geheimdienst_us_cia_ddi_cci_edg   10

U.S. identifies suspect in major leak of CIA hacking tools
Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency’s top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label “Vault 7” in March 2017. Federal authorities searched Schulte’s apartment in New York last year and obtained personal computer equipment, notebooks and handwritten notes, according to a copy of the search warrant reviewed by The Washington Post. But that failed to provide the evidence that prosecutors needed to indict Schulte with illegally giving the information to WikiLeaks. A government prosecutor disagreed with what he called the “characterization” by Schulte’s attorney that “those search warrants haven’t yielded anything that is consistent with [Schulte’s] involvement in that disclosure.” But the prosecutor, Matthew Laroche, an assistant U.S. attorney in the Southern District of New York, said that the government has not brought an indictment, that the investigation “is ongoing” and that Schulte “remains a target of that investigation,” according to a court transcript of the Jan. 8 hearing that escaped public notice at the time. Part of that investigation, Laroche said, was analyzing whether a technology known as Tor, which allows Internet users to hide their location, “was used in transmitting classified information.” In other hearings in Schulte’s case, prosecutors have alleged that he used Tor at his New York apartment, but they have provided no evidence that he did so to disclose classified information. Schulte is in a Manhattan jail on charges of possessing, receiving and transporting child pornography, according to an indictment filed in September. He has pleaded not guilty.
wp, 15.05.2018
ngo_wikileaks_cia_vault  geheimdienst_us_cia_ddi_cci_edg  hacktivism_whistleblowing  software_anon_tor  land_usa  recht_beschuldigter  recht_beweislast 
may 2018 by kraven
Vault 7 - OutlawCountry
WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.
wikileaks, 29.06.2017
geheimdienst_polizei_infiltration_tech  geheimdienst_us_cia_ddi_cci_edg  itsicherheit_malware_spyware  software_os_linux_kernel_modul  software_os_linux  itsicherheit_firewall_paketfilter  land_usa  ngo_wikileaks_cia_vault 
june 2017 by kraven
Vault 7 - ELSA
WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.
wikileaks, 28.06.2017
geheimdienst_us_cia_ddi_cci_edg  geheimdienst_polizei_infiltration_tech  itsicherheit_exploit_flaw  itsicherheit_malware_spyware  land_usa  software_os_windows  tech_wifi_wlan  überwachung_lokalisierung_bewegung  überwachung_int_sigint_comint  ngo_wikileaks_cia_vault 
june 2017 by kraven
Vault 7 - Pandemic
WikiLeaks publishes documents from the "Pandemic" project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. "Pandemic" targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets). As the name suggests, a single computer on a local network with shared drives that is infected with the "Pandemic" implant will act like a "Patient Zero" in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.
wikileaks, 01.06.2017
geheimdienst_polizei_infiltration_tech  software_os_windows  itsicherheit_malware_spyware  land_usa  software_server_datei  geheimdienst_us_cia_ddi_cci_edg  tech_netzwerk_protokoll_smb  itsicherheit_netzwerk  überwachung_int_sigint_comint  itsicherheit_os  geheimdienst_allg_spionage  ngo_wikileaks_cia_vault 
june 2017 by kraven
Vault 7 - Archimedes
WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session. The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.
wikileaks, 05.05.2017
geheimdienst_us_cia_ddi_cci_edg  internet_protokoll_http  itsicherheit_malware_spyware  itsicherheit_os  land_usa  software_os_windows  überwachung_int_sigint_comint  überwachung_internet_mitm  überwachung_internet_tracking  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault  überwachung_internet_nutzung 
may 2017 by kraven
Vault 7 - Grasshopper
WikiLeaks releases Vault 7 "Grasshopper" -- 27 documents from the CIA's Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems. Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to "perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration". Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular Antivirus product is running or not.
wikileaks, 07.04.2017
software_os_windows  geheimdienst_us_cia_ddi_cci_edg  itsicherheit_malware_spyware  software_anti_malware_virus  land_usa  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault 
april 2017 by kraven
Vault 7 - Marble Framework
WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages. The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
wikileaks, 31.03.2017
geheimdienst_us_cia_ddi_cci_edg  land_usa  itsicherheit_malware_spyware  überwachung_int_sigint_comint  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault  geheimdienst_polizei_tarnung_undercover  itsicherheit_angriff_zuschreibung 
april 2017 by kraven
Vault 7 - Dark Matter
Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware. While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
wikileaks, 23.03.2017
geheimdienst_us_cia_ddi_cci_edg  itsicherheit_exploit_flaw  itsicherheit_hardware  itsicherheit_malware_spyware  itsicherheit_os  land_usa  überwachung_int_sigint_comint  überwachung_itk_inhaltsdaten  überwachung_onlinedurchsuchung  überwachung_quellen_tkü  geheimdienst_us_cia_cao  itsicherheit_firmware_bios  geheimdienst_us_nsa_cao_tarex  software_os_linux  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault 
march 2017 by kraven
WikiLeaks-Enthüllung: CIA betreibt offenbar Hacker-Einheit in Frankfurt
Eine streng geheim operierende CIA-Einheit entwickelt in Frankfurt am Main maßgefertigte Computerviren. Das zeigen Dokumente, die die Plattform WikiLeaks veröffentlicht hat. Die Central Intelligence Agency (CIA) hat demnach mitten in Deutschland eine spezialisierte Truppe von IT-Experten stationiert, um Computerangriffe gegen Ziele in Europa, Afrika und dem Nahen Osten vorzubereiten. Die Hacker-Gruppe in Frankfurt gehört laut der Unterlagen zu einer Einheit, die intern den Namen "Engineering Development Group" trägt, kurz: EDG. Sie ist demnach Teil einer insgesamt rund 5000 Mitarbeiter starken CIA-Abteilung namens "Center for Cyber Intelligence" mit Hauptsitz in Langley, Virginia.
tagesschau, 07.03.2017
land_deutschland  land_usa  geheimdienst_us_cia_cao  geheimdienst_us_cia_ddi_ccie  geheimdienst_us_cia_ddi_cci_edg  geheimdienst_allg_verdeckte_operation  überwachung_int_sigint_comint  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault  geheimdienst_polizei_tarnung_undercover  staat_politik_außen_auslandsvertretung 
march 2017 by kraven
Vault7 - Year Zero
WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
wikileaks, 07.03.2017
geheimdienst_us_cia_ioc  land_usa  geheimdienst_allg_sabotage  geheimdienst_allg_spionage  geheimdienst_allg_verdeckte_operation  itsicherheit_exploit_flaw  itsicherheit_malware_spyware  überwachung_int_sigint_comint  geheimdienst_us_analyse_datenzentrum  geheimdienst_us_cia_ddi_cci  überwachung_akustisch  überwachung_raum  überwachung_lokalisierung_bewegung  überwachung_itk_inhaltsdaten  überwachung_mobilfunk  überwachung_chat_telefonie_voip  geheimdienst_polizei_zusammenarbeit  geheimdienst_us_fbi  geheimdienst_uk_gchq  geheimdienst_uk_mi5_ss  überwachung_quellen_tkü  geheimdienst_us_cia_ddi_ccie  überwachung_onlinedurchsuchung  krypto_crypto_war  geheimdienst_us_cia_ddi_cci_edg  itsicherheit_hardware  itsicherheit_os  itsicherheit_mobil_os  geheimdienst_polizei_infiltration_tech  ngo_wikileaks_cia_vault  geheimdienst_polizei_tarnung_undercover  militär_allg_kriegsführung_elektro_it_ki 
march 2017 by kraven

