WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers (zerohedge.com) 89
schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.
Re: (Score:2)
Wow are you deluded.
Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! (Score:1)
That's a perfect example of the name-calling knee-jerk response he was referring to. Add some value, make a point, instead of name-calling.
Re: (Score:3, Insightful)
I assume everybody on this thread (including me) are different voices in some schizo's head.
You see it here once in awhile. A glimpse of their construct.
Re: (Score:2)
As someone firmly left of center, and also craving a civil grownup conversation on the issues without being called names (getting sick of being called a cuck and a snowflake for simply showing compassion to others), I would like to take you up on your offer to talk about the issues you mentioned. In particular, I would like to discuss healthcare as it is the first one you brought up, and interestingly for this topic in particular, those on the left would argue that they are the ones who are attempting to fi
Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! (Score:2)
Re: (Score:2)
I think we are in strong agreement here. I think most on the left if they stop and think about it really didn't like Obamacare, because a system that just makes sure as many people have health insurance as possible, plus a few regulatory tweaks to insurance, doesn't really solve anything as it is the health insurance system itself we have in the US that enables the system to be broken. When a hospital can charge $400 for a single pill of ibuprofen (not hyperbole, that's exactly what my wife's EOB said after
Re: (Score:2)
I am genuinely curious how a conservative and a liberal actually having a respectful intelligent conversation about the issues constitutes trolling in the mind of some ./ moderator.
Re: (Score:2)
Clearly, you converse with a different group of people than I do. But so far you haven't raised any substantive issues to discuss.
Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! (Score:3)
Next item on News at 10 (Score:4, Funny)
LibreOffice is just a Russian tool to help their spies in the USA. Presidential order to ban its use.
Re: (Score:2)
I think you're wrong. This is my perspective:
- - - - - -
Sorry, but it's really "expect leaks". Every place has leaks. If your staff considers your actions immoral, then you should expect damaging leaks. If they are supportive, then you should expect supportive leaks. (They may actually be damaging, but their intended purpose will be to bolster your image. Similarly the "damaging leaks" may actually be harmless, or even useful, but their intended purpose would be to injure you.)
People are lousy
Re: (Score:2)
There used to be a movie about prisoners of war unknowingly giving out information. IT was shown to enlisted recruits during the cold war but I do not know if it or something like it is still in use. Anyways, its entire premise was about what seems like innocent chatter with POWs and the interviewer was able to piece bits and pieces of things together and determine the troop strength of an air field, the location of a fuel depot and crap like that. You watched the interviews in real time as if ti was a movi
Air gap? (Score:3, Insightful)
Or just use a machine not connected to any network when you open the files! Anyone who is opening stolen classified docs is going to use an air gapped machine
Re:Air gap? (Score:5, Funny)
Or you could simply use a MacBook Air. It's got Air in its name so you know it's secure.
Re: (Score:2)
Some Faraday textile structure if they are in a hotel? A secure tent is always packed to protect a special computer.
Using the power of Linux and quality open source software they soon see the links in the MS document to staging servers.
They copy the document in full onto paper and then send a scan of their own new paper version to a document expert asking for a report.
The expert asks for the or
Re: (Score:2)
If you're taking documents from the CIA, then you should expect the original to be traceable in some way.
Re: CIA is so stupid (Score:1)
bacon beats beacon (Score:2)
Yeah, sure (Score:5, Interesting)
That's what they want you to think.
Bug report filed. (Score:1)
Don't worry, the LibreOffice team is diligently working on a fix for this missing feature.
Re: (Score:2)
That's why I edit all files with a hex editor on a system running CP/M.
Re: (Score:2)
That's why I edit all files with a butterfly... ah, fuck it.
Re: (Score:2)
That reminds me of the old joke about the US spending millions developing a pen that could be used in space, whilst Russia just used an pencil. Sure you can use a hex editor and CP/M or you can just do what Russia does, use typewriters and a filing cabinets.
The new smart method though is simply to not exchange plots and schemes, simply work with sufficiently intelligent who can formulate their own plans based upon the completely legal open exchange of thoughts and ideas. If it seems to be working in some a
Re: (Score:3)
It's irrelevant anyway because Snowden only accessed the documents on computers not connected to the internet, and told the journalists to do the same. His own computers all run Linux.
Re: (Score:2)
...Snowden only accessed the documents on computers not connected...
Yes, because nobody was to know that Snowden was the leaker... oh, wait.
ha? (Score:2)
Re: ha? (Score:1, Insightful)
Going public instead of selling it is proof of patriotism.
If he wanted to do harm he would have only given it to one side, not all.
Re:ha? (Score:5, Informative)
"Why would the beacons be limited to MS-products reading MS Office documents?"
I'd assume the beacons use some sort of macro that's unique to MS products or that works differently in their free software equivalents -- like maybe asking permission before phoning home.
That's the trouble with being a spook. All those persnickety details one has to worry about.
MS's role? (Score:5, Interesting)
Is this suggesting cooperation from MS?
Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?
Re: (Score:1)
It might be some kind of VB script embedded in the document.
Re: (Score:1)
Viruses in my macros? It's more likely than you might think.
