidnight' allows operators to load and execute malware on a target machine, according to a statement (https://wikileaks.org/vault7/#AfterMidnight) from WikiLeaks.

The malware, disguised as a self-persisting dynamic-link library (DLL), unique to Microsoft, executes 'Gremlins' - small payloads which run hidden on the machine subverting the functionality of software as well as surveying the target and exfiltration of data. A payload named 'AlphaGremlin' allows operators to schedule customs tasks to be executed on the machine.




https://pbs.twimg.com/profile_images/671674691627565056/5FyUYdGW_bigger.jpg Colm McGlinchey‏ @ColmMcGlinchey (https://twitter.com/ColmMcGlinchey)

'AfterMidnight' operation, detailed in latest @wikileaks (https://twitter.com/wikileaks) #Vault7 (https://twitter.com/hashtag/Vault7?src=hash) release https://wikileaks.org/vault7/#AfterMidnight … (https://t.co/M2BwsaKzLA)


https://pbs.twimg.com/media/C_nbACPXsAApder.jpg
2:24 AM - 12 May 2017 Once installed 'AfterMidnight' uses a HTTPS listening port to check for any scheduled events. Local storage related to 'AfterMidnight' is encrypted with a key not stored on the target machine, according to a user guide (https://wikileaks.org/vault7/document/AfterMidnight_v1_0_Users_Guide/page-1/#pagination) provided in the leak.

According to the leak, 'Assassin' is a similar type of malware to 'AfterMidnight'. The tool's user guide (https://wikileaks.org/vault7/document/Assassin_v1_4_Users_Guide/page-8/#pagination) describes it as "an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system."

The tool purportedly allows operators to perform specific tasks on an infected computer, periodically sending intercepted information to listening posts. It is made up of four subsystems: 'Implant', 'Builder', 'Command and Control', and 'Listening Post'.

The 'Implant' provides the core logic and functionality of the tool on a target computer. The way it's set up determines much of how the tool will behave on the target computer.

The 'Builder' arranges the Implant and 'Deployment Executables' before deployment, while the 'Command and Control' subsystem acts as an interface between the operator and the 'Listening Post.'

The 'Listening Post' allows the 'Implant' to communicate with the subsystem through a web server.

Details of the document's author are revealed in instructional screenshots of their desktop which appear in the 'AlphaGremlin' user guide. The screenshots also show a shortcut to Pidgin, an encrypted chat program, along with a folder named 'Drone.'


Related:
#Vault7: Key revelations from WikiLeaks’ release of CIA hacking tools (https://www.rt.com/viral/380326-vault7-wikileaks-cia-hacking-surveillance/)

Vault 7: Projects

RELEASE - AfterMidnight


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on AfterMidnight from WikiLeaks -

12 May, 2017

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.

"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus". Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target..

Documents Directory HERE (https://wikileaks.org/vault7/document/).

Vault 7: Projects

RELEASE - Athena


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Athena from WikiLeaks -

19 May, 2017

Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

In an email from HackingTeam (published by WikiLeaks here), Jason Syversen, founder of Siege Technologies with a background in cryptography and hacking, "... said he set out to create the equivalent of the military’s so-called probability of kill metric, a statistical analysis of whether an attack is likely to succeed. 'I feel more comfortable working on electronic warfare,' he said. 'It’s a little different than bombs and nuclear weapons -- that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.'"

Documents Directory HERE (https://wikileaks.org/vault7/document/).

#Vault7 ‘Athena’: CIA’s anti-Windows malware ‘better than bombing things’


RT
Published time: 19 May, 2017 11:25
Get short URL (https://on.rt.com/8c3r)


'Athena' is the latest in the #Vault7 series.

The latest in WikiLeaks’ series of #Vault7 leaks was released Friday detailing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems.

‘Athena’ is the latest codename for the release which consists of five documents.

In the user guide (https://wikileaks.org/vault7/document/Athena-v1_0-UserGuide/page-7/#pagination), the operating systems which can be targeted are: Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32-bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.

Once installed on a target computer, Athena will use a listening post to receive beacons from the operator, allowing it to signal and trigger additional malware payloads undetected on the target computer.




https://pbs.twimg.com/media/DALeN7QUIAAZ9WF.jpg:large


https://pbs.twimg.com/profile_images/671674691627565056/5FyUYdGW_bigger.jpg Colm McGlinchey‏ @ColmMcGlinchey (https://twitter.com/ColmMcGlinchey) 9h9 hours ago (https://twitter.com/ColmMcGlinchey/status/865498414577885185)

#Athena (https://twitter.com/hashtag/Athena?src=hash) operation in latest #Vault7 (https://twitter.com/hashtag/Vault7?src=hash) #WikiLeaks (https://twitter.com/hashtag/WikiLeaks?src=hash) release pic.twitter.com/xT9IRIMlqP (https://t.co/xT9IRIMlqP)
Athena “hijacks” the DNSCACHE, a temporary database maintained by the operating system to record internet traffic on the computer, to hide its presence, according to a document (https://wikileaks.org/vault7/document/ATHENA-DEMO/page-1/#pagination) contained in the leak.

The command module for Athena will only load during a signal, before being destroyed when completed.

The CIA cooperated with the private cybersecurity firm Siege Technologies to develop the Athena malware.
"I feel more comfortable working on electronic warfare… It’s a little different than bombs and nuclear weapons -- that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody," Jason Syversen, the founder of Siege Technologies, wrote in an email (https://wikileaks.org/hackingteam/emails/emailid/169933).
The release is the latest in WikiLeaks series of leaks, allegedly from the CIA, known as #Vault7. Previous releases showed hacking techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.




https://pbs.twimg.com/media/C_qBqPJWsAAbP1f.jpg:large


https://pbs.twimg.com/profile_images/819870660507955202/aIKukPJE_bigger.jpg RT‏Verified account @RT_com (https://twitter.com/RT_com) May 12 (https://twitter.com/RT_com/status/863144890800144384)

#Vault7 (https://twitter.com/hashtag/Vault7?src=hash): WikiLeaks outlines ‘CIA malware’ targeting #Microsoft (https://twitter.com/hashtag/Microsoft?src=hash) Windows https://on.rt.com/8bfv (https://t.co/oNS1aQSqU0) pic.twitter.com/vxSycLhdkP (https://t.co/vxSycLhdkP)

Promo for new German-Spanish film on the legal fight surrounding Assange (english subtitles) -

Hacking Justice

1AXj7JX3wSA


Published on May 19, 2017

Click here to register
http://www.docsonline.tv/world-premie...

When you're more than a journalist, you need more than a lawyer !

May 19th 2017, Swedish Prosecutor Marianne Ny drops charges against Julian Assange.

A victory for international legal team lead by Judge Garzon, over a four year endeavour documented by "Hacking Justice", unique film available on the topic with non-infringed image rights from all appearing parties.

Baltasar Garzon, 58, is an analogue man, barely speaks english, is bad with computers. But he plays a major global role within the digital world. He took upon coordinating the international legal teams preparing the upcoming defense of WikiLeaks founder Julian Assange. Garzon is one of the world’s leading authorities upholding the principle of Universal Jurisdiction, defending in this case freedom of press but also fundamental human rights. With a unique access, the film witnesses the struggle for the control of information, the growing influence of intelligence services, the lack of transparency, the role of the mass media and the difficult balance of individual rights and state security.

Awesome team and they don't get paid, a clip from the film of the legal team at work can be viewed here (https://twitter.com/wikileaks/status/866541208872652800).

* * *

Podcast: WBAI Free Assange #5 -- interview with police corruption whistleblowers, Frank Serpico -

http://nuarchive.wbai.org/mp3/wbai_170516_170004randyCrelof.mp3 …

wbai.org (https://www.wbai.org)

'Bigger than WannaCry': New malware employs 7 NSA exploits, Croatian expert warns (https://www.rt.com/viral/389252-nsa-hacking-tool-eternalrocks/)

RT (https://www.rt.com/viral/389252-nsa-hacking-tool-eternalrocks/)
Mon, 22 May 2017 15:43 UTC


https://www.sott.net/image/s19/397494/large/59232e4bc461881f6c8b45db.jpg (https://www.sott.net/image/s19/397494/full/59232e4bc461881f6c8b45db.jpg)
© Thomas Samson / AFP


Seven cyber exploits purportedly stolen from the US National Security Agency (NSA) have been identified in 'EternalRocks', a new type of malware detected by a Croatian tech security advisor.

Similar to the WannaCry malware which struck hundreds of thousands of computers worldwide this month, EternalRocks apparently draws on NSA-identified network exploits EternalBlue, EternalChampion, EternalRoman, and EternalSynergy.

The worm utilizes DoublePulsar, Architouch and SMBtouch, a series of tools released in an apparent NSA leak (https://www.rt.com/news/388749-wannacry-adylkuzz-worldwide-cyberattack-nsa/) by hacking group ShadowBrokers.





https://pbs.twimg.com/profile_images/687638130694995970/Xtras5w3_bigger.png Miroslav Stampar‏ @stamparm (https://twitter.com/stamparm)

Info on (new) EternalRocks worm can be found on https://github.com/stamparm/EternalRocks/ … (https://t.co/oahygJdhSi). Will keep it updated, along with @_jsoo_ (https://twitter.com/_jsoo_)

5:43 AM - 18 May 2017 8 replies 145 retweets 140 likes The virus's characteristics were identified by Miroslav Stampar, a Croatian security expert for the country's Computer Emergency Response Team (CERT (http://www.cert.hr/)). He is also listed as a Croatian chapter member of the Honeynet Project, a volunteer network (https://www.honeynet.org/about) for "security research."




https://pbs.twimg.com/profile_images/687638130694995970/Xtras5w3_bigger.png Miroslav Stampar‏ @stamparm (https://twitter.com/stamparm)

Just captured 406ac1595991ea7ca97bc908a6538131 and 5c9f450f2488140c21b6a0bd37db6a40 in MS17-010 honeypot. MSIL/.NET #WannaCry (https://twitter.com/hashtag/WannaCry?src=hash) copycat(s)

https://pbs.twimg.com/media/DACeH_TW0AArelX.jpg
8:28 AM - 17 May 2017 5 replies 76 retweets 88 likes In a breakdown published online, Stampar outlines (https://github.com/stamparm/EternalRocks/) how the "cyberweapon" downloads in two separate stages, with the second running 24 hours later to avoid detection.

"After about six to eight hours of analysis, I found how to provoke the second stage," said Stampar when contacted by RT.com. "I got kind of excited and scared as somebody had successfully, and professionally, packed all SMB exploits from ShadowBroker's dump.

"I predicted that something bigger than WannaCry is coming," he added.

Stampar explains that EternalRocks sits anonymously on the target device, but can be activated later for more malicious purposes: "It's sole purpose at this moment is propagation and waiting for further command and control updates. As I see it, it is a prelude," he said.




https://pbs.twimg.com/profile_images/687638130694995970/Xtras5w3_bigger.png Miroslav Stampar‏ @stamparm (https://twitter.com/stamparm)

Conclusion: delayed downloader for https://ubgdgno5eswkhmpy[.]onion/updates/download?id=PC which seem to be a full scale cyber weapon

5:46 PM - 17 May 2017 1 reply 8 retweets 13 likes Microsoft was forced to patch discontinued operating systems earlier this month after WannaCry exploited vulnerabilities in its software.

The patch came after more than 200,000 devices became infected with WannaCry, which encrypts computer files and demands victims to pay a ransom for their release. The wide-reaching ransomware blitz crippled parts of the UK National Health Service.

Last week, Quarkslab security advisor Adrien Guinet released information about a method for decrypting WannaCry. The 'WannaKey' (https://www.rt.com/viral/389013-free-wannacry-ransomware-decryption/) tool was published to Github but only helps users with the Windows XP operating system.

That link doesn't work



Click here to register
http://www.docsonline.tv/world-premie...


It's:
http://www.docsonline.tv/world-premieres/hacking-justice

Vault 7: Projects

RELEASE - Pandemic


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Pandemic from WikiLeaks -

1 June, 2017

Today, June 1st 2017, WikiLeaks publishes documents from the "Pandemic" project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. "Pandemic" targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).

As the name suggests, a single computer on a local network with shared drives that is infected with the "Pandemic" implant will act like a "Patient Zero" in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

I just saw in a Wikileaks tweet earlier today that they have a new release out.

Only people on my Twitter feed are Wikileaks and Trump. Other than that Twitter can go to hell. :bigsmile:


Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago. :P

Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago. :P

Too slow, they tweeted it 20 hours before the tweet you saw. :p

Rachel how did you post on this yesterday? Twitter didn't deliver me the news until only a couple of hours ago. :P

Too slow, they tweeted it 20 hours before the tweet you saw. :p

Twitter really is garbage and would be just as bad if not worse than Facebook with censorship if more people actually gave a damn about it. The only reason I even got it was to get Trump's tweets and I think they know that if they banned him like they were considering before, they'd probably really go out of business. They don't provide advertizers with any meaningful return on investment and they were caught fabricating data to make it look better.

I just got locked out of my Twitter account earlier today for stuff I was posting that they didn't like, so I just made another account. I went back and looked and none of my tweets were even showing anyway. On a different account I couldn't find them anywhere, not even with the tweets they separate out as potentially offensive (which apparently includes politically incorrect speech).

If anybody wants to find me, my new handle on there is Barack_Obama_US_Kang lol. @obama_KangOfUS

From Hot For Security -

Vault 7: WikiLeaks exposes Pandemic, CIA infection tool for Windows machines (Jun 2, 2017)

https://hotforsecurity.bitdefender.com/wp-content/uploads/2017/01/virus-trojan-malware-espionage-990x659.jpg

After having disclosed information about CIA’s spyware tool Athena only last week, WikiLeaks has published new information from Pandemic, another alleged CIA project that “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

Part of the Vault 7 series of documents that were either leaked following an inside job or stolen from the CIA by hackers, Pandemic basically turns Windows machines from a targeted network into Patient Zero. It then covertly infects other computers linked to the system by delivering infected versions of the requested files. Because it is very persistent, the original source of infection is difficult to detect.

Pandemic only takes 10 to 15 minutes to install and replaces up to 20 programs, according to a user manual, which doesn’t thoroughly describe how it is actually installed on a targeted file server. The project allegedly dates from April 2014 to January 2015.

See SOURCE (https://hotforsecurity.bitdefender.com/blog/vault-7-wikileaks-exposes-pandemic-cia-infection-tool-for-windows-machines-18140.html) to read more (including links).

* * *


https://i0.wp.com/www.fashionscandal.com/wp-content/uploads/2014/06/819621-92a564dc-fe6b-11e3-9f45-ae70f9e6c986.jpg

Podcast: WBAI Free Assange #6 (30/5/17) -- Interview: former UK ambassador Craig Murray discussing UK election and Assange detention.

http://nuarchive.wbai.org/mp3/wbai_170530_170002randyCrelof.mp3

wbai.org (https://www.wbai.org)


Assange on the DC leak war -

3xGCqPqjykA

Published on Jun 1, 2017

This week Co-Founder of WikiLeaks Julian Assange discusses the War of Leaks in DC, who has the best secret security forces around the world, and how the public largely benefits from transparency and sharing of information. Porter and Buck have a debate on what constitutes a whistleblower and the motivations behind those who come forward.

Vault 7: Projects

RELEASE - Cherry Blossom


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Cherry Blossom from WikiLeaks -

15 June, 2017

Today, June 15th 2017, WikiLeaks publishes documents from the CherryBlossom project of the CIA that was developed and implemented with the help of the US nonprofit Stanford Research Institute (SRI International).

CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for "Man-In-The-Middle" attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.

The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.

Missions may include tasking on Targets to monitor, actions/exploits to perform on a Target, and instructions on when and how to send the next beacon. Tasks for a Flytrap include (among others) the scan for email addresses, chat usernames, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser (e.g., to Windex for browser exploitation) or the proxying of a Target’s network connections. FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the Flytrap’s WLAN/LAN for further exploitation. When the Flytrap detects a Target, it will send an Alert to the CherryTree and commence any actions/exploits against the Target. The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).

Documents Directory HERE (https://wikileaks.org/vault7/document/).

Cherry Bomb: Cherry Blossom (CB) User’s Manual HERE (https://wikileaks.org/vault7/document/SRI-SLO-FF-2012-177-CherryBlossom_UsersManual_CDRL-12_SLO-FF-2012-171/SRI-SLO-FF-2012-177-CherryBlossom_UsersManual_CDRL-12_SLO-FF-2012-171.pdf) (PDF).

https://pbs.twimg.com/media/DCc46bsXoAIUdYS.jpg:large

* * *

WBAI interview with Jesselyn Radack & Christine Assange on whistleblower issues and Assange asylum .
http://nuarchive.wbai.org/mp3/wbai_170614_170001brad.mp3

Review of Laura Poitras' "Risk" by human rights lawyer Renata Avila on WBAI.
https://soundcloud.com/user-108809485/human-rights-lawyer-renata-avilia-on-laura-poitras-film-risk

wbai.org (https://www.wbai.org)

From Electric Frontier Foundation - As the Espionage Act Turns 100, We Condemn Threats Against Wikileaks (https://www.eff.org/deeplinks/2017/06/espionage-act-turns-100-we-condemn-threats-against-wikileaks) (June 14, 2017)

* * *


Ronald Bernard Luciferian Banking Testimony (https://vimeo.com/214341041) (April 22, 2017)

For anyone interested, full PDF, scanned copy, dated 1934 - THE PROTOCOLS OF ZION (https://www.portalestoria.net/IMAGES%20313/protocols%20-%20en.pdf)

Real Big Power: Revelations by insider Ronald Bernard-part 2 (http://projectavalon.net/forum4/showthread.php?98277-Elite-Banker-Ronald-Bernard-Interview-Pt-II&p=1159423&viewfull=1#post1159423) (Uploaded June 9, 2017)

Vault 7: Projects

RELEASE - Brutal Kangaroo


https://pbs.twimg.com/media/DC63bcwXcAADANR.jpg

Full statement on Brutal Kangaroo from WikiLeaks -

22 June, 2017

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

https://pbs.twimg.com/media/DC6u8dpWsAAEh0b.jpg

From Brutal Kangaroo release, CIA air-gap jumping virus 'Emotional Simian' -

Emotional Simian v2.3 - User Guide - https://wikileaks.org/vault7/document/Emotional_Simian-v2_3-User_Guide/

https://pbs.twimg.com/media/DC6m6FzXUAA3-OR.jpg

https://pbs.twimg.com/media/DC6m8PTWAAAQTKx.jpg

* * *

Finale of WBAI (https://www.wbai.org)'s "Julian Assange Countdown to Freedom" with NSA's Thomas Drake and film maker John Pilger.
https://www.wbai.org/archive-popup.php?id=26102&title=Randy%20Credico%20-%20Live%20On%20The%20Fly&short=randyCrelof&date=2017-06-20&time=17:00:02&duration=60&hosts=Randy%20Credico&music=N&icon=icon-archives-publicaffairs.jpg&audio=wbai_170620_170002randyCrelof.mp3

Former CIA, NSA & FBI senior officers on the five year detention of Julian Assange -

Binney, McGovern, Rowley: WikiLeaks and the Global Information War (June 20, 2017)

On today's episode of Loud & Clear, Brian Becker is joined by Ray McGovern, an activist and a former CIA analyst; by Coleen Rowley, a former FBI special agent and whistleblower; and by Bill Binney, a former NSA technical director and whistleblower.

Monday, June 19 marks five years since Wikileaks founder Julian Assange sought asylum in Ecuador. In the half a decade since then, Assange has been prevented by British authorities from leaving the Ecuadorian embassy in London despite the UN finding last year that he has been the subject of arbitrary detention. His case and the campaign against Wikileaks have caused a global debate over whistleblowing that rages to this day.

