Wikileaks Vault 7: CIA Tips for Git Workflow

Wikileaks has begun dumping a large number of files on the CIA's hacking tools. The dump is called Vault 7. It is a goldmine, not only for information about the CIA's activities, but also for information on things like how to set up a development environment or properly use Git in your everyday programming workflow. Here are a couple highlights from some cursory searches of the document dump:

CIA Git Tutorials

CIA Vim Tutorials

CIA Setting Up a Development Environment

Comments (11)

How to Make Sense of the Wikileaks Clinton Campaign Email Document Dump and Controversy

It is becoming increasingly difficult to distinguish fact from fiction in the coverage of Wikileaks' ongoing publication of internal emails from Hillary Clinton's presidential campaign, known as the Podesta emails. There are internet hoaxsters pushing fake emails that are not contained in the actual published files. There are junk reports from prominent newsy websites that are based on obvious misreadings of the files in question. There is Clinton campaign and Democratic party spin seeking to distract from the content of the published emails. There is Trump campaign and Republican party spin exaggerating the content and import of what has been revealed by the leaked documents. And so on. In this article, we'll provide a bit of context on the leak itself, cover some examples of how it is being exploited by hoaxsters, how it is helping to reveal the incompetence of newsy sources of information, and how it is playing out within the context of the presidential campaign itself. We'll conclude with some tips on how to sift through the bullshit.


The Leaks

This article focuses specifically on coverage of the Podesta emails. But it is important to point out the context in which these files have been published. The first thing to note is that there is not just one leak that has resulted in the publication of Democrats' internal documents. Back in June, a hacker or hacker group known as Guccifer 2.0 began releasing a large set of internal files from the Democratic National Committee.

It is speculated that Guccifer 2.0 is a front for Russian hackers, if not a state-sponsored Russian cyberwar group, mostly on the basis of circumstantial evidence. The Guccifer 2.0 documents can be found here. Emails obtained by Guccifer 2.0 were, it appears, also obtained and published by Wikileaks. The Wikileaks DNC email database can be found at the link.

(The name 'Guccifer 2.0' itself is an obvious allusion to a Romanian hacker who called himself Guccifer and released documents on prominent Republican and Democratic party officials in 2013. Guccifer was eventually tracked down and jailed in 2014.)

Then in early October, Wikileaks began publishing a large set of files from the email account of John Podesta, a long-time Democratic party insider, and current chairman of Hillary Clinton's presidential campaign. This set of documents is known as The Podesta Emails.

The Podesta Emails are not directly related to the larger Hillary Clinton email controversy, which resulted from her use of a private email server during her time as Secretary of State. Emails from that controversy were made public by congressional inquiries and Freedom of Information Act requests. Many, if not most, of those emails have also been published by Wikileaks in its Hillary Clinton Email Archive.

Disinformation

Shortly after Wikileaks began publishing the Podesta email document dump, reports quickly began circulating online purporting to have found "smoking gun" evidence of one sort or another in the files. One of the most prominent of these was a report alleging that Clinton had called Democratic voters a "bucket of losers," in a clear allusion to her comments calling Trump supporters a "basket of deplorables." This claim can be demonstrated to be clearly false with a simple search for the term against the Wikileaks documents themselves. As a testament to their gullibility and refusal to do even basic research, numerous websites still have articles online breathlessly reporting the false claims as if they were true, without correction.

Misinformation

Misinformation campaigns based on the Podesta emails have been equally as successful as the disinformation campaigns waged by the hoaxsters. One widely circulated report claimed that the Podesta emails contained solid evidence of racist comments made by Hillary Clinton. "Racist Hillary DUMPS on African Americans, Calls Them Professional Never-Do-Wells," read one headline at a self-declared right wing news site. That sounds pretty serious! Moreover, the author of the article proclaims that the email confirmed everything she already believed! Yet, as with the hoaxsters, this claim is easily debunked with a minimum of effort. A search for the offending terms among the Wikileaks documents does indeed turn up an email using the offending terms. But anyone who is neither an idiot nor a knave should be able to quickly debunk the claim by reading the email's header, which reveals that it is not from inside the Clinton campaign. It was in fact sent from orca100@upcmail.nl, and addressed to a wide array of media outlets and political insiders. In other words, the purveyors of the "smoking gun" claim are either morons who are incapable of reading an email, or they are just click-bait artists trying to earn a few pennies off bombastic headlines.

