• WikiLeaks Reveals The "Snowden Stopper": CIA Tool To Track

    From Virus Guy@1:396/4 to All on Fri Apr 28 10:48:24 2017
    From: Virus Guy <Virus@Guy.C0M>

    WikiLeaks Reveals The "Snowden Stopper": CIA Tool To Track
    Whistleblowers

    Apr 28, 2017 11:16 AM

    As the latest installment of it's 'Vault 7' series, WikiLeaks has just
    dropped a user manual describing a CIA project known as ‘Scribbles'
    (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed
    to allow the embedding of ‘web beacon' tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information
    about an end user of a document and relay that information back to the
    beacon's creator without being detected. Per WikiLeaks' press release:

    ============
    Today, April 28th 2017, WikiLeaks publishes the documentation and source
    code for CIA's "Scribbles" project, a document-watermarking
    preprocessing system to embed "Web beacon"-style tags into documents
    that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and
    classified SECRET//ORCON/NOFORN until 2066.

    Scribbles is intended for off-line preprocessing of Microsoft Office
    documents. For reasons of operational security the user guide demands
    that "[t]he Scribbles executable, parameter files, receipts and log
    files should not be installed on a target machine, nor left in a
    location where it might be collected by an adversary."
    ============

    WikiLeaks releases 'Scribbles' the CIA's secret anti-leak "Snowden
    Stopper" software https://t.co/8ynyk8GJxg

    — WikiLeaks (@wikileaks) April 28, 2017

    CIA's first rule of stopping the next Manning/Snowden - don't leave CIA document tracking software on suspected source's computer pic.twitter.com/Jn3eAjw7tN

    — WikiLeaks (@wikileaks) April 28, 2017

    The ‘Scribbles' User Guide explains how the tool generates a random
    watermark for each document, inserts that watermark into the document,
    saves all such processed documents in an output directory, and creates a
    log file which identifies the watermarks inserted into each document.

    Scribbles can watermark multiple documents in one batch and is designed
    to watermark several groups of documents.

    RELEASE: "Scribble" the CIA's secret system to track leakers. Full
    source code and documentation included.

    #vault7https://t.co/Mgph7jQkFCpic.twitter.com/5WZTYfG7pZ

    — WikiLeaks (@wikileaks) April 28, 2017

    Dr. Martin McHugh, Information Technology Programme chair at Dublin
    Institute of Technology, gave the RT more details on how the "Scribbles"
    tool can be used for "bad as well as good."

    “Methods of tracking have historically been developed for our
    protection but have evolved to become used to track us without our
    knowledge."

    “Web beacons typically go unnoticed. A tiny file is loaded as part
    of a webpage. Once this file is accessed, it records unique information
    about you, such as your IP address and sends this back to the creator of
    the beacon.”

    But, the "Scribbles" user guide notes there is just one small problem
    with the program...it only works with Microsoft Office products. So, if
    end users use other programs such as OpenOffice of LibreOffice then the
    CIA's watermarks become visible to the end user and their cover is
    blown.

    According to the documentation, "the Scribbles document watermarking
    tool has been successfully tested on [...] Microsoft Office 2013 (on
    Windows 8.1 x64), documents from Office versions 97-2016 (Office 95
    documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected". But this limitation to Microsoft
    Office documents seems to create problems: "If the targeted end-user
    opens them up in a different application, such as OpenOffice or
    LibreOffice, the watermark images and URLs may be visible to the
    end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you
    are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and
    evaluate them in the likely application before deploying them."

    So if you plan to steal some government documents at some point in the
    near future you may want to ditch Microsoft Word.
    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)