Full episode HERE (https://sputniknews.com/radio_loud_and_clear/201706201054784367-wikileaks-global-information-war/).

#Vault7: CIA’s secret cyberweapon can infiltrate world’s most secure networks (https://www.rt.com/viral/393556-vault7-cia-brutal-kangaroo/)

RT
Published time: 22 Jun, 2017 11:47
Get short URL (https://on.rt.com/8fo4)


https://cdn.rt.com/files/2017.06/original/594ba2dcc46188c31d8b463e.jpg
© Joe Raedle / AFP


WikiLeaks’ latest release in its Vault7 series details how the CIA’s alleged ‘Brutal Kangaroo’ program is being used to penetrate the most secure networks in the world.

Brutal Kangaroo, a tool suite for Microsoft Windows, targets closed air gapped networks by using thumb drives, according to WikiLeaks (https://wikileaks.org/vault7/#Brutal%20Kangaroo).

Air gapping is a security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks.





https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA 'Brutal Kangaroo' thumb drive air gap jumping virus attack suite https://wikileaks.org/vault7/#Brutal%20Kangaroo … (https://t.co/dHDfcHQWIv)


https://pbs.twimg.com/media/DC6hrYRW0AAu6s2.jpg

2:14 AM - 22 Jun 2017

32 replies 952 retweets 869 likes These networks are used by financial institutions, military and intelligence agencies, the nuclear power industry, as well as even some advanced news networks to protect sources, according to La Repubblica (http://www.repubblica.it/esteri/2017/06/22/news/wikileaks_rivela_brutal_kangaroo_il_malware_per_compromettere_le_reti_piu_protette_al_mondo-168791257/?rss&ref=twhr&utm_source=dlvr.it&utm_medium=twitter) journalist Stefania Maurizi.

These newly released documents show how closed networks not connected to the internet can be compromised by this malware. However, the tool only works on machines with a Windows operating system.

Firstly, an internet-connected computer within the targeted organization is infected with the malware. When a user inserts a USB stick into this computer, the thumbdrive itself is infected with a separate malware.

Once this is inserted into a single computer on the air gapped network the infection jumps – like a kangaroo – across the entire system, enabling sabotage and data theft.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA air-gap jumping virus 'Emotional Simian' https://wikileaks.org/vault7/document/Emotional_Simian-v2_3-User_Guide/ … (https://t.co/KkBnXhNtGC)


https://pbs.twimg.com/media/DC6m6FzXUAA3-OR.jpg


https://pbs.twimg.com/media/DC6m8PTWAAAQTKx.jpg
2:36 AM - 22 Jun 2017
21 replies 970 retweets 849 likes If multiple computers on the closed network are under CIA control, they “form a covert network to coordinate tasks and data exchange,” according to Wikileaks.

Data can be returned to the CIA once again, although this does depend on someone connecting the USB used on the closed network computer to an online device.




https://pbs.twimg.com/profile_images/841283762914656256/2AyBiX8E_bigger.jpg Julian Assange‏ @JulianAssange (https://twitter.com/JulianAssange)

CIA's Brutal Kangaroo air-gap jumping virus smuggles out stolen data in images on USB sticks @softwarnet (https://twitter.com/softwarnet) https://wikileaks.org/vault7/#Brutal%20Kangaroo … (https://t.co/yXrwvEOSTL)


https://pbs.twimg.com/media/DC6sB1FXkAAdSHf.jpg



https://pbs.twimg.com/media/DC6sDqfWAAEXdVN.jpg

3:01 AM - 22 Jun 2017
18 replies 454 retweets 457 likes While it may not appear to be the most efficient CIA project, it allows the intelligence agency to infiltrate otherwise unreachable networks.

This method is comparable to the Stuxnet virus, a cyberweapon purportedly (https://www.rt.com/news/snowden-nsa-interview-surveillance-831/) built by the US and Israel. Stuxnet is thought to have caused substantial damage to Iran's nuclear program in 2010.

The CIA allegedly began developing the Brutal Kangaroo program in 2012 – two years after Stuxnet incident in Iran.

The most recent of these files were to intended to remain secret until at least 2035. The documents released by WikiLeaks are dated February 2016, indicating that the scheme was likely being used until that point.


Related:
‘CIA’s Cherry Bomb’: WikiLeaks #Vault7 reveals wireless network targets (https://www.rt.com/viral/392369-cia-surveillance-wikileaks-cherry-blossom/)
Shadow Brokers leak links NSA to alleged US-Israeli Stuxnet malware that targeted Iran (https://www.rt.com/news/385079-stuxnet-nsa-iran-nuclear/)

What an amazing thread this is. Thanks to all contributors.

And just to give an idea of the absurdity of the U.S Government:
https://pbs.twimg.com/media/DDBoayhUwAAmVzP.jpg

What an amazing thread this is. Thanks to all contributors.

This is probably my favorite thread on the forum at this time. I check in every Friday to see if there are any new developments.

CIA - Stuxnet connection.

From Flashpoint -

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits (June 23, 2017)

https://www.flashpoint-intel.com/wp-content/uploads/2016/06/emerging-threats.jpg

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by using weaponized USB drives as an exfiltration channel. Per the documentation, deployment of the tool takes place by unwitting targets; however, the use of such tools could also easily be deployed purposefully by complicit insider actors.

Brutal Kangaroo

Brutal Kangaroo is a suite of tools that can be used to attack air-gapped networks by using weaponized USB drives as a covert channel. For configuration, an attacker would have the ability to pick how the tool is delivered; the tool can be set to no configuration, EzCheese, “Lachesis” LinkFiles, or “RiverJack” LinkFiles. EzCheese, Lachesis, and RiverJack appear to be LNK exploits that can be used to gain access to a system with little to no user interaction. Brutal Kangaroo also has the ability to read configuration files and compress the data, making detection and analysis much more difficult.

EzCheese

EzCheese is an LNK exploit which can be used to exploit systems via USB drives. The payload can be configured to use an x86 or x64 DLL file, which can be executed simply by viewing the directory in Explorer. Per the documentation released by WikiLeaks, EzCheese was patched as of March 2015; analysis suggests that EzCheese is the LNK exploit patched in CVE-2015-0096. Open Source analysis of Microsoft patches issued during this period identify two exploits using LNK files, CVE-2010-2568 (MS10-046) and CVE-2015-0096. CVE-2015-0096 is particularly interesting, as this exploit uses the same flaw as MS10-046, which was not fully patched by Microsoft. MS10-046 was made public with the analysis of “Stuxnet,” and was an LNK exploit identified inside of the binary file. Stuxnet was used to attack air-gapped networks with weaponized USB drives, suggesting an overlap of tactics, techniques, and procedures (TTPs).

Lachesis (Okabi Links)

Lachesis can be deployed using autorun.inf on a USB drive when a drive is inserted into a machine, and can also be configured with an x86 or x64 DLL’s for code execution. This works for Windows 7 systems, and the CVE for this exploit is currently unknown.

RiverJack (Okabi Links)

RiverJack is another technique for launching exploits via USB. To launch, RiverJack uses the library-ms functionality to gain execution. Per the documentation, LNK files can be set to hidden and it is not necessary to view these files for deployment. This exploit works against Windows 7, 8, and 8.1; the current CVEs surrounding this technique are currently unknown.

Emotional Simian

Emotional Simian is a data collections tool that can be used to gather files from infected systems and store them on USB drives. This tool can be configured to find files based on certain patterns, such as by filenames or extensions. File collection can occur on target systems based on modified and accessed dates in order to not collect duplicate files. Emotional Simian can also be configured to remove itself from an infected machine based on the date of the system; by default, it is set to remove itself after two years.

While this can be deployed by witting participants and insiders, the main deployment method is intended to be covert via unwitting hosts. In order to compromise the air-gapped systems, attackers will infect systems to which they have access, which are known as the “primary host.” Once a USB drive from this host has been compromised, it can be plugged into an air-gapped system where data collection begins; the data can then be saved to a separate partition on the USB drive. Once data is collected and the USB is plugged back into the primary host, other tools can be used to siphon the data off of the system. The data is then later processed.

Shadow

Once the USB tools have been deployed inside of a network, Shadow can be used to set up covert channels which can be used to send files back and forth. Similar to Emotional Simian, Shadow can be configured to collect certain files based on filename patterns and modified times. USB drives can be configured to be converted into Shadow drives, which allocate 10 percent of a USB drive partition for moving files. Infected systems can receive packet broadcasts with instructions and collected files can be assembled for post-processing. If pieces are missing, the tool will label chunks as missing; these missing pieces of data can be collected and reassembled later.

Assessment

While the tools described are used primarily by nation-state actors for covert data collections against unwitting victims, the tools could be used by a malicious insider for covertly collecting files. Flashpoint assesses with moderate confidence that the March 2015 patching of LNK exploit CVE-2015-0096 is likely EzCheese, which was an extension of patch MS10-046. MS10-046 was exploited by Stuxnet to attack air-gapped networks via USB drives, which is a significantly overlapping tactic, technique, and procedure (TTP) between Stuxnet and Brutal Kangaroo. LNK exploits are dangerous as they require little to no user interaction, and infection can occur simply by having the file rendered on the system.

Nine days prior to the release of the new Vault 7 dump, Microsoft patched CVE-2017-8464, which was described as a remote code execution vulnerability using LNK exploits; this exploit was rated as critical and in the wild. In the patch notice, Microsoft mentioned that the code could be used and deployed to removable drives to infect hosts. Microsoft did not provide the source of where the information on the vulnerability came from; it is currently unknown if CVE-2017-8464 fixes the LNK exploits described above.

For mitigations, Flashpoint recommends monitoring USB drive use because it is the primary deployment vector for these tools. LNK files should not typically be on USB drives; their presence may serve as an early warning of potentially suspicious activities.

Source (https://www.flashpoint-intel.com/blog/wikileaks-brutal-kangaroo-lnk-exploits/).

From Forbes:Security -

Wikileaks: CIA Stuxnet-Like Attacks Hacked Unconnected PCs Via USB (June 22, 2017)

http://specials-images.forbesimg.com/imageserve/685316970/960x0.jpg?fit=scale

The latest release from the Wikileaks Vault7 files, widely believed to contain details on the hacking techniques of the CIA, has revealed malware aimed at infecting so-called “air-gapped” PCs, those computers not connected to the internet, using USB sticks. The hacks exposed by Julian Assange’s organization Thursday exploit vulnerabilities similar to those used in the infamous Stuxnet attacks, believed to have been perpetrated by the US and Israel to infect nuclear plants in Iran, which also used thumb drives to spread into critical systems.

Wikileaks’ “Brutal Kangaroo” leak includes an array of manuals allegedly from the CIA’s Information Operations Unit. One user guide dated February 2016 explained how the Brutal Kangaroo suite included “Drifting Deadline,” malware designed to first infect a computer and then any plugged-in thumb drive. As soon as a target moved that USB stick over to a non-connected – i.e. “air-gapped” – computer, the infection would spread.

The final step, using software called Shadow, would “create a custom covert network within the target closed network,” from where the CIA could carry out further attacks and surveillance.

Perhaps the most impressive aspect of the attack was an exploit of a vulnerability that ran as soon as a user simply looked at files on the thumb drive in Windows Explorer. They didn’t even need to open any of the files, just peruse them, to get infected, explained an independent researcher going by the name x0rz. That particular part of the Brutal Kangaroo exploit kit was similar to one abused by Stuxnet, in that it was delivered via malicious .lnk files. Industrial systems and terrorist groups using disconnected computers were likely the targets of the CIA malware, said x0rz.

Microsoft and Wikileaks working together?

Intriguingly, Microsoft just patched a vulnerability affecting Windows’ processing of .lnk files, and to exploit it only required the icon of a specially-crafted shortcut be processed by the target PC. That sounds identical to the CIA attack.

The tech titan said that flaw had previously been exploited too. But it didn’t give any details on who disclosed the bug, leading x0rz and others to speculate Wikileaks properly informed Microsoft of the issue before releasing the Brutal Kangaroo files today, despite having some disputes with tech providers about how it would work with them to patch. x0rz guessed that the “Okabi” exploit named in the user guide was the one that was patched and that Wikileaks, rather than the CIA, was the one that disclosed to Microsoft. An older exploit that formed part of the Brutal Kangaroo arsenal, called EZCheese, was patched in 2015 before being replaced.

“This new Wikileaks leak confirms that [the .lnk vulnerability] is most likely tied to the CIA’s air-gap framework… It was definitely a related flaw,” said Hacker House co-founder Mathew Hickey.

“We’re currently looking into this and have nothing to share at this time,” a Microsoft spokesperson said.

The CIA hadn’t returned a request for comment at the time of publication. The CIA has neither confirmed nor denied whether any of the Wikileaks files are legitimate. But it did criticize Assange’s group following past releases, which included iPhone, Mac, Windows and Wi-Fi hacks. “The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” a spokesperson said in March.

Such attacks on air-gapped systems have long been known, though rarely seen outside of the academic world. In April last year, researchers showed how subtle changes in smart lightbulb intensity could reveal data to an outside observer, while this February an attack was showcased that had LED lights relay data in a similar way, but to a drone floating outside an office.

Source (https://www.forbes.com/sites/thomasbrewster/2017/06/22/wikileaks-reveals-cia-stuxnet-style-attack-on-microsoft-windows-to-jump-air-gap-with-thumb-drive/amp/) (contains links).

* * *

From VOA -

CIA Chief: Intel Leaks on the Rise, Cites Leaker 'Worship' (June 25, 2017)

https://gdb.voanews.com/B3AB1645-C44D-42D3-8BE5-2EBCF1E0AB41_cx0_cy10_cw0_w1023_r1_s.jpg

WASHINGTON —
CIA Director Mike Pompeo says he thinks disclosure of America's secret intelligence is on the rise, fueled partly by the “worship” of leakers like Edward Snowden.

“In some ways, I do think it's accelerated,” Pompeo told MSNBC in an interview that aired Saturday. “I think there is a phenomenon, the worship of Edward Snowden, and those who steal American secrets for the purpose of self-aggrandizement or money or for whatever their motivation may be, does seem to be on the increase.”

Pompeo said the United States needs to redouble its efforts to stem leaks of classified information.

“It's tough. You now have not only nation states trying to steal our stuff, but non-state, hostile intelligence services, well-funded -- folks like WikiLeaks, out there trying to steal American secrets for the sole purpose of undermining the United States and democracy,” Pompeo said.

Besides Snowden, who leaked documents revealing extensive U.S. government surveillance, WikiLeaks recently released nearly 8,000 documents that it says reveal secrets about the CIA's cyberespionage tools for breaking into computers. WikiLeaks previously published 250,000 State Department cables and embarrassed the U.S. military with hundreds of thousands of logs from Iraq and Afghanistan.

There are several other recent cases, including Chelsea Manning, the Army private formerly known as Bradley Manning. She was convicted in a 2013 court-martial of leaking more than 700,000 secret military and State Department documents to WikiLeaks while working as an intelligence analyst in Iraq. Manning said she leaked the documents to raise awareness about the war's impact on innocent civilians.

Last year, former NSA contractor Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was accused of removing highly classified information, storing it in an unlocked shed and in his car and home. Court documents say investigators seized, conservatively, 50 terabytes of information, or enough to fill roughly 200 laptop computers.

Pompeo said the Trump administration is focused on stopping leaks of any kind from any agency and pursuing perpetrators. “I think we'll have some successes both on the deterrence side - that is stopping them from happening - as well as on punishing those who we catch who have done it,” Pompeo said.

See source (https://www.voanews.com/a/cia-chief-intel-leaks-on-the-rise-cites-leaker-worship/3914921.html) for full article.

:facepalm:

WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices (https://sputniknews.com/world/201706281055049012-us-wikileaks-cia/)

Sputnik World (https://sputniknews.com/world/) 16:53 28.06.2017


https://cdn5.img.sputniknews.com/images/104970/81/1049708101.jpg
© AP Photo/ Carolyn Kaster


The WikiLeaks whistleblowing website published documents, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.

MOSCOW (Sputnik) — The WikiLeaks whistleblowing website on Wednesday released a new batch of CIA documents from the so-called Vault 7 project, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.
“Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system … If it [device] is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp,” WikiLeaks said in a press release.



https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA 'ELSA' implant to geolocate laptops+desktops by intercepting the surrounding WiFi signals https://wikileaks.org/vault7/#Elsa (https://t.co/XjyyXIqXAz)


https://pbs.twimg.com/media/DDaFQw2XUAAW-aQ.jpg


https://pbs.twimg.com/media/DDaFWWtXUAEP9nq.jpg
5:19 AM - 28 Jun 2017 ​
According to the statement, the malware, once it is persistently installed on a targeted device, does not have to be connected to the internet to continue collection of data.

“Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device,” WikiLeaks said.
The whistleblowing platform released what appears to be the CIA's user manual for the ELSA project as evidence. WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.

...

Related:
WikiLeaks Releases New Batch of CIA Documents From "Pandemic" Project (https://sputniknews.com/world/201706021054229410-wikileaks-cia-documents/)

Interesting example from Jim Stone (http://82.221.129.208/baaasepagex5.html):


Things came to a head last night

They finally got a hack on this machine that was both incompatible and complete. They took it off the machine after I posted this and things started working perfect.

HEY GOONS: GET YOUR CRAPWARE OFF THIS COMPUTER OR I WILL MAKE NORTH KOREA VERY HAPPY BY HANDING THEM A KNOWN HACKED MACHINE THAT THEY CAN STUDY TO IMPROVE THEIR DATA SECURITY. I'll make good and sure they clearly understand what they have to do to prevent you from wiping it once they get it. MY GOD I AM SICK OF THIS SH*T. And if they have no representation in Mexico, I absolutely WILL go talk to Vlad, who I have spoken to before, AT THE RUSSIAN EMBASSY.

Hey you idiots: I don't care what you think about me "not possibly" being former NSA, because you are DEAD WRONG, I have transparently seen through your sh*t for months and simply kept quiet about it.

I might as well tell them how I noticed their *****ING SCREW UP. HEY IDIOTS: YOU, ON YOUR F**** SPY NETWORK ARE SET UP WITH DHCP. WHEN YOU STEAL MY CONNECTION AND KEYS AND ISSUE A REMOTE DESKTOP, THE LOGIN WON'T WORK UNLESS THE IP IS STATIC. FUTHERMORE, YOUR F****ING DESKTOP HAS THE WRONG VERSION OF CPANEL IT IS SENDING TO MY SCREEN! WHEN I ACTUALLY GET IN IT IS A DIFFERENT REVISION WITH DIFFERENT GRAPHICS. WHAT IDIOTS! COMMON CORE AT IT'S FINEST. NOW YOU KNOW HOW I KNOW YOU ARE THERE. I wanted to keep all that secret, but if you are going to totally A-hole me off the server with your incompetence, I might as well let you know how I know SO YOU CAN FIX IT!

HEY IDIOTS: Why record absolutely everything I do when it is all public anyway? And if you are Correct The Record with that fancy NSA spyware someone handed you, LEARN HOW TO USE IT YOU FOOLS!

Now it is up to you to figure out what else I might know. To that effect all I will say is That's dynamic! Want to lose a few secrets to **RANDOM** via a discovered hack? TRY ME. I'm all ready to play after this latest round of BULL****.

