Is Senator Bill Nelson (D-FL) Planning to Blame the Russians When He Loses in November 2018? Looks like it!

Florida Senator Bill Nelson unequivocally stated to the Tampa Bay Times,

“They [the Russians] have already penetrated certain counties in the state [of Florida] and they now have free rein to move about.”

Senator Nelson is up for reelection. Making such a statement demands proof in order to protect Florida’s voting systems. Attempts by various news outlets to get the proof have been fruitless.

Miami’s WPLG Local 10 released the following report on YouTube:

Senator Nelson, by his own admission, is vulnerable in Florida. Why would Nelson make such a statement then not at least provide information to Governor Scott and local election officials? Doesn’t Senator Nelson want Florida’s election systems to be safe from hacks by any foreign or domestic entity?

Is Senator Nelson planning to blame the Russians for the loss of his U.S. Senate seat, like the Democrats did in November 2016?

It sure looks like it.

RELATED ARTICLE: TRAPPED: Democrat Senator Bill Nelson Lied Or Released Classified Intel, Reports Suggest

EDITORS NOTE: The featured image of Senate Aging Committee Chairman Sen. Bill Nelson, D-Fla. listening on Capitol Hill in Washington, Wednesday, Sept. 10, 2014, during the committee’s hearing to examine older Americans and student loan debt. (AP Photo/Lauren Victoria Burke)

VIDEO: The Awan Brothers/Democrat I.T. Scandal

New reports have emerged that dozens of House Democrats waived the background checks on the Awan Brothers — the House I.T. aides handling their cybersecurity and with access to their email systems. Judicial Watch President Tom Fitton went to Capitol Hill last year to help shine a spotlight on the ongoing Awan Brothers I.T. scandal in the House of Representatives that the mainstream media — and, sadly, even our Justice Department and much of Congress — are all ignoring.

This is a story that involves political corruption, alleged cybersecurity breaches, the potential sharing of private constituent info, possible large-scale fraud, cover-ups, and threats to our national security.

INFOGRAPHIC: 77 Facts About Cyber Crimes One Should Know in 2018

WHAT ARE CYBERCRIMES?

The use of computers and modern telecommunication networks with the intention of causing a harm or loss to someone is known as cybercrime. They have been around ever since the creation of computers and have gained popularity since the beginning of the new millennium.

Even though it may sound unbelievable, the first ever form of crime against technology took place in 1820 in France, when Joseph-Maria Jacquard, a textile manufacturer, created the loom. It was a device which was able to repeat series of steps used in weaving. Afraid their employment was being threatened, the workers from his factory sabotaged the device in order to stop Jacquard from using technology.  However, today’s article is about crimes that affect the cyber technology only, not technology in general.

Fast forward 200 years and these crimes are at their peak. Cybercrimes have a huge effect on the global economy as they create a damage of more than 4 billion dollars, thus becoming the greatest threat to companies worldwide.

Malware, web based attacks, denial of services, malicious insiders, phishing and social engineering, malicious codes, compromised and stolen devices, ransomware, botnets, are the cyber attacks which created the biggest damage in 2017 with a combined cost of over $11.5 million.

Powerful antivirus solutions like BitDefender are a must-have, together with a strong firewall, but it is the end user who must be aware of the lurking dangers because personal carelessness is one of the main gateways hackers exploit.

There is an unspecified number of hackers in the world, and a list of the most famous ones follows.

  • Kevin Mitnick, the most wanted computer criminal in the USA.
  • Gary McKinnon, coordinator of the largest military computer hack.
  • Robert Tappan Morris, the creator of the first computer worm.
  • Julian Assange, the guy who created WikiLeaks.
  • Anonymous, an international hacktivist group which targeted Amazon, PayPal, Sony, etc. as their victims.

We conclude with a quote from Newton Lee:

As the world is increasingly interconnected, every shares the responsibility of securing cyberspace”.

As a society, we cherish our right to privacy probably more than anything else. Sharing is great, and we all enjoy it, but there is always that other side, the untold story, the personal, the secret. Now, let’s extrapolate this to a societal level. How many information is out there, purposely being concealed for the sake of greater good, for the sake of our own safety? The number is probably unfathomable. Today, when everything is online, and our lives are intertwined with a world most of us know nothing about, privacy and safety become an issue of epic proportions.

That is why we need to talk about cyber crime and utilize the very best VPNs. However, instead of writing a tract of tedious length, here is an infographic that outlines the most important cyber crime facts all of us should be aware of in 2018.

VIDEO EXPOSE: Twitter Engineers To ‘Ban a Way of Talking’ Through ‘Shadow Banning’

In the latest undercover Project Veritas video investigation, eight current and former Twitter employees are on camera explaining steps the social media giant is taking to censor political content that they don’t like.

VIDEO: Senior Network Security Engineer Reveals Twitter Ready to Give Trump’s Private DMs to DOJ.

In an email, the alternative social media site, Gab.ai states:

Since August 2016 Gab has been leading the way with exposing the double standards, hypocrisy, and mass censorship of Big Social Media companies in Silicon Valley. We’ve told you about shadow-banning, hypocritical one-sided rule enforcement, unfair treatment of conservatives and Trump supporters, and one-sided political agendas being pushed by these multi-billion dollar communication platforms that are used by hundreds of millions of people.

Over the last several months we’ve been working closely with Project Veritas to help them infiltrate these big technology companies and expose the mass censorship and corruption happening each and everyday. Thanks to James O’Keefe and his team there is now undeniable proof of Twitter employees admitting that censorship, double standards, and hypocrisy are indeed happening on these platforms.

