Kostenlose binäre Optionen Hack Automator

Vault 7 - CIA Hacking Tools Revealed

Vault 7 - CIA Hacking Tools Revealed
March 07, 2017
from Wikileaks Website


https://preview.redd.it/9ufj63xnfdb41.jpg?width=500&format=pjpg&auto=webp&s=46bbc937f4f060bad1eaac3e0dce732e3d8346ee

Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.
Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (below image) in Langley, Virgina.
It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including,
  1. malware
  2. viruses
  3. trojans
  4. weaponized "zero day" exploits
  5. malware remote control systems

...and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include,

  1. Apple's iPhone
  2. Google's Android
  3. Microsoft's Windows
  4. Samsung TVs,

...which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA).
The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI - below image), had over 5000 registered users and had produced more than a thousand,
hacking systems trojans viruses,
...and other "weaponized" malware.


https://preview.redd.it/3jsojkqxfdb41.jpg?width=366&format=pjpg&auto=webp&s=e92eafbb113ab3e972045cc242dde0f0dd511e96

Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more codes than those used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that,
"There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
But the significance of 'Year Zero' goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to Redact (see far below) and Anonymize some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout,
Latin America Europe the United States

While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation).
The DDI is one of the five major directorates of the CIA (see above image of the CIA for more details).
The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS.
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.
CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year.
"Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of, WhatsApp
  1. Signal
  2. Telegram
  3. Wiebo
  4. Confide
  5. Cloackman
...by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
CIA malware targets Windows, OSx, Linux, routers
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.
This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ("Brutal Kangaroo") and to keep its malware infestations going.
Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB).
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section far below.
CIA 'hoarded' vulnerabilities ("zero days")
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability.
If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities.
The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.
The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers.
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
'Cyberwar' programs are a serious proliferation risk
Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces - sometimes by using the very same 'weapons' against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'.
Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information.
The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.
The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport" Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area - including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed for physical proximity.
These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace.
The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media.
For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use.
To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos).
But while the decoy application is on the screen, the underlying system is automatically infected and ransacked.
How the CIA dramatically increased proliferation risks
In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7", the CIA's, weaponized malware (implants + zero days) Listening Posts (LP) Command and Control (C2) systems, ...the agency has little legal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyber-arsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet.
If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.
Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution.
This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Conventional weapons such as missiles may be fired at the enemy (i.e. into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts.
Ordnance will likely explode. If it does not, that is not the operator's intent.
Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams.
For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired.
However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target.
To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers.
But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system.
If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.
Evading forensics and anti-virus
A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as, Apple
  1. Microsoft
  2. Google
  3. Samsung
  4. Nokia
  5. Blackberry
  6. Siemens
  7. anti-virus companies,
...attribute and defend against attacks.
"Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review".
Similar secret standards cover the, use of encryption to hide CIA hacker and malware communication (pdf) describing targets & exfiltrated data (pdf) executing payloads (pdf) persisting (pdf), ...in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs.
These are documented in, AV defeats Personal Security Products Detecting and defeating PSPs PSP/DebuggeRE Avoidance For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".
CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure.

Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used for,
penetration infestation ("implanting") control exfiltration
Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants.
Special projects are used to target specific hardware from routers to smart TVs.
Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero".
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency.
Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible.
As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover,
keyloggers
  1. password collection
  2. webcam capture
  3. data destruction
  4. persistence
  5. privilege escalation
  6. stealth
  7. anti-virus (PSP) avoidance
  8. survey techniques

Fine Dining
Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out.
The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations.
The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff.
The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are,
  • 'Asset'
  • 'Liason Asset'
  • 'System Administrator'
  • 'Foreign Information Operations'
  • 'Foreign Intelligence Agencies'
  • 'Foreign Government Entities'
Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types.
The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained.
This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Improvise (JQJIMPROVISE)
  1. 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector
  2. selection for survey/exfiltration tools supporting all major operating systems like,
  3. Windows (Bartender)
  4. MacOS (JukeBox)
  5. Linux (DanceFloor)
  6. Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools
based on requirements from 'Fine Dining' questionnaires.
HIVE
HIVE is a multi-platform CIA malware suite and its associated control software.
The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider.
The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients.
It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant.
If a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?
WikiLeaks published as soon as its verification and analysis were ready. In February the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days.
While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
Redactions
Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
Archive attachments (zip, tar.gz, ...), are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
Attachments with other binary content, are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
Tens of thousands of routable IP addresses references, (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
Binary files of non-public origin, are only available as dumps to prevent accidental invocation of CIA malware infected binaries.
Organizational Chart
The organizational chart (far above image) corresponds to the material published by WikiLeaks so far.
Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far.
It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.
Wiki pages
"Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian.
Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.
The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).
What time period is covered?
The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).
WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order.
If it is critical to know the exact time/date contact WikiLeaks.
What is "Vault 7"
"Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks.
When was each part of "Vault 7" obtained?
Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
Is each part of "Vault 7" from a different source?
Details on the other parts will be available at the time of publication.
What is the total size of "Vault 7"?
The series is the largest intelligence publication in history.
How did WikiLeaks obtain each part of "Vault 7"?
Sources trust WikiLeaks to not reveal information that might help identify them.
Isn't WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Has WikiLeaks already 'mined' all the best stories?
No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there.
Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.
Won't other journalists find all the best stories before me?
Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by CuteBananaMuffin to conspiracy [link] [comments]

The Tyranny of the Minimum Viable User

In addressing shortcomings of a major web browser recently, I tossed out a neologism for a neologistic age: Minimum viable user.
This describes the lowest-skilled user a product might feasibly accommodate, or if you're business-minded, profitably accommodate. The hazard being that such an MVU then drags down the experience for others, and in particular expert or experienced users. More to follow.
There are cases where reasonable accommodations should be considered, absolutely. Though how this ought be done is also critical. And arbitrary exclusions for nonfunctional reasons -- the term for that is "discrimination", should you ask -- are right out.
Accessibility accommodations, in physical space and informational systems, is a key concern. I don't generally require these myself, but know many people who do, and have come to appreciate their concerns. I've also come to see both the increased imposition, and benefits, this offers by way of accommodating the needs.
It's often underappreciated how increased accessibility helps many, often all, users of a product or space. A classic instance would be pavement (or sidewalk) kerb cuts -- bringing the edge of a walkway to street level, rather than leaving a 10 cm ridge. This accommodates not just wheelchairs, but dollies, carts, wheeled luggage, and more. Benefits which materialised only after deployment, beyond the original intent.