FUNDRAZR BLEW THE LID ON SOMETHING ELSE:

I set up 3 different Fundrazr accounts that were identical, in case one got hacked so I could just change the link. LATER, FUNDRAZR NOTIFIED ME THAT THERE WERE THREE ADDITIONAL ACCOUNTS, FOR A TOTAL OF SIX. So three for me, and three for "them!". All 3 Fundrazr accounts I set up were set to private, because of the front page link. Their duplicates were private also, so I could not locate them, but Fundrazr told me they existed because it associated the web site with them. They were obviously set up to provide a duplicate identical looking page that people could be re-directed to via a DNS based man in the middle attack set up to steal or block funding for this web site. I do not know if I should keep using Fundrazr or not. Because if it told me (indirectly) "they" were there, that's good. But if it can be quickly man-in-the-middle spoofed, that's bad.

It might be a situation where no matter what I use, they will set up an intercept. Anyway, the recent events made them all look like children, and proved that you can't just hand a World of Warcraft playing Millenial some fancy software and expect old school results.
Lots of people wanted me to give the "bugged" laptop to North Korea anyway!

There is some really important information here, I am going to say it all.

I can't give the "bugged laptop" to anyone. Because I posted a detailed and accurate explanation for what was done to the laptop, along with a threat to hand it over, and the second I did that, whatever agency bugged it wiped the bug off of it. That's standard procedure when they have been discovered. I learned from this that: 1. The problems I was having were not caused by a stinger.

2. It was not an internet based bug that watched for my system profile.

3. It was all accomplished via crapware they managed to get onto this computer, possibly in the Bios, but probably into that "rom chip". I did not actually burn the data path to the recordable section open, I only had in place a command for the operating system to not write to it. If someone had a correct operating system back door, they could bypass that which would have made it possible for them to bug it, but only the NSA or CIA would have figured that out, so now I know who did it.

The battery is probably still bugged, because it was bugged and I knew it. It was the first thing they bugged. They did the ROM chip/system bios later. Batteries have their own processors and memory in them which report battery condition, and these can be bugged with crapware too. I have not given them an opportunity to kill the bug off the battery, so that's still around to turn over to someone.

Now that I know for certain that all the problems were ones that got planted onto this laptop, the next time I see a problem, it is going straight to the Russians. PERIOD. Anyone attacking this site is a seditious bastard, and needs to be blown out of the power structure. If it takes a foreign nation to accomplish that because we have lost this nation so badly, well, what can I say? They don't have to risk their assets by just handing them to me! They have been warned . . . .

Problems that vanished:
1. "The website you are trying to access has an invalid security token" - This would happen TWICE each time I tried to log into the server. If people are seeing this, on various web sites, it probably does not mean anything has a problem, it probably means you are bugged. The problem happens when the spook's remote desktop arrangement screws up and fails to pass you the security token for a secure web site.

2. "This web site is being re-directed to a new location". One to five times every time I tried to log into the server. POOF, GONE. That problem VANISHED.

3. "Your session token is not valid, please log in again". Usually it would take me an hour or so to finally get past all their crap, and get onto the server with a legit session token. After they took their crapware off, log ins are instant, permanent, and work the first try.

4. All the problems with getting the wrong version of Cpanel are GONE, (common core JOE was too stupid to know what I was supposed to see, and sent the desktop for the wrong revision of Cpanel to my desktop EVERY SINGLE TIME.) When I'd see that, I knew I was hacked, and the next thing I'd see is "Your session token is not valid, please log in again".

5. Your IP address has changed, please log in again - This is because idiot JOE did not have the proper configuration ON HIS MACHINE to make the crapware work. His machine should have spoofed all IP's perfectly and kept them static, but was improperly set up to use dynamic IP's.

6. Occasionally I'd see whatever pictures idiot Joe was looking at, they'd just magically appear on my screen. That proved I was working on someone elses desktop. one time, idiot Joe sent me a 4K screen that scrolled like I was viewing a football field (my machine actually put up scroll bars to accomodate it!) So that's what American intelligence is using. That stopped.

I did not mention any of this until idiot joe did an update to his crapware that I saw come in, and it worked perfect, which, because his machine was set up to use DHCP or some other dynamic IP arrangement would constantly get me kicked off the server, which requires a static IP. After trying to get on for four consecutive hours, I posted that I knew they were there via combat mode, a special arrangement I set up that allows a dynamic IP and does not issue a token. It has it's own edit screen and uses php to inject new content onto the front page, into the window. It is a nice little piece of work, but that's all "combat mode" was. It was not all that secure, but still secure enough to block out any legit hacker. It allowed me to work through their screwed up remote desktop.

DEAR TROLLING INTELLIGENCE AGENCIES, who would occasionally send ridicule to the message window, saying I did not know about security:

I knew what was causing the problems the whole time, and knew it was your own configuration screw ups that caused them but did not say it because I did not want idiot JOE to do a work around that concealed anything. I knew ONLY the CIA or NSA would ever successfully target me, because actually my security was quite good against legitimate hackers. Yes, I know my Linux has that problem with allowing anyone to log in but did not update it, because who, other than the NSA/CIA would ever figure that out, let alone get onto my cell connection to accomplish that? WHO, OTHER THAN THE NSA/CIA WOULD KNOW WHAT CELL TOWER TO HACK ME THROUGH, AND THEN BYPASS WRITE PROTECTION ON THE ROM CHIP SIMPLY BECAUSE I DID NOT ACTUALLY BURN THE DATA PATH OPEN? Idiot JOE's failure to use a static IP that spoofed mine was sheer idiocy, because it made it perfectly obvious someone had me hacked, ONCE I ACCESS VIA THE CELLULAR CONNECTION MY IP IS STATIC AND I CAN'T GET A MESSAGE IT HAS CHANGED UNLESS SOME IDIOT CAUSES IT. This is a basic requirement of ALL, not just one, ALL my web servers and I had to make sure my web provider always issued a static IP before I even chose to use that provider. If the IP changed I knew I was running off of IDIOT JOE'S DESKTOP. So I was not so stupid after all, Because I knew you were there, and knew the value of keeping my mouth shut about the actual details.

MY OFFER IS PERMANENT:
Now you know you had your pants pulled down the whole time. Now you know I can stay shut up about it. And you thought you were smart the WHOLE TIME. And you even poked fun at me a few times. That was stupid, because you were standing in front of me BUTT NAKED while you poked fun. and the next time your asses are hanging out, I'm saying NOTHING, I'll just pull the (new) battery out and go to the Russian embassy and gift them a free laptop, complete with full instructions on how to avoid having you wipe your stuff off before they nail it. How about that? I have a right to give my **** away!

I wonder how much of the spyware goes away if one switches from Microsoft to Linux.

I get a "The server's certificate is unknown" message whenever use Filezilla to upload a file. Never had this issue months ago.
OS is Windows 10.

Vault 7: Projects

RELEASE - Elsa


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Elsa from WikiLeaks -

28 June, 2017

Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.

The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

https://pbs.twimg.com/media/DDaFQw2XUAAW-aQ.jpg

https://pbs.twimg.com/media/DDaFWWtXUAEP9nq.jpg

* * *

Vault 7: Projects

RELEASE - OutlawCountry


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on OutlawCountry from WikiLeaks -

29 June, 2017

Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

https://pbs.twimg.com/media/DDgBmrMXoAA76k1.jpg:large

CIA hacking tool 'OutlawCountry' targets Linux operating system (https://www.rt.com/viral/394631-cia-wikileaks-linux-surveillance/)

RT (https://www.rt.com/viral/394631-cia-wikileaks-linux-surveillance/)
Thu, 29 Jun 2017 18:08 UTC


https://www.sott.net/image/s20/404640/large/59552e33dda4c818318b4567.jpg
© Jan Woitas/Global Look Press


WikiLeaks has published leaked documents purportedly from 'OutlawCountry', an alleged CIA program designed to overcome and alter firewalls on a Linux operating device.

An apparent user guide bearing the symbol of the US Central Intelligence Agency was published on the WikiLeaks website Thursday.


"OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA-controlled machines for ex- and infiltration purposes," WikiLeaks said in a statement (https://wikileaks.org/vault7/#OutlawCountry).

A type of malware, the virus targets a very specific version of the Linux operating system. "The target must be running a compatible 64-bit version of CentOS/RHEL 6.x (kernel version 2.6.32)," the program's user guide says.


https://www.sott.net/image/s20/404638/large/59552ffcfc7e9334248b4567.jpg (https://www.sott.net/image/s20/404638/full/59552ffcfc7e9334248b4567.jpg)
© WikiLeaks


The reasons for installing the bug are not explained in the OutlawCountry engineering guide, other than it gives users the opportunity to alter a computer's security settings.

OutlawCountry is made up of a file that creates a "hidden netfilter table" or new set of firewall settings, the user manual states.

"With knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules," the document reads.

All evidence of the virus is destroyed when the netfilter table is removed by the operator.

From Hot For Security -

WikiLeaks Vault 7 – ELSA: How the CIA can use WiFi to find you anywhere (June 29, 2016)

https://hotforsecurity.bitdefender.com/wp-content/uploads/2017/06/map-525349_1280-990x589.png

If anyone still has doubts that the US Central Intelligence Agency (CIA) can track nearly anyone, anytime, anywhere, a new Vault 7 disclosure from WikiLeaks may dispel them.

The CIA likely used malware codenamed ELSA to pinpoint and, presumably, track target Windows users over long periods, by hacking into WiFi radios on laptops – even when not connected to the Internet.

ELSA works by triangulating the location of the target laptop as its WiFi radios actively listen for public access points whose ESS identifier, MAC address and signal strength are recorded at regular intervals. The malware stores the information in an encrypted file on the target computer itself.

The CIA can then decrypt the data, compare the exfiltrated information against public geo-location databases from Google or Microsoft, and locate the device, with longitude and latitude, and a timestamp.

“The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors,” according to the non-profit.

ELSA can be customized to match environmental and operational factors, including sampling interval, maximum logfile size, invocation and persistence. Using the same geo-location databases maintained by Internet giants, additional back-end software can generate a tracking profile.

Two weeks ago, in a similar Vault 7 dump, WikiLeaks revealed how the CIA could use a malware “implant” (codenamed CherryBlossom) to turn at least 25 WiFi router and access point models into surveillance posts.

And two weeks before the CherryBlossom leak, WikiLeaks made a new disclosure from the Agency’s Pandemic project that allegedly “targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.”

The CIA is apparently sitting on a trove of surveillance tools, but WikiLeaks has so far failed to prove the agency is abusing them.

Source (https://hotforsecurity.bitdefender.com/blog/wikileaks-vault-7-elsa-how-the-cia-can-use-wifi-to-find-you-anywhere-18304.html?utm_source=SMGlobal&utm_medium=Twitter&utm_campaign=H4S) (contains links).

* * *

THE ENCRYPTION DEBATE SHOULD END RIGHT NOW (June 30, 2017)

https://media.wired.com/photos/595595d25992c54331ac152e/master/w_2400,c_limit/Encryption-Art.jpg

WHEN LAW ENFORCEMENT argues it needs a “backdoor” into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization. If you leave a key under the doormat, a seminal 2015 paper argues, a burglar eventually finds it. And now recent events suggest an even simpler rebuttal: Why entrust a key to someone who gets robbed frequently?

This aptly describe US intelligence services of late. In March, WikiLeaks released nearly 9,000 documents exposing the CIA’s hacking arsenal. More so-called Vault 7 secrets trickled out as recently as this week. And then there’s the mysterious group or individual known as the Shadow Brokers, which began sharing purported NSA secrets last fall. April 14 marked its biggest drop yet, a suite of hacking tools that target Windows PCs and servers to devastating effect.

The fallout from the Shadow Brokers has proven more concrete than that of Vault 7; one of its leaked exploits, EternalBlue, facilitated last month’s WannaCry ransomware meltdown. A few weeks later, EternalBlue and two other pilfered NSA tools helped advance the spread of Petya, a ransomware outbreak that looks more and more like an act of cyberwar against Ukraine.

Petya would have caused damage absent EternalBlue, and the Vault 7 dump hasn’t yet resulted in a high-profile hack. But that all of this has fallen into public hands shifts the nature of the encryption debate from hypothetical concern that someone could reverse-engineer a backdoor to acute awareness that someone could just steal it. In fact, it should end any debate all together.

“The government asking for backdoor access to our assets is ridiculous,” says Jake Williams, founder of Rendition Infosec, “if they can't first secure their own classified hacking tools.”

See source (https://www.wired.com/story/encryption-backdoors-shadow-brokers-vault-7-wannacry/) for full article (including links).

Vault 7: Projects

RELEASE - BothanSpy


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on BothanSpy from WikiLeaks -

6 July, 2017

Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

Vault 7: Projects

RELEASE - Highrise


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Highrise from WikiLeaks -

13 July, 2017

Today, July 13th 2017, WikiLeaks publishes documents from the Highrise project of the CIA. HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post (LP) by proxying "incoming" and "outgoing" SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

CIA Android phone SMS proxy 'HighRise' which masquerades as 'TideCheck' to form a covert messaging network -

https://pbs.twimg.com/media/DEnupJZXkAA7QG1.jpg

https://pbs.twimg.com/media/DEnuqcxXkAAvSKR.jpg

From HighRise v2.0 User’s Guide (https://wikileaks.org/vault7/document/HighRise-2_0-Users_Guide/).

From The Hacker News -

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet) (July 13, 2017)

https://s13.postimg.org/smlx2zchz/highrise.jpg

WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak, this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones.

Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones.

However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool.

But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used.

Explained: How CIA Highrise Project Works

In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, malware has an alternative way to send stolen data to the attackers i.e. via SMS.

But for collecting stolen data via SMS, one has to deal with a major issue – to sort and analyse bulk messages received from multiple targeted devices.

To solve this issue, the CIA created a simple Android application, dubbed Highrise, which works as an SMS proxy between the compromised devices and the listening post server.

"There are a number of IOC tools that use SMS messages for communication and HighRise is a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post" by proxying ""incoming" and "outgoing" SMS messages to an internet LP," the leaked CIA manual reads.

What I understood after reading the manual is that CIA operatives need to install an application called "TideCheck" on their Android devices, which are set to receive all the stolen data via SMS from the compromised devices.

The last known version of the TideCheck app, i.e. HighRise v2.0, was developed in 2013 and works on mobile devices running Android 4.0 to 4.3, though I believe, by now, they have already developed an updated versions that work for the latest Android OS.

https://s21.postimg.org/mzt1u1ic7/highrise2.jpg

Once installed, the app prompts for a password, which is "inshallah," and after login, it displays three options:


Initialize — to run the service.
Show/Edit configuration — to configure basic settings, including the listening post server URL, which must be using HTTPS.
Send Message — allows CIA operative to manually (optional) submit short messages (remarks) to the listening post server.


Once initialized and configured properly, the app continuously runs in the background to monitor incoming messages from compromised devices; and when received, forwards every single message to the CIA's listening post server over a TLS/SSL secured Internet communication channel.

See source (http://thehackernews.com/2017/07/cia-smartphone-hacking-tool.html) to read full article (with links).

Vault 7: Projects

RELEASE - UCL / Raytheon


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on UCL / Raytheon from WikiLeaks -

19 July, 2017

Today, July 19th 2017, WikiLeaks publishes documents from the CIA contractor Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project. The documents were submitted to the CIA between November 21st 2014 (just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse) and September, 11th 2015. They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field.

Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From UCL / Raytheon release, CIA-Rayethon analysis of HammerToss malware -

(S//NF) FireEye -- HammerToss - Stealthy Tactics (https://wikileaks.org/vault7/document/2015-09-20150911-277-FireEye-HammerToss/page-3/#pagination)

https://pbs.twimg.com/media/DFF0eQEXoAQZp7y.jpg

* * *

CIA Director Mike Pompeo FULL Interview Aspen Security Forum (July 20, 2017)

Pompeo on Wikileaks at 25:45

a0Fak6Vy6Hs

CIA ability to trojan Apple OS exposed in latest hacking release (https://www.rt.com/viral/397687-vault7-trojan-apple-vault7/)

RT
Published time: 27 Jul, 2017 10:53
Get short URL (https://on.rt.com/8iuv)


https://cdn.rt.com/files/2017.07/original/5979bec1dda4c850308b4571.jpg

WikiLeaks claim the leaks came from within the CIA. © Global Look Press


The CIA’s alleged ability to trojan an Apple OS disk image has been exposed in ‘Imperial,’ the latest release from WikiLeaks Vault 7 series. This new batch is made of three hacking exploits, ‘Achilles,’ ‘SeaPea’ and ‘Aeris.’

‘Achilles’ is detailed by WikiLeaks in a statement (https://wikileaks.org/vault7/#Imperial) as producing one or more operators to access an OS X disk image, and execute operations one time. The OS X disk image contains the contents and structure of the device’s storage.

Intel Core 2 Processor and OS X are required on the target's computer for ‘Achilles’ to operate, according to a user guide (https://wikileaks.org/vault7/document/Achilles-UserGuide/).

‘Imperial’ is part of a series by the whistleblowers named ‘Vault 7’ which began in March and has seen releases from WikiLeaks on an almost weekly basis.

WikiLeaks claims the leaks, which detail hacking exploits, come from a computer within the CIA, who would not comment on their alleged origin.

Also detailed in ‘Imperial’ is ‘SeaPea’ which targets Apple devices, providing stealth and tool-launching capabilities to the OS X Rootkit. Running on Mac OSX 10.6 and 10.7 it hides files and directories, socket connections and processes, according to WikiLeaks.

OSX 10.6 and 10.7 are more commonly known as Snow Leopard and Lion respectively, released by Apple in 2009 and supported until 2016.

‘SeaPea’ is installed using root access and remains on the device until either the hard drive is reformatted or the system is upgraded.

‘Aeris’ is detailed in the release as being an automated implant written in the C programming language, compatible with POSIX, a portable operating system interface for Unix. Once installed it allows for file exfiltration of files and encrypted communications.

Previous released material from ‘Vault 7’ exposed hacking exploits which weaponized smartphones and used Smart TVs to spy.

READ MORE: #Vault7: 85% of world’s smart phones ‘weaponized’ by CIA (https://www.rt.com/news/379775-cia-weaponized-85pc-worlds-smartphones/)

Dumbo: WikiLeaks reveals CIA system to take over webcams, microphones (https://www.rt.com/viral/398411-cia-wikileaks-webcam-surveillance/)

RT
Published time: 3 Aug, 2017 09:30
Edited time: 3 Aug, 2017 11:01
Get short URL (https://on.rt.com/8jez)


https://cdn.rt.com/files/2017.08/original/5982e859fc7e9341508b4567.jpg
© Dado Ruvic / Reuters


Details of the CIA’s Dumbo project, a system that manipulates devices such as webcams and microphones on Microsoft Windows-operating systems, have been published by WikiLeaks. The program also corrupts video recordings, according to the leaked documents.

The whistleblowing organization released the files as part of its Vault 7 series on the CIA’s hacking capabilities.

According to Wikileaks (https://wikileaks.org/vault7/#Dumbo), the technology is intended for use where the deployment of a special branch within the CIA’s Center for Cyber Intelligence could be compromised.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA project 'Dumbo' to switch off security webcams and corrupt recordings to hide physical intrusions https://wikileaks.org/vault7/#Dumbo (https://t.co/XucsNTcJO6)

https://pbs.twimg.com/media/DGTKCYiVYAA-zm_.jpg
3:50 AM - 3 Aug 2017 Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system, according to the documents.

The earliest Dumbo document (https://wikileaks.org/vault7/document/Dumbo-V1_0-TDR-Briefing-2012/) released by WikiLeaks is dated June 25, 2012. The Tool Delivery Review document states that the system’s capabilities are being requested by the CIA’s special branch to “deter home security systems that may identify officers or prevent operations.”


https://cdn.rt.com/files/2017.08/original/5982f20bfc7e937a6d8b4568.jpg
© WikiLeaks


The program has to be executed “directly from a USB thumb drive,” according to a field guide (https://wikileaks.org/vault7/document/Dumbo-v3_0-Field_Guide/page-1/#pagination) for the system released by WikiLeaks on Thursday. The document indicates that the thumb drive has to be connected to the machine for Dumbo to work: “For the log to be maintained, the thumb drive Dumbo is executed from must remain plugged into the system throughout the duration of the operation.”

