Dumbo

Dumbo

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Leaked Documents

Dumbo v3.0 -- Field Guide

Dumbo v3.0 -- User Guide

Dumbo v2.0 -- Field Guide

Dumbo v2.0 -- User Guide

Dumbo v1.0 -- TDR Briefing

See more

Imperial

Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

UCL / Raytheon

Today, July 19th 2017, WikiLeaks publishes documents from the CIA contractor Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project. The documents were submitted to the CIA between November 21^st, 2014 (just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse) and September 11^th, 2015. They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field.

Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.

Read More

Spy Files Russia

This publication continues WikiLeaks' Spy Files series with releases about surveillance contractors in Russia.

While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia's laws - especially the new Yarovaya Law - make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.

PETER-SERVICE

Today, September 19th 2017, WikiLeaks starts publishing the series "Spy Files Russia" with documents from the Russian company Петер-Сервис (PETER-SERVICE). This release includes 209 documents (34 base documents in different versions) dated between 2007 and 2015.

PETER-SERVICE was founded 1992 in St. Petersburg as a provider for billing solutions and soon became the major supplier of software for the mobile telecommunications industry in Russia. Today it has more than 1000 employees in different locations in Russia, and offices in major cities in Russia and Ukraine. The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control. Although compliance to the strict surveillance laws is mandatory in Russia, rather than being forced to comply PETER-SERVICE appears to be quite actively pursuing partnership and commercial opportunities with the state intelligence apparatus.

As a matter of fact PETER-SERVICE is uniquely placed as a surveillance partner due to the remarkable visibility their products provide into the data of Russian subscribers of mobile operators, which expose to PETER-SERVICE valuable metadata, including phone and message records, device identifiers (IMEI, MAC addresses), network identifiers (IP addresses), cell tower information and much more. This enriched and aggregated metadata is of course of interest to Russian authorities, whose access became a core component of the system architecture.

Selected components of PETER-SERVICE software

The base architecture of the software from PETER-SERVICE (SVC_BASE) includes components for data retention (DRS [en], [ru]), long-term storage in SORM (SSP, Service СП-ПУ), IP traffic analysis (Traffic Data Mart, TDM) and interfaces (adapters) for state agencies to access the archives.

Traffic Data Mart (TDM)

The Traffic Data Mart is a system that records and monitors IP traffic for all mobile devices registered with the operator. It maintains a list of categorized domain names which cover all areas of interest for the state. These categories include blacklisted sites, criminal sites, blogs, webmail, weapons, botnet, narcotics, betting, aggression, racism, terrorism and many more. Based on the collected information the system allows the creation of reports for subscriber devices (identified by IMEI/TAC, brand, model) for a specified time range: Top categories by volume, top sites by volume, top sites by time spent, protocol usage (browsing, mail, telephony, bittorrent) and traffic/time distribution.

Data Retention System (DRS)

The data retention system is a mandatory component for operators by law; it stores all communication (meta-)data locally for three years. State intelligence authorities use the Protocol 538 adapter built into the DRS to access stored information. According to PETER-SERVICE, their DRS solution can handle 500,000,000 connections per day in one cluster. The claimed average search time for subscriber related-records from a single day is ten seconds.

Service СП-ПУ

In SORM call monitoring functions are concentrated in control points (пунктах управления, ПУ) which are connected to network operators. The Service СП-ПУ is a data exchange interface based on HTTPS between components in SVC_BASE/DRS and SORM. The interface receives search requests from state intelligence authorities and delivers results back to the initiator. Search requests for lawful interceptions (based on a court order) are processed by the operator on the same system.

Deep Packet Inspection products

As a related document, this first release contains a publically available slide show presentationgiven by Валерий Сысик (Valery Syssik, Director of Development) from PETER-SERVICE at the Broadband Russia Forum in 2013. Titled "National stacks of DPI / BigData / DataMining technologies and solutions for collection and analysis of information, as well as means of predicting social and business trends - the key to digital and financial sovereignty of the state and business in the XXI century", the presentation - which appears to already be publicly available on PETER-SERVICE's website - is not targeted at the usual telecom provider, but at a closed group of people from the ФСБ (FSB, Russian Federal Security Service), МВД (Interior ministry of Russia) and the три ветви власти ("three pillars of Power" - legislature, executive and judiciary).

The presentation was written just a few months after Edward Snowden disclosed the NSA mass surveillance program and its cooperation with private U.S. IT-corporations such as Google and Facebook. Drawing specifically on the NSA Prism program, the presentation offers law enforcement, intelligence and other interested parties, to join an alliance in order to establish equivalent data-mining operations in Russia. PETER-SERVICE claims to already have access to a majority of all phone call records as well as Internet traffic in Russia, and in the description of the current experiences, it claims to have deployed technology for Deep Packet Inspection "with not just the headings of IP packets, but the contents of whole series". PETER-SERVICE is presented as a natural ally for intelligence agencies in "the most lucrative business [of] manipulating minds".

However, the core of the presentation is about a new product (2013) called DPI*GRID - a hardware solution for "Deep Packet Inspection" that comes literally as "black boxes" that are able to handle 10Gb/s traffic per unit. The national providers are aggregating Internet traffic in their infrastructure and are redirecting/duplicating the full stream to DPI*GRID units. The units inspect and analyse traffic (the presentation does not describe that process in much detail); the resulting metadata and extracted information are collected in a database for further investigation. A similar, yet smaller solution called MDH/DRS is available for regional providers who send aggregated IP traffic via a 10Gb/s connection to MDH for processing.