Accessibility and Information Systems

For information systems -- say, webpages -- the accommodations which are most useful for perceptually-challenged users are also almost always beneficial to others: clear, high-contrast layouts. Lack of distracting screen elements. A highly semantic structure makes work easier for both screen-readers (text-to-speech) and automated parsing or classification of content. Clear typography doesn't fix all copy, but it makes bad copy all the more apparent. Again, positive externalities.
When we get to the point of process-oriented systems, the picture blurs. The fundamental problem is that an interface which doesn't match the complexity of the underlying task is always going to be unsatisfactory. Larry Wall has observed this with regard to the Perl programming language: complexity will out. In landscape design, the problem is evidenced by the term "desire path". A disagreement between use and design.[1]
At its heart, a desire path is the failure for designer to correctly anticipate, or facilitate, the needs and desires of their users. Such paths reflect emergent practices or patterns, some constructive, some challenging the integrity of a system. Mastodon Tootstorms are an example of a positive creative accommodation. Mostly.
On other services, the lack of an ability to otherwise dismiss content frequently creates an overload of the spam or abuse reporting mechanism. G+ comes to mind. If a side-effect of reporting content is that it is removed from my view, and there is no other way to accomplish that goal, then the reporting feature becomes the "remove from visibility" function. I've ... had that conversation with Google for a number of years. Or is that a monologue...
Software programming is in many ways a story of side-effects and desire paths, as is the art of crafting system exploits. PHP seems particularly prone to this, though I can't find the character-generating hack I've in mind.
There's the question of when a system should or shouldn't be particularly complex. Light switches and water taps are a case in point. The first has operated as a simple binary, the second as a variable-rate flow control, and the basic functionality has remained essentially unchanged for a century or more. Until the Internet of Broken Shit that Spies on you wizkids got ahold of them.... And modulo some simple management interfaces: timers or centralised large-building controls.
Simple tasks benefit from simple controls.
Complex tasks ... also benefit from simple controls, but no simpler than the task at hand.
A good chef, for example, needs only a modicum of basic elements. A good knife. A reliable cooktop and oven. A sink. A cutting surface. Mixing bowls. Underappreciated: measuring equipment. Measuring spoons, cups, pitchers. A scale. Thermometer. Timers. The chef also may have call for some specific processing equipment: cutting, chopping, blending, grating, and mixing tools. Powering these increases throughput, but the essential controls remain simple. And some specialised tools, say, a frosting tube, but which generally share common characteristics: they're individually simple, do one thing, usually a basic transformation, and do it well.
The complexity of the process is in the chef, training, and practice.
The antithesis of this is "cooking gadgets" -- tools or appliances which are complicated, fussy, achieve a single and non-general result, or which integrate (or attempt to do so) a full process. This is the stuff that clutters counter space and drawers: useless kitchen gadgets. A category so egregious it defies even simple listing, though you're welcome to dig through search results.
If you can only use it on one recipe, it's bad mkay?

Appropriateness of Single-use Tools: Safety equipment

On single-use tools: if that single use is saving your life in conditions of readily forseeable peril, then it may well be worth having. Lifeboats. Seatbelts. First aid kit.
That gets down to a risk assessment and mitigation calculation problem though, which may be error-prone: over- and under-estimating risks, and/or the efficacy of mitigations. Pricing risk and risk-as-economic good is another long topic.

Lifts, Telephones, and Automobiles

There are times when you absolutely should be aiming for the minimum viable user. Anything that sees widespread shared public use, for example. I shouldn't have to read the user manual to figure out how to open the front door to your building. Automatic, sensored doors, would be an entirely MVU product.
I've mentioned lifts, automobiles, and telephones. Each is highly complex conceptually, two can maim or kill. All can be relatively safely used by most adults, even children. A large part of what makes lifts, automobiles, and telephones so generally usable is that the controls are very highly standardised. Mostly. The exceptions become newsworthy.
Telephones have deviated from this with expansion of mobile and even more complex landline devices. And the specific case of business-oriented office telephones has been for at least 30 years, a strong counterexample, worth considering.