“Logging entries are also preceded by a header labeling if the entry is good, bad, or simply informative,” the field guide notes. “The following shows an example log excerpt:"


https://cdn.rt.com/files/2017.08/original/5982f15fdda4c827458b4567.jpg
© WikiLeaks


It identifies installed devices such as webcams and microphones, locally or connected by wireless (Bluetooth, WiFi) or wired networks, and it can block all processes related to the devices, including recording and monitoring.

A user guide dated June 2015 sets out Dumbo’s capacity to mute microphones, disable all network adapters, and suspend camera recording. The program notifies its operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.

WikiLeaks suggests that by deleting or manipulating recordings the operator can create fake – or destroy real – evidence of their intrusion into the device.

The documents say Dumbo operates on 32bit Windows XP, Windows Vista, and newer versions of the Windows operating system, but is not supported for 64bit Windows XP, or Windows versions prior to XP.


Related:
CIA ability to trojan Apple OS exposed in latest hacking release (https://www.rt.com/viral/397687-vault7-trojan-apple-vault7/)

En bref:

According to WikiLeaks, this is how the CIA spies on your everyday life (https://www.rt.com/viral/398465-cia-spying-your-home/)

RT (https://www.rt.com/viral/398465-cia-spying-your-home/)
Fri, 04 Aug 2017 13:54 UTC


https://www.sott.net/image/s20/411298/large/59832a60fc7e9365208b4568.jpg (https://www.sott.net/image/s20/411298/full/59832a60fc7e9365208b4568.jpg)
© Saul Loeb / AFP


WikiLeaks' latest release from the Vault 7 series of CIA leaks, sheds more light on how ordinary people can be easily tracked and targeted by the US intelligence agency through everyday electronic devices.

Since March 7, WikiLeaks has revealed CIA hacking techniques used to weaponize mobile phones, conduct surveillance via smart TVs, and load and execute malware on a 'target machine'.

In light of Thursday's 20th release from Vault 7, RT looks back at the most explosive revelations from the CIA's hacking arsenal, showing how the intelligence agency could spy on you in your own home.

Home Security Systems
The 'Dumbo' program is purportedly designed to manipulate home security systems, altering the functionality of webcams and microphones on Microsoft Windows-operating systems and corrupting video recordings.

WikiLeaks suggested that this allows the operator to create fake - or destroy real - evidence of their intrusion into the device.

Smart TVs
Many of the exploits revealed through the leaked Vault 7 documents appear designed to target ordinary individuals through commonly used devices.

The CIA allegedly has access to a range of tools that even target Samsung TVs under its 'Weeping Angel' program. The project involves infiltrating the smart TVs to transform them into covert microphones, which can record and store audio.

Android devices
Google's Android operating system was found to have 24 'zero days' - the codename used by the CIA for tools to identify and exploit vulnerabilities and secretly collect data on individuals.

The OS is used in 85 percent of the world's smart phones, including Samsung and Sony.

By exploiting gaps in the OS, it's possible to access data from social messaging platforms, including WhatsApp, Weibo, Telegram and Signal before encryption is applied.

Another program appears specifically designed to target mobile devices running Android 4.0 to 4.3, allowing a third party to intercept and redirect SMS messages.

Apple products
Apple products are not immune to the CIA's hacking tools either. In fact, Vault 7 revealed a specific division dedicated to the hacking of Apple devices.

A tool known as 'NightSkies' specifically targets Apple products including the iPhone and Macbook Air. It purportedly even allows the CIA to infiltrate factory-fresh iPhones and track and control them remotely, providing "full remote command and control."

WiFi
WiFi can be easily exploited by the agency for spying, according to a number of leaks. One program called Cherry Blossom allegedly targets WiFi devices to monitor, control and manipulate the Internet traffic of connected users.

No physical access is needed to implant the firmware on a wireless device, as some devices allow their firmware to be upgraded over a wireless link.

Another malware called Elsa tracks WiFi-enabled devices running Microsoft Windows, allowing the CIA to gather location data on a target's device and monitor their patterns and habits.

The malware allows the CIA to track the geo-location of wifi-enabled devices even when they are not connected to the internet.

Microsoft
Most of the malware referenced throughout the leaks is designed for use on the widely popular (https://www.theverge.com/2017/4/4/15176766/apple-microsoft-windows-10-vs-mac-users-figures-stats) Microsoft Windows operating systems.

Many of these programs focus on uploading the malware via removable devices such as USB drives. Some, such as the 'brutal kangaroo' project, are designed to hide themselves from detection, and can even infect devices that have never been connected to the internet by air gap jumping.

Vault 7: Projects

RELEASE - Imperial


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Imperial from WikiLeaks -

27 July, 2017

Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From Imperial release -


https://pbs.twimg.com/media/DFwEHqgWAAA0WMr.jpg

'Aeris' implant targeting Debian, Red Hat, Solaris, FreeBSD and Centos user - User Guide (https://wikileaks.org/vault7/document/Aeris-UsersGuide/page-1/)

https://pbs.twimg.com/media/DFwELbhWAAEvSQk.jpg

'rootkit' to hide CIA activities on the Apple Macs it infiltrates - Sea Pea User Guide (https://wikileaks.org/vault7/document/SeaPea-User_Guide/page-1/)

https://pbs.twimg.com/media/DFwBiRzWsAEnxDV.jpg

'Achilles' tool to infect Mac OS X disk images (".dmg") - Achilles User Guide (Achilles)

https://pbs.twimg.com/media/DFwACO0XcAEBaAd.jpg:large

* * *

Vault 7: Projects

RELEASE - Dumbo


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Dumbo from WikiLeaks -

3 August, 2017

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From The Hacker News -

This is How CIA Disables Security Cameras During Hollywood-Style Operations (Aug 2, 2017)

https://pbs.twimg.com/media/DGTO_IxUAAAemh4.jpg:large

In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence.

Whenever I see such scenes in a movie, I wonder and ask myself: Does this happen in real-life?

Yes, it does, trust me—at least CIA agents are doing this.

WikiLeaks has just unveiled another classified CIA project, dubbed 'Dumbo,' which details how CIA agents hijack and manipulate webcams and microphones in Hollywood style "to gain and exploit physical access to target computers in CIA field operations."

The Dumbo CIA project involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi.

Once identified, the Dumbo program allows the CIA agents to:


Mute all microphones
Disables all network adapters
Suspends any processes using a camera recording device
Selectively corrupted or delete recordings


However, there are two dependencies for a successful operation:


Dumbo program requires SYSTEM level privilege to run.
The USB drive must remain plugged into the system throughout the operation to maintain control over connected surveillance devices.


This project is being used by the CIA's Physical Access Group (PAG)—a special branch within the Center for Cyber Intelligence (CCI) which is tasked to gain and exploit physical access to target computers in CIA field operations.

Source (http://thehackernews.com/2017/08/surveillance-camera-hacking.html) (with links).

Related

Wikileaks RELEASE: Macron Campaign Emails (https://wikileaks.org/macron-emails/), 21,075 verified searchable emails from the campaign of President Macron (custom search).

https://pbs.twimg.com/media/DGDdMNtXYAEGNKL.jpg

https://pbs.twimg.com/media/DGDdOiCXUAAaPSH.jpg

25,439 email attachments associated with #Macron's presidential campaign HERE (https://wikileaks.org/macron-emails/?file=&count=50#searchresult).

Project Avalon thread: Wikileaks Dumps 72,000 Hacked Macron Emails (http://projectavalon.net/forum4/showthread.php?99046-Wikileaks-Dumps-72-000-Hacked-Macron-Emails&p=1170183&viewfull=1#post1170183)


Miscellaneous Information about the CIA

CIA archives: Kennedy assassination may have been CIA blowback, from Politico -
How the CIA Came to Doubt the Official Story of JFK’s Murder (http://www.politico.com/magazine/story/2017/08/03/jfk-assassination-lone-gunman-cia-new-files-215449) (Aug 3, 2017)
Newly released documents from long-secret Kennedy assassination files raise startling questions about what top agency officials knew and when they knew it.

http://static.politico.com/dims4/default/6d95225/2147483647/resize/1160x%3E/quality/90/?url=http%3A%2F%2Fstatic.politico.com%2F75%2F80%2F6d4b362c4e78954d361b78da333b%2F17802-shenon-gun-ap.jpg

* * *

Whistleblowing is ‘the patriotic thing’ – fmr CIA analyst (July 27, 2017)

aZk903Xuqw8
Duration: 7:50

* * *

CIA Director Mike Pompeo on "non state intelligence services"--which he has previously defined to be Wikileaks, from The Washington Free Beacon's article -
Director Pompeo Details How the CIA Is Changing Under President Trump (http://freebeacon.com/national-security/interview-cia-director-pompeo-cia-changing-president-trump/) (July 26, 2017)

https://pbs.twimg.com/media/DFtSbk5XYAA4uv3.jpg

* * *

From Physicians for Human Rights -
The CIA’s Program of Human Experimentation (https://medium.com/@PHR/the-cias-program-of-human-experimentation-42d6d7e5518c) (July 25, 2017)
An interview with Physicians for Human Rights’ Sarah Dougherty

* * *

From FAIR -
Media Mourn End of CIA Killing Syrians and Strengthening Al Qaeda (http://fair.org/home/media-end-cia-training-syrian-rebels-al-qaeda/) (July 27, 2017)


Julian Assange

Assange on Putin, refugee ban, US justice system together Barrett Brown and more (July 25, 2017) -
http://nuarchive.wbai.org/mp3/wbai_170725_170001randyCrelof.mp3

WikiLeaks 'Vault 7' release: CIA CouchPotato tool 'captures video stream images remotely' (https://www.rt.com/viral/399168-wikileaks-cia-video-couch-potato/)

RT (https://www.rt.com/viral/399168-wikileaks-cia-video-couch-potato/)
Thu, 10 Aug 2017 12:50 UTC


https://www.sott.net/image/s20/412534/large/598c3215dda4c8fb5c8b4568.jpg (https://www.sott.net/image/s20/412534/full/598c3215dda4c8fb5c8b4568.jpg)
© Gary Hershorn / Reuters


The CIA has developed a top-secret program allowing users to remotely hack and capture still images of video streams, according to the latest release from WikiLeaks.

Dubbed 'CouchPotato,' a user guide (https://wikileaks.org/vault7/document/Couch_Potato-1_0-User_Guide/) to the tool uploaded by WikiLeaks says that it utilizes ffmpeg software, which produces libraries and programs for handling multimedia data to decode streaming connections.

The user guide is dated February 2014 and the document front page is marked: "Classified By: 2273504" and "Declassify On: 25X1, 20620712."

"Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams," a statement (https://wikileaks.org/vault7/releases/#CouchPotato) on the WikiLeaks site reads.

Just one part of the document appears to have been redacted, an index page at the beginning under a heading marked "Authority."


https://www.sott.net/image/s20/412535/large/598c35c7fc7e93ef678b4567.jpg (https://www.sott.net/image/s20/412535/full/598c35c7fc7e93ef678b4567.jpg)
© WikiLeaks.org


Some of the advice laid out in the guide warns that, in certain circumstances, the tool "can leak memory and also leave file handles open." It also recommends setting an expiration period for the tool so that, when this period has elapsed, "CouchPotato will exit."

"This is a highly recommended option when collecting video," the document adds.

Thursday's release is the latest in the whistleblowing organization's ongoing 'Vault 7' series of leaks purportedly from inside the CIA.

Vault 7: Projects

RELEASE - CouchPotato


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on CouchPotato from WikiLeaks -

10 August, 2017

Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.

Documents Directory HERE (https://wikileaks.org/vault7/document/).



Related

Formerly Jailed CIA Whistleblower John Kiriakou: Jeff Sessions Is Extending Obama's War on Leaks (August 8, 2017)

Attorney General Jeff Sessions has announced that the FBI has formed a new team focused on investigating potential leaks to the press. During a press conference on Friday, Sessions said that leak investigations have tripled since President Donald Trump took office. Civil liberties groups criticized Sessions’s remarks. Ben Wizner of the ACLU said, "A crackdown on leaks is a crackdown on the free press and on democracy as a whole." We speak with John Kiriakou, the former CIA analyst who exposed the Bush-era torture program and became the only official jailed in connection with it.

See source (https://www.democracynow.org/2017/8/8/formerly_jailed_cia_whistleblower_john_kiriakou) to listen (includes transcript).


CIA: Miscellaneous

Interview with former UK ambassador, Craig Murray on CIA & torture, Wikileaks and more -
https://archives.kpfa.org/data/20170807-Mon1700.mp3

From the ACLU -

JUDGE DENIES PSYCHOLOGISTS’ EFFORT TO STOP LAWSUIT FILED BY ACLU ON BEHALF OF CIA TORTURE VICTIMS (August 7, 2017)

SPOKANE, Wash. — A federal lawsuit against the two psychologists who designed and implemented the CIA torture program cleared the final legal hurdle before a scheduled trial, a first for a case involving CIA torture.

The lawsuit was brought by the American Civil Liberties Union on behalf of Suleiman Abdullah Salim, Mohamed Ahmed Ben Soud, and the family of Gul Rahman, who froze to death in a secret CIA prison. They were tortured using methods developed by the CIA-contracted psychologists, James Mitchell and John “Bruce” Jessen.

Both sides had filed motions for summary judgement, which were argued last Friday in federal district court. At the hearing, Judge Justin Quackenbush denied the ACLU’s motion and said he was inclined to deny the psychologists’ motion to end the case also, but he did not definitely make a ruling that day. Today in a written opinion, the judge denied the psychologists’ motion. The ruling means the case is scheduled to go to trial on September 5 and expected to last two to three weeks.

See source (https://www.aclu.org/news/court-rejects-cia-torture-psychologists-final-bid-avoid-standing-trial-0) for full article.

CIA’s secret spy tool helps agency steal data from NSA & FBI, WikiLeaks reveals

RT
Published time: 24 Aug, 2017 11:29
Edited time: 24 Aug, 2017 14:17
Get short URL (https://on.rt.com/8l7r)


https://cdn.rt.com/files/2017.08/original/599ea49fdda4c8330a8b4567.jpg


© Pascal Lauener / Reuters


Details of an alleged CIA project that allows the agency to secretly extract biometric data from liaison services such as the NSA, the DHS and the FBI have been published by WikiLeaks.

Documents from the CIA’s ‘ExpressLane’ project were released by the whistleblowing organization as part of its ongoing ‘Vault 7’ series on the intelligence agency’s alleged hacking capabilities.




https://pbs.twimg.com/profile_images/875393749391740929/f9kQswVI_bigger.jpg RT America‏Verified account @RT_America (https://twitter.com/RT_America)


https://pbs.twimg.com/tweet_video_thumb/DGUME4HVYAAuneu.jpg

Dumbo: #WikiLeaks (https://twitter.com/hashtag/WikiLeaks?src=hash) reveals #CIA (https://twitter.com/hashtag/CIA?src=hash) system to take over webcams, microphones https://on.rt.com/8jez (https://t.co/HA3XdDCLIT)

8:46 AM - 3 Aug 2017 A branch (https://www.cia.gov/news-information/press-releases-statements/press-release-2011/ots-celebrates-60-yrs.html) within the CIA – known as Office of Technical Services (OTS) – provides a biometric collection system to liaison services around the world “with the expectation for sharing of the biometric takes collected on the systems,” according to a file (https://wikileaks.org/vault7/document/ExpressLane-3_1_1-TPP-FINAL/ExpressLane-3_1_1-TPP-FINAL.pdf) released by WikiLeaks.

ExpressLane, however, suggests the system has inadequacies as it was developed as a covert information collection tool to secretly exfiltrate data collections from such systems provided to liaison services.

The user guide (https://wikileaks.org/vault7/document/ExpressLane-3_1_1-User_Manual-Rev_New_2009-04-06/ExpressLane-3_1_1-User_Manual-Rev_New_2009-04-06.pdf) for the tool states that it was developed to support the branch in its efforts to verify that this data is also being shared with the agency.
“ExpressLane v3.1.1 provides an ability to disable the biometric software if liaison doesn’t provide the Agency with continued access.”
ExpressLane is installed and run under the guise of upgrading the biometric software by OTS agents that visit the liaison sites.


https://cdn.rt.com/files/2017.08/original/599eaff7dda4c8f5118b4567.jpg © Wikileaks


“OTS/i2c plans to revisit these sites with the cover of upgrading the biometric software to perform a collection against the biometric takes,” a CIA document outlining test procedures for the project states.
Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration is disguised behind a Windows installation splash screen.


https://cdn.rt.com/files/2017.08/original/599eb4b2fc7e9370168b4567.jpg
© Wikileaks


ExpressLane was intended to remain secret until 2034, according to the files (https://wikileaks.org/vault7/document/ExpressLane-3_1_1-TDR-2009-05-04/ExpressLane-3_1_1-TDR-2009-05-04.pdf) which originate from 2009.

The core components of the OTS system are based on products from Cross Match (https://www.crossmatch.com/) – a US company specializing in biometric software for law enforcement and the Intelligence Community.

In 2011, it was reported (http://www.palmbeachpost.com/business/the-science-mapping-bin-laden-face-palm-beach-gardens-firm-identifies-bad-guys/TFKnmU7SBhoKyAvFV1V65N/) that the US military used one of the company’s products to identify Osama bin Laden during the assassination operation in Pakistan.

The White House and Department of Defense said facial recognition technology was one of the techniques used to identify Bin Laden but Cross Match’s involvement was not confirmed.

READ MORE: CIA CouchPotato tool ‘captures video stream images remotely’ – WikiLeaks (https://www.rt.com/viral/399168-wikileaks-cia-video-couch-potato/)

Vault 7: Projects

RELEASE - ExpressLane


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on ExpressLane from WikiLeaks -

24 August, 2017

Today, August 24th 2017, WikiLeaks publishes secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services -- which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From Security Week -

WikiLeaks: CIA Secretly Collected Data From Liaison Services (August 24, 2017)

WikiLeaks has published another round of Vault 7 documents, this time describing a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to secretly collect biometric data from the agency’s liaison services.

The leaked documents, marked as “secret,” appear to reveal that the CIA’s Office of Technical Services (OTS) and Identity Intelligence Center (I2C), both part of the agency’s Directorate of Science and Technology, have provided liaison services with a system that collects biometric information.

According to WikiLeaks, these liaison services include other U.S. government agencies, such as the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

In order to ensure that liaison services share the collected biometric data, the CIA has developed a tool called ExpressLane, which secretly copies the data collected by the biometric software and disables this software if continued access is not provided to the agency.

The documents show that ExpressLane is installed on the targeted system by an OTS officer claiming to perform an upgrade to the biometric system from a USB drive. ExpressLane displays a bogus update screen for a period of time specified by the agent, while in the background the targeted biometric data is compressed, encrypted and copied to the officer’s USB drive.

The files copied to the USB drive are later extracted at headquarters using a different utility called ExitRamp.

Another feature of ExpressLane allows the agency to ensure that the biometric software is disabled after a specified number of days unless action is taken. When the tool is installed, a kill date, which specifies when the biometric software will stop functioning, is set (the default value is 6 months in the future). If an agent does not return with the ExpressLane USB drive within that period, the license for the biometric software expires. Whenever ExpressLane is run on the targeted system, the kill date is extended.

This helps the is helps the CIA ensure that the collected biometric data ends up in its possession, and provides a way for the agency to disable the biometric software if access is no longer granted.

