Wednesday, April 19, 2017

OpenStack 04/20/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, April 17, 2017

OpenStack 04/18/2017 (a.m.)

  • Tags: surveillance state, CIA, hacking-tools, Windows, Wikileaks, Vault7

    • WikiLeaks has published what it says is another batch of secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever.

      Friday's installment includes 27 documents related to "Grasshopper," the codename for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents are likely to be of interest to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked. The leak will also prove useful to competing malware developers who want to learn new techniques and best practices.

      "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating system," one user guide explained. "An operator uses the Grasshopper builder to construct a custom installation executable."

  • Tags: surveillance state, NSA, Shadow-Brokers, hacking-tools, leaks

    • The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.

      If anything, the leak might backfire. Edward Snowden notes that while the leak is "nowhere near" representing the NSA's complete tool set, there's enough that the NSA should "instantly identify" where and how the kit leaked. This doesn't mean the Shadow Brokers themselves are about to face capture. However, this may give the agency info it needs to both connect the dots (how much of a role did NSA contractor Harold Thomas Martin III play in the online leak, for instance?) and prevent a repeat incident.

      Does this open a can of worms? It's hard to say -- researchers are still combing over the data. If there are any hacks that can be made useful, though, this could be problematic for server operators worried about cybercrime. If nothing else, it shows that the Shadow Brokers didn't reveal their full hand.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, April 11, 2017

OpenStack 04/12/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/11/2017 (p.m.)

  • Tags: Russia, internet, censorship, anonymity

    • Russian lawmaker Vitaly Milonov, on Monday, proposed a bill aimed to ban children under the age of 14 from social media. Although the bill is touted under the banner of child protection, it also aims to introduce the mandatory submission of passport data. In January Russia introduced semi-fascist regulations to severely curb the rights of bloggers and independent media.
    • Vitaly Milnov, generally known for being ultra-conservative, introduced the controversial bill on Monday. Touting the bill under the banner of wanting to protect children and limit their access to social media the bill has far deeper implications. Parents could very well self-regulate their children’s access to social media.

      The bill, however, implies that it would become mandatory for social media users to submit their passport data. Moreover, the bill also proposes that the use of pseudonyms will be banned. The proposed legislation also aims to introducing strict rules, requiring two-party consent before the publication of screenshots of online correspondence.

      The bill reads, among others: “Social networks create a special virtual world where a person spends significant part of their life, contacting other people and essentially doing everything that they would do in real world. This world can’t be left unregulated by law. Especially now, when growing number of users are falling victim to different types of fraud.”

      Even though Milonov is generally viewed as ultra-conservative, there are about 62 percent of Russians who according to polls support the ban of social networks for children while 39 percent supported using passport data to create an online account, a poll by the state-funded pollster VTsIOM revealed Monday.

    • Social media has come under intense scrutiny in Russia in recent months. Disturbingly, there are very few Russians who have received independent information about the not so overtly advertised implications of this scrutiny, of the proposed bill, and of plans to create a “Russian internet” to filter “unwanted foreign content. Russia also cracks down on independent bloggers and journalists.

      On January 1, 2016 the Russian Federation implemented amendments to laws that further censor the internet and potentially independent media. These laws are being sold under the guise of empowering internet users and the right to protect personal information. The amendments follow legislation from 2014 that infringed on the rights of bloggers.


Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, April 01, 2017

OpenStack 04/01/2017 (p.m.)

  • But it was the Russians who hacked the 2016 U.S. election. Really.

    Tags: surveillance-state, cyberwar, CIA, Marble, malware-obfuscator

    • Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

      Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

      Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

      The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

    • The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

      The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.


Posted from Diigo. The rest of Open Web group favorite links are here.