• Welcome to BellGab.com Archive.
 
Main Menu

#Vault7

Started by MV/Liberace!, March 07, 2017, 03:55:58 AM

Jackstar

I'm curious who you are posting those for, because I want to make it clear that I am not that stupid.

Nice try. Kiss kiss


GravitySucks

Quote from: Jackstar ℗ on March 13, 2017, 01:11:03 PM
This is a thing now.


Where's that fucking polenta?

Make.the.call....

Jackstar

Quote from: GravitySucks on March 13, 2017, 01:31:44 PM
Make.the.call....

My microphone has been turned off for seven hundred and sixty-eight years. Catch you later, Drone.

WOTR

Quote from: albrecht on March 07, 2017, 07:28:47 PM
Where are the leaks from China, N.Korea, Iran, Russia, or even European countries? Or corrupt South American countries?
Have they been provided? I have not seen a Chinese dissident saying that he provided a massive data dump and that Assange refused to publish it...





Quote from: Dr. MD MD on March 08, 2017, 06:17:06 PM
After looking over that Wikileaks flow chart yesterday I got curious about what the Automated Implants Branch could be?   
...
They design software to Automatically Implant whatever payload on the target machine the CIA requires, to either exfiltrate data, and / or RAT (Remote Access Tool) the machine.
You mentioned the grasshopper program. Look to the documentation. ;)
https://wikileaks.org/ciav7p1/cms/space_3276805.html
https://wikileaks.org/ciav7p1/cms/page_12353656.html
https://wikileaks.org/ciav7p1/cms/page_17072532.html

C++ code too...  fast,  - mixed with a python build script that calls cmd.exe -quiet. RAT access is provided via XML (eXtensible Markup Language). Runs strictly in memory. Actively evades anti-virus scanners. Custom tailors malware payload depending on what software is already installed on the target machine.
It can also exfiltrate the the build logs with error codes for the malware (payload) they load on the target machine, so the malware installation process  can be adapted to bypass any build / installation errors.
This program is highly adaptable, automated as much as possible, and polymorphic. It also implements an un-install procedure which implies once this program has access, implants the payload(s), and compromises the target, it can be removed to thwart forensics or if something goes wrong during installation. 
System hooks,  low level procedure calls, and running as a registered service, make detection difficult during installation, and almost impossible post-installation - unless you know where to look. This is why it's always good to make a baseline log of running services and Registry Hive snapshots on a fresh windoze install. There is freeware out there that will do this and compare it to the current configuration. (Don't remember the names of the programs off hand.)
This is a nasty little piece of work, but interesting in how they decided to implement it .

Persistence: https://wikileaks.org/ciav7p1/cms/page_51478543.html
This is how the program survives reboots - since it runs in RAM.

starrmtn001

Quote from: (Sandman) Logan-5 on March 17, 2017, 07:44:47 AM
They design software to Automatically Implant whatever payload on the target machine the CIA requires, to either exfiltrate data, and / or RAT (Remote Access Tool) the machine.
You mentioned the grasshopper program. Look to the documentation. ;)
https://wikileaks.org/ciav7p1/cms/space_3276805.html
https://wikileaks.org/ciav7p1/cms/page_12353656.html
https://wikileaks.org/ciav7p1/cms/page_17072532.html

C++ code too...  fast,  - mixed with a python build script that calls cmd.exe -quiet. RAT access is provided via XML (eXtensible Markup Language). Runs strictly in memory. Actively evades anti-virus scanners. Custom tailors malware payload depending on what software is already installed on the target machine.
It can also exfiltrate the the build logs with error codes for the malware (payload) they load on the target machine, so the malware installation process  can be adapted to bypass any build / installation errors.
This program is highly adaptable, automated as much as possible, and polymorphic. It also implements an un-install procedure which implies once this program has access, implants the payload(s), and compromises the target, it can be removed to thwart forensics or if something goes wrong during installation. 
System hooks,  low level procedure calls, and running as a registered service, make detection difficult during installation, and almost impossible post-installation - unless you know where to look. This is why it's always good to make a baseline log of running services and Registry Hive snapshots on a fresh windoze install. There is freeware out there that will do this and compare it to the current configuration. (Don't remember the names of the programs off hand.)
This is a nasty little piece of work, but interesting in how they decided to implement it .

Persistence: https://wikileaks.org/ciav7p1/cms/page_51478543.html
This is how the program survives reboots - since it runs in RAM.

Yeah.  But can they hack two dixie cups and a long string? ;D

Juan

They can't hack my 1933 Remington Noiseless Portable typewriter.

MrHippie

Quote from: Juan on March 17, 2017, 11:51:43 AM
They can't hack my 1933 Remington Noiseless Portable typewriter.
Or my 1954 Royal De Luxe

Quote
Quote from: Juan on March 17, 2017, 11:51:43 AM
They can't hack my 1933 Remington Noiseless Portable typewriter.

Quote from: MrHippie on March 17, 2017, 12:25:31 PM
Or my 1954 Royal De Luxe

;)

albrecht

Quote from: (Sandman) Logan-5 on March 19, 2017, 03:20:37 AM
Quote

    Quote from: Juan on March 17, 2017, 12:51:43 PM

        They can't hack my 1933 Remington Noiseless Portable typewriter.

     

    Quote from: MrHippie on March 17, 2017, 01:25:31 PM

        Or my 1954 Royal De Luxe
 


;)
I don't know. I've seen many a Perry Mason episodes in which the crime was solved by specific typewriters font issues and I've heard that the sound of typewriters can be "grabbed" and identified as to what was being typed. Keystroke loggers have been used also in the past. Purely mechanical ones have issues also (steal the used tape) and the obvious physical copies of documents can be stolen, photographed, lost, etc.

Juan

A 1930s Remington Noiseless is a manual machine that uses an inked ribbon, not a tape. It also produces very little sound.  Each typewriter's typeset becomes unique over time, as a gun barrel does, but they have to find both a typed questioned document and the typewriter. They'd have to actually get out from behind their computers and physically do something.

bateman

Quote from: albrecht on March 19, 2017, 11:34:24 AM
I don't know. I've seen many a Perry Mason episodes in which the crime was solved by specific typewriters font issues and I've heard that the sound of typewriters can be "grabbed" and identified as to what was being typed. Keystroke loggers have been used also in the past. Purely mechanical ones have issues also (steal the used tape) and the obvious physical copies of documents can be stolen, photographed, lost, etc.

Correct.

https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html

albrecht

Quote from: bateman🌷 on March 19, 2017, 08:07:59 PM
Correct.

https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html
Yep. Btw they also can fake DNA evidence*, send illegal traffic through your WiFi/Router, put files on your computer remotely, or just about anything. It is like the leftist liberal English/philosophy teacher ranting about post-modernism and no such thing as "truth" was right after all.  :o :'(

*https://arstechnica.com/science/2009/08/dna-samples-used-by-crime-labs-faked-in-research-lab/
I note the articles about this are so "old" now but I still as yet has seen any TV "CSI" shows or news articles pick up on this stuff and juries etc still thinks DNA, aside from OJ, seals the deal.

Had a reply, but it looks like you guys got the points covered. Oh, carbon paper copies thrown in the trash instead of burnt.
Can you still get 'Flash-Paper' ? Hmm - If you have access to the chemicals ( Pyro-tech was law-suited out of business by - guess who ), you can make your own. You'll probably need reagent grade purity or better.
(Shits & Giggles w/ Hi-Ex)
https://www.thoughtco.com/make-nitrocellulose-or-flash-paper-608269

Edit: ...or just stop by any magic store.  ;)

albrecht

Quote from: (Sandman) Logan-5 on March 19, 2017, 08:54:21 PM
Had a reply, but it looks like you guys got the points covered. Oh, carbon paper copies thrown in the trash instead of burnt.
Can you still get 'Flash-Paper' ? Hmm - If you have access to the chemicals ( Pyro-tech was law-suited out of business by - guess who ), you can make your own. You'll probably need reagent grade purity or better.
(Shits & Giggles w/ Hi-Ex)
https://www.thoughtco.com/make-nitrocellulose-or-flash-paper-608269
At this point I think like a peasant in Middle-Ages or some real philosophers of old even, such a scenario: someone is looking down upon and even knowing everything you do or think or think about doing or what you will do. Or make you think/see such. In a way we have come full circle. Because, for out atheist friends, it is now true. With documentation, and experiments. which, of course, is subjective being as it is!  :o



starrmtn001

Quote from: (Sandman) Logan-5 on April 19, 2017, 06:32:41 AM
https://threatpost.com/tools-used-by-lamberts-apt-found-in-vault-7-dumps/124900/
Hi, Logan.  When I clicked on this link, my Chrome browser dropped.  I restored it and tried again.  This time the site wouldn't load.

I'm a techy idiot, so I have no idea what happened. :o :-[

Powered by SMFPacks Menu Editor Mod