Trump Gets Trolled 

Earlier this week, another story that was similarly based on an obvious faulty reading of an email from the Podesta files was published by the Russian state media outlet Sputnik News. The author(s) of the article misread an email in the Podesta files, and did not realize that it was just a forward, and not a personal email. This article was picked up by the Trump campaign, and the Republican candidate read from it at a campaign rally later that day. The embarrassing incident was reported widely in the media when the offending article was debunked later in the day.

Clinton Campaign Spin

The Clinton campaign, for its part, has clearly been put off balance by the publication of the hacked documents, judging from the contradictory statements they have made in its wake. Podesta first claimed that the Wikileaks documents were in fact fake. "They've put out documents that are purported to be from my account," he stated on a Sunday morning talk show. Then later on Twitter, he seemed to walk back this claim, asserting that fake documents had been inserted into the file dump, according to Politico. Finally, by Wednesday, Podesta admitted that his account had in fact been compromised and the the FBI announced that it was investigating the hack. Podesta has now gone on the attack himself, fingering Russia as the source of the hack and claiming coordination with the Trump campaign: "Russian interference in this election and their apparent attempt to influence it on behalf of Mr. Trump . . . should be of utmost concern to all Americans," said Podesta, according to CBS News.

This line of attack builds upon existing campaign narratives that have been articulated by Hillary Clinton herself. As she stated at the second presidential debate: "Putin and the Russian government are directing the attacks, the hacking on American accounts to influence our election. And Wikileaks is part of that, as are other sites . . . we don't even know if it's accurate information . . . believe me, they're not doing it to get me elected. They're doing it to try to influence the election for Donald Trump."

But Podesta appears to have bigger problems than the Russians. The Clinton campaign chairman's Twitter account was apparently compromised by someone from 4chan's /pol/ board earlier today. Politico reports:"Podesta's Twitter account sent out a strange tweet reading: "I've switched teams. Vote Trump 2015.Hi pol." The tweet was quickly deleted, but the Clinton campaign confirmed the account had been hacked."

For an in-depth analysis of the Democratic response to the hacks and leaks, see Glenn Greenwald's article at The Intercept: "In the Democratic Echo Chamber, Inconvenient Truths Are Recast as Putin Plots."

Conclusion

We live in a new information environment. Barack Obama was hailed as the first president of the social media age. The next president may be the first to inhabit an age of generalized, asymmetrical, information warfare. The Wikileaks Podesta emails file dump has completely muddied the waters in an already dirty presidential campaign. Widely read political news sources have been humiliated by transparent hoaxes. Others have had their shoddy reporting exposed for all to see. One major presidential campaign has been humiliated by spouting faulty Russian state news reports, while the other is getting pwned by 4chan.

Asking yourself a couple simple questions can help dispose of all the bullshit that is tripping people up right and left. Where's the evidence? Where's the corroborating evidence? The great thing about Wikileaks is that any assertions made on the basis of its documents can be verified or debunked by simply searching its archives and reading the primary source materials in question.

For more, check out our previous post on how to spot a fake news article and identify a hoax news website.
Comments (9)

NSA = Not So Adept: Hackers Loot Brash Stash Of NSA Exploits & Data

Who watches the watchers?  Apparently, now it’s…well, everybody with a computer.  A massive hack against the NSA has revealed a treasure trove of previously-private exploits and other data, and it doesn’t make our “security agency” look very secure at all…


If the future won't let us have space-war, we'll have cyberspace-war.
(Image courtesy techworm.com.)