related tags

geheimdienst_allg_sabotage  geheimdienst_allg_spionage  geheimdienst_allg_verdeckte_operation  geheimdienst_polizei_infiltration_tech  geheimdienst_polizei_tarnung_undercover  geheimdienst_polizei_zusammenarbeit  geheimdienst_uk_gchq  geheimdienst_uk_mi5_ss  geheimdienst_us_analyse_datenzentrum  geheimdienst_us_cia_cao  geheimdienst_us_cia_ddi_cci  geheimdienst_us_cia_ddi_ccie  geheimdienst_us_cia_ioc  geheimdienst_us_fbi  geheimdienst_us_nsa_cao_tarex  hacktivism_whistleblowing  internet_protokoll_http  itsicherheit_angriff_zuschreibung  itsicherheit_exploit_flaw  itsicherheit_firewall_paketfilter  itsicherheit_firmware_bios  itsicherheit_hardware  itsicherheit_malware_spyware  itsicherheit_mobil_os  itsicherheit_netzwerk  itsicherheit_os  krypto_crypto_war  land_deutschland  land_usa  militär_allg_kriegsführung_elektro_it_ki  ngo_wikileaks_cia_vault  recht_beschuldigter  recht_beweislast  software_anon_tor  software_anti_malware_virus  software_os_linux  software_os_linux_kernel_modul  software_os_windows  software_server_datei  staat_politik_außen_auslandsvertretung  tech_netzwerk_protokoll_smb  tech_wifi_wlan  überwachung_akustisch  überwachung_chat_telefonie_voip  überwachung_int_sigint_comint  überwachung_internet_mitm  überwachung_internet_nutzung  überwachung_internet_tracking  überwachung_itk_inhaltsdaten  überwachung_lokalisierung_bewegung  überwachung_mobilfunk  überwachung_onlinedurchsuchung  überwachung_quellen_tkü  überwachung_raum 

Copy this bookmark: