Search the Community

Hive Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware. Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA. Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'. The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users. Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated. The documentation for Hive is available from the WikiLeaks Vault7 series. Source: wikileaks.org

Tearing a page, so to speak, from social media crowdfunding campaigns like last year's ALS Ice Bucket Challenge, the National Archives has turned to Twitter to raise a volunteer workforce of citizen archivists to help transcribe some of millions of digitized documents—including thousands of declassified CIA and Department of Defense files. The goal of the Transcription Challenge: 1,000 transcribed pages of documents by March 23. The Transcription Challenge corresponds with Sunshine Week, an open government campaign originally launched by the Florida Society of Newspaper Editors as Sunshine Sunday in 2002. The event was adopted by the American Society of Newspaper Editors and extended to a week in 2003, and it has since picked up support from the Reporters Committee for the Freedom of the Press, Bloomberg, The Gridiron Club, and the John S. and James L. Knight Foundation. The National Archives is looking for individuals interested in helping to use Twitter and the hashtag #1000pages to claim documents for transcription and tell the Archives' staff what they've found. In addition to CIA and other declassified files, the Archives is offering up a number of other "missions," ranging from National Forest documents and photos to papers of the Continental Congress and records of the Confederate Government. There are also audio recordings of interviews conducted by the 9/11 commission. Source

Security researchers at the Central Intelligence Agency (CIA) have worked for almost decade to target security keys used to encrypt data stored on Apple devices in order to break the system. Citing the top-secret documents obtained from NSA whistleblower Edward Snowden, The Intercept blog reported that among an attempt to crack encryption keys implanted into Apple's mobile processor, the researchers working for CIA had created a dummy version of Xcode. CIA’s WEAPON TO HACK APPLE DEVICES Xcode is an Apple’s application development tool used by the company to create the vast majority of iOS apps. However using the compromised development software, CIA, NSA or other spies agencies were potentially allowed to inject surveillance backdoor into programs distributed on Apple's App Store. In addition, the custom version of Xcode could also be used to spy on users, steal passwords, account information, intercept communications, and disable core security features of Apple devices. The latest documents from the National Security Agency’s internal systems revealed that the researchers’ work was presented at its 2012 annual gathering called the "Jamboree" -- CIA sponsored secretive event which has run for nearly a decade -- at a Lockheed Martin facility in northern Virginia. KEYLOGGER FOR MAC COMPUTERS According to the report, "essential security keys" used to encrypt data stored on Apple’s devices have become a major target of the research team. Overall, the U.S. government-sponsored researchers are seeking ways to decrypt this data, as well as penetrate Apple's firmware, using both "physical" and "non-invasive" techniques. In addition to this, the security researchers also presented that how they successfully modified the OS X updater -- a program used to deliver updates to laptop and desktop computers -- in an attempt to install a "keylogger" on Mac computers. HACKING ENCRYPTION KEYS Another presentation from 2011 showed different techniques that could be used to hack Apple's Group ID (GID) -- one of the two encryption keys that Apple places on its iPhones. One of the techniques involved studying the electromagnetic emissions of the GID and the amount of power used by the iPhone’s processor in order to extract the encryption key, while a separate method focused on a "method to physically extract the [Apple's] GID key." Although the documents do not specify how successful or not these surveillance operations have been against Apple, it once again provoke the ongoing battle between spy agencies and tech companies, as well as the dishonesty of the US government. 'SPIES GONNA SPY' On one hand, where President Barack Obama criticized China for forcing tech companies to install security backdoors for the purpose of government surveillance. On the other hand, The Intercept notes that China is just following America's lead, that’s it. "Spies gonna spy," said Steven Bellovin, a computer science professor at Columbia University and former chief technologist for the FTC. "I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK." We have already reported about NSA and GCHQ’s various surveillance programs including PRISM, XkeyScore, DROPOUTJEEP, and many more. Source