Olinda Hassan is a Policy Manager for Twitter’s Trust and Safety Team. Her team is responsible for the enforcement of Twitter’s rules and regulation, deciding who and what is allowed to be on the platform. Project Veritas caught her on camera saying this:

PV Journalist: “But how do you keep, like, my timeline… how do you keep certain things off my timeline? People will like retweet people.

Olinda: “We’re trying to down rank it, but you also need to have control of your timeline.”

PV Journalist: I’ve tried to, like block people like Cernovich and stuff like that and mute and stuff like that, but they still show up, like all the time.

Olinda: Yeah. That’s something we’re working on. It’s something we’re working on. We’re trying to get the shitty people to not show up. It’s a product thing we’re working on.”

Some of the other admissions captured by Project Veritas are staggering, and confirm everything that Gab has been saying since August 2016: Silicon Valley is censoring Trump supporters, conservatives, and anyone else they disagree with politically. Here’s a quote from a former member of Twitter’s Content Review Team:

PV Journalist: …a user end services person would deem it: “Pro-Trump,” and take it down?

Mo Norai: Yeah, if they said this is: “Pro-Trump” I don’t want it because it offends me, this, that. And I say I banned this whole thing, and it goes over here and they are like, Oh you know what? I don’t like it too. You know what? Mo’s right, let’s go, let’s carry on, what’s next?

PV Journalist: So, I flag something it’s going to go by you….

Mo Norai: Correct, and they you know you’re looking at it and you’re like: “Oh hey, this is Pro-Trump ….I don’t like it.

RELATED ARTICLES: 

Twitter’s WORST Examples Of Anti-Conservative Bias

Twitter Engineer Admits to Banning Accounts that Express Interest in God, Guns, and America

EDITORS NOTE: James O’Keefe has just completed a book about this series entitled “AMERICAN PRAVDA: My fight for Truth in the Era of Fake News.” The book will be released by St. Martin’s Press on January 16, 2018. Pre-order the book: http://www.americanpravdabook.com

How Equifax was hacked in major security breach

In case you haven’t already heard about it, there was a massive security breach at Equifax, a credit reporting company, that leaked sensitive information affecting around 150 million people. The sensitive data included Social Security Numbers, Addresses or Phone numbers. And the fact that makes this data leak even more impressive compared with others is that most of the affected people might not even be aware.  Here’s the complete coverage of the data breach:

The size of the breach

According to the company official statement, around 143 million people were affected in the United States alone and there were victims from UK and Canada as well but no estimation has been given for that.  What’s even worse is that, besides of the SSN and personal info like phone numbers and physical addresses, more than 20000 US citizens got their card numbers compromised, making this breach one of the most severe in history.

When and how did it happen?

Equifax were unable to pinpoint the exact date of the hack, especially considering that it seems to have happened over several days. However, officials stated that, according to investigations, the hack happened between May and July and it was discovered on the 29th of July by security experts inside the company. The public was not informed until the 7th of September though and that is another point of criticism for Equifax.

Asked about the circumstances that lead to this breach, the Equifax officials said that the hackers managed to exploit website application vulnerability and gained access to several files that contained the sensitive info they stole. Even with the size of the breach, company officials are still quite quiet about the whole thing.

Who was behind the attack?

Once again, Equifax did not manage to give a clear answer in this regard. They decided to hide behind the fact that an investigation is taking place since they found out about the breach and that they will come back with clarifications once the investigation is over. Of course, according to this event, rumors already started pointing towards several Russian or North Korean hacker groups as possible authors.

How can you check if you are at risk?

The odd thing about this hack is that most of the data stolen from Equifax belong to persons that were not even aware that they exist in such a database. How was this possible, you may ask? Well, because they gather data from credit card companies, retailers, banks and lenders and some of them are not obliged to notify the customers about giving that data to such a third party as Equifax.

They advise customers to go for credit file monitoring and identity theft protection through their TrustedID Premier service regardless of the fact that you have been a victim of the hack or not. In order to find out if you were among the victims of the attack, you should check on their website by providing your last name and last six digits of your social security number. This checks their database and notifies you almost instantly if you were among the victims of the data leak or not.

Who is investigating this breach?

The first independent investigation was launched by the New York Attorney General, followed by a Congressman that sent a letter to House Judiciary Committee Chairman regarding the initiation of an official investigation on the same subject. Besides this, the Consumer Financial Protection Bureau is also looking into the attack as well. They issued a press release saying that their institution is authorized to take action against other institutions that might be engaged in unfair or abusive acts of practices or that violate federal consumer financial laws. In the ending of the press release, their spokesman also mentioned that they are looking into the data breach and collaborating with Equifax but cannot further comment on the topic.

Is Equifax the biggest data breach recorded?

While the hack attaches that affected Equifax is, indeed, very large in terms of affected individuals and the severity of data that was made accessible to people with not-so-good intentions, this is not the biggest data leak in history. Just recently, the online giant Yahoo was attacked and almost 1 billion accounts were breached then. Fortunately, the data was not as sensitive as being able to steal Social Security Numbers or Credit Card numbers but the violation of privacy is sometimes worse.

As a bottom line, as long as big companies that handle sensitive data won’t dedicate a lot of attention safeguarding themselves and the info they possess from this kind of attacks and hackers, no info is safe. This doesn’t necessarily mean that you can’t trust giving your personal info online, however, make sure to double check IF they have a security system and how effective is it. That may seem like an odd question for their support operators, however, we’re living in the modern era. So, stay safe and only work with a trusted system that shows clear signs of anti-theft protection.