Office Phone Systems

It takes me a year or more to figure out a new office phone system. If ever. A constant for 30 years. This wasn't the case as of the 1980s, when a standard POTS-based phone might have five buttons, and the smarts were in a PBX generally located within the building.
By the 1990s, though, "smart phones" were starting to appear. Rolm was one early vendor I recall. These had an increasing mix of features, not standardised either across or within vendor lines, but generally some mix of:
  1. Voicemail
  2. Call forwarding
  3. Call conferencing
  4. Lots of other random shit to inflate marketing brochures
Feature #4 was a major problem, but the underlying one was, and remains, I think, the mismatch of comms channels and cognitive capacities a phone represents: audio, physical, textual, and short-term working memory.
The physical interface of most phones -- and I'm referring to desk sets here -- is highly constrained. There's a keypad, generally 12 buttons (not even enough for the impoverished Roman alphabet, let alone more robust ones), possibly an additional set of function buttons, and a handset, plus some base. Cords.
More advanced phonesets have perfected the technology of including a display for text which is simultaneously unreadable under any lighting conditions, viewing angles, or capable of providing useful information in any regard. This another engineering accomplishment with a decades-long record.
Phones are relatively good for talking, but they are miserable for communication. Reflected by millennials disdain for making phone calls Millennials prefer text-based apps to voice comms, as do numerous tech early-adopters. I suspect the reason is both the state-maintenance and fragility of phone-based communications.
I'm distinguishing talking -- a longer and wandering conversation with a friend -- and communicating -- the attempt to convey or obtain some specific task-oriented or process-oriented information. The salient difference is that the latter is very strongly goal oriented, the former, not so much. That is, a "simple" phone conversation is a complex interaction and translation between visual, textual, audio, physical, and memory systems. It's also conducted without the visual cues of face-to-face communications (as are all remote comms), for further fun and games. This usually makes conversations with someone you know well (for whom you can impute those cues) generally far more straightforward than with a stranger, especially for complex discussions.
The upshot is that while a telephone is reasonably simple to use in the basic case -- establish a voice connection with another device generally associated with a person or business -- it actually fails fairly profoundly in the surrounding task context for numerous reasons. Many of which boil down to an interface which is simultaneously oversimplified and poorly suited to the task at hand.
Smartphones, and software-based telephony systems in general, followed the business phone lead.
Mobile comms generally have expanded on failures of business phone systems in poor usability as phones by significantly deteriorating audio quality and dynamics -- constraints of packet-switching, compression, additional relay hops, and speed-of-light delays have boosted noise and lag to the level of interfering with the general flow of conversation. Which isn't particularly an interface failure as such (this is channel behaviour), but it encourages the shift to text of millennials.
I'll save the question of how to fix voice comms for discussion.
The point I'm making is that even an apparently straightforward device and task, with a long engineering history, can find itself ill-matched to new circumstances.
There's also much path-dependence here. Lauren Weinstein on G+ enjoys digging up old AT&T engineering and marketing and/or propaganda newsreels describing development of the phone system: direct-dial, switching, 7-digit, area-code, long-distance, touch-tone. There were real and legitimate design, engineering, and use considerations put into each of these. It's not as if the systems were haphazardly put together. This still doesn't avoid the net result being a bit of a hash.
An appreciation of why Mr. Chesterton built his fence , and whether or not that rationale remains valid, is useful to keep in mind. As are path-dependencies, 2nd-system effects, and late-adopter advantages. Those building out interdependent networks after initial trial often have a significant advantage.
It's also interesting to consider what the operating environment of earlier phones was -- because it exceeded the device itself.
A business-use phone of, say, the 1970s, existed in a loosely-integrated environment comprising:
Critically: these components operated simultaneously and independently of the phone.
A modern business, software, or smartphone system may offer some, or even all, of these functions, but frequently:
The benefits are that they are generally cheaper, smaller, more portable, and create digital data which may be, if accessible to other tools, more flexible.
But enough of phones.

The Unix Philosophy

The Unix Philosophy reads: "Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface."
It offers a tremendous amount of mileage.

Exceptions to the Unix Philosophy: Complexity Hubs

I want to talk about the apparent exceptions to the Unix philosophy: shells, editors, email, init (and especially systemd), remote filesystems, udev, firewall rules, security generally, programming languages, GUIs.
Apparently, "exceptions to the Unix philosophy" is very nearly another neologism -- I find a single result in Google, to an essay by Michael O. Church. He adds two more items: IDEs (integrated developer environments), arguably an outgrowth of editors, and databases. Both are solid calls, and both tie directly into the theme I had in mind in the preceding toot.
These are all complexity hubs -- they are loci of either control or interfacing between and among other systems or complex domains:

The GUI Mess

This leaves us with GUIs, or more generally, the concept of the domain of graphics.
The complexity here is that graphics are not text. Or at the very least, transcend text. It is possible to use text to describe graphics, and there are tools which do this: Turtle. Some CAD systems. Scalable vector graphics (SVG). But to get philosophical: the description is not the thing. The end result is visual, and whilst it might be rule-derived, it transcends the rule itself.
One argument is that when you leave the domain of text, you leave the Unix philosophy behind. I think I'm OK with that as a starting premise. This means that visual, audio, mechanical, and other sensory outputs are fundamentally different from text, and that we need to keep in mind that text, whilst powerful, has its limits.
It's also to keep in mind, though, what the characteristics and limits of GUIs themselves are.
Neal Stephenson, "In the Beginning was the Command Line", again, offers one such: Metaphor sheer. Most especially where a GUI is used to represent computer system elements themselves, it's crucial to realise that the representation is not the thing itself -- map-territory confusion. In fact a GUI isn't so much a representation as a remapping of computer state.
Unix, the C programming language, and the bash shell all remain relatively close to machine state. In many cases, the basic Unix commands are wrappers around either C language structures (e.g., printf(1) and printf(3)), or report the content of basic data structures (e.g., stat(1) and stat(2)). Even where the concept is reshaped significantly, you can still generally find the underlying concept present. This may be more foreign for newbies, but as exposure to the system is gained, interface knowledge leverages to system knowledge.
GUIs lose this: represented state has little coherence.
Some argue that not being tied to the mechanism is an advantage -- that this allows the interface designer a freedom to explore expressions independent of the underlying mechanism.
This is true.
But it gets to another set of limitations of GUIs:
Scripting has the effect of constraining, for better or worse, changes to interfaces because scripts have to be updated as features change. The consequence is that tools either don't change arguments, change them with exceedingly long advance warning, or failing either of those, are rapidly discarded by those who use them due to gratuitous interface changes. The result is a strong, occasionally stifling, consistency over time.
The limits on information density and on scaling or scrolling are another factor. A good GUI might offer the ability to expand or compress a view by a few times, but it takes a very creative approach to convey the orders of magnitude scales which, say, a physical library does. Data visualisation is its own specialty, and some are good at it.
The result is that most GUI interfaces are good for a dozen, perhaps a few dozens, objects.
Exceptions to this are telling. xkcd is on the money: https://www.xkcd.com/980/ This chart manages to show values from $1to $2.39 quadrillion ($2.39 thousand million million), within the same visualisation, a span of 15 orders of magnitude, by using a form of logarithmic scaling. This is possible, but it is difficult to do usefully or elegantly.

GUIs, Efficiency, and Change

Change aversion and inherent limits to GUI productivity interact to create the final conflict for GUIs: the potential for interface efficiency is limited and change is disruptive, you lose for trying. Jamie "jwz" Zawinski notes this:
Look, in the case of all other software, I believe strongly in "release early, release often". Hell, I damned near invented it. But I think history has proven that UI is different than software.
What jwz doesn't do is explain why this is, and I'm not aware of others who have.
This also shows up in the case of Apple, a company which puts a premium on design and UI, but which is exceedingly conservative in changing UI. The original Mac desktop stuck with its initial motif from 1984 until 2001: 17 years. It successor has changed only incrementally from 2001 to 2017, very nearly as long. Even Apple realise: you don't fuck with the GUI.
This suggests an underlying failure of the Linux desktop effort isn't a failure to innovate, but rather far too much churn in the desktop.
My daily driver for 20 years has been Window Maker, itself a reimplementation of the 1989 NeXT desktop. Which is to say that a 30 year-old design works admirably. It's fast, stable, doesn't change unexpectedly with new releases or updates, and gets the fuck out of the way. It has a few customisations which tend to focus on function rather than form.

