Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Wikileaks Next Series: Vault 7
#21
David Guyatt Wrote:
Quote:YOUR SAMSUNG AND YOUR IPHONE ARE WATCHING YOU


AND IF YOU DON'T BEHAVE, YOUR CAR WILL KILL YOU


As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

Michael Hastings.
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx

"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.

“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
Reply
#22
Dark Matter[FONT=&amp]
[/FONT]

[FONT=&amp]Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
[/FONT]
"We'll know our disinformation campaign is complete when everything the American public believes is false." --William J. Casey, D.C.I

"We will lead every revolution against us." --Theodore Herzl
Reply
#23
Lauren Johnson Wrote:Dark Matter[FONT=&amp]
[/FONT]

[FONT=&amp]Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
[/FONT]

Lovely stuff. One of the many things to think about is if you are a likely target never order a computer or major computer part to be delivered - as they can infect it en route. I think, however, not mentioned, they have ways to infect all or most of the produced items and then use them to spy on their targets of choice. While CIA likely has more targeted targets than NSA, who vacuums up everyone and everything, both likely use the same general techniques. Anyone not a target at time X can become one at time Y, so best to implant a way to get into the system from the get go. As most, if not all, iphones and Mac computers are made in China [as are most other smartphones and many computers] if they are intercepting them during shipping, this could be anywhere from factory to new owners door delivery. It is known that the USPS has agreements with CIA and other intel agencies; no doubt major carriers such as DHL, UPS et al. do also - knowingly or not to most in those companies. If they are infecting all phones, it would make sense to do so in the factory or at some distributor in China or wherever they are made.
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Reply
#24
Hive

[FONT=&amp]9 November, 2017[/FONT]
[FONT=&amp]Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.

[Image: hive.png]

The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.

The documentation for Hive is available from the WikiLeaks Vault7 series.
[/FONT]
"We'll know our disinformation campaign is complete when everything the American public believes is false." --William J. Casey, D.C.I

"We will lead every revolution against us." --Theodore Herzl
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Complete Wikileaks Data Dump Lauren Johnson 1 4,122 14-12-2021, 06:08 PM
Last Post: Lauren Johnson
  Wikileaks promises new release of information on Hilary. Drew Phipps 21 27,199 19-10-2016, 06:06 AM
Last Post: Peter Lemkin
  Interview w/ Sarah Harrison - link between Snowden & Wikileaks Peter Lemkin 0 3,678 01-07-2014, 06:28 PM
Last Post: Peter Lemkin
  Wikileaks donation blockade by Mastercard and Visa and others. Peter Lemkin 3 5,337 02-05-2012, 08:58 AM
Last Post: Magda Hassan
  Wikileaks - the Spy Files! Peter Lemkin 0 3,384 24-01-2012, 10:42 AM
Last Post: Peter Lemkin
  WikiLeaks Haiti: The PetroCaribe Files Peter Lemkin 4 7,209 13-08-2011, 11:41 AM
Last Post: Peter Lemkin
  Will WikiLeaks unravel the American 'secret government'? James H. Fetzer 549 177,431 15-02-2011, 06:05 PM
Last Post: Jan Klimkowski
  Judging Wikileaks by What is NOT Revealed Charles Drago 0 2,814 04-02-2011, 05:19 PM
Last Post: Charles Drago
  Wikileaks About To Release 400,000 New Documents On Iraq Monday or Soon! Peter Lemkin 0 3,679 17-10-2010, 08:53 PM
Last Post: Peter Lemkin
  The Hate Mongers Among Us: A 4-Part Series by Jeff Gates 0 492 Less than 1 minute ago
Last Post:

Forum Jump:


Users browsing this thread: 1 Guest(s)