PoliticalComments Off on Wikileaks: CIA Malware For Windows “Grasshopper”
Apr072017
RELEASE: CIA malware for Windows “Grasshopper” — which includes its own language
Grasshopper basically allows the Deep State to do anything it wants remotely to a Windows machine. It doesn’t seem to matter if it is Windows XP, Windows 7, Windows 8, or Windows Server versions 2003 or 2008. Almost all the attacks and hijacks bypassed the major intrusion detection systems (MS Security, Symantec, Kapersky, and Rising). No matter how locked down or safe you thought your Windows install was, you were wrong.
Oh even better. It looks like these were designed specifically to avoid the major security programs.
Today, April 7th 2017, WikiLeaks releases Vault 7 “Grasshopper” — 27 documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems.
Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to “perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration”. Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular Antivirus product is running or not.
Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). The requirement list of the Automated Implant Branch (AIB) for Grasshopper puts special attention on PSP avoidance, so that any Personal Security Products like ‘MS Security Essentials’, ‘Rising’, ‘Symantec Endpoint’ or ‘Kaspersky IS’ on target machines do not detect Grasshopper elements.
One of the persistence mechanisms used by the CIA here is ‘Stolen Goods’ – whose “components were taken from malware known as Carberp, a suspected Russian organized crime rootkit.” confirming the recycling of malware found on the Internet by the CIA. “The source of Carberp was published online, and has allowed AED/RDB to easily steal components as needed from the malware.”. While the CIA claims that “[most] of Carberp was not used in Stolen Goods” they do acknowledge that “[the] persistence method, and parts of the installer, were taken and modified to fit our needs”, providing a further example of reuse of portions of publicly available malware by the CIA, as observed in their analysis of leaked material from the italian company “HackingTeam”.
The documents WikiLeaks publishes today provide an insights into the process of building modern espionage tools and insights into how the CIA maintains persistence over infected Microsoft Windows computers, providing directions for those seeking to defend their systems to identify any existing compromise.
PoliticalComments Off on CIA Vault 7 Part 3 “Marble” Allows CIA To Cover Their Tracks!
Mar312017
Vault 7 Part 3: WikiLeaks releases the CIA ‘Marble’ dump
WikiLeaks has released the latest batch of documents detailing CIA hacking tactics. The third release, named ‘Marble’, contains 676 source code files for the agency’s secret anti-forensics framework.Marble Framework, which WikiLeaks explains is part of the CIA’s Core Library of malware, is used to hamper forensic investigators from attributing viruses, trojans and hacking attacks to the CIA. WikiLeaks said Marble was in use at the agency as recently as 2016.
WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.
It’s “designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.
The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.
“This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion,” WikiLeaks explains, “But there are other possibilities, such as hiding fake error messages.”
Today, March 31st 2017, WikiLeaks releases Vault 7 “Marble” — 676 source code files for the CIA’s secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.
Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.
Marble forms part of the CIA’s anti-forensics approach and the CIA’s Core Library of malware code. It is “[D]esigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.”
The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.
The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
Over the last two decades, the Pentagon has lost an astonishing $10 trillion dollars… and the Defense Department has no idea where it went!
Over a mere two decades, the Pentagon lost track of a mind-numbing $10 trillion — that’s trillion, with a fat, taxpayer-funded “T” — and no one, not even the Department of Defense, really knows where it went or on what it was spent.
Even though audits of all federal agencies became mandatory in 1996, the Pentagon has apparently made itself an exception, and a full 20 years later stands firmly resolute in never having complied.
Defense officials insist an audit would take too long and ironically cost too much.
“Over the last 20 years, the Pentagon has broken every promise to Congress about when an audit would be completed,” Rafael DeGennaro, director of Audit the Pentagon, told the Guardian recently. “Meanwhile, Congress has more than doubled the Pentagon’s budget.”
President Trump’s newly-proposed budget seeks to toss an additional $54 billion into the evidently bottomless pit.
Without the mandated audit, the Department Of Defense could be purchasing damned near anything, at any cost, and use, or give, it — to anyone, for any reason.