See source (http://www.securityweek.com/wikileaks-cia-secretly-collected-data-liaison-services) for full article.

* * *

ExpressLane: Covert CIA operation to give allies biometric identity systems--then steal the population's identities -

https://pbs.twimg.com/media/DIAYa_CXkAAp1_8.jpg


https://pbs.twimg.com/media/DIAkfzgW0AAzPjq.jpg


https://pbs.twimg.com/media/DIAjptRXoAAt8AE.jpg:large

Not Their Finest Work: CIA #Angelfire Windows Hacking Tool Was Riddled With Bugs
(https://sputniknews.com/military/201708311056957415-wikileaks-vault7-angelfire-bugs/)
Sputnik 18:55 31.08.2017
(updated 18:56 31.08.2017)


https://cdn2.img.sputniknews.com/images/105156/29/1051562998.jpg
© Sputnik/ Iliya Pitalev


WikiLeaks has published its latest instalment of documents in the Vault 7 series, containing information on Angelfire – a tool the US Central Intelligence Agency (CIA) employed to load and execute malware, targeting Microsoft Windows operating systems and computers. Its user manual suggests the application was riddled with issues.

According to the leaked user manual (https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf), Angelfire is comprised of five components; Solartime, malware that modifies a computer's boot sector in order to load Wolfcreek; Wolfcreek, a self-loading driver for loading other drivers and user-mode applications; Keystone, responsible for starting other implants (technical term for malware); BadMFS, a covert file system which stores all other components, and encrypts and hides them.




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

RELEASE: CIA 'Angelfire' covert Windows malware system https://wikileaks.org/vault7/#Angelfire … (https://t.co/Kctemz9XfT) #vault7 (https://twitter.com/hashtag/vault7?src=hash)


https://pbs.twimg.com/media/DIjYqUyW0AEIK5w.jpg

3:58 AM - 31 Aug 2017
37 replies 775 retweets 633 likes ​
In essence (https://sputniknews.com/science/201708311056952079-wikileaks-cia-angelfire/), Angelfire is but another resource in the CIA's apparently vast hacking arsenal, aimed at Windows users.

However, there is much to suggest the tool is a sub-par effort — despite BadMFS' obfuscatory promise, and the manual's claim that Angelfire aims to provide a "robust environment" for users, its authors concede there are "some limitations" they should be aware of prior to use.

A lengthy table listing issues then-known to the tool's development team follows.

Sloppy Work
The litany of bugs identified by developers suggests Angelfire could even fail at the first hurdle. Its initial compotnent, Solartime, does a heuristic check of an operating system at boot time to determine if it's possible to patch it — yet, it's possible this check will succeed, while the OS has changed in a manner that would cause a crash if patched.

"The heuristic algorithm is imperfect and can still have false positives. Solartime has a more restrictive setting that will only allow the patch to proceed if the OS has not changed. The downside is, if a new service pack or hotfix is applied, Solartime will not launch on bootup," the manual says.




https://pbs.twimg.com/profile_images/482557558561861632/1uYivsUl_bigger.jpeg dalmoz‏ @dalmoz_ (https://twitter.com/dalmoz_)

One-liner for testing the presence of CIA's AngelFire malware #WikiLeaks (https://twitter.com/hashtag/WikiLeaks?src=hash) Grab here: https://gist.github.com/dalmoz/2f513f30da675c6212e0532451265b65 … (https://t.co/4iKfDgYijC)


https://pbs.twimg.com/media/DIjZRTYXUAIxQNY.jpg


4:03 AM - 31 Aug 2017
1 reply 31 retweets 52 likes ​
Furthermore, BadMFS cannot be installed if there is insufficient space on a drive, raising the prospect users could be alerted to the existence of the allegedly covert file with a standard system warning that it could not be copied. To remedy this prospective blunder, the manual suggests shrinking the file, to a minimum of two megabytes in size.

Other glitches could similarly notify users of the presence of malicious software installed — or in the process of being installed — on their computers.

For example, anti-virus and cybersecurity products could detect the presence of BadMFS by the existence of a file named "zf" — and users may see popup alerts if one of the Angelfire components crashed, which other issues suggest is a likely eventuality.

In addition, the Keystone component always disguises as a "C:\Windows\system32\svchost.exe" process, which would be inconsistent with the actual svchost.exe path on a system




https://pbs.twimg.com/profile_images/638816050134413312/TdSwtDcp_bigger.jpg (https://twitter.com/campuscodi) Catalin Cimpanu‏ @campuscodi (https://twitter.com/campuscodi) 6h6 hours ago (https://twitter.com/campuscodi/status/903198603883282432)

CIA Developed Windows Malware That Alters Boot Sector to Load More Malware https://www.bleepingcomputer.com/news/security/cia-developed-windows-malware-that-alters-boot-sector-to-load-more-malware/ … (https://t.co/af7LuXF1KS) #wikileaks (https://twitter.com/hashtag/wikileaks?src=hash) #CIA (https://twitter.com/hashtag/CIA?src=hash) #vault7 (https://twitter.com/hashtag/vault7?src=hash)

1 reply 4 retweets 6 likes


Catalin Cimpanu‏ @campuscodi (https://twitter.com/campuscodi) 6h6 hours ago (https://twitter.com/campuscodi/status/903198936005005314)

#Vault7 (https://twitter.com/hashtag/Vault7?src=hash): The Angelfire framework is made up of 5 components: Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system

1 reply 2 retweets 0 likes


Catalin Cimpanu‏ @campuscodi (https://twitter.com/campuscodi) 6h6 hours ago (https://twitter.com/campuscodi/status/903199074370945025)

This is how they work together:


https://pbs.twimg.com/media/DIjOw5-XUAANlf7.jpg

1 reply 0 retweets 1 like

Catalin Cimpanu‏ @campuscodi (https://twitter.com/campuscodi)

WikiLeaks/CIA docs say Angelfire works only on XP, Win7, and Server 2008 R2 (64bit)


https://pbs.twimg.com/media/DIjO94wXoAAC3RW.jpg

3:14 AM - 31 Aug 2017
1 reply 0 retweets 4 likes



Catalin Cimpanu‏ @campuscodi (https://twitter.com/campuscodi) 6h6 hours ago (https://twitter.com/campuscodi/status/903199603150991360)

Replying to @campuscodi (https://twitter.com/campuscodi)
Unlike previous releases, Angelfire comes with a bunch of known issues. Tables span over 3 pages


https://pbs.twimg.com/media/DIjPPQUWAAEY08F.jpg

0 replies 0 retweets 2 likes ​
Other issues have no remedy — for instance, if Angelfire's container file is deleted, but Angelfire has not been uninstalled, it will continue to work on reboot until the disk clusters the container file occupies are overwritten by the computer's file system.

If this happens, the integrity check of the container file will fail, and Angelfire will allow the boot process to continue as normal — again allowing users to unthinkingly evade the tool's clutches.

In sum, Angelfire was evidently far from the CIA's best work — other tools in the intelligence agency's technological armory, documented in previous Vault 7 releases, appear to have been far more effective.

We Have the Technology


CherryBlossom (https://sputniknews.com/science/201706161054698665-cia-hacked-wifi-routers/) was a tool via which the agency sought to leverage common vulnerabilities in WiFi routers, sold by companies such as D-Link and Linksys. The techniques ranged from hacking network passwords to rewriting device firmware to remotely monitor traffic flowing across a target's network. The CIA's router-hacking approach began with a tool — "Claymore" — that scanned a network to identify devices, and then launched two exploiters — "Tomato" and "Surfside" — which stole WiFi devices' administrative passwords.



HighRise (https://sputniknews.com/science/201707131055504019-wikileaks-cia-sms-android/) was an Android application designed for Android mobile devices, which provided a redirector function for SMS messaging — in effect, allowing the CIA to intercept and redirect any text messages received by a particular device.



Dumbo (https://sputniknews.com/science/201708031056142495-wikileaks-cia-webcams-vault-dumbo/) allowed for the identification, control and manipulation of webcams and computer microphones, on any computer running Microsoft Windows. CIA agents could record and monitor all audio/visual traffic from and to that resource, and delete or manipulate recordings to hide actual evidence of the intrusion operation.



DarkSeaSkies (https://sputniknews.com/science/201703241051929785-vault7-wikileaks-apple-mac/) allowed agents to execute malicious code from an USB, CD, DVD, or portable hard drive, during a Mac's boot-up, even if the Mac's firmware is password-protected.



Related:
#Angelfire: WikiLeaks Reveals CIA Method for Loading Your PC With Spyware (https://sputniknews.com/science/201708311056952079-wikileaks-cia-angelfire/)

http://1.f.ix.de/scale/geometry/700/q75/tp/imgs/89/2/2/7/0/1/1/3/wki-288b5c7aad3df080.jpeg

Assange:
Paper publishes highly suspect US intelligence document on ISIS attack in Barcelona ahead of Catalan referendum.
https://twitter.com/wikileaks/status/903081437888483328

Spanish interview of Hernandez Direktor of El Periódico (spanish newspaper)
http://www.ccma.cat/catradio/alacarta/el-mati-de-catalunya-radio/enric-hernandez-no-vam-publicar-la-nota-abans-per-no-crear-alarmisme/audio/973124/

Ronald Bernard Luciferian Banking Testimony (https://vimeo.com/214341041) (April 22, 2017)

For anyone interested, full PDF, scanned copy, dated 1934 - THE PROTOCOLS OF ZION (https://www.portalestoria.net/IMAGES%20313/protocols%20-%20en.pdf)

Real Big Power: Revelations by insider Ronald Bernard-part 2 (http://projectavalon.net/forum4/showthread.php?98277-Elite-Banker-Ronald-Bernard-Interview-Pt-II&p=1159423&viewfull=1#post1159423) (Uploaded June 9, 2017)

Ronald Bernard - PART 3, revelations from an insider (https://www.youtube.com/watch?v=Y0Fwe4YkMa4) (uploaded August 22, 2017)

* * *

Have CIA spies already stolen India's national ID card database?
From GGI News - How CIA Spies Access India’s Biometric Aadhaar Database (http://archive.is/R2Hdu#selection-1123.0-1123.55) (Aug 25, 2017)
See also Aadhaar in the hand of spies (https://series.fountainink.in/aadhaar-in-the-hand-of-spies/)

From The Hindu - UIDAI refutes Wikileaks reports of Aadhaar data snoop, says system is secure (http://www.thehindu.com/sci-tech/technology/uidai-refutes-wikileaks-reports-of-aadhaar-data-snoop-says-system-is-secure/article19570464.ece) (Aug 27, 2017)

* * *

Vault 7: Projects

RELEASE - Angelfire


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Angelfire from WikiLeaks -

31 August, 2017

Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as "C:\Windows\system32\svchost.exe" and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf".

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the 'UserInstallApp'.

Documents Directory HERE (https://wikileaks.org/vault7/document/).

CIA: Misc.


From the ACLU -

JUDGE DENIES PSYCHOLOGISTS’ EFFORT TO STOP LAWSUIT FILED BY ACLU ON BEHALF OF CIA TORTURE VICTIMS (August 7, 2017)

SPOKANE, Wash. — A federal lawsuit against the two psychologists who designed and implemented the CIA torture program cleared the final legal hurdle before a scheduled trial, a first for a case involving CIA torture.

The lawsuit was brought by the American Civil Liberties Union on behalf of Suleiman Abdullah Salim, Mohamed Ahmed Ben Soud, and the family of Gul Rahman, who froze to death in a secret CIA prison. They were tortured using methods developed by the CIA-contracted psychologists, James Mitchell and John “Bruce” Jessen.

Both sides had filed motions for summary judgement, which were argued last Friday in federal district court. At the hearing, Judge Justin Quackenbush denied the ACLU’s motion and said he was inclined to deny the psychologists’ motion to end the case also, but he did not definitely make a ruling that day. Today in a written opinion, the judge denied the psychologists’ motion. The ruling means the case is scheduled to go to trial on September 5 and expected to last two to three weeks.

See source (https://www.aclu.org/news/court-rejects-cia-torture-psychologists-final-bid-avoid-standing-trial-0) for full article.

From Middle East Eye - CIA 'torture psychologists' avoid trial with secret settlement (http://www.middleeasteye.net/news/cia-torture-psychologists-avoid-trial-secret-settlement-231757598) (August 17, 2017)

* * *

CIA had MI6 plant false stories in the press.
From NZ Herald - Spy tells of MI6 smear of UN boss (http://www.nzherald.co.nz/world/news/article.cfm?c_id=2&objectid=170000) (Jan 27, 2001)

How the CIA ran agents at the New York Times and nearly all other U.S. mainstream media during the cold war, from Carl Bernstein - THE CIA AND THE MEDIA (http://www.carlbernstein.com/magazine_cia_and_media.php)

* * *

Lecture: CIA covertly funded nearly all African intellectuals writing in English
Modernism, African Literature and the CIA (https://blogs.loc.gov/kluge/2015/02/african-literature-and-the-cia/) (Feb 5, 2015)

* * *

From the San Francisco Chronicle - When the CIA ran a LSD sex-house in San Francisco (http://www.sfchronicle.com/bayarea/article/When-the-CIA-ran-a-LSD-sex-house-in-San-Francisco-7223346.php) (April 1, 2016)

https://pbs.twimg.com/media/DHdjAUOWsAEBJxp.jpg

Netflix to cover the CIA covertly dosing people with LSD as part of its MKULTRA program, Wormwood teaser -

nfN0pmDXaPk

* * *

From History - 1953: CIA-assisted coup overthrows government of Iran (http://www.history.com/this-day-in-history/cia-assisted-coup-overthrows-government-of-iran?cmpid=TWITTER_TWITTER__20170819&linkId=41148845) (Aug 19, 2017)

https://pbs.twimg.com/media/DHl67HJUwAAk3zy.jpg

* * *

Interview with journalist fired for exposing how CIA and Saudi ran weapons to Syrian insurgents.
zD5VW_z6pG0
Uploaded: Sept 1, 2017.

* * *

From the ALTERNET - How Sony, Obama, Seth Rogen and the CIA Secretly Planned to Force Regime Change in North Korea (http://archive.is/3GhRc#selection-415.0-415.94) (Sept 5, 2017)

* * *

Some CIA & other intel employees feel that going to the media anonymously is safer than using official channels.
From POGO - Whistleblower Lawsuit Charges Illegal Retaliation, Dangerous Practices at CIA’s Elite Directorate of Operations (http://www.pogo.org/our-work/articles/2017/whistleblower-lawsuit-charges-illegal-retaliation-cia-elite-directorate-operations.html?utm_content=buffer280c2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer) (Aug 24, 2017)

Wikileaks/Julian Assange

From The American Conservative - Pardon Me? Rep. Rohrabacher’s Curious Visit With Assange (http://www.theamericanconservative.com/articles/pardon-me-rep-rohrabachers-curious-visit-with-assange/) (Aug 21, 2017)

Julian Assange statement on his meeting with U.S. Congressman Dana Rohrabacher -

https://pbs.twimg.com/media/DHdD1_7WAAAOdd2.jpg

More - https://www.iamwikileaks.org

* * *

From Crikey - Rundle: more bollocks broadcast about WikiLeaks (https://www.crikey.com.au/2017/08/18/rundle-more-bollocks-broadcast-about-wiki/?utm_content=buffer078e7&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer) (Aug 18, 2017)

* * *

From the Daily Beast - Senators Try to Force Trump Admin to Declare WikiLeaks a ‘Hostile’ Spy Service (http://www.thedailybeast.com/senators-try-to-force-trump-admin-to-declare-wikileaks-a-hostile-spy-service) (Aug 22, 2017)

Julian Assange responds (https://twitter.com/JulianAssange/status/900449135605817344) to U.S. Senate attempt to enshrine the CIA's "Pompeo Doctrine" into law -

https://pbs.twimg.com/media/DH8H5lfXUAAwuZ-.jpg

After the Vault 7 series on CIA hackers, Senate draws up a law against Wikileaks - https://www.congress.gov/115/bills/s1761/BILLS-115s1761pcs.xml#toc-idED655F6585AD42BB88DEB0C566119069

https://pbs.twimg.com/media/DH3YNKyXsAEtTC-.jpg

Background (https://www.washingtonpost.com/opinions/julian-assange-the-cia-director-is-waging-war-on-truth-tellers-like-wikileaks/2017/04/25/b8aa5cfc-29c7-11e7-a616-d7c8a68c1a66_story.html?utm_term=.0aa12d938293) (regular visitors to this thread have read the background).

From Wikileaks (https://twitter.com/wikileaks/status/900115743714545664) - "What's notable here is that all big media NYT, CNN, WaPo, AP, BBC, etc. receive information from state sources (i.e are "abetted by" them)."

From The Hill - Wyden voted against intel authorization over WikiLeaks denouncement (http://thehill.com/business-a-lobbying/347555-wyden-voted-against-intel-authorization-over-wikileaks-denouncement) (Aug 22, 2017)

From The Washington Times - Senate bill would label WikiLeaks ‘non-state hostile intelligence service’ (http://www.washingtontimes.com/news/2017/aug/23/senate-bill-would-label-wikileaks-non-state-hostil/?update9) (Aug 23, 2017)

Uploaded Aug, 24, 2017. Duration: 17:25
7TzL-_7fhRk

From the CATO Institute - Is Wikileaks A “Non-state Hostile Intelligence Service” As Some Claim? (https://www.cato.org/blog/wikileaks-hostile-intelligence-service-some-claim) (Aug 28, 2017)

Vault 7: Projects

RELEASE - Protego


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Protego from WikiLeaks -

7 September, 2017

Today, September 7th 2017, WikiLeaks publishes four secret documents from the Protego project of the CIA, along with 37 related documents (proprietary hardware/software manuals from Microchip Technology Inc.). The project was maintained between 2014 and 2015.

Protego is not the "usual" malware development project like all previous publications by WikiLeaks in the Vault7 series. Indeed there is no explicit indication why it is part of the project repositories of the CIA/EDG at all.

The Protego project is a PIC-based missile control system that was developed by Raytheon. The documents indicate that the system is installed on-board a Pratt & Whitney aircraft (PWA) equipped with missile launch systems (air-to-air and/or air-to-ground).

Protego consists of separate micro-controller units that exchange data and signals over encrypted and authenticated channels:

» On-board TWA are the 'Master Processor' (MP) and the 'Deployment Box'. Both systems are layed-out with master/slave redundancy.

» The missle system has micro-controllers for the missle itself ('Missle Smart Switch', MSS), the tube ('Tube Smart Switch', TSS) and the collar (which holds the missile before and at launch time).

The MP unit receives three signals from a beacon: 'In Border' (PWA is within the defined area of an operation), 'Valid GPS' (GPS signal available) and 'No End of Operational Period' (current time is within the defined timeframe for an operation). Missiles can only be launched if all signals received by MP are set to 'true'. Similary safeguards are in place to auto-destruct encryption and authentication keys for various scenarios (like 'leaving a target area of operation' or 'missing missle').

https://pbs.twimg.com/media/DJHYf2XXkAAbDXA.jpg

Documents Directory HERE (https://wikileaks.org/vault7/document/).

* * *

From The Hacker News -

Wikileaks Unveils Project Protego: CIA's Secret Missile Control System (Sept 7, 2017)

https://s26.postimg.org/xx9fshhqh/image.jpg

Every week since March Wikileaks has been leaking secrets from the United States Central Intelligence Agency (CIA), which mainly focus on surveillance techniques and hacking tools employed by its agents.

However this time, the whistleblower organisation has released something different from its previous Vault 7 leaks, because it's not about hacking and spying; instead, it's a—Missile Control System.

Dubbed Project Protego, the PIC-based missile control system is installed on-board a Pratt and Whitney Aircraft (PWA) equipped with missile launch system, which gives it ability to hit air-to-air and air-to-ground targets.