RELATED ARTICLES:

Equifax CEO retires after data breach

The 6 Types Of Cyber Attacks To Protect Against In 2018

How Google and Facebook Collect Data about You and the Internet

Google and Facebook are probably the most widely used websites on the Internet. Around 70% of Internet users globally use Google as their default search engine, while Facebook already has 1.5 billion users. These two Internet giants collect enormous amounts of data every day, from many different sources. And it would be naïve on our part to think that they only make use of the data we deliberately provide them with. In reality, both Google and Facebook have their own user tracking and data collection systems that go beyond our public profiles.

Google’s Data Collection Tools

Google has penetrated every sphere of people’s online activity. Just a few services that are the most wide-spread:

  • Gmail – contains all the information about your contacts and the content of your letters. It is one of the most used email services, along with Yahoo and Hotmail.
  • Google Docs – contains tons of information about businesses and personal projects
  • Google search engine collects data from your search enquiries. It also knows, which search results you click on and how much time you spend on the search result web page.
  • Youtube – Google integration allows it to know which videos you watch and for how long, knowing a lot about your preferences.
  • Twitter – owned by Google, Twitter provides it with tons of user information

There are tons of other Google services, like Google Analytics, Google Finance, Google Apps, just to name a few. Have you ever thought about why all these services should be for free? The answer lies in the fact that the more services are free and of good quality, the more people across the globe will use them. And using a service means providing it with data. This way, Google possesses enormous layers of user data from every corner of the world.

How does it put it to use? In our digital era, information is power. First of all, Google makes a lot of money on advertising. In order for it to be effective, Google uses your search and other information to show you the ads that are most likely to work. The more Google knows about you, the more effective the advertising will be. Secondly, such data arrays allow Google to know about emerging market trends earlier than anybody else, with immense opportunities for competitive advantage. Thanks to this information, they can react to change much faster, and again, make more profit.

What Facebook Knows About You

With all the advantages global information can give you it would be unwise to think Facebook does not take advantage of the colossal amount of information it has access to.

Here are a few tools Facebook uses to track your activity:

  • Facebook cookies allow it to track your browser information, meaning everything you read here on the Internet, even when you left the Facebook page, but did not log out.
  • Facebook Connect is a plug-in that many websites use. It allows you to log in or register on that third-party website using your Facebook login and password. While this really undermines your account security, this also allows Facebook to track your third-party website activities.
  • Instagram is a great tool to track location, hobbies, activities and people involved.

Facebook tracks and makes use of all of your activity inside Facebook itself. Have you ever wondered how your news feed on Facebook works the way it does? Why the news from people you have been chatting with or whose pages you’ve been browsing are displayed first, while some people’s news are not displayed at all? And why you only see ads for your local products even though you have never indicated your place of residence in your Facebook profile?

Unfortunately, Facebook makes use of all the data about your activity on the website: who you chat with in private messages, what you write about and whose pages you prefer. Moreover, it also keeps track of how much time you spend on a certain post you are reading, and how much time it takes you to view news on certain topics. Just as in the case of Google, this information is used for profit-making purposes. The more Facebook knows about people of your age and interests, the more effective advertising could be. The power of Facebook in knowing all about us is virtually unlimited.

So, what can we do with this information? To be completely honest, nothing. We are at that point in time when quitting Facebook or Google would cut us off millions of opportunities, including staying in touch with our relatives, shopping for food or finding a job. Google and Facebook own the Earth, and there is not much you can do about it.

The only precaution could be to keep private things really private. Keep your accounts free of your private pictures or data you don’t want anybody to know about, and store commercial information about your business on some hardware in your closet. In a data-driven world like ours, it is impossible to avoid being part of the data collection pool, but it is after all a natural thing for the modern era.

FBI seized smashed hard drives from Wasserman Schultz’s Muslim IT aide’s home

Five Pakistani-born Muslim Congressional IT aides are now under criminal investigation, and the establishment media is resolutely looking the other way.

Imran Awan (right)

Questions abound. “Collectively, the Awan group has been paid $4 million since 2009.” That’s a tremendous amount of money for IT work. And what is on these hard drives that led Imran Awan to work so resolutely to recover and destroy them? A genuine journalist would be working hard to find out what Imran Awan and his brothers, and the House Democrats, have to hide. But the establishment media is a propaganda arm for the Democrats, and so it has no interest in this affair.

“EXCLUSIVE: FBI Seized Smashed Hard Drives From Wasserman Schultz IT Aide’s Home,” by Luke Rosiak, Daily Caller News Foundation, July 23, 2017:

FBI agents seized smashed computer hard drives from the home of Florida Democratic Rep. Debbie Wasserman Schultz’s information technology (IT) administrator, according to two sources with knowledge of the investigation.

Pakistani-born Imran Awan, long-time right-hand IT aide to the former Democratic National Committee (DNC) Chairwoman, has since desperately tried to get the hard drives back, an individual whom FBI investigators interviewed in the case told The Daily Caller News Foundation’s Investigative Group.

An additional source in Congress with direct knowledge of the case, speaking on condition of anonymity because of the sensitivity of the probe, confirmed that the FBI has joined what Politico previously described as a Capitol Police criminal probe into “serious, potentially illegal, violations on the House IT network” by Imran and three of his relatives, who had access to the emails and files of the more than two dozen House Democrats who employed them on a part-time basis.

