WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers

schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.

OH SHIT! PREPARE FOR ANGRY LEFTIES!

OH FUCK! OH FUCK! OH FUCK!

One of the links in the summary points to Zero Hedge.

TAKE COVER! TAKE COVER!

PREPARE FOR ANGRY LEFTIES!

PREPARE FOR ALLEGATIONS OF "FAKE NEWS"!

TAKE COVER! TAKE COVER!

Please, take cover! We don't know how the leftists will react to this but it won't be good. Please, be careful! Please!

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

Calm down. Take a deep breath.

Now, make your point. Are you are saying that those of us who value our fellow citizens above our own possessions, should not attempt to raise awareness of issues that concern us? Because that triggers your?

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

I, and everybody else not on the extreme left, would very much like to civilly discuss with you the many very serious issues facing not just our nation, but the entire world today.

The problem, however, is that any time we try to have rational, in-depth discussion with leftists we get hit with false accusations of "discrimination", or we get called "haters", or we're falsely accused of some sort of -ism or -phobia, or we're wrongly mislabeled as "bullies", or we're mislabeled as "intolerance", or we hear "fake news" yelled over and over.

We need to engage in political dialog. We need to discuss these matters. But we can't do that when leftists immediately derail every discussion with these false, nonsensical accusations and personal attacks.

Perhaps that's how these leftists were taught to respond during the college courses they took. Well, we're in the real world now, not academia. Maybe the false accusations and overly emotional tirades got you good marks from your teacher within academia. But outside of academia those techniques have no benefit, unless stifling discussion and sowing dissent and division is what you want to accomplish.

Centrists and rightists are trying to find real solutions to problems like healthcare, the economy, surveillance, and conflicts around the world. If leftists want to join us, we welcome them with open arms. The only condition is that they must be willing to participate in this discussion and problem solving in a respectable, meaningful manner. So far they have not managed to do this.

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

[fredrated]

Wow are you deluded.

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

I have also observed this from the Green triangle-corner of the political polygon, even within my own extended family. It is my belief, that external forces are manipulating both sides, grinding them against each other, to weaken the entire playing field before playing their own hand.

Perhaps, a joint investigation by a pan-political group could serve as both the beginning of a solution, and the beginning of a reconciliation between our people.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

I wonder if the first three posts are by the same author, trying to set up a "slam dunk", but ending up derailing? I always get the feeling that these are by paid astroturfers.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

[HornWumpus]

I assume everybody on this thread (including me) are different voices in some schizo's head.

You see it here once in awhile. A glimpse of their construct.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

Maybe, you and I were really the same person all along? Maybe we both only exist within the mind of the GGGP? OMG plot twist!

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

Slashdot should make a new rule that the first thread gets deleted.
Why? It's almost always off topic.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

[TheOuterLinux]

You know AC's (Anonymous Cowards) post political statements or plain ad hominem (Trump is popular) to distract the first page worth of comments right? People quickly skim the summary and then go straight for the comments. A person who may actually be able to have an intelligent discussion on the subject sees this and is no longer interested in presenting his/her opinion. Feel free to go back over the last few weeks regarding these leaks and privacy policies and see what I mean. I think it's being done on purpose because it's happening so much now. Being started by who, I'm not sure, that's why they're AC. If you don't actually know anything about how this stuff works, then let actual techies talk and let the others stick to sign panting. You're not helping anyone, or is that the point?

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

[harperska]

As someone firmly left of center, and also craving a civil grownup conversation on the issues without being called names (getting sick of being called a cuck and a snowflake for simply showing compassion to others), I would like to take you up on your offer to talk about the issues you mentioned. In particular, I would like to discuss healthcare as it is the first one you brought up, and interestingly for this topic in particular, those on the left would argue that they are the ones who are attempting to find solutions while the right is stonewalling. So I would open by asking what do you as someone right of center perceive as being broken with our healthcare system, and could you describe what an ideal 'fixed' system would look like?

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

That's a perfect example of the name-calling knee-jerk response he was referring to. Add some value, make a point, instead of name-calling.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

[wasteoid]

Most people, if not all, should have access to quality medical care. The service exists, but it is currently setup to be too expensive for most people without insurance. Also, most people don't like to pay for some random strangers' medical bills, although we all do that very thing for local government services like police and fire. As long as the burden isn't too different from those services, add medical to that list of socially-funded services. This is from a non-leftie.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

[harperska]

I think we are in strong agreement here. I think most on the left if they stop and think about it really didn't like Obamacare, because a system that just makes sure as many people have health insurance as possible, plus a few regulatory tweaks to insurance, doesn't really solve anything as it is the health insurance system itself we have in the US that enables the system to be broken. When a hospital can charge $400 for a single pill of ibuprofen (not hyperbole, that's exactly what my wife's EOB said after she gave birth) because the insurance company will gladly pay for it, it provides an impenetrable barrier to those who can't afford that sort of care, and can't afford the premiums to get the insurance.