The Minimum Viable User GUI and Its Costs

Back to my starting premise: let's assume, with good reason, that the Minimum Viable User wants and needs a simple, largely pushbutton, heavily GUI, systems interface.
What does this cost us?
The answer is in the list of Unix Philosophy Violating Tasks:

Just Who is the Minimum Viable User?

A central question, and somewhat inexcusably buried at this point in my essay, is who is the Minimum Viable User? This could be the lowest level of system skills capable of using a device, which an OECD survey finds is abysmally bad. Over half the population, and over 2/3 in most surveyed industrialised countries, have poor, "below poor", or no computer skills at all.
I'm moving past this point quickly, but recommend very strongly reading Jacob Nielsen's commentary on this study, and the study itself: "Skills Matter: Further Results from the Survey of Adult Skills" (OECD, 2016). The state of typical user skills is exceedingly poor. If you're reading this essay, you're quite likely not among them, though if you are, the comment is simply meant without disparagement as a statement of fact: from high to low, the range of user computer skills is enormous, with the low end of the range very highly represented in the general population. People who, largely, otherwise function quite well in society: they have jobs, responsibilities, families.
This has profound implications for futures premised on any sort of general technical literacy. As William Ophuls writes in Plato's Revenge, social systems based on the premise that all the children are above average are doomed to failure.
The main thrust of this essay though is a different concern. Global information systems which are premised on a minimal-or-worse level of sophistication by all users also bodes poorly, though for different reasons: it hampers the capabilities of that small fraction -- 5-8% or less, and yes, quite probably far less -- of the population who can make highly productive use of such tools, by producing hardware and software which fails to support advanced usage.
It does this by two general modes:
The dynamics are also driven by market and business considerations -- where the money is, and how development, shipping, and maintaining devices relates to cash flows.

The Problem-Problem Problem

One business response is to extend the MVU definition to that of the Minimum Viable-Revenue User: services are targeted at those with the discretionary income, or lack of alternatives, to prove attractive to vendors.
There's been well-founded criticism of Silicon Valley startups which have lost track of what a meaningful problem in need of solution. It's a problem problem. Or: The problem-problem problem.
Solving Minor Irritations of Rich People, or better, inventing MIoRP, as a bootstrapping method, has some arguable utility. Telsa Motors created a fun, but Very ExpensiveTM , electrified Lotus on its way to creating a viable, practical, battery-powered, Everyman vehicle. Elon Musk is a man who has made me a liar multiple times, by doing what I unequivocally stated was impossible, and he impresses the hell out of me for it.
Amazon reinvented Sears, Roebuck, & Co. for the 21st century bootstrapped off a books-by-mail business.
I'm not saying there ain't a there there. But I'm extremely unconvinced that all the there there that's claimed to be there is really there.
Swapping out the phone or fax in a laundry, food-delivery, dog-walking, or house-cleaning business is not, in the larger scheme of things, particularly disruptive. It's often not even a particularly good business when catering to the Rich and Foolish. Not that parting same from their easily-won dollars isn't perhaps a laudable venture.
The other slant of the Minimum Viable User is the one who is pushed so far up against the wall, or fenced in and the competition fenced out, that they've no option but to use your service. Until such time as you decide to drag them off the plane. Captive-market vendor-customer relationship dynamics are typically poor.
For numerous reasons, the design considerations which go into such tools are also rarely generative. Oh: Advertising is one of those domains. Remember: Advertising breeds contempt.
Each of these MVU business cases argues against designing for the generative user. A rather common failing of market-based capitalism.
Robert Nozick explains criticism of same by creatives by the fact that "by and large, a capitalist society does not honor its intellectuals". A curious argument whose counterpoint is "capitalism is favoured by those whom it does unduly reward".
That's solipsistic.
Pointing this out is useful on a number of counts. It provides a ready response to the Bullshit Argument that "the market decides". Because what becomes clear is that market forces alone are not going to do much to encourage generative-use designs. Particularly not in a world of zero-marginal-cost products. That is: products whose marginal costs are small (and hence: pricing leverage), but with high fixed costs. And that means that the market is going to deliver a bunch of shitty tools.

Getting from Zero to One for Generative Mobile Platforms

Which suggests one of a few possible avenues out of the dilemma: a large set of generative tools have been built through non-capitalistic organisation. The Free Software / Open Source world would be a prime case in point, but it's hardly the first. Scientific research and collaboration, assembly of reference tools, dictionaries, encyclopedias. That's an option.
Though they need some sort of base around which to form and organise. And in the case of software they need hardware.
For all the evil Bill Gates unleashed upon the tech world (a fair bit of it related to the MVU and MFVU concepts themselves), he also unleashed a world of i386 chipset systems on which other software systems could be developed. Saw to it that he individually and specifically profited from every one sold, mind. But he wasn't able to restrict what ran on those boxes post-delivery.
GNU/Linux may well have needed Bill Gates. (And Gates may well have not been able to avoided creating Linux.)
There are more smartphones and Android devices today than there ever were PCs, but one area of technical advance over the decades has been in locking systems down. Hard. And, well, that's a problem.
I don't think it's the only one, though.
Commodity x86 hardware had a model for the operating system capable of utilising it which already existed: Unix. Linus Torvalds may have created Linux, but he didn't design it as such. That template had been cut already. It was a one-to-two problem, a question of scaling out. Which is to say it wasn't a Zero to One problem.
And yes, Peter Thiel is an evil asshat, which is why I'm pointing you specifically at where to steal his book. That's not to say he isn't an evil asshat without the occasional good idea.
I'm not sure that finding (and building) the Open Mobile Device Environment is a Zero to One problem -- Google, well, Android Inc., leveraged Linux, after all. But the design constraints are significantly different.
A standalone PC workstation is much closer to a multi-user Unix server in most regards, and particularly regards UI/UX, than is a mobile device measuring 25, or 20, or 12, or 8 cm. Or without any keyboard. Or screen. And a certain set of tools and utilities must be created.
It's not as if attempts haven't been made, but they simply keep not getting anywhere. Maemo. FirefoxOS. Ubuntu Phone. Hell, the Psion and Palm devices weren't bad for what they did.
Pick one, guys & gals. Please.