Capitol Police have also seized computer equipment tied to the Florida lawmaker.

Awan’s younger brothers, Abid and Jamal, his wife, Hina Alvi, and Rao Abbas, Imran’s best friend, are also under investigation. There have been no arrests in the case.

There is also evidence of financial schemes that extend beyond the Capitol Police’s purview and may expand to Pakistan, where Imran spends significant portions of the year….

Soon after Imran began working for Wasserman Schultz in 2005, his two brothers and two of their wives — plus Abbas and another friend — began appearing as IT staffers on the payrolls of other House Democrats. Collectively, the Awan group has been paid $4 million since 2009.

Fellow IT staffers TheDCNF interviewed said the Awans were often absent from weekly meetings and email exchanges. One of the fellow staffers said some of the computers the Awans managed were being used to transfer data to an off-site server.

Shortly after the criminal probe was revealed in February, Imran abruptly moved out of his longtime home on Hawkshead Drive in Lorton, Va., and listed it for rent on a website that connects landlords with military families.

One of the new tenants — a Marine Corps veteran married to a female Navy Officer — said he found “wireless routers, hard drives that look like they tried to destroy, laptops, [and] a lot of brand new expensive toner.”

The tenants called the Naval Criminal Investigative Service and, not long after, FBI agents arrived together with the Capitol Police to interview them and confiscate the equipment. The Marine spoke on condition of anonymity because of concerns for his wife’s naval career, saying she doesn’t want to be associated with a national security incident.

“It was in the garage. They recycled cabinets and lined them along the walls. They left in a huge hurry,” the Marine said. “It looks like government-issued equipment. We turned that stuff over.”…

RELATED ARTICLES: 

House IT Aide’s Lawyer Is Longtime Clinton Associate

Video: Knife-wielding Muslim screaming “Allahu akbar” wounds Spanish cop at Melilla border

Village Voice: Concern over policies that led to Muslim cop shooting unarmed woman just “racism”

What Is the Deep State? by Thomas Knapp

Buzzwords come and buzzwords go. Lately, a trending buzzword – or, I guess, buzz phrase – among the politically inclined is “Deep State.” Google News returns 127,000 recent media uses of the phrase.

Every time US president Donald Trump finds himself under attack or just stymied in one of his policy initiatives, his supporters blame the Deep State. The Deep State is behind the “Russiagate” probes. The Deep State doesn’t like his Muslim travel ban or his ObamaCare replacement bill. The Deep State keeps forcing him to break his campaign promises of a less misadventurous US foreign policy.

I’m expecting reports, any day now, that the Deep State stole his limo keys and left the toilet seats up in the residence area of the White House.

So what, precisely, is the Deep State?  There’s actually both more and less to it than you might think.

Defining the Deep State

In a recent Bloomberg column, former Obama administration regulatory czar Cass Sunstein defines the Deep State as merely “the talented professionals who serve both Democratic and Republican administrations, and who are civil servants rather than political appointees.” While not incorrect as such, that definition is superficial and not especially informative.Actions of state functionaries tend to maximize the state’s growth and their own discretionary power.

Others identify the Deep State as residing completely or nearly completely in the US “intelligence community” specifically and the Military-Industrial Complex in general, or in Washington’s sprawling regulatory apparatus.

It’s in the intel/military definition that the idea tends to take on a more active, sinister connotations: Spies and generals conspiring to put over a coup of some sort, if necessary maybe even giving inconvenient political figures the JFK treatment. Without discounting that possibility, let me propose that while individuals acting in knowing concert might be a minor feature of the Deep State, they aren’t its essence.

In high school civics class theory, elections are meaningful and political government is a highly developed, well-oiled, deliberative decision-making machine in which ideas matter and the best ones win out, to the benefit of all.

In fact, it is in the nature of political government to put its own needs first, and its corps of unelected workers (greatly outnumbering the politicians who have to explain themselves to voters) closely identify its needs with their needs and vice versa.

Resistance to Change in Motion

The aggregate actions of long-term state functionaries will always tend to maximize the state’s growth and their own discretionary power. Not because they are venal or corrupt (although some certainly are), nor because they necessarily subscribe to some particular ideology (although some certainly do), but because like their actions, they themselves are an aggregate whose parts will overwhelmingly respond to the same incentives in the same ways.

You’ll never walk into a hotel and see a sign in the lobby announcing “Welcome Deep State, Conference Room 3A.” The Deep State isn’t a conscious conspiracy, even if there are conscious conspirators within it. The Deep State is a large mass with no guiding intellect. Its inertia tends to hold it in one place and/or to carry most of its members in the same direction.

Reprinted from the Libertarian Institute.

Thomas Knapp

Thomas Knapp

Thomas L. Knapp, aka KN@PPSTER, is Director and Senior News Analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism and publisher of Rational Review News Digest. He lives and works in north central Florida.

Israeli Comes up with fix to inoculate against Ransomeware Virus

Credit Israeli cyber sleuths for coming up with a quick fix to protect network operating software against intrusion by Ransonware. Take that Symantec and Kaspersky labs.

Note this Jewish Press.com/Ha’aretz report.

Amit Serfer, an Israeli researcher at Siibrizn Labs, discovered a method to block attacks of the Petya ransomware program that on Tuesday hit thousands of computers around the world, including in Israel, Ha’aretz reported on Wednesday.

Tuesday’s second major global ransomware attack in as many months crippled and held for ransom the computers of major firms including British multinational advertising and public relations company WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk.

