Vault 7: Projects
Today, March 31st 2017, WikiLeaks releases Vault 7 “Marble” — 676 source code files for the CIA’s secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.
Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.
Marble forms part of the CIA’s anti-forensics approach and the CIA’s Core Library of malware code. It is “[D]esigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.”
The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.
The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.
Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.
Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.
Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
(ANTIMEDIA) If you’re one of the countless Americans who was distraught to learn of the revelations made by former National Security Agency (NSA) contractor Edward Snowden, the mere idea that there might be yet another agency out there — perhaps just as powerful and much more intrusive — should give you goosebumps.
Foreign Policy reports that the National Geospatial-Intelligence Agency, or NGA, is an obscure spy agency former President Barack Obama had a hard time wrapping his mind around back in 2009. But as the president grew fond of drone warfare, finding a way to launch wars without having to go through Congress for the proper authorization, the NGA also became more relevant. Now, President Donald Trump is expected to further explore the multibillion-dollar surveillance network.
Like the Central Intelligence Agency (CIA) and the National Security Agency (NSA), the NGA is an intelligence agency, but it also serves as a combat support institution that functions under the U.S. Department of Defense (DOD).
With headquarters bigger than the CIA’s, the building cost $1.4 billion to be completed in 2011. In 2016, the NGA bought an extra 99 acres in St. Louis, building additional structures that cost taxpayers an extra $1.75 billion.
Enjoying the extra budget Obama threw at them, the NGA became one of the most obscure intelligence agencies precisely because it relies on the work of drones.
As a body of government that has only one task — to analyze images and videos captured by drones in the Middle East — the NGA is mighty powerful. So why haven’t we heard of it before?
The Shadow Agency That Sees It All
Prior to Trump’s inauguration, the NGA only targeted the Middle East or whatever spy satellites orbiting the globe captured. As far as most of us knew, the agency refrained from pointing its ultra-high-resolution cameras toward the United States. That alone may be why the NGA has been able to stay out of scandals for the most part.
But under Trump, things may look much worse — as if spying on countless people abroad weren’t enough.
Recently, for instance, he gave the CIA the power to wage covert drone warfare, shielding important information on such operations simply by allowing the agency to carry out missions without first seeking authorization from the Pentagon.
Now, Trump might as well move on to NGA, hoping to boost “national security” by turning the agency’s all seeing eyes toward American soil.
As the president hopes to get more money for defense, many have speculated whether he will start to use drones at home, especially since he has already suggested he supports agencies like the NSA based on his desire to target “terrorists.” There’s nothing that implies he wants to slow down the surveillance state. The White House has expressed its desire to renew Obama-era spying powers — even as the president battles critics who deny his claims that his conversations were intercepted at the same time foreign nationals were under surveillance in 2016.
A partially redacted March 2016 report released by the Pentagon revealed that drones had already been used domestically on about 20 or fewer occasions between 2006 and 2015. Though some of these operations mostly involved natural disasters, National Guard training, and search and rescue missions, quotes from an Air Force law review article found their way into the report. In it, Dawn M. K. Zoldi wrote that technology designed to spy on targets abroad could soon be used against American citizens.
“As the nation winds down these wars,” the report explains, and ”assets become available to support other combatant command (COCOM) or U.S. agencies, the appetite to use them in the domestic environment to collect airborne imagery continues to grow.”
Up until 2015, oversight was so loose that the capabilities provided by the DOD’s unmanned aircraft system weren’t under scrutiny by any other agency. Without statutes that specify the rules such federal government agencies should follow, watchdogs find it hard to keep track. But would it be any better if there were an agency or a branch of the same government overseeing what the government itself is doing?
The short answer is no.
NGA Has A Precedent, And Trump May Want To Explore It
As fears grow that Trump will revamp the NGA, domestic stories of police departments using drones to spy on locals are also resurfacing.
Some of the most highly publicized instances involved Baltimore and Compton, where police departments deployed aerial surveillance technology without issuing a warrant or seeking authorization from local or state lawmakers.
With a precedent already set, the president might as well ignite a new fight in his continued efforts to fight a war against an imaginary, impossible-to-target enemy. After all, he’s not a stranger to scandals and likely wouldn’t feel overwhelmed one bit if he decided to turn the country’s ultra-high definition cameras toward its citizens.
What could help to put an end to his plans might be exactly what helped halt President George W. Bush’s attempts at setting up spy satellites domestically. In 2007, Bush’s Department of Homeland Security set up an agency known as the National Applications Office with the goal of establishing direct spy satellite stakeouts in America. Thankfully, Congress stepped in and cut off the agency’s funding.
But with Americans seldom showing any interest for important violations of privacy or even basic human rights here and abroad, it’s easy to see how this massive spying agency could end up getting a carte blanche to do whatever it wants once Trump realizes he has the power to order it done. After all, who will pressure Congress to stop him?