The Mobile Applications Ecosystem is Broken

There's also the question of apps, and app space, itself. By one school of thought, a large count of available applications is a good thing. By another, it's a sign of failure of convergence. As of 2017, there are 2.5 million Google Play apps.
Is it even worth the search time? Is meaningful search of the space even possible?
The question occurs: is it really in Google's interest to proliferate applications which are separate, non-integrated, split development efforts, and often simply perform tasks poorly?
Why not find a way to focus that development effort to producing some truly, insanely, great apps?
The consequences are strongly reminiscent of the spyware and adware problem of desktop Windows in the early 2000s. For the same reason: competitive software development incentivises bad behaviour and poor functionality. It's the Barbarians at the Gate all over again. With so many independent development efforts, and such an inefficient communications channel to potential users, as well as poor revenue potential through kosher methods, the system is inherently incentivised to exceedingly user-hostile behaviour.
A valid counterargument would be to point to a set of readily-found, excellent, well-designed, well-behaved, user-centric tools fulfilling fundamental uses mentioned in my G+ post. But this isn't the case. Google's Play Store is an abject failure from a user perspective. And catering to the MVU carries a large share of the blame.
I'm not saying there should be only one of any given application either -- some choice is of value. Most Linux distributions will in fact offer a number of options for given functionality, both as shell or programming tools (where modular design frequently makes these drop-in replacements, down to syntax), and as GUI tools.
Whilst "freedom to fork" is a touted advantage of free software, "capacity to merge" is even more salient. Different design paths may be taken, then rejoined.
There's another line of argument about web-based interfaces. I'll skip much of that noting that the issues parallel much of the current discussion. And that the ability to use alternate app interfaces or browser site extensions is critical. Reddit and Reddit User Suite, by Andy Tuba, are prime exemplars of excellence in this regard.

Related Reading

A compilation of articles reflecting this trend.

Bootnote

Yes, this is a lot of words to describe the concept generally cast as "the lowest common denominator". I'm not claiming conceptual originality, but terminological originality. Additionally:
This post was adapted from an earlier Mastodon Tootstorm.

Notes

  1. Reddit fans of the concept might care to visit /DesirePaths.
submitted by dredmorbius to dredmorbius [link] [comments]

Vault 7 release info from actual files

sorry for the mess. copy paste....
Press Release Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones. Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons. Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike. Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective." Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published. Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks. Analysis CIA malware targets iPhone, Android, smart TVs CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details). The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide. The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization. The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server. As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations. The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone. Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites. A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. "Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors. These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied. CIA malware targets Windows, OSx, Linux, routers The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( "Brutal Kangaroo") and to keep its malware infestations going. Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa". Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB). The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section below. CIA 'hoarded' vulnerabilities ("zero days") In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers. Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others. The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis. "Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals. As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable. The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable. 'Cyberwar' programs are a serious proliferation risk Cyber 'weapons' are not possible to keep under effective control. While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain. Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost. Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same 'weapons' against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'. Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services. Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers. A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents. Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools. Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike. U.S. Consulate in Frankfurt is a covert CIA hacker base In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa. CIA hackers operating out of the Frankfurt consulate ( "Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover. The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport"
Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures. Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland. A number of the CIA's electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked. How the CIA dramatically increased proliferation risks In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7" — the CIA's weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse. The CIA made these systems unclassified. Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'. To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets. Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator's intent. Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired. However the analogy is questionable. Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified. A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation. Evading forensics and anti-virus A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as Apple, Microsoft, Google, Samsung, Nokia, Blackberry, Siemens and anti-virus companies attribute and defend against attacks. "Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review". Similar secret standards cover the use of encryption to hide CIA hacker and malware communication (pdf), describing targets & exfiltrated data (pdf) as well as executing payloads (pdf) and persisting (pdf) in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/DebuggeRE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM". CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure. Examples The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools. The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration. Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs. Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero". UMBRAGE The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity. This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution. The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from. UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques. Fine Dining Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff. Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation. Improvise (JQJIMPROVISE) 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies. HIVE HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants. The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains. Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website. The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant. Similar functionality (though limited to Windows) is provided by the RickBobby project. See the classified user and developer guides for HIVE.
Frequently Asked Questions Why now? WikiLeaks published as soon as its verification and analysis were ready. In Febuary the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days. While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date. Redactions Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency. Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person. Archive attachments (zip, tar.gz, ...) are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted. Attachments with other binary content are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted. The tens of thousands of routable IP addresses references (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation. Binary files of non-public origin are only available as dumps to prevent accidental invocation of CIA malware infected binaries. Organizational Chart The organizational chart corresponds to the material published by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently. Wiki pages "Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions. The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page). What time period is covered? The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first). WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks. What is "Vault 7" "Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks. When was each part of "Vault 7" obtained? Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication. Is each part of "Vault 7" from a different source? Details on the other parts will be available at the time of publication. What is the total size of "Vault 7"? The series is the largest intelligence publication in history. How did WikiLeaks obtain each part of "Vault 7"? Sources trust WikiLeaks to not reveal information that might help identify them. Isn't WikiLeaks worried that the CIA will act against its staff to stop the series? No. That would be certainly counter-productive. Has WikiLeaks already 'mined' all the best stories? No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts. Won't other journalists find all the best stories before me? Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by JonBendini to conspiracy [link] [comments]

The CIA and NyanCat: The hackers and tools of Vault 7's "Year Zero"

NyanCat
This article is meant to comprehensively break down the enormous material of Vault7's "Year Zero" into something more meaningful to readers less familiar with this technical material. Some highlights include the ability to manipulate cars, TVs, and your computer without you ever noticing and having your passwords stored on a "NyanCat".
Vault 7 is a series of WikiLeaks releases on the CIA and the methods and means they use to hack, monitor, control and even disable systems ranging from smartphones, to TVs, to possibly even dental implants. The Vault7 leaks themselves can be found on WikiLeaks.
Copied from a Steemit article I wrote earlier.