Researchers have reported that Petya not only encrypts specific files, but also encapsulates the computer boot sector (MBR), the part of the hard disk that’s loaded first when the computer is started. It includes information on the hard disk structure and is used to load the operating system.

Serfer discovered a way to prevent Petya from turning on and multiplying itself. “When the malicious software starts working, it checks whether in the past it ran the files, so as not to encrypt them twice,” he told Ha’aretz. “It looks for the name of the file without an extension in a Windows folder that turned it on (C:\windows\perfc).”

According to Serfer, if Petya finds the file, it concludes the computer has already been attacked and does not activate the encryption function.Credit Israeli cyber sleuths for coming up with a quick fix to protect network operating software against intrusion by Ransonware. Take that Symantec and Kaspersky labs.

Note this Jewish Press.com/Ha’aretz report.

Amit Serfer, an Israeli researcher at Siibrizn Labs, discovered a method to block attacks of the Petya ransomware program that on Tuesday hit thousands of computers around the world, including in Israel, Ha’aretz reported on Wednesday.

Tuesday’s second major global ransomware attack in as many months crippled and held for ransom the computers of major firms including British multinational advertising and public relations company WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk.
Advertisement

Researchers have reported that Petya not only encrypts specific files, but also encapsulates the computer boot sector (MBR), the part of the hard disk that’s loaded first when the computer is started. It includes information on the hard disk structure and is used to load the operating system.

Serfer discovered a way to prevent Petya from turning on and multiplying itself. “When the malicious software starts working, it checks whether in the past it ran the files, so as not to encrypt them twice,” he told Ha’aretz. “It looks for the name of the file without an extension in a Windows folder that turned it on (C:\windows\perfc).”

According to Serfer, if Petya finds the file, it concludes the computer has already been attacked and does not activate the encryption function.

Serfer sees his solution as an inoculation against the invading virus.

JEWISHPRESS.COM

Fitnabook: Islamic State builds social media platform to rival Facebook

“We have certainly made it a lot harder for them to operate in this space.”

Facebook and Twitter are ruthlessly clamping down on foes of jihad terror — referrals to Jihad Watch from Facebook and Twitter went down 90% on February 11 and have never rebounded — as well as upon jihadis. This is another attempt to appease Muslims and avoid appearing “Islamophobic,” by reinforcing a false moral equivalence, perpetuating the libelous and ridiculous claim that “Islamophobes” are the non-Muslim equivalent of jihad terrorists.

Maybe foes of jihad terror will have to set up secret spaces on the dark web.

“DARK WEB ISIS ‘is building its own secret social media platform to rival Facebook where fanatics can recruit new jihadis and share vile beheading videos,” by Tom Michael, The Sun, May 4, 2017:

ISIS is developing its own social media platform to rival Facebook where fanatics will be free to recruit others and share extremist material, according to the EU’s top cop.

Europol Director Rob Wainwright said the new online platform had been uncovered during a 48-hour operation targeting internet extremism last week.

More than 2,000 extremist items were identified on 52 social media platforms during the crackdown, which involved officials from the US, Belgium, Greece, Poland, and Portugal.

Speaking at a security conference in London, Wainwright said: “Within that operation it was revealed ISIS was now developing its very own social media platform – its own part of the internet to run its agenda.

“It does show that some members of Daesh (ISIS), at least, continue to innovate in this space.”

Jihadis have often relied on mainstream social media platforms to communicate and to spread propaganda.

Messaging app Telegram has proved especially popular over the past year, with terror chiefs using it to urge lone wolf attacks in the weeks leading up to Khalid Masood’s Westminster rampage.

It has also been used to share instructional videos on how to make suicide belts, along with “idiot’s guides” to other attack methods in the past.

But technology firms like Facebook and Google have come under increasing pressure to do more to tackle extremist material online, prompting the fanatics to explore other options.

Wainwright said ISIS’s decision to try and create its own social media platform was a response to combined pressure from intelligence agencies, police forces and the tech sector.

He said: “We have certainly made it a lot harder for them to operate in this space….

RELATED ARTICLES: 

Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

UK: Muslims gang-rape teen girl who stopped in kebab shop to ask directions

Video: University at Buffalo Left-fascists scream abuse at Robert Spencer, officials do nothing

EDITORS NOTE: We called the ISIS social media site Fitnabook. To understand what the Arabic term Fitna means please click here.

How You Can Combat Online Censorship

This is not new. It has been ongoing for years: when fascists are unable to control the narrative, they shut down the discussion.

I am seeing now that most of the UK and many other European Internet service providers (ISPs) are blocking this as well as many other websites from being viewed.

Not content with shadow banning academics guilty of wrong speak from social media, attempting to turn them into unpersons, they are using blocking methods originally developed but rarely used to block criminal enterprises on the web (think scammers and pedophiles) with far more alacrity than when they were ever used as originally intended.

They use a variety of methods to control what you are allowed to view online, much like how I had “guardian control” on our television to stop the kids from watching channels that were not suitable. Amusingly, I know of one home and office firewall company that is listing jihadwatch.org as “adult entertainment.” A provider in the UK, also listing Jihad Watch as adult, asks for credit card numbers to prove you are old enough to view the site.

Canada is introducing “measures,” specifically in Quebec, to block illegal gaming sites, which I would bet my last Loony on being leveraged in the same way, as soon as they criminalize “Islamophobia,” a.k.a. any criticism of jihad and the violence and crime that go hand-in-hand with Islam.