According to TechCrunch.com, the hack was perpetuated by a group called the Shadow Brokers, who lifted a stash of NSA-created malware from an internal hacking team called The Equation Group.  Two chunks of data have been published, one that is open to the public for perusal and one that contains “the best files”, which will likely be auctioned off at the starting price of $1 million.

An additional image collection of a file tree containing NSA exploits was released, as well as a page calling out “cyber warriors” and “WealthyElites.”  The full extent of the free file contains staging programs that the NSA could ostensibly use to inject malware into servers for the purposes of espionage.  These hacking tools include “RATS” – remote access Trojans – and exploits that target web and file servers.  Such programs could be used to remotely access a machine, copy or monitor its information, and then be deleted (theoretically) without a trace.


Well, that's...bold.
They couldn't name it "Punk Rock Tracks - The Exploited" or anything less overt?
(Image courtesy techcrunch.com.)

The files are mostly written in Python or shell script, with a few compiled binaries.  The Shadow Brokers have released the following statement regarding the acquisition:
"How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files."

The stunted English grammar may imply Russian origin for the group, or may be ruse to throw others off the trail.  Regardless, the second file will be sold to the highest bidder via bitcoin, and the files are promised to be “better than stuxnet” (the computer worm that derailed Iran’s nuclear program several years ago.)


How nice...they even included user instructions.
(Image courtesy techcrunch.com.)

Wikileaks claims that they are already in possession of the “best” files, and will publish them “in due course.”  In the meantime, whistleblowing winner Edward Snowden calls the entire affair “not unprecedented.”  Snowden went on to elucidate, “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server."


While this is not (yet) thought to be a tremendously devastating hack, it does not look favorably on the much-maligned NSA.  This sort of sloppy spywork is not the sort of thing that inspires confidence in those who repeatedly exhorted that they were keeping us secure by ransacking our privacy.  Loose ‘chips sink ships.

We don't know all of what we don't know,
but we learn more about it every day.
(Image courtesy sdxcentral.com.)

Comments

Eyes In The Sky That Pry Via Wifi: Malware-Injecting Drones Swoop In To Spy

Hackers, in an ever-escalating bid to stymie security, have teamed up with an arm of one of the world's leading aerospace companies to create computer-death from above...


As usual, we're sure this is all to "protect your freedom"...
(Image courtesy youtube.com.)

As reported by RT.com, the Italian firm Hacking Team has teamed up with a subsidiary of Boeing to work on a drone-mounted device that can cause computer chaos simply via flyby.  The drone will be able to infect smartphones and computers with spyware by latching onto a wifi signal.

Hacking Team, a surveillance technology firm, was quoted from a series of emails released by Wikileaks in which the firm states that they seek to create a "remote traffic interception device", one that would be"ruggedized" and "transportable by drone."  Creepier still, the project was commissioned by the American company Insitu, who have previously sent spy drones such as the ScanEagle into the skies.

Nothing to see here, citizen.  Continue your nourishment from social media feeds.
(Image courtesy rafzen.wordpress.com.)

An Insitu engineer's email to Hacking Team states:
"We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System. Additionally, if you have any more marketing material you are willing to share with us prior to meeting, please let us know." 
Further communications reveal plans for an airborne TNI, or tactical network injector, which could bomb a target's computer or smartphone with spyware by intercepting their wifi connection and unwittingly forcing the user to download the malicious malware.

Maybe someday we can use this technology in better ways.  Not yet, though.
(Image courtesy townhall.com.)

So basically, if we're hearing about this, it's probably already happened.  No signal is safe.  Just try not to get on the bad side of Boeing, Hacking Team, or any of their allies/clients (like the US military, FBI, or DEA.)  And if you hear the buzzing of tiny little rotors above you, it's probably already too late...

The first person they're going to hack is this reporter with the horrible grammar and capitalizations.
Spyware from the sky is evil, but even evil needs proper punctuation.
(Image courtesy tapnewswire.com.)