Branches

The following are the different branches or departments of the CIA Information Operations Center and their purpose as well as the relevant tools or projects they are credited with developing or participating in.

Embedded Development Branch (EDB)

Mission:
To be the premiere development shop for customized hardware and software solutions for Information Operations: utilizing operating system knowledge, hardware design, software craftsmanship, and network expertise to support the IOC Mission.
Source: WikiLeaks

Remote Development Branch (RDB)

Operational Support Branch (OSB)

Automated Implant Branch (AIB)

Network Devices Branch (NDB)

Mobile Development Branch (MDB)

Technical Advisory Council (TAC)

CCI Europe Engineering

Tools and projects

The following are software tools released in Vault7 and used by the CIA along with descriptions of their methods, reasons and implications for employment. They have been organized by the branch of which developed them.

EDB

Weeping Angel

Weeping Angel is a complex suite of software which gives the user multiple tools and vectors for attacking, monitoring and listening to a target machine, including Smart TVs.(1)
Weeping Angel is able to:(2) * Extract browser credentials or history * Extract WPA/WiFi credentials * Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application * Investigate the Remote Access feature * Investigate any listening ports & their respective services * Attempt to override /etc/hosts for blocking Samsung updates without DNS query and iptables (referred to by SamyGo) * Add ntpclient update calls to startup scripts to sync implant's system time for accurate audio collection timestamps

Gyrfalcon

Gyrfalcon is a Linux tool that ptraces an OpenSSH client collecting username, password, TCP/IP connections, and session data.(3)

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
Source: WikiLeaks

Sparrowhawk

Sparrowhawk's goal was to collect user-entered keystrokes from any system terminal, and collate in a unified format across multiple Unix platforms.(4)

HarpyEagle

HarpyEagle is a tool designed to gain root access on an Apple Airport Extreme and Time Capsule via local and/or remote means to install a persistent rootkit into the flash storage of the devices.(5)
Facedancer21, a component of HarpyEagle, is a client for keyboard emulation. You are able to send keystrokes to the host computer as if you were typing them into a keyboard.(6)

DerStarke

DerStarke appears to be a suite for discretely and persistently monitoring a target device, allowing the attacker to discretely connect to the Internet and thus beacon back to the attacker's device. Unlike typical Windows packages which do similar things, DerStarke was developed for Mac OSX Mavericks.(7)

YarnBall

YarnBall is a client for intercepting USB keyboard traffic for keylogging purposes on primarily Apple devices. The user can then move this data to a discrete storage device curiously labeled as, NyanCat:
Investigate on communication with NyanCat through USB Async/Sync data methods (Would allow larger than 64 byte commands to NyanCat)
Source: WikiLeaks

SnowyOwl

SnowyOwl is a Mac OS X tool that injects a pthread into an OpenSSH client process creating a surreptitious sub-channel to the remote computer.(8)

Bee Sting

Bee Sting is a discrete tool for injecting data in to iFrame media.(9) This would be coupled with something like Flash Bang to deliver a payload discretely through iFrame media (embedded videos, games, etc.).

MaddeningWhispers

MaddeningWhispers is a peculiar set of tools that allow the user to remotely access and beacon a target "Vanguard-based" device. The user is then able to run a command-line client on the target machine and use it as a beacon/listening post and can also manipulate USB devices on the same bus.(10)

RDB

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Source: WikiLeaks

OSB

Flash Bang

Flash Bang is a tool designed to be able to migrate from a browser process (using sandbox breakout), escalate privileges, and memory load a NOD Persistence Spec dll.(11) This basically hacks target system and sets up persistent backdoor through iframe media (embedded videos, games, etc.).

Fight Club/RickyBobby

Fight Club is loaded onto sections of the target system where a set of future actions can be taken. RickyBobby then allows constant monitoring of the network Fight Club is loaded on and performs persistent tasks.(12)
Agents would load a customized malware payload with Fight Club on USB for physical delivery. Software would be loaded onto target's system discretely by disguising itself as WinRAR, VLC Media Player, and more. Nicknames for each, customized payload included MelomyDropkick (TrueCrypt), MelomyRoundhouse (VLC Player), MelomyLeftHook (Shamela) and MelomyKarateChop (WinRar).(13)

Taxman

Taxman is awesome. 'Nuff said.
Source: WikiLeaks

Improvise

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.
Source: WikiLeaks

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Source: WikiLeaks

HammerDrill v2.0

HammerDrill is a CD/DVD collection tool that collects directory walks and files to a configured directory and filename pattern as well as logging CD/DVD insertion and removal events. v2.0 adds a gap jumping capability that Trojans 32-bit executables as they are being burned to disc by Nero. Additionally, v2.0 adds an status, termination and an on-demand collection feature controlled by HammerDrillStatus.dll, HammerDrillKiller.dll and HammerDrillCollector.dll. The logging now also fingerprints discs by hashing the first two blocks of the ISO image, which enables unique identification of multi-sessions discs even as data is added and removed. The log also logs anytime a HammerDrill trojaned binary is seen on a disc.(14)

AIB

Assassin

The exact purpose of this tool is yet unknown, but it was listed under the hacking tools for Automated Implants Branch.(15)

Frog Prince

A tool for testing and manipulating FI implants. Values can also be get and set through Frog Prince, thus the system can be overridden, manipulated and even disabled.(16)

Grasshopper

Grasshopper is a modular tool used to install software IO tools on targets running Microsoft Windows operating systems. Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). Installers may be configured with rules that will be evaluated on target to determine whether to conduct an install.(17)

NDB

JQJSTEPCHILD

JQJSTEPCHILD appears to be either a tool or a project to discretely exploit and take over Cisco 2911 routers.(18)

Perseus/MikroTik

The NDB appears to have been involved in trying to exploit vulnerabilities in MikroTik's Hotspot and Paywall networking features and MikroTik routers.(19) It appears these are in use in Latvia and other European countries.(20)
The software tool used to do this appears to have been primarily Perseus.(21)
submitted by RebelliousSkoundrel to WLResearchCommunity [link] [comments]

The CIA and NyanCat: The hackers and tools of Vault 7's "Year Zero"

NyanCat
This article is meant to comprehensively break down the enormous material of Vault7's "Year Zero" into something more meaningful to readers less familiar with this technical material. Some highlights include the ability to manipulate cars, TVs, and your computer without you ever noticing and having your passwords stored on a "NyanCat".
Vault 7 is a series of WikiLeaks releases on the CIA and the methods and means they use to hack, monitor, control and even disable systems ranging from smartphones, to TVs, to possibly even dental implants. The Vault7 leaks themselves can be found on WikiLeaks.
Copied from a Steemit article I wrote earlier.