So today, some Internet providers just block this and other sites, giving the impression that site is “down,” not available, mockingly suggesting, “please try later.” We will be seeing far more of this, and there is little anyone can do to stop this from being implemented further.

The vast majority of blocks are actually very simple to bypass. They “poison” the DNS servers that they provide free with your Internet access to misdirect you to other locations. The Turkish government has been using this method for Internet access for a few years. The Chinese “protect” nearly half the world’s population from ThoughtCrime with this trick.

DNS stands for Domain Name Servers. They translate the user-entered website (domain name) such as www.jihadwatch.org into a number that is used by your computer to connect to the website — think postal/zip code. Normally, you are automatically assigned DNS Name Server addresses by your Internet service provider, but changing the DNS servers (on your local machine or router) will stop censorship using this method. 

Bypassing the simple DNS poisoning method that is most commonly used is very simple: you just change the DNS servers that Cisco, the worldwide leader in IT and networking hardware, was kind enough to provide. Try use.opendns.com or safer for sharing 208.69.38.205 (which cannot be easily blocked). In fact, in many cases, OpenDNS may be a better service than your own service provider’s DNS. It is simply tested, but whatever happens in the future, keep that link handy to check if your favorite websites really did just vanish.

Here is a complete current list of free to use public DNS serversCisco just has great instructions to make the required changes. I believe they do this intentionally to assist in bypassing government censorship.

Further, I would strongly suggest that anyone who may in the future be guilty of wrong think or some other thought-crime, go one step further and encrypt all your Internet traffic using a VPN (Virtual Private Network), so that Internet providers, government agencies and even employers can not snoop. I have been involved with the development of airvpn. I have no financial motive, but I believe they are the best (speed/price), but maybe not as user-friendly as some more commercial VPNs such as Freedome. Using a VPN would be best practice to also stop cyber criminals from carrying out a number of attacks against you when you are using a public WiFi (cafe, airport, etc.). It also is a more thorough way to block censorship. If you use a VPN, you do not need to change DNS servers, as the VPN does this for you.

*above, I knowingly use the term “dns poisoning” knowing that it is most commonly used to describe an attack when a bad actor diverts a website’s intended  traffic to some other location, normally to inflict some damage, but the ISPs are using similar methods that a Bad Actor would use with the intent of censorship.

Robert Spencer: Why Is Donald Trump Doing This?
India: Muslims hack man to death for atheist post on Facebook

VIDEOS: Why We’re Being Watched by Kelly Wright

Wikileaks has just published over 8,000 files they say were leaked from the CIA, explaining how the CIA developed the capacity to spy on you through your phone, your computer, and even your television. And Wikileaks’s Julian Assange claims these “Vault 7” documents are just one percent of all the CIA documents they have.

The media will be combing through these for weeks or months, so now is a perfect moment for us to reconsider the role of privacy, transparency, and limited government in a free society.

We’ve put together a quick list of the six best Learn Liberty resources on government spying and whistleblowing to help inform this discussion.

1. War Is Why We’re Being Watched

Why is the US government spying on its citizens in the first place? Professor Abby Hall Blanco says that expansive state snooping at home is actually the result of America’s military interventionism abroad:

2. Is Privacy the Price of Security?

Yes, you may think, the government is snooping on us, but it’s doing that to keep us safe!

That’s the most common justification for sweeping and intrusive surveillance, so we held a debate between two experts to get right to the heart of it. Moderated by TK Coleman, this debate between Professor Ronald Sievert and Cindy Cohn, the Executive Director of the Electronic Frontier Foundation, was inspired in part by the revelations about NSA surveillance leaked by Edward Snowden in June 2013.

3. Freedom Requires Whistleblowers

People are already drawing parallels between the Snowden leaks and the Vault 7 revelations. If the leaks are indeed coming from a Snowden-like whistleblower, that will once again raise the issue of government prosecution of people who reveal classified information to the public.

Professor James Otteson argues that a free society requires a transparent government, and whistleblowers play a key role in creating that accountability. Otteson also sounds a warning that should resonate with many Americans today:

Maybe you’re not concerned about the invasions of privacy that the federal government agencies are engaging in because you think, “Well, I haven’t done anything wrong. What do I have to fear?” Maybe you think, “I like and support this president. I voted for him.”

But what about the next president?  The powers that we let the government have under one president are the same powers that the next president will have too.

What if the next president is one you don’t support? He, too, will have all the power that you were willing to give the president you now support.”

4. Encryption Is a Human Rights Issue

Documents from Vault 7 suggest that the CIA has been so stymied by encrypted-messaging apps, such as Signal and Whatsapp, that it has resorted to taking over entire smartphones to read messages before they are sent.

That turns out to be a costly, targeted, and time-consuming business that doesn’t allow for mass data collection. But for decades, government officials have tried to require tech companies to give the government a backdoor into their encryption. In “Encryption Is a Human Rights Issue,” Amul Kalia argues that protecting encryption from government is essential to our safety and freedom.

5. The Police Know Where You Live

It turns out that it’s not just spy agencies that have access to detailed information about your life. Ordinary police officers have it, too, and they often face little supervision or accountability. As Cassie Whalen explains, “Across the United States, police officers abuse their access to confidential databases to look up information on neighbors, love interests, politicians, and others who had no connection to a criminal investigation.”

Surveillance is a serious issue at every level of government.

6. Understanding NSA Surveillance

If you’re ready to take your learning to the next level, check out our complete video course on mass government surveillance with Professor Elizabeth Foley. In it, you’ll learn what you need to know to make sense of the NSA scandal in particular and mass surveillance in general.

Reprinted from Learn Liberty.

Kelly Wright

Kelly Wright

Kelly Wright is an Online Programs Coordinator at the Institute for Humane Studies.

RELATED ARTICLE: Deterrence and Human Nature

WTH?! 1984 is Here to Stay – Proof is Vault 7

By Wallace Bruschweiler and William Palumbo…

This article is addressed to the public in general, but especially the media, i.e., journalists who should know better but don’t.

Last week, WikiLeaks released classified documents relating to CIA-funded surveillance programs and techniques.  Under the code-name Vault 7, Julian Assange’s organization has so far disclosed only a small fraction (1%) of the total documents, which they claim to be the “largest intelligence publication in history.”  The “Year 0” release contains 7,818 web pages and 943 attachments.  (You can view the entire Vault 7 ‘Year 0’ collection here.  For a good overview of what Vault 7 consists of and some potential implications, follow this link.)

Some of the more sensational activities documented in Vault 7 explain how the CIA has retained, through electronic and programming loopholes and proprietary technology, an ability to remotely activate a variety of personal electronic devices, enabling them to – for example – listen to private conversations within earshot of your smartphones microphone.  Ostensibly, this is also true for cameras (e.g., on your smartphone phone, laptop, iPad, on your television).

For many Americans, this news comes as an unwelcome surprise.  Before we continue, let’s pause and examine whether the public outcry is justified.

You’re being listened to, recorded, and watched – and have been for a while

1984 is not fiction, it’s fact.  Electronic surveillance (or ELINT, electronic intelligence) is nothing new – it’s old.  Phone and all other transmission lines have been wiretapped for decades at least.  America, and our enemies and allies alike, spy on each other literally constantly.  You shouldn’t be surprised.  All governments surveil their domestic population for a variety of lawful, well-intentioned, and important reasons.  For example, to combat organized crime, the drug trade, and also counter-terrorism.

If you were born after 1950, wiretapping has been pervasive (yet likely unnoticed, in the background) for your entire life.  Unless you’re a criminal (or just plain paranoid), it’s highly unlikely these methods were ever of personal concern to you.  It’s totally unlikely that the FBI, CIA, NSA etc. ever bothered to listen to, much less analyze your chit chat.  The extent to which the average person’s  phone calls, emails, or internet usage, Facebook, Twitter, Google, etc. are scrutinized is in the form of metadata, i.e. global data used to determine norms, from which aberrations of interest can be identified and selected for further analysis.

There’s far too much data generated daily for even an army of intelligence analysts to review in any detail.

You get what you pay for (and even more)

“An army” is not an exaggeration.  Let’s take a look at some figures related to Vault 7 and, more broadly, the entire intelligence community.

Please note that the figures below are estimates, as exact figures are classified.*

NSA

  • Budget: $18.0 billion
  • Employees: 35,000 – 55,000
  • Salary (dependent on position): $60,000 – $115,000

CIA

  • Budget: $14.7 billion
  • Employees: 21,575
  • Salary: $100,000

National Intelligence Program (NIP) and Military Intelligence Program (MIP) Budgets

  • Total National Intelligence Program Budget (2016): $53.9 billion
  • Total Military Intelligence Program Budget (2016): $17.9 billion
  • Total Intelligence Budget: $71.8 billion

* All figures as-of 2016 or as current as possible.

With all of that money and all of those people, what does the public think they should do?  The security of the nation relies on the ability to discreetly collect accurate information by all means available, many which seem futuristic.  With $25.3 billion per year (2013) spent on data collection alone, we can expect and should demand that the CIA and NSA develop novel and sophisticated technological tools, and use them at their – legal – discretion.

Capability vs. Usage

A word should be said to differentiate between capability and usage.  Vault 7 proves that the CIA has the ability to electronically surveil anyone they wish to.  However, so far there is no proof that these programs are widely and systematically abused to target the innocent.  There are numerous legal protections in place that protect the public, such as the need for court warrants and the FISA court itself.  Again, the average member of the innocent public will never be affected by government surveillance.

Private Sector Cooperation and Investment

Of course, the CIA and NSA don’t work in a cocoon.  Their international counterparts are linked via programs such as CRUCIBLE, ECHELON, Perseus, TREMOR, UMBRAGE etc.  There is also a significant involvement in private sector, to the point of active investment in emerging HAL 3000-type technologies.

Enter In-Q-Tel, established in 1999, at the peak of the dot-com boom.  (Maybe “global warming” pundit Al Gore really did invent the internet after all?  After all, who knows?)

Officially, independent from the CIA, In-Q-Tel “invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency, and other intelligence agencies, equipped with the latest in information technology.”  Think “Q,” the techie character from James Bond.

Founded by a former Lockheed Martin executive, the portfolio of this company reads like an encyclopedia of modern information technology.  Consider: they’re behind companies/technologies such as Google Earth, Palantir Technologies (Peter Thiel’s company), automatic language translation, geospatial imaging, virtual reality, search engines and malware protection, and many, many others.

Studying an organization like In-Q-Tel, it is easy to see how high tech military and intelligence investment helps drive technological progress.

Assange’s Offer

Recently, FBI Director James Comey was quoted as saying there is “no such thing as absolute privacy in America.”

Noting the considerable outcry by the public at these revelations, Julian Assange has offered to work with hardware manufacturers and software companies to address bug fixes and shortcomings outlined in Vault 7.

For all Assange’s critics, and there are many, this move is telling of his motivations: like thousands of other privacy advocates, he genuinely believes in real privacy.  He acts out of personal conviction, without greed, and is totally apolitical.

Conclusion?

This may come as a surprise to our readers, but the leaking, release, and dissemination of Vault 7 should be viewed in a positive light.  While the leaking of this classified information does pose many risks and questions, now that it is available for public scrutiny, why not look on the bright side?

We now have incontrovertible proof that the United States and closest allies have the tools to not only fight, but decisively defeat, our various enemies.  The intelligence community should deploy these tools to their maximum potential against all those who seek to do us great harm and destroy us.

We possess the technical and imaginative abilities to achieve victory and should aim for total surrender.  Time to take off the gloves!

Waiting for the next chapter of this unfinished technical/political saga…

VIDEO: President Trump vindicated by Wikileaks CIA dump

ZeroHedge in a column “Wikileaks Unveils ‘Vault 7’: “The Largest Ever Publication Of Confidential CIA Documents“; Another Snowden Emerges” reports,

A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

RELATED ARTICLES:

NSA Whistleblower Backs Trump Up on Wiretap Claims -US News & World Report

Wikileaks Exposes ‘Vault 7’ — The CIA’s ‘Zero Day’ Weapon

Trump Tower: Wikileaks ‘dumps’ files revealing out-of-control intelligence operations

Wikileaks Exposes ‘Vault 7’ — The CIA’s ‘Zero Day’ Weapon

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that “There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”

Wikileaks has carefully reviewed the “Year Zero” disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in “Year Zero” for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details).

The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.

The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but “Weeping Angel”, developed by the CIA’sEmbedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.

The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

CIA malware targets Windows, OSx, Linux, routers

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as “Assassin” and “Medusa”.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB).

The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

CIA ‘hoarded’ vulnerabilities (“zero days”)

In the wake of Edward Snowden’s leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or “zero days” to Apple, Google, Microsoft, and other US-based manufacturers.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

The U.S. government’s commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.

“Year Zero” documents show that the CIA breached the Obama administration’s commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

‘Cyberwar’ programs are a serious proliferation risk

Cyber ‘weapons’ are not possible to keep under effective control.

While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber ‘weapons’, once developed, are very hard to retain.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services.

Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.

A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.

Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

U.S. Consulate in Frankfurt is a covert CIA hacker base

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( “Center for Cyber Intelligence Europe” or CCIE) are given diplomatic (“black”) passports and State Department cover. The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: “Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport”

Your Cover Story (for this trip)
Q: Why are you here?
A: Supporting technical consultations at the Consulate.

Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.

Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland.

A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.

How the CIA dramatically increased proliferation risks

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of “Vault 7” — the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‘battlefield’ of cyber ‘war’.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator’s intent.

Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted “malware injections” (commercial jargon) or “implant drops” (NSA jargon) are being called “fires” as if a weapon was being fired. However the analogy is questionable.

Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‘target’. CIA malware does not “explode on impact” but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.

A successful ‘attack’ on a target’s computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization’s leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation.

Evading forensics and anti-virus

A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as Apple, Microsoft, Google, Samsung, Nokia, Blackberry, Siemens and anti-virus companies attribute and defend against attacks.

“Tradecraft DO’s and DON’Ts” contains CIA rules on how its malware should be written to avoid fingerprints implicating the “CIA, US government, or its witting partner companies” in “forensic review”. Similar secret standards cover the use of encryption to hide CIA hacker and malware communication (pdf),describing targets & exfiltrated data (pdf) as well as executing payloads (pdf) and persisting (pdf) in the target’s machines over time.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products,Detecting and defeating PSPs and PSP/Debugger/RE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window’s “Recycle Bin”. While Comodo 6.x has a “Gaping Hole of DOOM”.

CIA hackers discussed what the NSA’s “Equation Group” hackers did wrong and how the CIA’s malware makers could avoid similar exposure.

Examples

The CIA’s Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by “Year Zero”) each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation (“implanting”), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks’ “Year Zero”.

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals. The ‘Case Officer’ is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The ‘menu’ also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA’s ‘JQJIMPROVISE’ software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

‘Improvise’ is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from ‘Fine Dining’ questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a ‘Blot’ server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the ‘Honeycomb’ toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?

WikiLeaks published as soon as its verification and analysis were ready.

In Febuary the Trump administration has issued an Executive Order calling for a “Cyberwar” review to be prepared within 30 days.

While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.

Redactions

Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.

  1. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
  2. Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
  3. Archive attachments (zip, tar.gz, …) are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
  4. Attachments with other binary content are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
  5. The tens of thousands of routable IP addresses references (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
  6. Binary files of non-public origin are only available as dumps to prevent accidental invocation of CIA malware infected binaries.

Organizational Chart

The organizational chart corresponds to the material published by WikiLeaks so far.

Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.

Wiki pages

“Year Zero” contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.

The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).

What time period is covered?

The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).

WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.

What is “Vault 7”

“Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks.

When was each part of “Vault 7” obtained?

Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.

Is each part of “Vault 7” from a different source?

Details on the other parts will be available at the time of publication.

What is the total size of “Vault 7”?

The series is the largest intelligence publication in history.

How did WikiLeaks obtain each part of “Vault 7”?

Sources trust WikiLeaks to not reveal information that might help identify them.

Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series?

No. That would be certainly counter-productive.

Has WikiLeaks already ‘mined’ all the best stories?

No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

Won’t other journalists find all the best stories before me?

Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.