WASHINGTON - The CIA pays AT&T more than $10 million a year to provide phone records with possible links to suspected terrorists, the New York Times reported Thursday, citing government officials. The arrangement is voluntary and there is no court order requiring the company to cooperate with the Central Intelligence Agency, officials told the Times. The program differs from controversial data collection by the National Security Agency, which receives phone records or other "meta-data" from telecommunications companies through court orders. The CIA passes on phone numbers of suspected militants abroad and AT&T then sifts through its database for records of phone calls that can identify foreigners with terror links, the newspaper reported. Most of the logs handed over by AT&T are related to foreign-to-foreign calls, the report said. For international calls that include one end in the United States, the company does not reveal the identity of the Americans and hides several digits of their phone numbers, which allows the CIA to comply with a ban on domestic spying, it said. The Central Intelligence Agency could choose to refer a hidden number to the FBI, which could then issue a subpoena demanding AT&T divulge the information, according to the report. An AT&T spokesman did not confirm or deny the program but said the firm acted in accordance with laws in the United States and in foreign countries. "In all cases, whenever any governmental entity anywhere seeks information from us, we ensure that the request and our response are completely lawful and proper," spokesman Mark Siegel told AFP. But he added: "We do not comment on questions concerning national security." Without verifying the existence of the program, the CIA said its intelligence gathering does not violate the privacy of Americans. "The CIA protects the nation and upholds the privacy rights of Americans by ensuring that its intelligence collection activities are focused on acquiring foreign intelligence and counterintelligence in accordance with US laws," said spokesman Todd Ebitz. The CIA is usually associated with gathering intelligence through spies in the field while the NSA focuses on eavesdropping abroad and code-breaking. But an unnamed intelligence official told the Times that the CIA sometimes needs to check phone records in "time-sensitive situations" and be able to act with speed and agility. The report offered the first indication that the CIA had a role in electronic data collection as leaks from a former intelligence contractor, Edward Snowden, have sparked a global firestorm around the NSA's digital spying. US Internet communications firms have voiced complaints that they are legally required to cooperate with the NSA's "data mining." Industry advocates have expressed concerns that NSA spying revelations could turn consumers in the US and abroad against the American technology companies. Source: CIA Paid AT&T for Phone Records: Report | SecurityWeek.Com

Postul de televiziune CNN a difuzat sâmb?t? înregistr?ri video cu persoane care prezentau convulsii sau copii mor?i, care ar fi victime ale atacurilor chimice din 21 august din Siria ?i care au fost ar?tate congresmenilor americani. maginile provenind din 13 înregistr?ri video ?i prezentate în exclusivitate de CNN, care nu garanteaz? autenticitatea lor din surse independente, prezint? ?iruri de cadavre de copii ?i adul?i într-o înc?pere. Altele înf??i?eaz? un b?rbat care are convulsii, un altul care încearc? s?-?i readuc? la via?? copilul, altul care îl spal? pe fa?? pe un micu?, în timp ce pe fundal se aud strig?te. Aceste imagini au fost prezentate unui grup mic de senatori de c?tre administra?ia Obama, care a afirmat în fa?a Comisiei pentru Serviciile de informa?ii din Senat c? prezint? scene surprinse dup? atacurile chimice din 21 august, afirm? CNN. Exclusive: Classified Syria video released - CNN.com Video Sursa mediafax.ro Ce parere aveti?

Buna ziua RST, Am o intrebare pentru voi. Algoritmul Gutmann-35 este un algoritm facut de catre Peter Gutmann si Colin. Acest algoritm sterge datele folosind 35 pasi diferiti (mai multe info aici: Gutmann method - Wikipedia, the free encyclopedia). Recent am citit un articol ca metoda Gutmann-35 este total inutila. Caci chiar daca re-scris peste acea zona unde se afla un fisier de 35x, aceasta poate fi totusi recuperata folosind magnetii speciali de care numai CIA sau FBI-ul il detine. Intrebarea mea este, daca intr-adevar exista o astfel de tehnologie care sa ajuta la recuperarea fisierelor chiar daca ai folosit inclusiv metoda Gutmann-35. Inseamna ca nu exista absolut nici o metoda care sa fie datele tale 100% sterse? Totusi, ce am prezentat mai sus am vorbit pentru un simplu Hard-Disk care foloseste platane. Cum ar functiona in cazul unui SSD? Se sterg mai usor si mai sigur datele de pe un SSD decat de pe un HDD? cum sta treaba? Multumesc! EDIT: Am uitat sa precizez, O metoda 100% de a sterge datele asta inseamnand Fara distrugerea fizica a HDD-ului/SSD-ului. Si ca sa fie clar, nu am intentii rele. Nu am de ce sa ma tem, sunt doar curios. Cu bine!

Legat de Prism, pana zilele astea nu eram lamurit cum o sa ne afecteze pe noi ce nu suntem din USA acest proiect. Ieri, a venit in Romania directorul CIA, intr-o vizita oficiala, foarte incantat de colaborarea intre servicii, si laudand ofiterii STS si SRI, atunci mi-a picat fisa. Guvernul Romaniei, nu este in pozitia de a putea cere oricarui provider de mail, im, etc informatiile pe care le pot cere americanii, fara hartii, dar colaborand cu siguranta si serviciile noastre au acces dupa bunul plac la informatiile adunate prin Prism, ce ii intereseaza. Si pana acum aveau, corect, dar doar cu mandat, si doar la o parte din aceste servicii. In ultimii ani se incearca controlarea internetului, acum au facut pasi fermi in sensul asta, lucru de neacceptat, astfel trebuie sa luam din ce in ce mai in serios serviciile criptografice, si a cauta noi tehnologii pentru a mentine confidentialitatea informatiilor.