Branches

The following are the different branches or departments of the CIA Information Operations Center and their purpose as well as the relevant tools or projects they are credited with developing or participating in.

Embedded Development Branch (EDB)

Mission:
To be the premiere development shop for customized hardware and software solutions for Information Operations: utilizing operating system knowledge, hardware design, software craftsmanship, and network expertise to support the IOC Mission.
Source: WikiLeaks

Remote Development Branch (RDB)

Operational Support Branch (OSB)

Automated Implant Branch (AIB)

Network Devices Branch (NDB)

Mobile Development Branch (MDB)

Technical Advisory Council (TAC)

CCI Europe Engineering

Tools and projects

The following are software tools released in Vault7 and used by the CIA along with descriptions of their methods, reasons and implications for employment. They have been organized by the branch of which developed them.

EDB

Weeping Angel

Weeping Angel is a complex suite of software which gives the user multiple tools and vectors for attacking, monitoring and listening to a target machine, including Smart TVs.(1)
Weeping Angel is able to:(2) * Extract browser credentials or history * Extract WPA/WiFi credentials * Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application * Investigate the Remote Access feature * Investigate any listening ports & their respective services * Attempt to override /etc/hosts for blocking Samsung updates without DNS query and iptables (referred to by SamyGo) * Add ntpclient update calls to startup scripts to sync implant's system time for accurate audio collection timestamps

Gyrfalcon

Gyrfalcon is a Linux tool that ptraces an OpenSSH client collecting username, password, TCP/IP connections, and session data.(3)

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
Source: WikiLeaks

Sparrowhawk

Sparrowhawk's goal was to collect user-entered keystrokes from any system terminal, and collate in a unified format across multiple Unix platforms.(4)

HarpyEagle

HarpyEagle is a tool designed to gain root access on an Apple Airport Extreme and Time Capsule via local and/or remote means to install a persistent rootkit into the flash storage of the devices.(5)
Facedancer21, a component of HarpyEagle, is a client for keyboard emulation. You are able to send keystrokes to the host computer as if you were typing them into a keyboard.(6)

DerStarke

DerStarke appears to be a suite for discretely and persistently monitoring a target device, allowing the attacker to discretely connect to the Internet and thus beacon back to the attacker's device. Unlike typical Windows packages which do similar things, DerStarke was developed for Mac OSX Mavericks.(7)

YarnBall

YarnBall is a client for intercepting USB keyboard traffic for keylogging purposes on primarily Apple devices. The user can then move this data to a discrete storage device curiously labeled as, NyanCat:
Investigate on communication with NyanCat through USB Async/Sync data methods (Would allow larger than 64 byte commands to NyanCat)
Source: WikiLeaks

SnowyOwl

SnowyOwl is a Mac OS X tool that injects a pthread into an OpenSSH client process creating a surreptitious sub-channel to the remote computer.(8)

Bee Sting

Bee Sting is a discrete tool for injecting data in to iFrame media.(9) This would be coupled with something like Flash Bang to deliver a payload discretely through iFrame media (embedded videos, games, etc.).

MaddeningWhispers

MaddeningWhispers is a peculiar set of tools that allow the user to remotely access and beacon a target "Vanguard-based" device. The user is then able to run a command-line client on the target machine and use it as a beacon/listening post and can also manipulate USB devices on the same bus.(10)

RDB

UMBRAGE

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Source: WikiLeaks

OSB

Flash Bang

Flash Bang is a tool designed to be able to migrate from a browser process (using sandbox breakout), escalate privileges, and memory load a NOD Persistence Spec dll.(11) This basically hacks target system and sets up persistent backdoor through iframe media (embedded videos, games, etc.).

Fight Club/RickyBobby

Fight Club is loaded onto sections of the target system where a set of future actions can be taken. RickyBobby then allows constant monitoring of the network Fight Club is loaded on and performs persistent tasks.(12)
Agents would load a customized malware payload with Fight Club on USB for physical delivery. Software would be loaded onto target's system discretely by disguising itself as WinRAR, VLC Media Player, and more. Nicknames for each, customized payload included MelomyDropkick (TrueCrypt), MelomyRoundhouse (VLC Player), MelomyLeftHook (Shamela) and MelomyKarateChop (WinRar).(13)

Taxman

Taxman is awesome. 'Nuff said.
Source: WikiLeaks

Improvise

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.
Source: WikiLeaks

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Source: WikiLeaks

HammerDrill v2.0

HammerDrill is a CD/DVD collection tool that collects directory walks and files to a configured directory and filename pattern as well as logging CD/DVD insertion and removal events. v2.0 adds a gap jumping capability that Trojans 32-bit executables as they are being burned to disc by Nero. Additionally, v2.0 adds an status, termination and an on-demand collection feature controlled by HammerDrillStatus.dll, HammerDrillKiller.dll and HammerDrillCollector.dll. The logging now also fingerprints discs by hashing the first two blocks of the ISO image, which enables unique identification of multi-sessions discs even as data is added and removed. The log also logs anytime a HammerDrill trojaned binary is seen on a disc.(14)

AIB

Assassin

The exact purpose of this tool is yet unknown, but it was listed under the hacking tools for Automated Implants Branch.(15)

Frog Prince

A tool for testing and manipulating FI implants. Values can also be get and set through Frog Prince, thus the system can be overridden, manipulated and even disabled.(16)

Grasshopper

Grasshopper is a modular tool used to install software IO tools on targets running Microsoft Windows operating systems. Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). Installers may be configured with rules that will be evaluated on target to determine whether to conduct an install.(17)

NDB

JQJSTEPCHILD

JQJSTEPCHILD appears to be either a tool or a project to discretely exploit and take over Cisco 2911 routers.(18)