The latest leak contains four secret documents in total from the project Protego, along with "37 related documents (proprietary hardware/software manuals from Microchip Technology Inc)," WikiLeaks says.

https://s26.postimg.org/y8qw58y6h/image.jpg

Leaked documents reveal system design, a guide on how to configure and build Protego images, and also suggest that all micro-controller units exchange data and signals over encrypted and authenticated channels.


The missile system has micro-controllers for the missile itself ('Missile Smart Switch', MSS), the tube ('Tube Smart Switch', TSS) and the collar (which holds the missile before and at launch time).

The missile launches only when the Master Processor (MP) unit receives three valid signals from a beacon, including 'In Border,' 'Valid GPS,' and 'No End of Operational Period.'

WikiLeaks is not sure why the secret documents of project Protego were the part of repositories that belongs to the CIA's Engineering Development Group, who are apparently known for developing malware and hacking tools for the agency.

However, notably, the CIA has developed Protego missile control system in partnership with one of a major U.S. defence contractor, Raytheon, who was also mentioned in a previous CIA leak.

Raytheon is the same company that the agency hired for analysing advanced malware and hacking techniques being used in the wild by hackers and cyber criminals.

It seems the name, Protego, has been inspired from the magical Shield Charm used in Harry Potter movies, which helped from physical attacks as wells as magical.

If so, then the primary objective of this missile control system could be to defend something (secret facility or base), from external physical attacks.

Source (http://thehackernews.com/2017/09/cia-missile-control-system.html) (incl. links).

This Vimeo from Comodo's CEO explains in simple terms some of the technology used to prevent malwares, ransomwares, fileless wares to do damages to individual computers and networks.

Comodo’s secret sauce for malware prevention: https://vimeo.com/232269684



http://vimeo.com/232269684

This Vimeo from Comodo's CEO explains in simple terms some of the technology used to prevent malwares, ransomwares, fileless wares to do damages to individual computers and networks.



Quick question - off the top of my head, wouldn't that mean you have to double your HDD space. It might be a virtual drive but it still has to reside in physical space. Fine if you are only using around 2Gb of, say, 6Gb, but if you're constantly using around 75% of your available HDD?

This Vimeo from Comodo's CEO explains in simple terms some of the technology used to prevent malwares, ransomwares, fileless wares to do damages to individual computers and networks.



Quick question - off the top of my head, wouldn't that mean you have to double your HDD space. It might be a virtual drive but it still has to reside in physical space. Fine if you are only using around 2Gb of, say, 6Gb, but if you're constantly using around 75% of your available HDD?
A virtual "Sandbox" could also be using memory portions or a "cloud" sandbox rather than space on a hard drive. But, yes, portions of an HDD can also be reserved for that purpose since there are only a limited number of "unknown"/"unrecognized" files/ programs which can then be vetted as safe, quarantined or thrown out.

Are they for real?

Russia's foreign ministry trolls CIA recruitment drive for Russian speakers - offers 'expert assistance and recommendations' (https://www.rt.com/usa/405514-promoting-russian-cia-language/)

RT (https://www.rt.com/usa/405514-promoting-russian-cia-language/)
Tue, 03 Oct 2017 14:49 UTC


https://www.sott.net/image/s20/407890/large/596d3f65fc7e9355318b4567.jpg (https://www.sott.net/image/s20/407890/full/596d3f65fc7e9355318b4567.jpg)
© Global Look Press


Russian Foreign Ministry has come up with a tongue-in-cheek response to the Central Intelligence Agency's tweet calling on Russian language specialists to help "unveil the truth." The ministry mocked the effort by offering its own experts and advice.

The CIA's tweet addressed to Russian speakers included a picture asking in Russian: "Do you know what you can do as a CIA linguist?" It then cryptically promised would-be spies a place on a noble mission to "unveil the truth."




https://pbs.twimg.com/profile_images/474250448757481472/QcQ_P01E_bigger.jpeg CIA‏Verified account @CIA (https://twitter.com/CIA)

Speak Russian? US citizen with a college degree? Interest in national security? Your skills are needed here. http://1.usa.gov/1qOxdOa (https://t.co/acebqeWxty)


https://pbs.twimg.com/media/DK53DFGXUAAAmb1.jpg

9:16 AM - 29 Sep 2017
723 replies 1,894 retweets 2,581 likes The CIA's call for help did not go unnoticed by the Russian Foreign Ministry, which on Monday posted a witty response to both its Russian (https://twitter.com/MID_RF/status/914877465046212609?ref_src=twsrc%5Etfw) and English-language accounts.





https://pbs.twimg.com/profile_images/874561194069286913/CpScT0-r_bigger.jpg MFA Russia (https://twitter.com/mfa_russia)🇷🇺‏Verified account @mfa_russia (https://twitter.com/mfa_russia)

.@CIA (https://twitter.com/CIA), thanks for support & promotion of Russian language. Why have U been hiding it? We are ready to assist with experts & recommendations


https://pbs.twimg.com/media/DLJM8WIWAAEFHvQ.jpg

8:42 AM - 2 Oct 2017

Department of State (https://twitter.com/StateDept), Посольство США в РФ (https://twitter.com/USEmbRu) and США по-русски (https://twitter.com/USApoRusski)

55 replies 331 retweets 382 likes "CIA thanks for support & promotion of Russian language. Why have U been hiding it? We are ready to assist with experts & recommendations," the ministry said.

Who actually needs any of the Vault7 tools when...

Wifi hacks given by the "elite" for a price! I* TOLD YOU SO!!!! (http://82.221.129.208/.zv1.html)

* = Jim Stone


From Privacy news online (https://www.privateinternetaccess.com/blog/2017/10/the-recent-catastrophic-wi-fi-vulnerability-was-in-plain-sight-for-13-years-behind-a-corporate-paywall/)

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall
"The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions."
My* comment: I told everyone this via posts to this site multiple times over the years, this was not a secret around here! There is a reason why this site has so many problems with external assault of all types, and it is because I air this crap long before it hits mainstream.

For years I have told everyone that back doors are wide open in Windows and everything else, and all it took to get access to them was a big enough payoff and/or privileged status. Now I have been proven absolutely right by the "recently discovered" wifi vulnerability, which as it turns out was only recently discovered because open source developers up until now could not pay the steep price to get the back door opened.

Here's the part that even this recent discovery has not revealed:
All wifi is always on even if disabled , and always accessible to privileged people, and all they need to know is your general area and they can get onto your computer via a stranger's broadband internet if the computer hooked up to that broadband has wifi.
It does not even need to be a special ambush setup, they can nail you from a couch 5,000 miles away. To steal your creativity. To steal your latest invention. To secretly plant, modify, or delete files, or install keyloggers or whatever else they want. To know everything about you, and others like you, so they can launch their next psy op more effectively. And it does not take the NSA to do it.

The only way any computer can be remotely safe is if all you do is work from flash drives, and have no wifi card, do your work on the web with no flash drives in, and get off the web before you do anything serious. But once again, few people will listen because I am not "Edward Snowden."

No Wifi card is ever active in anything I have and has not been for the past 5 years. Every laptop I have had has been easy to take the wifi card out of, all I do is pop a panel off, take the screw out of the wifi card, pull it back, and then line the pins up with the card slot on top of it but not inserted in it, and then put the screw back in. It always stays with the laptop. If I get to a place where I have to use Wifi, I pop the panel off the laptop and put the card in, which is always right there. If you don't do that, your computer is a sitting duck no matter how well your wifi is "disabled".

Bluetooth has the same vulnerability, as does any computer that has an Intel processor, with the only difference being who gets access to what, and whatever the price or motiviation is.

[INDENT]All wifi is always on even if disabled



Hmm . . I hadn't considered that a wi-fi OFF switch might only be a logic switch. Way back a long time ago when i looked at an old laptop, the switch really was a hard power break from the wi-fi board.

My reluctance to being bang up to date with tech isn't going away any time soon.

Thanks Herve. This is good to know. So, when I'm online telling them they can... you know what, they really are getting the message.

...

Wait...

... it now gets even better:
From Jim Stone: http://www.anotherjsserver.com/zu9.html

PADDOCKS BROTHER ARRESTED FOR CHILD PORN !!??!!!

He must have had something to say that did not go along with the official story, so he received the gift of child porn via CoreVpro and Windows 10!

HA HA HA, a kiddy porn charge so soon after the shooting?

How much more obvious can it get?

How does being the brother of the shooter (according to the official rap) get you investigated for kiddie porn?

Yet it happened.

see this: http://m.tmz.com/#!article/2017/10/25/vegas-shooter-stephen-paddocks-brother-arrested-child-porn-bruce-search-warrant/

And that is precisely why no computer I use to do this web site has a hard drive in it, except for a brief period a couple weeks ago right after I bought this one.

Here is precisely how Paddock's brother got busted for kiddie porn

New Intel based PC's PERMANENTLY hackable (http://www.anotherjsserver.com/zu9.html)

So you think no one can access your data because your computer is turned off. Heck it's more than turned off, you even took the main hard drive out, and only the backup disk is inside. There is no operating system installed at all.

So you KNOW you are safe.

Frank from across the street is an alternative operating systems hobbyist, and he has tons of computers. He has Free BSD on a couple, his own compilation of Linux on another, a Mac for the wife, and even has Solaris on yet another.

Frank knows systems security, so he cannot be hacked . . . . . . . or so he thinks.

The government does not like Frank much, because they LOVE to look at everything. Privacy is a crime don't you know, and it looks like Frank's luck with privacy is about to run out.

The new Intel Core vPro processors contain a new remote access feature which allows 100 percent remote acess to a PC 100 percent of the time, even if the computer is TURNED OFF.

Core vPro processors contain a second physical processor embedded within the main processor which has it's own operating system embedded on the chip itself. As long as the power supply is available and in working condition, it can be woken up by the Core vPro processor, which runs on the system's phantom power and is able to quietly turn individual hardware components on and access anything on them.

This is being touted as something that makes IT administration easy. It is being advertised as something that will allow IT professionals the ability to remotely troubleshoot a PC no matter what is wrong with it. It allows IT professionals to view the contents of hard drives, check the memory, or hunt for problems on a machine without actually being in front of it. And to that, I call B.S, outside of snooping it's only real world applications would involve accessing a recovery partition and restoring the computer to out of box state, installing software outside the knowledge of the main operating system, and secretly placing or deleting files.

But the intelligence agencies LOVE THIS. Because Frank is going on vacation soon and they know it. They have listened to all of his calls. They KNOW frank is a terrorist, because they have never been able to access anything Frank has done with a PC, and who would hide their use, other than a criminal?

Frank keeps his computers up to date, and THREE of them now have Core vPro processors in them, and when Frank is gone, they are going to get their chance to access ALL of his files because the main backup hard disk went into the newest machine.

Real world use for Core vPro processors will involve the following:

Accessing any PC ANYWHERE, no matter what operating system is installed, even if it is physically disconnected from the internet. You see, Core vPro processors work in conjunction with Intel's new Anti Theft 3.0, which put 3g connectivity into every Intel CPU after the Sandy Bridge version of the I3/5/7 processors. Users do not get to know about that 3g connection, but it IS there.

Frank was not stupid so he unplugged his router.

Unfortunately for Frank, that won't work, because anti theft 3.0 always has that 3g connection on also, even if the computer is turned off. Sorry frank, you were good with operating systems, but did not know EVERYTHING about hardware.

And now the real reason for your finicky security habits will be known to the NSA - you found a way to route photons to any place in the world without any sort of cable. You revolutionized communications. You were going public when you returned from your vacation, but thanks to your new Core vPro processors, a major communications firm is going to go public with your invention BEFORE you get home, and your research will be deleted and replaced with "kiddie porn" so you will be arrested when you get back and unable to speak about the theft of your invention. Fascism is GREAT.

If a system has the ram chips pulled, a Core vPro processor will read the hard disk anyway because it has all the ram it needs embedded in the vPro core. If you encrypted your hard drive, a Core vPro processor will read it anyway, because it snagged your encryption key.

If your system has been taken apart, and has no video card, ram, floppy, or hard drive, your Core vPro processor nailed you, because you left a flash drive plugged in. Or a CD in the CD drive. And what about that web cam?

The bottom line? The Core vPro processor is the end of any pretend privacy.

If you think encryption, Norton, or anything else is going to ensure your privacy, including never hooking up to the web AT ALL, think again.

There is now more than just a ghost in the machine.

The Zionist, Globalist, Banker scamming war mongering cabal has a history of using the marketing of security as a means to remove ALL security and nail you.

If you believe Intel's cheerful hype about these processors making things more secure than ever, think again, because any processor which allows a machine to be accessed even when it's turned off equates to an information tyrant's dream come true (http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html)

Please engage your brain while watching this ^^^, the security pitch is unadulterated B.S.

These processors in fact represent an ABSOLUTE BREACH of security no matter HOW they are marketed. From the technical viewpoint of someone who worked for an intelligence agency, I call B.S. on Intel, avoid these processors like the plague!

Who actually needs any of the Vault7 tools when...

Wifi hacks given by the "elite" for a price! I* TOLD YOU SO!!!! (http://82.221.129.208/.zv1.html)

* = Jim Stone


From Privacy news online (https://www.privateinternetaccess.com/blog/2017/10/the-recent-catastrophic-wi-fi-vulnerability-was-in-plain-sight-for-13-years-behind-a-corporate-paywall/)

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall
"The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions."
My* comment: I told everyone this via posts to this site multiple times over the years, this was not a secret around here! There is a reason why this site has so many problems with external assault of all types, and it is because I air this crap long before it hits mainstream.

For years I have told everyone that back doors are wide open in Windows and everything else, and all it took to get access to them was a big enough payoff and/or privileged status. Now I have been proven absolutely right by the "recently discovered" wifi vulnerability, which as it turns out was only recently discovered because open source developers up until now could not pay the steep price to get the back door opened.

Here's the part that even this recent discovery has not revealed:
All wifi is always on even if disabled , and always accessible to privileged people, and all they need to know is your general area and they can get onto your computer via a stranger's broadband internet if the computer hooked up to that broadband has wifi.
It does not even need to be a special ambush setup, they can nail you from a couch 5,000 miles away. To steal your creativity. To steal your latest invention. To secretly plant, modify, or delete files, or install keyloggers or whatever else they want. To know everything about you, and others like you, so they can launch their next psy op more effectively. And it does not take the NSA to do it.

The only way any computer can be remotely safe is if all you do is work from flash drives, and have no wifi card, do your work on the web with no flash drives in, and get off the web before you do anything serious. But once again, few people will listen because I am not "Edward Snowden."

No Wifi card is ever active in anything I have and has not been for the past 5 years. Every laptop I have had has been easy to take the wifi card out of, all I do is pop a panel off, take the screw out of the wifi card, pull it back, and then line the pins up with the card slot on top of it but not inserted in it, and then put the screw back in. It always stays with the laptop. If I get to a place where I have to use Wifi, I pop the panel off the laptop and put the card in, which is always right there. If you don't do that, your computer is a sitting duck no matter how well your wifi is "disabled".

Bluetooth has the same vulnerability, as does any computer that has an Intel processor, with the only difference being who gets access to what, and whatever the price or motiviation is.

A small note to all Apple users : WiFi and Bluetooth are no longer turned off when you switch the buttons to gray !!!

http://1.f.ix.de/scale/geometry/600/q75/imgs/18/2/2/9/2/7/1/7/bluetooth-wifi-control-center-ios-11-800x475-25fae42730ba3ced.jpeg

from the german tech Mag Mac ß I :

In iOS 11, the radio services can only be completely deactivated with much hussle now. The Electronic Frontier Foundation criticizes this.
Apple has intercepted massive criticism from the well-known US American law enforcement organization EFF because of the changed Bluetooth and WLAN switches in the control center of iOS 11. The new settings are "misleading" and "bad for user security," the Electronic Frontier Foundation says on their website. Turning off WLAN and Bluetooth is a useful security practice if both are not needed - also with regard to possible security gaps in the radio protocols. "The latest iPhone operating system makes it harder for users to control these settings."
Blue after gray does not mean "off"
The EFF warns that the new buttons in the control center of iOS 11 will change from blue to gray when they are activated, which means that users thought the functions were completely switched off. However, this is no longer the case in iOS 11. Instead, only the connection to WLAN networks and some Bluetooth devices would be interrupted - the latter but not for Apple services. Local services remained as active as Apple devices (Watch and Pencil on the iPad). Also services like handoff or instant hotspot remained connected. "Apple's user interface does not even try to communicate these exceptions to the user."

Settings are only "off-ish"
Even worse, even these "off-ish" settings do not always apply. WLAN switches on again completely when the user changes location, Bluetooth and WLAN also every morning automatically at 5 o'clock. This is also not clearly explained to the user and can not be changed. "While trying to keep users connected to Apple devices and Apple services, iOS 11 ensures users' security is compromised."
Fortunately, it is still possible to completely disable Bluetooth and WLAN via the iOS settings. However, these are by far not as easy to access as the control center, which can be accessed from almost every iOS screen. Apple has so far not comment on the new behavior in iOS 11.

Wikileaks: CIA Wrote Code to 'Impersonate' Russia-Based Kaspersky Lab (https://sputniknews.com/science/201711091058962509-wikileaks-cia-code-kaspersky/)

Sputnik Tech (https://sputniknews.com/science/)
19:05 09.11.2017
(updated 19:20 09.11.2017)

Kaspersky Lab IT company has come under increased pressure in the US amid accusations concerning its alleged work for Russian intelligence, a claim denied as false.

Wikileaks has revealed that CIA had written a code to "impersonate" Russia-based Kaspersky Lab.

According to the whisteblowing organization's press release dedicated to Vault-8 (https://t.co/EvE8GdyAmM) documents, "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components."




https://pbs.twimg.com/profile_images/512138307870785536/Fe00yVS2_bigger.png WikiLeaks‏Verified account @wikileaks (https://twitter.com/wikileaks)

New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company https://wikileaks.org/vault8/
(https://t.co/EvE8GdyAmM)

https://pbs.twimg.com/media/DOM6D8oXkAA091l.jpg

https://pbs.twimg.com/media/DOM6Q2oX0AA0n0x.jpg
7:51 AM - 9 Nov 2017
56 replies 877 retweets 811 likes Wikileaks has stated that it had published the source code for the top secret CIA hacking tool dubbed "Hive," according to which malware operated by US intelligence could mask itself under fake certificates and impersonate public companies.

DETAILS TO FOLLOW


Related:
New Wikileaks 'Vault-7' Batch Reveals Top Secret CIA Virus Control System HIVE (https://sputniknews.com/world/201704141052639103-wikileaks-hive-cia-vault-7/)

'Grasshopper': WikiLeaks Releases New Batch of 'Vault-7' CIA Classified Docs (https://sputniknews.com/world/201704071052399678-vault7-new-batch-grasshopper/)

WikiLeaks: CIA wrote code 'to impersonate' Russia’s Kaspersky Lab anti-virus company

0r4f1FR4SCo

Published on 9 Nov 2017
WikiLeaks claims the CIA's created a computer programme that impersonates
the software of the Russian anti-virus company, Kaspersky Lab.
READ MORE: https://on.rt.com/8rvk

===============================================
===============================================

CIA impersonated Kaspersky anti-virus software

https://www.youtube.com/watch?v=0r4f1FR4SCo

Published on 9 Nov 2017
The latest documents from Wikileaks Vault 8 release appear to show that the
CIA wrote code impersonating Kaspersky Labs’ anti-virus software. Investigative
Derrick Broze tells RT America’s Anya Parampil that the revelations aren’t
surprising given the information that has come from various whistleblowers
like Edward Snowden.