PETER-SERVICE advertises its experience in SORM technologies - especially DPI - and its ability to collect, manage and analyse "Big Data" for commercial and intelligence purposes. "From DPI solutions for SORM to contextual advertising, we have the experience and the solution. We are offering to coordinate a scalable national solution for control of the digital network. We strive for effective cooperation within a symbolic network alliance: operator - vendor - search engine - business - state organs."

The above graphics shows the Internet backbone infrastructure in Russia and the nodes at various providers that run components of the proposed DPI*GRID system in different locations. The node TopGun most likely refers to a multi terabit DPI system developed by PETER-SERVICE.

About SORM

SORM is the technical infrastructure for surveillance in Russia. It dates back to 1995 and has evolved from SORM-1 (capturing telephone and mobile phone communications) and SORM-2 (interception of Internet traffic, 1999) to the current SORM-3. SORM now collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations. In 2014, the system was expanded to include social media platforms, and the Ministry of Communications ordered companies to install new equipment with Deep Packet Inspection (DPI) capability. In 2016, SORM-3 added additional classified regulations that apply to all Internet Service providers in Russia. The European Court for Human Rights deemed Russia's SORM legislation in breach of the European Convention on Human Rights in 2015 (Zakharov v. Russia).

Read More

CIA espionage orders for the 2012 French presidential election

Press Release (English)

CIA spying orders for the list French presidential election

All major French political parties were targeted for infiltration by the CIA's human ("HUMINT") and electronic ("SIGINT") spies in the seven months leading up to France's 2012 presidential election. CIA Vault 7 series. CIA tasking orders published today by WikiLeaks as context for its forthcoming CIA Vault 7 series. Named specifically as targets of the French Socialist Party (PS), the National Front (FN) and the Union for a Popular Movement (UMP) together with current President Francois Hollande, then President Nicolas Sarkozy, current round one presidential front runner Marine Le Pen, and train presidential candidates Martine Aubry and Dominique Strauss-Khan.

The CIA assessed that President Sarkozy's party was not assured of re-election. Specific tasking pertaining to the "Strategic Election Plans" of the Union for a Popular Movement (UMP); schisms or alliances developing in the UMP elite; private UMP reactions to Sarkozy's campaign stratagies; discussions within the UMP on any "perceived vulnerabilities to maintaining power" after the election; efforts to change the party's ideological mission; and discussions about Sarkozy's support for the UMP and "the value of the place of the party's dominance". Specific instructions tasked CIA officers to discover Sarkozy's private deliberations "on the other candidates" he interacted with his advisors. Sarkozy 'did not protect him from US espionage in the 2012 election or during his presidency

The espionage order for "Non Ruling Political Parties" and "Candidates Strategic Election Plans", which targets Francois Holland, Marine Le Pen and other opposition. information on internal party dynamics and rising leaders; efforts to influence and implement political decisions; support from local government officials, government elites or business elites; views of the United States; efforts to reach out to other countries, including Germany, UK, Libya, Israel, Palestine, Syria & Ivory Coast; more about party and candidate funding.

Significantly, two CIA opposition espionage tasks, "What policies do they promote to help boost France's economic growth prospects?" and "What are their opinions on the German model of export-led growth?" resonate with a US economic espionage order from the same year . That order requires the details of every prospective French export contract or deal valued at $ 200m or more.

The opposition to the situation of women in the United States of America the role of France and Germany in the management of the Greek debt crisis; the vulnerability of French government and French banks to a Greek default; and "specific proposals and recommendations" to deal with "the euro-zone crisis".

The CIA espionage orders published today are classified and restricted to US eyes only ("NOFORN") due to "Friends-on-Friends sensitivities". The CIA, the Defense Intelligence Agency (DIA) 's EU Section, and the US State Department' s Intelligence and Research Branch.

The CIA Operation ran for the month of November 21, 2011 to Sep. 29, 2012, crossing the April-May 2012 English presidential election and new months in the formation of the new government.

 .

Read More

What Is WikilLeaks

Anonymous is a decentralized international hacktivist group that is widely known for its various DDoS cyber attacks against several governments, government institutions and government agencies, corporations, and the Church of Scientology




Motto: We Are Anonymous


Region served: Global









Anonymous

Anonymous is a decentralized international hacktivist group that is widely known for its various DDoS cyber attacks against several governments, government institutions and government agencies, corporations, and the Church of Scientology.

Anonymous is the name of a hacktivist group that was established on 4 chan in 2004. The group is often represented with the logo shown to the right of a person in a suite with a question mark for a head. When in a gathering, Anons (Anonymous members) often wear Guy Fawkes masks to keep their anonymity.

The group is associated with DDoS and other attacks that have targeted corporate, government, and religious websites that it feels contributes to Internet censorship and injustice. Such targets include the Church of Scientology, the Motion Picture and Recording Associations, MasterCard, PayPal, Sony, Visa, and the Westboro Baptist Church.

The Anonymous group has been called everything from "freedom fighters" to "cyber terrorists," and was even named one of the "100 most influential people" in the world by Time Magazine in 2012. Since the group is anonymous, it has no leader and membership is open to anyone who is willing to state they are a member of the collective. The few rules that the group does have include not disclosing one's identity, not talking about the group, and never attacking the media.

Read More