Re: (Score:2)
The virus writers went elsewhere and people forgot. The CIA didn't forget.
But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.
Re: (Score:2)
You realize all the three letter agencies have internal politics/politicians? They leak for advantage _all_ the time. At that level, normal classified document rules don't seem to apply, depending on exactly who they aligned with and leaked for. Still they are politicians, we've recently seen how technically inept they (and their aids) are, as a group.
Reading it: it sounds like they used this technique to test individuals/offices. Instructions say to test samples of documents using software identical to
Re: (Score:2)
The virus writers went elsewhere and people forgot. The CIA didn't forget.
But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.
Embarrassed? They don't embarrass politicians they catch. They secure funding from politicians they catch.
Re: (Score:2)
No? All it has to be is an external image URL.
hxxp://CIAFRONTWEBSITE .GOV/username=X&IP=Y&OSversion=Z&....
Obfuscate that enough and put it someplace that Microsoft Office auto-loads and bammo. Instant tracking, no software needed. This is Spam Email 101 tactics here.
Hell, it's the same trick they used (via a broken flash plugin) in Operation Pacifier to figure out who was connecting to the FBI's child porn server on TOR. You know, the operation that caused them to repeal the 4th Amendment fo [extremetech.com]
Re: (Score:2)
Re: (Score:2)
Your second point, which I did not contest to begin with, is indeed valid and already known from the original article.
Re:MS's role? (Score:5, Interesting)
As they read the document the network makes a connection.
Its about the idea of the average reader in an average network location given the origin of the documents and their daily habits and the expectation of software they are provided with.
If a document is ever found the in the wild, it looks like malware with a good cover story to read while the code reports the user.
Add in OS X, Windows and Linux OS detection, complex ip reporting that works and a lot of different security researchers get interested and that adds interest to the document.
A "CIA" document with MS malware, thats just malware with better than average bait to get the user to open it.
A CIA document with unique phone home code that spans different OS's in very interesting ways would add to the CIA part.
Sometimes simple is better given the tools the reader is expected to use daily. The reader could be expected to us MS software to see all the document and uncover other details in the document.
A member of the press will want to look for any details in the document. Dates, notes, draft, corrections, history. Names, locations, officials that can be tracked to their job descriptions. If such simple facts hold, it can be passed on to document experts for further consideration.
A member of the press does not know who else has the document and could be expected to want to read and understand and then get published.
A security consultant looking over the document first could see rivals publishing first or finding details in the hours the security consultant was working.
A person who understood security issues could take the document to a special computer and fake network and see how the document responds in a MS Windows and MS application setting.
Does it phone home, what and how much data does it risk when it phones home.
Same document, very different first approaches. The understanding of set time to publish and the need to publish will push back decades of expected document security advice.
The US press does not care if they are tracked to their office as they have freedom to publish and freedom after publication. Read first, have the document looked over, get the story out.
A CIA version of FIRSTFRUIT. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (2016-05-16) https://theintercept.com/2016/... [theintercept.com]
"scanned 350 press items daily for “cryptologic insecurities” and maintained a database called FIRSTFRUIT with “over 5,000 insecurity-related records” ranging from “espionage damage assessments” to “liaison exchanges.”"
Re:MS's role? (Score:5, Informative)
Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?
It's much less nefarious than that but it's criminally stupid on Microsoft's part.
The article seems to indicate that word documents have the ability to grab online resources that are referenced within documents. I suspect the tool merely embeds a reference to a transparent image that must be grabbed from a CIA controlled server. Effectively, word documents are more like html documents that can embed resources or load them from an URI.
Re: MS's role? (Score:1)
So, a HOSTS file can stop this, shit don't bring that up.
Re: (Score:2)
Shhh! You'll summon APK!
Re: (Score:2)
An existing user trusted application might have been given more freedom to connect to the internet.
It's a little too late... (Score:2)
It's a little too late to stop Snowden
interesting... (Score:2)
So what's the copyright on this tool? Can I embed it in the reports I write to spot if my competitors steal them? (they're not using LibreOffice or anything, if they were smart enough for basic security, they wouldn't have to steal my stuff...)
We'll see adaptations of this everywhere in the near future. I know a dozen consulting companies immediately who are afraid that their stuff is stolen by competitors.
Nothing new (Score:2)
Create a Canary Token and place it on your server: https://canarytokens.org/gener... [canarytokens.org]
"Snowden stopper" ? Whistleblowers ? (Score:4, Insightful)
Is there something in the leaked documents that mention Snowden or whistleblowers?
This is a watermark system system mostly intended to unmask foreign spies. It wouldn't have stopped Snowden since he used airgaps and released everything at once after leaving and was quickly caught after that.
It looks similar to the kind of tool content owners use to track pirates.
Not all secret documents are stolen by whistleblowers and journalists, far, far from it.
Re: (Score:3)
1) Snowden didn't "release" anything. He turned it over to Glenn Greenwald, trusting his decision on what to release.
2) Snowden was never caught.
I was just about to..... (Score:2)
... say we need a anti-anti-Whistleblowers tool but then I see we already have it. Gotta love open source.