Officials with the Government Accountability Office and Office of the Inspector General have catalogued egregious financial disparities at the Pentagon for years — yet the Defense Department grouses the cost and energy necessary to perform an audit in compliance with the law makes it untenable.
Astonishingly, the Pentagon’s own watchdog tacitly approves this technically illegal workaround — and the legally gray and, yes, literally, on-the-books-corrupt practices in tandem — to what would incontrovertibly be a most unpleasant audit, indeed.
Take the following of myriad examples, called “Plugging,” for which Pentagon bookkeepers are not only encouraged to conjure figures from thin air, but, in many cases, they would be physically and administratively incapable of performing the job without doing so — without ever having faced consequences for this brazen cooking of books.
Reutersreported the results of an investigation into Defense’s magical number-crunching well over three years ago, on November 18, 2013 — detailing the illicit tasks of 15-year employee, “Linda Woodford [who] spent the last 15 years of her career inserting phony numbers in the U.S. Department of Defense’s accounts.”
Woodford, who has since retired, and others like her, act as individual pieces in the amassing chewed gum only appearing to plug a damning mishandling of funds pilfered from the American people to fund wars overseas for resources in the name of U.S. defense.
“Every month until she retired in 2011,” Scot J. Paltrow wrote for Reuters, “she says, the day came when the Navy would start dumping numbers on the Cleveland, Ohio, office of the Defense Finance and Accounting Service, the Pentagon’s main accounting agency. Using the data they received, Woodford and her fellow DFAS accountants there set about preparing monthly reports to square the Navy’s books with the U.S. Treasury’s – a balancing-the-checkbook maneuver required of all the military services and other Pentagon agencies.
“And every month, they encountered the same problem. Numbers were missing. Numbers were clearly wrong. Numbers came with no explanation of how the money had been spent or which congressional appropriation it came from. ‘A lot of times there were issues of numbers being inaccurate,’ Woodford says. ‘We didn’t have the detail … for a lot of it.’”
Where a number of disparities could be corrected through hurried communications, a great deal — thousands each month, for each person on the task — required fictitious figures. Murkily deemed, “unsubstantiated change actions” — tersely termed, “plugs” — this artificial fix forcing records into an unnatural alignment is common practice at the Pentagon.
Beyond bogus books, the Pentagon likely flushed that $10 trillion in taxes down the toilet of inanity that is unchecked purchasing by inept staff who must be devoid of prior experience in the field of defense.
This tax robbery would eclipse the palatability of blood money — if it weren’t also being wasted on items such as the 7,437 extraneous Humvee front suspensions — purchased in surplus over the inexplicable 14-year supply of 15,000 unnecessary Humvee front suspensions already gathering warehouse-shelf dust.
And there are three items of note on this particular example, of many:
One, the U.S. Department of Defense considers inventory surpassing a three-year supply, “excessive.”
Two, the stupefying additional seven-thousand-something front suspensions arrived, as ordered, during a period of demand reduced by half.
Three, scores of additional items — mostly unaccounted for in inventory — sit untouched and aging in storage, growing not only incapable of being used, but too dangerous to be properly disposed of safely.
The latter included a charge to the Pentagon of $2,286 — spent for an aluminum pin ordinarily costing just $10 — the irony of whose 228.6 percent markup cannot be overstated.
Considering all the cooking of numbers apparently fueled with burning money stateside, you would think Defense channeled its efforts into becoming a paragon of economic efficiency when the military defends the United States. Overseas. From terrorism. And from terrorists. And terrorist-supporting nations.
But this is the Pentagon — and a trickle of telling headlines regularly grace the news, each evincing yet another missing shipment of weapons, unknown allocation of funds, or retrieval of various U.S.-made arms and munitions by some terrorist group deemed politically less acceptable than others by officials naming pawns.
In fact, so many American weapons and supplies lost by the DoD and CIA become the property of actual terrorists — who then use them sadistically against civilians and strategically against our proxies and theirs — it would be negligent not to describe the phenomenon as pattern, whether or not intent exists behind it.
For now the painstaking audit imperative to Department Of Defense accountability remains only a theory… while the Pentagon’s $10 trillion sits as the world’s largest elephant in apathetic America’s living room.
PoliticalComments Off on Wikileaks: CIA Hacks Dubbed ‘Dark Matter’ Reveal How Apple Products Are Infected
Mar242017
WikiLeaks Vault 7 shows that the CIA has developed a huge range of attacks against iPhones since at least 2008.
Yesterday, Wikileaks released another series from their ‘Vault 7’ CIA hacks called ‘Dark Matter’ where they reveal how Apple products are infected.
According to Wikileaks, ‘Dark Matter’ contains documentation for several CIA projects that infect Apple MAC computer firmware developed by the CIA’s Embedded Development Branch (EDB). Interestingly… the infection persists even if the operating system is re-installed.
Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.
Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.
Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.
Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
PoliticalComments Off on While The Mainstream Media Focuses On Russia, The Government’s Own Data Shows U.S. Interfered In 81 Elections
Mar232017
While the US spin machine hurls accusations about Russian election meddling, it’s worth nothing the US is a seasoned pro at interfering in elections.
Ask an average American who makes a habit of following government-mouthpiece corporate media about interference in national elections and you’ll likely elicit a nebulous response concerning Russian hackers and a plan to install Donald Trump in the White House — but you probably won’t hear a single syllable pertaining to United States government’s actual attempts to do the same.
On Monday, FBI Director James Comey confirmed for the first time publicly the bureau is officially investigating hotly contentious allegations of Russian meddling in the U.S. election — but, even if proven true, such geopolitical escapades better characterize the routine behavior of accuser than of accused.
“The F.B.I., as part of our counterintelligence effort, is investigating the Russian government’s efforts to interfere in the 2016 president election,” the director announced, adding the bureau would conduct a probe to discern whether Trump’s associates had contact with Russian officials.
Despite that the U.S. has hypocritically exerted influence over foreign elections in all corners of the globe — in fact, it has arrogantly done so a whopping 81 times between 1946 and 2000, alone — with just one-third of those operations undertaken overtly.
US agencies have interfered with 81 elections not including coups. #CIA
For months, mainstream media parroted murky accusations hurled by politicians — keen to point a finger of blame for the apparently stultifying victory of a former reality television host on someone — that The Russians had somehow surreptitiously undermined the election-centric foundation of American Democracy.
While that has yet to prove true, this new Red Scare constitutes a duplicitous attempt by the pot to call the kettle … an election meddler.
Researcher Dov Levin of Carnegie Mellon University’s Institute for Politics and Strategy — an expert on the topic at hand — discussed the lengthy but incomplete list of times the U.S. government has interfered in other nations’ elections with NPR’s Ari Shapiro.
Asked for examples where this tampering tangibly altered results, Levin stated,
“One example of that was our intervention in Serbia, Yugoslavia in the 2000 election there. Slobodan Milosevic was running for re-election, and we didn’t want him to stay in power there due to his tendency, you know, to disrupts the Balkans and his human rights violations.
“So we intervened in various ways for the opposition candidate, Vojislav Kostunica. And we gave funding to the opposition, and we gave them training and campaigning aide. And according to my estimate, that assistance was crucial in enabling the opposition to win.”
Levin reiterated the more blatant methods with which the U.S. asserts dominance — through the overt coups or all-out regime changes branding the nation a notorious interventionist — are not among the list of the 80-plus attempts to manipulate the electoral outcome.
As for the issue of pot versus kettle, Levin explained that — although Russia and other powerful nations indisputably employ similar tactics — the United States has been quite prodigious in its effort.
“Well, for my dataset, the United States is the most common user of this technique. Russia or the Soviet Union since 1945 has used it half as much. My estimate has been 36 cases between 1946 to 2000. We know also that the Chinese have used this technique and the Venezuelans when the late Hugo Chavez was still in power in Venezuela and other countries.”