Vault 8

https://pbs.twimg.com/media/DOM5NJTWkAAYuRq.png:large

Source code and analysis for CIA software projects including those described in the Vault7 series.

This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.

Source code published in this series contains software designed to run on servers controlled by the CIA. Like WikiLeaks' earlier Vault7 series, the material published by WikiLeaks does not contain 0-days or similar security vulnerabilities which could be repurposed by others.

VAULT 8 RELEASE - Hive


https://wikileaks.org/IMG/rubon32.png?1467279700

Full statement on Hive from WikiLeaks -

9 November, 2017

Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.

https://wikileaks.org/hive.png

The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.

The documentation for Hive is available from the WikiLeaks Vault7 series.

Source (https://wikileaks.org/vault8/#Hive) (includes links).

Documents Directory HERE (https://wikileaks.org/vault8/document/).

* * *

From Eugene Kaspersky‏ (Nov 9, 2017)


We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected

Tweet. (https://twitter.com/e_kaspersky/status/928729434982625282)

* * *

CIA

From Sputnik News (Former NSA tech director William Binney describes meeting with CIA Director Mike Pompeo, 11 Oct.)

Bill Binney: CIA Admits It Has No Evidence of Russian Hacking (https://sputniknews.com/radio_loud_and_clear/201711101058971392-bill-binney-cia-admits-it-has-no-evidence-of-russian-hacking/) <- See source for audio.


For the past several days, the corporate-owned media has been engaged in a smear campaign against Binney, the former NSA technical director and legendary whistleblower, labelling him a conspiracy theorist. This was prompted by reports that he met with CIA director Mike Pompeo to discuss his finding that the alleged hack of the DNC server during the 2016 election campaign was in fact a leak.

The high-stakes intrigue in Saudi Arabia continues as Saudi citizens are instructed to leave Lebanon immediately, and the Lebanese Prime Minister continues to be held in what appears to be house arrest. Is another war around the corner? Radwan Chehab, political analyst, joins the show.

A new study from Brown University has found that the total cost of the so-called War on Terror amounts to an eye-popping $5.6 trillion. That's $23,386 per US taxpayer! Ted Rall, editorial cartoonist and columnist, joins Brian and Walter.

The Trump administration is tightening the screws on the blockade of Cuba, prohibiting additional transactions in its drive to reverse the thaw in US-Cuba relations that began at the end of the Obama presidency. Joining the show is lecturer, journalist and author Arnold August.

NATO is growing yet again. The alliance's Defense Ministers decided yesterday to create two new commands, including one focused on naval operation in the Atlantic. Reiner Braun, co-president of the International Peace Bureau, joins the show.

* * *

Julian Assange

Stefania Maurizi on KPFA Radio: WikiLeaks, Julian Assange & her legal action against UK government (2 Aug, 2017)

6QKlcZ_PUFc

From International Bar Association on vimeo -

A conversation with… Julian Assange (Oct 22, 2017)


https://vimeo.com/238921283


Julian Assange is the founder and editor-in-Chief of Wikileaks and freedom of expression activist. He recently marked the fifth anniversary of his asylum at the Ecuadorian Embassy as a political refugee. He is the subject of a seven year Grand Jury investigation in the United States that Australian diplomats called "unprecedented in scale and scope". In April 2017 the US Attorney general affirmed that his arrest is a "priority". In 2016 he won his case against the states of Sweden and UK before the United Nations which found that he was subject to arbitrary detention and should be released and compensated. WikiLeaks publications have been used as evidence in myriad civil and criminal court cases around the world. In August 2017 the Inter-American Court considered the nature of offshore refugee law emerging from his situation with nearly 80 institutions and states briefing the court.

From Assange (10 Nov, 2017) -


Court case in London Mon+Tue next week to obtain the secrets of my detention. Some revelations so far:

1. UK prosecutors destroyed all their emails
2. UK in 2011 + 2013 told Sweden to not interview me
3. Sweden wanted to "burn after reading" emails

https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.repubblica.it%2Festeri%2F2017%2 F11%2F10%2Fnews%2Fwikileaks_julian_assange_process o_faldone_documenti-180682302

Tweet. (https://twitter.com/JulianAssange/status/928935496302104576)

From RT (10 Nov, 2017) -

UK prosecutors reportedly destroyed crucial emails in Assange case

FvEsrCPg40A


The Crown Prosecution Service (CPS) admitted to deleting potentially crucial emails relating to attempts to extradite WikiLeaks founder Julian Assange, who remains cooped up in the Ecuadorian embassy.

From Repubblica (10 Nov, 2017) -

Seven Years Confined: How A Foia Litigation Is Shedding Light On The Case Of Julian Assange

https://www.repstatic.it/content/nazionale/img/2017/11/10/113855118-53646dc5-b594-4ef5-aa50-d9a652498164.jpg

Julian Assange is the only western publisher being arbitrarily detained in the heart of Europe without access to even an hour a day outdoors. Yet in the last seven years, no media has tried to access the full set of documents in his regard. Next Monday La Repubblica will appear before a London Tribunal to defend the right of the press to access these documents. Some of them have been already been deleted by the UK Authorities. Why?

The siege by Scotland Yard agents around the red brick building in Knightsbridge has been gone for two years now. And with Sweden dropping the rape investigation last May, even the European arrest warrant hanging over Julian Assange's head like the sword of Damocles has gone. Many expected the founder of WikiLeaks to leave the Ecuadorian Embassy in London, where he has been confined for over five years, after spending one and a half years under house arrest. But Assange hasn't dared leave the Embassy due to concern he would be arrested, extradited to the US and charged for publishing WikiLeaks' secret documents.

Julian Assange's situation is unique. Like him and his work or not, he is the only western publisher confined to a tiny embassy, without access to even the one hour a day outdoors maximum security prisoners usually receive. He is being arbitrarily detained, according to a decision by the UN Working Group on Arbitrary Detentions in February 2016, a decision which has completely faded into oblivion. December 7th will mark seven years since he lost his freedom, yet as far as we know, in the course of these last 7 years no media has tried to access the full file on Julian Assange.

That is why next Monday, La Repubblica will appear before a London Tribunal to defend the press' right to access the documents regarding his case, after spending the last two years attempting Freedom of Information requests (FOI) without success.

It is entirely possible, however, that we will never be able to access many of these documents, as last week London authorities informed us that "all the data associated with Paul Close's account was deleted when he retired and cannot be recovered". A questionable choice indeed: Close is the lawyer who supported the Swedish prosecutors in the Swedish investigation on Julian Assange from the beginning. What was the rationale for deleting historical records pertaining to a controversial and still ongoing case?

See full article SOURCE (http://www.repubblica.it/esteri/2017/11/10/news/seven_years_confined_how_a_foia_litigation_is_shed ding_light_on_the_case_of_julian_assange-180733751/?ref=RHPPLF-BH-I0-C4-P7-S1.4-T2) to continue reading (includes links).

From Assange (Nov 11, 2017) -


New emails on the improper conduct surrounding my detention ahead of case next Monday, between UK government [CPS' Paul Close] and Swedish government [Marriane Ny & office who is by law meant to be impartial]

See TWEET (https://twitter.com/JulianAssange/status/929296349916524544) to view images of emails.

Well that didn't take long! LOL!

-------------------------------------------------------------------------------------------------------------



CIA: Director 'Stands By' Russian Interference Assessment

https://c-5uwzmx78pmca09x24quo-a-uav-kwux2eisiuiqhmlx2evmb.g00.msn.com/g00/3_c-5eee.uav.kwu_/c-5UWZMXPMCA09x24pbbx78ax3ax2fx2fquo-a-uav-kwu.isiuiqhml.vmbx2fbmvivbx2fiux78x2fmvbqbgqlx2fJJMYLPn.quox3fpx3d298x26ex3d506x26ux3d4x26yx3d48x26w x3dnx26tx3dnx26fx3d330x26gx3d948x26q98k.uizs.quiom.bgx78m_$/$/$/$/$

11 Nov 17
11 hrs ago

The CIA on Saturday said its director, Mike Pompeo, "stands by" the intelligence community's declassified report that concluded Russia ran an influence campaign aimed at helping President Trump win the White House in 2016.

"The director stands by and has always stood by the January 2017 intelligence community assessment entitled: 'Assessing Russian Activities and Intentions in Recent U.S. Elections.' The intelligence assessment with regard to Russian election meddling has not changed," a spokesperson for the agency said in a statement.


The statement follows President Trump's comments about Russian President Vladimir Putin's repeated denials that Moscow was involved in election interference, as well as a discussion between the two world leaders.

The CIA did not comment on Trump's meeting in Vietnam with Putin.

"He said he didn't meddle. He said he didn't meddle. I asked him again. You can only ask so many times," Trump told reporters Saturday.

"But I just asked him again, and he said he absolutely did not meddle in our election," he continued. "He did not do what they're saying he did."

Trump and Putin spoke this weekend in Vietnam during the Asia-Pacific Economic Cooperation summit.

While Trump did not say whether or not he believed Putin's denial, he did mock those who led the intelligence agencies when the report was released in January.

"I think that he is very, very strong in the fact that he didn't do it," Trump said when asked if he believed Putin.


Trump has long argued that the investigation into Russia's election meddling and any potential ties between his campaign staff members and the Kremlin is politically motivated and an excuse for Hillary Clinton's loss last year.

Source (https://www.msn.com/en-ca/news/politics/cia-director-stands-by-russian-interference-assessment/ar-BBEQNDe) (Who might you expect?) :)

-------------------------------------------------------------------------------------------------------------

NYT: NSA hack bigger than Snowden

y3oEOJrlf4A
Published on 13 Nov 2017
The New York Times is reporting that the National Security Agency has been
hacked by a group called the Shadow Brokers. The leak is stirring concern
over the agency's ability to protect cyber weapons and national security information.

NYT: NSA hack bigger than Snowden

Published on 13 Nov 2017
The New York Times is reporting that the National Security Agency has been
hacked by a group called the Shadow Brokers. The leak is stirring concern
over the agency's ability to protect cyber weapons and national security information.



That was described as a fake news/counter attack on the 4chan/pol, which, however, could also be fake.

That was described as a fake news/counter attack on
the 4chan/pol, which, however, could also be fake.

That was the latest clip from CNN channel the real fake news direct from
CIANN....;) They seemed to be confirming it was a leak not a hack by saying
their was a insider or insiders bring the data out ( leaked) and that they are
covering their ass's. But as intel agencies lie as part of their job by saying it
was the Russians does not mean it was the Russians. Its all double talk and BS...

CNN has been anti Trump and Russia since his election, so have Clapper and
Brennan so are they lying or just giving their interpretation ?
https://www.youtube.com/user/CNN/videos

Ex-intelligence chiefs fire back at Trump criticism (Entire CNN interview)
https://www.youtube.com/watch?v=0gLWN3uq74o
Published on 12 Nov 2017
Former Director of National Intelligence James Clapper and former CIA Director
John Brennan fired back at President Trump calling them and former FBI director
James Comey "political hacks" and addressed President Trump's comments on
Russian interference in the 2016 US election.

Wikileaks Vault 8: CIA Can Impersonate Anti-Virus Software

416AbiSHzgk

Published on 10 Nov 2017
The latest documents from Wikileaks Vault 8 release appear to show that the CIA
wrote code impersonating Kaspersky Labs’ anti-virus software. Investigative
Derrick Broze tells RT America’s Anya Parampil that the revelations aren’t surprising
given the information that has come from various whistleblowers like Edward Snowden.

The intel agencies have been covering up the 'leak' by calling it a 'hack'
for over a year. Now even the mainstream have to question it , though
not very convincingly....Was it foreign hackers ? Russian of course or
is it a inside leak ? asks NBC reporter.


NSA Cyber Weapons Turned Against Them In Hack | NBC Nightly News

mS0bkx7wvio

Published on 13 Nov 2017
The hackers behind the country’s worst cyber attack is still a mystery,
and some say the so-called “Shadow Brokers” are causing a chilling
effect on the National Security Agency.

===================================================
===================================================



I've posted most of these articles on the Russia gate and Hillary threads which
are all connected imo....


Do Americans deserve to hear us, with our 50 yrs intel experience?
‒ McGovern to Binney

q1BZD6UX3wU

Published on 13 Nov 2017
President Donald Trump repeated his assertion over the weekend that Moscow
did not meddle in the 2016 presidential election, in direct conflict with conclusions
drawn by the US intelligence community. But that official judgment runs counter
to a group of former intel analysts who say that the so-called Russian hack of the
Democratic National Committee’s email was actually an inside job. RT America’s
Ashlee Banks speaks to former CIA analyst Ray McGovern and NSA whistleblower
Bill Binney, two people involved in that analysis.

Those "Russians"... no shame...

Pentagon security fail left massive trove of data on Amazon server - reports (https://www.rt.com/usa/410221-pentagon-data-trove-amazon-cybersecurity-upguard/)

RT
Published time: 17 Nov, 2017 22:15
Get short URL (https://on.rt.com/8sj1)


https://cdni.rt.com/files/2017.09/thumbnail/59ac0f2afc7e93d8728b4567.jpg (https://www.rt.com/usa/401903-exposed-military-intel-recruitment/)
© Erik Isakson / Getty Images


A cybersecurity expert with a track record in exposing data breaches has revealed that the US Defense Department left a massive data collection on an Amazon cloud server, which could have been accessed by anyone with a free account.

The report (https://www.upguard.com/breaches/cloud-leak-centcom) from Chris Vickery and Dan O’Sullivan of the security firm UpGuard (https://www.upguard.com/) reveals that the Defense Department’s Central Command (CENTCOM) and US Pacific Command (PACOM) were collecting billions of social media posts and storing them on Amazon’s cloud platform.

UpGuard say at least 1.8 billion posts, which were apparently collected as part of intelligence gathering operations, were contained in the exposed data “buckets.” This included content from Facebook, Twitter and news sites. It came from countries around the world, including America, and it was collected over an eight-year period.

The files appear to have come from an apparently defunct private-sector government contractor named “VendorX”. The posts are written in many different languages but UpGuard notes there appears to be an emphasis on Arabic, Farsi, and dialects spoken in Afghanistan and Pakistan.

The researchers said the revelation poses two questions: why did the Pentagon collect the enormous archive of data, and why did it store it on such a vulnerable platform?

UpGuard notes that “the Posse Comitatus Act restricts the military from 'being used as a tool for law enforcement, except in situations of explicit national emergency based on express authorization from Congress,' but as seen in recent years, this separation has been eroded.”

The Defense Department responded to the report in a statement (http://money.cnn.com/2017/11/17/technology/centcom-data-exposed/index.html) to CNN.

"We determined that the data was accessed via unauthorized means by employing methods to circumvent security protocols,” said Major Josh Jacques, a spokesperson for CENTCOM. "Once alerted to the unauthorized access, CENTCOM implemented additional security measures to prevent unauthorized access.”

The buckets were discovered by Vickery in early September. He made the revelation public on Friday.

The cybersecurity expert has previously exposed several similar data protection gaffes such as when over 9,000 sensitive files (https://www.rt.com/news/396177-verizon-accounts-exposed-server-israel/) containing the personal data of former military, intelligence and government workers were left in public view for months and when up to 14 million Verizon customers’ (https://www.rt.com/news/396177-verizon-accounts-exposed-server-israel/) details were left on an unsecured server.


Related:
9,400 resumes of US military & intel contractors exposed in massive security lapse – reports (https://www.rt.com/usa/401903-exposed-military-intel-recruitment/)

A Brief Summary of Julian Assange’s Legal Situation

2006

Julian Assange founded Wikileaks.


2010

Wikileaks releases Collateral Murder and enters the global spotlight.
A grand jury was convened in Virginia (later revealed), the Wikileaks’ Stratfor emails publication indicated that private intelligence figures were claiming the US had a sealed indictment for Assange, the grand jury investigation continues.
Two Swedish women went to police to request Assange undergo a STD test. Chief Prosecutor, Eva Finné reviewed and dropped the case. A week later, prosecutor Marianne Ny reopened the preliminary investigation. Both women have stated they weren’t raped. After initially stating it was illegal to question Assange in the UK, the Swedish prosecution finally took his statement in 2016 and withdrew their arrest warrant for Assange in 2017.


2012

Assange sought asylum at the Ecuadorian Embassy due to fears of extradition to the US, Ecuador granted him political asylum.


2016

The United Nations Working Group on Arbitrary Detention (UNWGAD) determined Assange has been arbitrarily detained and called for his release and compensation, the requests have not been honoured. The UK requested the UNWGAD review their decision and the request was rejected.


2017

In April, CIA Director Mike Pompeo delivered a tirade against WikiLeaks, in which he declared the organisation a “hostile intelligence service” and said, “we can no longer allow Assange and his colleagues the latitude to use free speech values against us.” Later that month it was reported the Trump DOJ had prepared charges to prosecute Assange, Trump stated in an AP interview that it’s OK with him if Assange is arrested.
UK prosecutors admit to destroying key emails in Assange’s case.
The UK tribunal recognised Wikileaks as a media organisation.


2018

Ecuador granted Assange citizenship and seeks a solution to his stay at the embassy.
Assange’s legal team asked UK to drop their arrest warrant, since it was issued after Assange breached his bail conditions and the Swedish extradition warrant is no longer live.
A London court will rule on whether they will drop the arrest warrant on February 6th.


Ref: https://www.iamwikileaks.org/about-julian/

Further details -

wikileaks.org (https://wikileaks.org)

Collateral Murder (https://collateralmurder.wikileaks.org)
Wikileaks leaked video of Civilians killed in Baghdad - Full video
is9sxRfU-ik

WikiLeaks' Collateral Murder: U.S. Soldier Ethan McCord
kelmEZe8whI

Statement of the Government of the Republic of Ecuador on the asylum request of Julian Assange (http://www.cancilleria.gob.ec/statement-of-the-government-of-the-republic-of-ecuador-on-the-asylum-request-of-julian-assange/?lang=en)

UN Working Group Decision (https://justice4assange.com/UN-Working-Group-Decision.html)

Director Pompeo Delivers Remarks at CSIS (https://www.cia.gov/news-information/speeches-testimony/2017-speeches-testimony/pompeo-delivers-remarks-at-csis.html)

UK prosecutors admit destroying key emails in Julian Assange case (https://www.theguardian.com/media/2017/nov/10/uk-prosecutors-admit-destroying-key-emails-from-julian-assange-case)

WikiLeaks recognised as a 'media organisation' by UK tribunal (https://www.theguardian.com/media/2017/dec/14/wikileaks-recognised-as-a-media-organisation-by-uk-tribunal)

Ecuador gives Assange citizenship, seeks end to embassy stay (https://www.reuters.com/article/us-ecuador-assange-britain/ecuador-gives-assange-citizenship-seeks-end-to-embassy-stay-idUSKBN1F01RP)

Julian Assange: WikiLeaks founder will have to wait until February 6 to see if he can walk free from London embassy (http://www.news.com.au/national/julian-assange-will-today-ask-a-london-court-to-drop-his-arrest-warrant/news-story/284209839b6becfbad3f00dbf2532be9)

Assange Medical and Psychological Records (https://wikileaks.org/Medical-Reports.html) (2016)

A London court will rule on whether they will drop the arrest warrant on February 6th.

Not very encouraging so far but there's still hope. According to Assange's tweets here (https://twitter.com/JulianAssange/status/960879695683375104) and here (https://twitter.com/JulianAssange/status/960911333289070593), his team argued four technical points, the judge has ruled against the first point but if Assange wins any of the other points the warrant will be cancelled. The court has adjourned and judgement will be on Tuesday, 13th February.

A copy of the court ruling doc can be read at the foot of THIS (http://www.abc.net.au/news/2018-02-07/lisa-millar-analysis-piece/9403400)article.