Perseus/MikroTik

The NDB appears to have been involved in trying to exploit vulnerabilities in MikroTik's Hotspot and Paywall networking features and MikroTik routers.(19) It appears these are in use in Latvia and other European countries.(20)
The software tool used to do this appears to have been primarily Perseus.(21)
submitted by RebelliousSkoundrel to conspiracy [link] [comments]

How to hack an android phone with kali linux metasploit LAN/WAN 2017 Binary Options Trading - How I Turned $250 Into Almost ... Binary Options Trade With 100% Accuracy How to Hack! - YouTube Olymp trade 100% winning hack Binary Robot 365 Review  Is Binary Robot 365 Legit? Binary Robot 365 EXPOSED! Best Binary Options Strategy 2020 - 2 Min Strategy Live ... Binary Cheat Software Review 2016 - How To Cheat Binary ... Is Binary Options Hack Automator All It's Cracked As much as Be? How To Hack Binary Options and make $647 a Day Binary Trading Hack Review - Does Thomas Lawrence's BTH Automator EA Really Work?

What to expect from binary options trading. Top 10 opciones binarias. Opciones binarias cuando una tendencia pierde fuerza > Ambassador (Co-Marketing) > LEARN MORE > BECOME A PARTNER > FIND A PARTNER. Integrations > SALESFORCE > MARKETO > HUBSPOT. Resources. Beda binary dan digital pada iq option. A trusted binary options trading service . Library > Easily browse all content. Customer Stories ... Monday, October 10, 2016. Binary Options Hack Automator Apple Aug 2016 Glandular scrotal Vic Cheat binäre Optionen Hack Automator Null-Risiko-Methode sprangen Faradises im Ausland. MWave DSP Synth Instrument Extract. Der Binary Options Robot ist ein automatisches Handelssystem, das basierend auf einer Kombination automatisch Geschäfte in Ihrem Handelskonto ausführt. Viel liefert die binary bth Automator Null-Risiko-Methode wi. Siehe unten auf der ... ADD SOMETHING HERE... Compare 0; Register or sign in; Compare 0 Binary options hack automator. 14.06.2017 Alexey2001 4 Comments . I automator everything up to date via the Java control panel currently 1. Simply put, you can have binary versions of Java in different places. I had tried a ton of suggested fixes for the issue before stumbling upon this work around You can read more about it in my blog entry. Perhaps in preparation for iOS 8. For Safari ... Binary Trading Hack BTH Automator. Binary Trading Hack BTH Automator es otro sistema de opciones binarias gratuito. No importa cómo estos desarrolladores de software binario gratuito intercambien el sistema si intentan que usted se registre en un intermediario a cambio de un sistema gratuito que necesita para mantenerse alejado. Esta página actuará como un centro y una revisión para que ... Binary Options Trading Hack – Low Deposit Broker Marketplace From Second Yes Yes No No Yes Yes Yes Yes No Exchange, binary base such as in pumping. Sep 09, 2020 · Binary Option Hack. Auf Kosten analog vs xlsm, was die binäre Optionen hacken Automator findet alle Teil der besten Wahl in der binären Option Demo kostenloser Download binary bully, bth Automator. How To Hack Binary Options. Martingale with binary options signals; एटा ; कासगंज; अलीगढ़; Opções binárias olho de aguia; कानपुर; अमरोहा; औरैया; गाजियाबाद; देवरिया; Binary option trading how works; Oq é investimentos em opções binárias; गोरखपुर; उत्तराखंड. Como ganhar com opções binária Binäre Optionen Hack Automator Metatrader Händler binäre Retracement Risiko binäre Optionen Handelssignale. Groß genug Karrieren in binären Optionen profitieren. Wir sind frei binäre Optionen handeln hier s Hack Automator Nummer. Traderforums, binäres Optionssystem. Trader Regel und Taktik Bedeutung Aussprache Erklärung der binären sind wahrscheinlich klug in binäre führende Ebene ... Binary Trading Hack BTH Automator. Binary Trading Hack BTH Automator is another free binary options system. It doesn’t matter how these free binary software developers per trade the system if they are trying to get you to sign up to a broker in exchange for a free system you need to stay away. This page will act as a hub and review to let binary options traders understand the dangers at this ...

[index] [27298] [28650] [1810] [1781] [10857] [12226] [5869] [5378] [16601] [27421]

How to hack an android phone with kali linux metasploit LAN/WAN 2017

In this particular short video Used to do a binary options bot review. At approximately the 00:12 I pointed out it in more detail. We have found more information about binary options bot: I wish that was the case..Binary Robot 365 is really know different than any binary options system that hits the clicksure marketplace.. which is usually about 15 products lauches just in binary ... Code for bonus: SMR2020 Click here: https://binaryoptionsmastery.com Binary Options Trading - How I Turned $250 Into Almost $20,000 In One Month With Binary ... Best Binary Options Strategy 2020 - 2 Minute Strategy LIVE TRAINING! - Duration: 43:42. BLW Online Trading 69,064 views. 43:42. 50 SMA Forex Strategy - EASY MONEY 💰😎💰 - Duration: 24:23 ... Thomas Lawrence has developed an easy mind blowing trading strategy for binary options. His Binary Trading Hack method will actually give you an edge against the binary option brokers. Best Binary Options Brokers for this Strategy: 1. 💲💹IQ Option FREE DEMO: http://www.cryptobinarylivingway.com/IQOption1 2. 💲💹Pocket Option FREE DEMO: http Your real way to EARN BIG PROFIT - ITS EASY! I EARN 975 in week HERE))) http://goo.gl/AzaS9q /// You will earn more at 1 minutes binary options Strategy Earn... To Make Income Online. . . Get Your Free Crash Course By Clicking Here: http://superiorfuture.net/Crash/Course Hi Pete Here, OK guys... get the 100% REAL tru... How to hack an android phone with kali linux metasploit LAN/WAN 2017 https://www.askthehackers.com/how-to-hack-android-phone-metasploi/ Hack any android devi... How To Hack Binary Options and make $647 a Day ... Be VERY careful about anyone promising you easy money with binary options, a binary options trading system, a binary options trading robot, etc ...

http://arab-binary-option.procjaapa.cf