Comments

WikiLeaks Publishes CIA Travel Tips: Nervous Travelers Beware

With the holiday travel season in full swing, millions of people around the country and the world are taking to the highways, railways and the skies to visit friends and family (or to escape them!) far and wide. Of course, the romantic notion of the old fashioned family Christmas pilgrimage was long ago replaced by the stresses and strains of modern travel: endless traffic, train and plane delays, and security protocols that border on the absurd. Fortunately for the frantic traveler, Wikileaks has just published two previously secret CIA documents detailing the spy agency’s advice to operatives on how to survive the airport security screening process.

The leaked documents have been put online as part of the anti-secrecy organization’s ongoing “CIA Series,” which is planned to continue into the new year, according to a press release. The two CIA documents published yesterday provide insight on how the spy organization trains agents to navigate the heightened airport security protocols that we have all come to know and love over the last 15 years. The first provides an overview on how to survive the "secondary screening" process in general, while the second provides pointers on how to pass airport security specifically when infiltrating the European Union.

Anyone who's ever traveled at all is familiar with the primary screening process. (If you're not, consider watching this George Carlin bit for a quick overview.) You wait in a series of lines, provide your boarding pass and ID to the relevant official, proceed through the new-fangled Rapiscan nude scanners and so on. A subset of passengers are then taken aside for secondary screening either because of flags raised during the primary screening process, or because they have been selected for random secondary screening.

However, the CIA writes: "Travelers can minimize the possibility of secondary by knowing how to prepare for and navigate the primary inspection and by avoiding to the extent possible the various triggers for secondary." Among these triggers, the document lists: possession of contraband (including weapons, drugs and electronics), irregularities with official identification documents, suspicious behavior (nervousness, anxiety), baggage (with contents that are inconsistent with the passenger's appearance, profession, ticket class, stated reason for travel and so on), country of origin, suspicious past travel patterns, and so on. The agency also notes the following factoids:
  • Inspectors focus on body language.
  • Travelers can legally be held in secondary screening for hours.
  • Officials may telephone travelers' contacts to verify their stories.
  • Officials can access national and international databases on the internet.
  • Officials can collect additional biographic data and biometrics.
  • Officials can examine belongings.
  • Officials can copy or confiscate a traveler's personal electronics.
Read the rest for some interesting anecdotes from airports around the world. The report concludes with some common sense advice: "Consistent, well-rehearsed, and plausible cover is important for avoiding secondary selection and critical for surviving it. A frequent operational CIA traveler to Asia and Europe advises that the most effective prevention of secondary is to have simple and plausible answers to the two most frequently asked questions, “Why are you here,” and “Where are you staying.” Travelers should  also ensure before traveling that everything that offials can use to examine their bona fides—passports, travel history, baggage,  personal electronics, pocket litter, hotel reservations, Web presence—is consistent with" your official reason for travel.
Comments

Sink "Fin Fisher": Wikileaks Combats Spy Platforms By Releasing Software To Public

It's no secret now that governments routinely spy on their citizens, for reasons ranging from interest in actual criminal activities to simply wanting to try to intercept naked selfies.  However, now the team at Wikileaks has released the exact software used to spy on you, hoping that once it is more completely understood, it can be more effectively stopped.

As reported by engadget.com, Julian Assange and his colleagues have openly posted the FinSpy PC and Fin Fisher spy platforms in an effort to spur developers to update more thorough privacy measures against them.  The Wikileaks team also hopes to make it more difficult for governments to abuse the technology to root out whom they consider undesirable.  Australia, Italy, Pakistan and other nations have been proven to use the software against "dissidents" on their turf, regardless of what computer platform the suspicious party is running.

Although keylogging and webcam monitoring are among the elements of the revealed software, it is hoped that these will not be abused by the masses and if they are, that a quick antidote will be available soon.  Now we know what weapons the powers-that-be have chosen, we can fight them more intelligently.

Sometimes the surveillance state needs a faceful of e-mace.



Comments (16)
See Older Posts...