The witness statement with new evidence for the argument against the behaviour of the CPS can be read HERE (https://www.stefaniamaurizi.it/pdf/redacted_for_privacy_Witness_Statement_MAURIZI.pdf) (PDF).

Jennifer Robinson's (member of Assange's legal team) statement on today's court hearing -

https://pbs.twimg.com/media/DVXfdiSX0AIkg5g.jpg:large

Julian Assange: court case


The witness statement with new evidence for the argument against the behaviour of the CPS can be read HERE (https://www.stefaniamaurizi.it/pdf/redacted_for_privacy_Witness_Statement_MAURIZI.pdf) (PDF).

The article Maurizi referred to in her witness statement: Seven Years Confined: How A Foia Litigation Is Shedding Light On The Case Of Julian Assange (http://www.repubblica.it/esteri/2017/11/10/news/seven_years_confined_how_a_foia_litigation_is_shedding_light_on_the_case_of_julian_assange-180733751/?ref=search&refresh_ce)

Marianne Ny (Swedish prosecutor) being interviewed about an email sent to her from the FBI, also provides context for the images of the emails that follow -

fDR43OS2lgs

https://pbs.twimg.com/media/DVdOVdkWAAA64xg.jpg

https://pbs.twimg.com/media/DVdOeapXUAAZ7YL.jpg

https://pbs.twimg.com/media/DVdOt4yXcAEOgxm.jpg

Source (https://twitter.com/JulianAssange/status/961324850458619909).

Texts between Mark Warner and Adam R. Waldman J.D. on Scribd (PDF) - https://www.scribd.com/document/371101285/TEXTS-Mark-Warner-texted-with-Russian-oligarch-lobbyist-in-effort-to-contact-Christopher-Steele

THIS (https://www.bloomberg.com/research/stocks/private/person.asp?personId=31289514&privcapId=58974606&previousCapId=58974606&previousTitle=The%20Endeavor%20Group,%20Inc.) is who Adam Waldman is, Business Insider's 2014 article, "Here Are The American Executives Who Are Working On Behalf Of Putin (https://www.businessinsider.com.au/american-executives-working-for-putin-2014-3?r=US&IR=T)" will provide some context for the relevance and significance of these texts and HERE's (https://www.washingtonpost.com/news/worldviews/wp/2017/09/24/manaforts-russia-connection-what-you-need-to-know-about-oleg-deripaska/?utm_term=.f4c9c3abdd42) an article on Manafort and Oleg Deripaska.

The convoluted story around the Russia probe and the significance of these text messages is likely being covered in political threads on Avalon, I'm posting the text messages here for the record due to the texts about Vault 7 and Assange. The discussion about Assange and Vault 7 begins on the first page of the PDF and is interesting and as more may come to light in the future I'm highlighting a text sent by Waldman on April 10, 2017 due to its timing (date stamp on previous page of PDF) -

https://html2-f.scribdassets.com/3x3su7jgxs69frhe/images/16-c6726091d9.jpg

Just 11 days later, on April 21st, Assange tweeted a link to an encrypted backup pre-release file for Vault 7, see my post HERE (http://projectavalon.net/forum4/showthread.php?95892-Vault-7&p=1147711&viewfull=1#post1147711) (post #244). This request will make no sense unless you've read all the texts about Assange and Vault 7, as far as I can see nobody else has made this observation and it could be just coincidental but if anyone comes across any information from Assange that discusses a connection could you please post it here or send it to me in a PM, my interest is in whether or not there is a connection and if so what the details are. Cheers in advance.

This looks like a classic set up....

http://static.bbci.co.uk/frameworks/barlesque/3.22.55/orb/4/img/bbc-blocks-dark.png

Vault 7 inquiry: CIA data leak suspect named by media

2 hours ago..16/5/18

https://ichef-1.bbci.co.uk/news/660/cpsprodpb/17CC6/production/_101587479_gettyimages-635268902.jpg
CIA cyber-warfare tools were leaked to Wikileaks in 2017

A former CIA software engineer is the prime suspect in the leaking of a
stolen archive of spy agency's secrets last year, US media have revealed.
However after searching his home, prosecutors charged Joshua Schulte,
29, with having 10,000 child abuse images.He denies the charges and
remains suspected of leaking extensive CIA data to anti-secrecy website Wikileaks.

In March 2017, Wikileaks published thousands of documents detailing
the spy agency's cyber-warfare programme.Mr Schulte designed malware
used to break into terrorism suspects' and other targets' computers for
the CIA for six years. He quit the spy agency in 2016 to work in the private sector.

WikiLeaks
✔ @wikileaks

US gov says that it suspects a former a young New York CIA officer is WikiLeaks'
#Vault7 source--because he complained to Congress of abuse in the CIA--but
have no evidence to indict. So they put him in jail on improbable child porn
accusations instead.
12:58 PM - May 15, 2018

read more....http://www.bbc.co.uk/news/world-us-canada-44136258

How come nobody majes a fuss about not seeing Assange alive for months???

How come nobody majes a fuss about not seeing Assange alive for months???


The latest articles are on the otter thread though they are few since Ecuador
pulled his access to the internet.....

http://projectavalon.net/forum4/showthread.php?101476-Julian-Assange-s-health-in-dangerous-condition-say-doctors...&p=1224393&viewfull=1#post1224393

https://www.activistpost.com/wp-content/uploads/2018/04/logocropped.jpg
Ecuadorian Embassy Adds New Rules For Julian Assange
— No Visitors, Phone Calls Or Internet

12/5/18....By Aaron Kesel

'WikiLeaks founder Julian Assange has been arbitrarily detained according to the UN
for nearly 6 years in the Ecuadorian embassy. Now Ecuador has expanded that
arbitrary detainment to solitary confinement by forbidding Assange from any
human contact including visitations, phone calls and barring his Internet usage. All
without Assange ever being convicted of a crime besides publishing documents
exposing corruption and shedding light on the truth.

In March, Ecuador and its leader Lenín Moreno pulled the plug on Julian Assange’s
Internet connection. Then, Ecuador further demanded Assange remove a specific
tweet referencing a foreign political prisoner Carles Puigdemont. The irony here is
that Ecuador accused Assange of “interfering in a state” for mentioning another
political prisoner and Assange himself had more of his own rights taken away.

“In 1940 the elected president of Catalonia, Lluís Companys, was captured by the
Gestapo, at the request of Spain, delivered to them and executed. Today, German
police have arrested the elected president of Catalonia, Carles Puigdemont, at the
request of Spain, to be extradited,” Assange tweeted. Now Ecuador has clarified its
position on Julian Assange’s asylum by drafting new rules limiting his communications
according to WikiLeaks.


WikiLeaks
✔ @wikileaks

Ecuador announces that @JulianAssange remains
incommunicado and that his fate is being negotiated
with the UK. Although after US pressure, Ecuador
has banned visitors (inc. press) & phone, apparently
as a PR strategy only a "social media" ban is mentioned.
10:48 AM - May 10, 2018

Foreign Minister Maria Fernanda Espinosa confirmed that Assange was still being
denied Internet access while talks between the UK and Ecuador to decide his fate
are still ongoing. “He still has no access to the Internet and communications. There
is a dialogue, there is a will and an interest to move forward in the solution of that
matter,” Maria Fernanda said, according to El Tiempo.'

Read more: Ecuadorian Embassy Adds New Rules For Julian Assange — No Visitors, Phone Calls Or Internet


https://www.activistpost.com/2018/05/ecuadorian-embassy-adds-new-rules-for-julian-assange-no-visitors-phone-calls-or-internet.html

I’ll pop this here, as good a place as any.

How Julian Assange Saved Edward Snowden’s Life (27 Oct, 2018, duration: 13:42)
ooC8DOW1TBk

There have been no further Vault 7 releases.

To see what’s been going on this year with WikiLeaks and Julian Assange, along with the latest, see the following threads -

Current Wikileaks News & Releases (http://projectavalon.net/forum4/showthread.php?101183-Current-Wikileaks-News-Releases&p=1199570&viewfull=1#post1199570) Thread started; 4 Jan, 2018.
Norway police investigating disappearance of WikiLeaks consultant (http://projectavalon.net/forum4/showthread.php?104100-Norway-police-investigating-disappearance-of-WikiLeaks-consultant&p=1245648&viewfull=1#post1245648) Thread started; 6 Sept, 2018.
Julian Assange to regain internet access at embassy base (http://projectavalon.net/forum4/showthread.php?104650-Julian-Assange-to-regain-internet-access-at-embassy-base&p=1254180&viewfull=1#post1254180) Thread started; 15 Oct, 2018.

Stolen NSA hacking tools were used by other hacker groups 14 months before Shadow Brokers leak (https://arstechnica.com/information-technology/2019/05/stolen-nsa-hacking-tools-were-used-in-the-wild-14-months-before-shadow-brokers-leak/)

Dan Goodin Ars Technica (https://arstechnica.com/information-technology/2019/05/stolen-nsa-hacking-tools-were-used-in-the-wild-14-months-before-shadow-brokers-leak/)
Tue, 07 May 2019 06:48 UTC


https://www.sott.net/image/s26/521200/large/nsa_headquarters_800x624.jpg (https://www.sott.net/image/s26/521200/full/nsa_headquarters_800x624.jpg)
The National Security Agency headquarters in Fort Meade, Maryland.


One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency's most coveted hacking tools (https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/). The leak and the subsequent repurposing of the exploits in the WannaCry (https://arstechnica.com/information-technology/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/) and NotPetya (https://arstechnica.com/information-technology/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/) worms that shut down computers worldwide made the theft arguably one of the NSA's biggest operational mistakes ever.

On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

Killing NOBUS
The revelation that the powerful NSA tools were being repurposed much earlier than previously thought is sure to touch off a new round of criticism about the agency's inability to secure its arsenal.
"This definitely should bring additional criticism of the ability to protect their tools," Jake Williams, a former NSA hacker who is now a cofounder of Rendition Infosec, told Ars.

"If they didn't lose the tools from a direct compromise, then the exploits were intercepted in transit or they were independently discovered. All of this completely kills the NOBUS argument."
"NOBUS" is shorthand for nobody but us (https://en.wikipedia.org/wiki/NOBUS), a mantra NSA officials use to justify their practice of privately stockpiling certain exploits rather than reporting the underlying vulnerabilities so they can be fixed.

Symantec researchers said they didn't know how the hacking group-variously known as Buckeye, APT3, Gothic Panda, UPS Team, and TG-0110-obtained the tools. The researchers said the limited number of tools used suggested the hackers' access wasn't as broad as the access enjoyed by the Shadow Brokers. The researchers speculated that the hackers may have reverse-engineered technical "artifacts" they captured from attacks the NSA carried out on its own targets. Other less likely possibilities, Symantec said, were Buckeye stealing the tools from an unsecured or poorly secured NSA server, or a rogue NSA group member or associate leaking the tools to Buckeye.

The attack used to install Buckeye's DoublePulsar variant exploited a Windows vulnerability indexed as CVE-2017-0143. It was one of several Windows flaws exploited in Shadow Broker-leaked NSA tools with names like "Eternal Romance" and "Eternal Synergy." Microsoft patched the vulnerability in March 2017 after being tipped off by NSA officials that the exploits were likely to be published soon.

Symantec's report means that by the time the NSA reported the vulnerabilities to Microsoft, they had already been exploited in the wild for months.
"The fact that another group (besides NSA) were able to successfully exploit the Eternal series of vulnerabilities... is very impressive," Williams said.

"It speaks to their technical abilities and resourcing. Even if they stole the vulnerabilities while they were being used on the network, that's not enough to recreate reliable exploitation without tons of extra research."
Tale of two exploits
Security protections built into modern versions of Windows required two separate vulnerabilities to be exploited to successfully install DoublePulsar. Both the NSA and Buckeye started by using CVE-2017-0143 to corrupt Windows memory. From there, attackers needed to exploit a separate vulnerability that would divulge the memory layout of the targeted computer. Buckeye relied on a different information-disclosure vulnerability than the one the NSA's Eternal attacks used. The vulnerability used by Buckeye, CVE-2019-0703, received a patch in March (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0703), six months after Symantec privately reported it to Microsoft.

Symantec said the earliest known instance of Buckeye using the NSA variants came on March 31, 2016 in an attack on a target in Hong Kong. It came in a custom-designed trojan dubbed "Bemstour" that installed DoublePulsar, which runs only in memory. From there, DoublePulsar installed a secondary payload that gave the attackers persistent access to the computer, even if it was rebooted and DoublePulsar was no longer running. An hour after the Hong Kong attack, Buckeye used Bemstour against an educational institution in Belgium.

Six months later-sometime in September, 2016-Buckeye unleashed a significantly updated variant of Bemstour on an educational institution in Hong Kong. One improvement: unlike the original Bemstour, which ran only on 32-bit hardware, the updated version ran on 64-bit systems as well. Another advance in the updated Bemstour was its ability to execute arbitrary shell commands on the infected computer. This allowed the malware to deliver custom payloads on 64-bit infected computers. The attackers typically used the capability to create new user accounts.

Bemstour was used again in June 2017 against a target in Luxembourg. From June to September of that year Bemstour infected targets in the Philippines and Vietnam. Development of the trojan continued into this year, with the most recent sample having a compilation date of March 23, 11 days after Microsoft patched the CVE-2019-0703 zero-day.

Symantec researchers were surprised to see Bemstour being actively used for so long. Previously, the researchers believed that APT3 had disbanded following the November 2017 indictment of three Chinese nationals (https://arstechnica.com/tech-policy/2017/11/security-firm-was-front-for-advanced-chinese-hacking-operation-feds-say/) on hacking charges. While the indictment didn't identify the group the defendants allegedly worked for, some of the tools prosecutors identified implicated APT3.

Monday's report said Bemstour's use following the apparent disappearance of Buckeye remained a mystery.
"It may suggest that Buckeye retooled following its exposure in 2017, abandoning all tools publicly associated with the group," company researchers wrote.

"However, aside from the continued use of the tools, Symantec has found no other evidence suggesting Buckeye has retooled. Another possibility is that Buckeye passed on some of its tools to an associated group."
Dan Goodin (https://arstechnica.com/author/dan-goodin) Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications.
Related:

'Shutdown' smokescreen: Former NSA execs say agency still spies on American phones in hidden program (https://www.sott.net/article/408796-Shutdown-smokescreen-Former-NSA-execs-say-agency-still-spies-on-American-phones-in-hidden-program)



Russian cyber firm, Kaspersky Lab, helped NSA bust 50TB data breach (https://www.sott.net/article/404616-Russian-cyber-firm-Kaspersky-Lab-helped-NSA-bust-50TB-data-breach)



Silicon spies: How the American government invests in data-gathering startups (https://www.sott.net/article/378667-Silicon-spies-How-the-American-government-invests-in-data-gathering-startups)

Who needs ‘Russian hackers’? Report reveals CIA incompetence to blame for Vault 7 breach (https://www.rt.com/op-ed/492186-cia-vault7-report-russiagate/)

By Nebojsa Malic,

https://cdni.rt.com/files/2020.01/original/r/120/90/jpeg/5e16b87c2030270a2a608c30.jpg (https://www.rt.com/op-ed/authors/nebojsa-malic/)
a Serbian-American journalist, blogger and translator, who wrote a regular column for Antiwar.com from 2000 to 2015, and is now senior writer at RT. Follow him on Twitter @NebojsaMalic (https://twitter.com/NebojsaMalic)

RT
17 Jun, 2020 23:04
Get short URL (https://on.rt.com/ajru)


https://cdni.rt.com/files/2020.06/xxs/5eeaa07e20302747586ed745.jpg
Screenshot of the first page of the CIA WikiLeaks Task Force's final report


An internal CIA report about the Vault 7 fiasco paints a damning picture of the main US spy agency. WikiLeaks released the CIA’s hacking tools, likely leaked by an insider, while CIA chiefs were too busy cooking up Russiagate.

Vault 7 was the name given to cyber attack tools developed by the CIA’s Center for Cyber Intelligence (CCI), and published by WikiLeaks in March 2017. It was the largest data breach in Langley’s history, with long-lasting consequences. For example, Chinese cybersecurity companies recently used Vault 7 evidence to show that the US has been hacking China for over a decade.

According to a just-released internal CIA report,
“CCI had prioritized building cyber weapons at the expense of securing their own systems. Day-to-day security practices had become woefully lax.”

“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely,” the report goes on to say.
The heavily-redacted document (https://www.wyden.senate.gov/imo/media/doc/wyden-cybersecurity-lapses-letter-to-dni.pdf) actually dates back to October 2017 and was only made public Tuesday by Senator Ron Wyden (D-Oregon), in an effort to pressure the new Director of National Intelligence John Ratcliffe into imposing new security measures. While the CIA ineptitude is the obvious takeaway, no one seems to have noticed the real bombshell: the timing of the breach and its implications.

The report says the CIA “did not realize the loss had occurred until a year later, when WikiLeaks publicly announced it in March 2017.” Now, what all was happening between March 2016 and a year later? You guessed it: Russiagate!

Even as his own cyber arsenal was getting swiped from under his very nose, CIA chief John Brennan was obsessing about “Russian hackers” of the Democratic National Committee, or Hillary Clinton’s emails, or something – and pushing the bogus ‘Steele Dossier’ alleging Donald Trump’s collusion with Russia, which eventually made it into the infamous (https://www.rt.com/usa/372864-odni-report-russia-hacking/) ‘Intelligence Community Assessment’ that accused Moscow of meddling in the 2016 US presidential election.

It gets worse. According to the report,
“Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss—as would be true for the vast majority of data on Agency mission systems.”
So if the mythic bogeymen 'Russian hackers' had actually wanted to harm the US, they could have just used the CIA’s own, unprotected cyberweapons to stage false flags and wreak havoc across the world? None of which happened, obviously. Yet Brennan and his confederates have been telling everyone for years that the Kremlins wanted to “hack our democracy” by publishing some Democrat emails and posting memes on social media!


https://cdni.rt.com/files/2020.06/xxs/5eea861a85f5400d1910c7e3.JPG
Former CIA director John Brennan testifies before the House Intelligence Committee on “Russian active measures during the 2016 election campaign,” May 23, 2017. © REUTERS/Kevin Lamarque

Note that Mike Pompeo, who took over at Langley before he moved to Foggy Bottom, bought into Brennan’s fable hook, line and sinker, denouncing WikiLeaks (https://www.rt.com/usa/384667-cia-assange-wikileaks-critisize/) as a “hostile intelligence service” and a “cut-out” for Russia in April 2017.

In an irony of ironies, the Trump administration – run by a man who denounced the Iraq war and was falsely accused of working with WikiLeaks and Russia to get elected – is now seeking extradition of Julian Assange from the UK on trumped-up hacking charges related to the 2010 WikiLeaks revelations of US atrocities in Iraq.

As for how Vault 7 got to WikiLeaks, the jury is still out on that. Joshua Schulte, the employee charged with leaking the files, is being prosecuted again after a hung jury at his first trial in March. His lawyers have argued the CIA security was so lax, anyone else on the team, or even outsiders, could have done it.

The next time the media report some incendiary claim based on US intelligence “assessments,” try to keep all this in mind.

Related:


CIA has been hacking China for 11 YEARS, says Chinese cybersecurity firm citing Vault 7 leak (https://www.rt.com/news/482243-cia-hacking-china-vault7/)



We want to believe: ‘Russian hacking’ memo REVEALS how US intel pinned leaks to Kremlin (https://www.rt.com/usa/443644-russia-hacking-methods-election-memo/)



Assange trial rehearsal? Hung jury results in mistrial for former CIA tech accused of handing ‘Vault 7’ docs to WikiLeaks (https://www.rt.com/usa/482696-cia-technician-vault-7-mistrial/)