The problem lies in the fuzzy boundary between "most people don't like to pay for some random strangers' medical bills" and "As long as the burden isn't too different from those services". I am sure there are plenty of people who don't like to pay for some random stranger's house fire to be put out as well. Especially with many of those who identify as libertarian considering all taxes to be theft. So the question is how do you convince people that the taxes required to fund a universal healthcare system will be an acceptable burden?

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

Slashdot should make a new rule that the first thread gets deleted.
Why? It's almost always off topic.

It's actually kinda insightful here. The "fake news" moniker is one gigantic genetic fallacy which is being used by both the Regressive Left and the Alt Right to ignore anything outside of their hugboxes.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

Would the real Darth Sidious please stand up?

Re:OH SHIT! PREPARE FOR ANGRY LEFTIES!

[HiThere]

Clearly, you converse with a different group of people than I do. But so far you haven't raised any substantive issues to discuss.

Re: OH SHIT! PREPARE FOR ANGRY LEFTIES!

[harperska]

I am genuinely curious how a conservative and a liberal actually having a respectful intelligent conversation about the issues constitutes trolling in the mind of some ./ moderator.

Next item on News at 10

[Alain+Williams]

LibreOffice is just a Russian tool to help their spies in the USA. Presidential order to ban its use.

Re:Next item on News at 10

True.

Consider that you can open office documents in many non-office applications including cloud software. The trick into tracking a document is to actually make them ePUB containers so that they are literately html web pages. A little too obvious for any geek.

However if the intelligence community really wanted to prevent leaking there is a much easier and cheaper solution. Properly vet your staff and quit outsourcing shit.

Every single company that has ever outsourced, has leaks. Any company that has outsourced to India has probably leaked their entire customer database just due to optimization requirements. Ever wonder why all these Microsoft tech support scams use Indian or Filipino call centers? It's because those same workers get info from insiders working at outsourced centers in the same city, hell they might even be family members.

Stop outsourcing things, build all your software tools and properly track every touch to them. If I can do it on a porn website, you can do it too.

Re:Next item on News at 10

[HiThere]

I think you're wrong. This is my perspective:
  - - - - - -
Sorry, but it's really "expect leaks". Every place has leaks. If your staff considers your actions immoral, then you should expect damaging leaks. If they are supportive, then you should expect supportive leaks. (They may actually be damaging, but their intended purpose will be to bolster your image. Similarly the "damaging leaks" may actually be harmless, or even useful, but their intended purpose would be to injure you.)

People are lousy at keeping secrets, even when they intend to...and they'd often rather seem to offer proof that they "know what's what".

Vetting your staff is supposed to ensure that they consider what you are doing as just and moral. The same as any criminal gang. (Note that I didn't mention legal.) That way when they leak it will be generally supportive.

Re:Next item on News at 10

[sumdumass]

There used to be a movie about prisoners of war unknowingly giving out information. IT was shown to enlisted recruits during the cold war but I do not know if it or something like it is still in use. Anyways, its entire premise was about what seems like innocent chatter with POWs and the interviewer was able to piece bits and pieces of things together and determine the troop strength of an air field, the location of a fuel depot and crap like that. You watched the interviews in real time as if ti was a movie then at the end, it told you how the interviewer pieced everything together to warn GIs about not giving information up if they were captured by the enemy.

I guess the point I'm trying to make is that given enough people and a hint about what you are looking for, a good spy or investigator could likely cause people to leak information without even realizing they are leaking information. The outing of Valery Plame was supposedly because of some drunk dude
(Richard Armatage) casually answering a question by someone completely unrelated to Plame's identity or role in the government. The reporter took what he already knew and filled the information in enough to make it dangerous.

haha

nice one, 1 more reason to not use m$...

Air gap?

Or just use a machine not connected to any network when you open the files! Anyone who is opening stolen classified docs is going to use an air gapped machine

Re:Air gap?

[DontBeAMoran]

Or you could simply use a MacBook Air. It's got Air in its name so you know it's secure.

Re:Air gap?

Since there is government backdoors in all of apples new software/hardware,it`s as secure as my turkey sandwich that got stolen yesterday.

Re:Air gap?

[AHuxley]

A member of the press builds a large Faraday cage vault and walks in with the file on the media given to them.
Some Faraday textile structure if they are in a hotel? A secure tent is always packed to protect a special computer.
Using the power of Linux and quality open source software they soon see the links in the MS document to staging servers.
They copy the document in full onto paper and then send a scan of their own new paper version to a document expert asking for a report.
The expert asks for the original file.
The file is driven out hours later to the expert who then clicks on the original file on their Windows computer...
A competing publisher just double clicks on the file, passes it to their experts and then publishes.
An air gap is good if time to publication is not an issue.

Re:Air gap?

Since there is government backdoors in all of apples new software/hardware

Proof or GTFO.

Re:Air gap?

It's got Air in its name so you know it's secure.

It's also got Mac in its name, so we know it's Scottish. Or a burger. Or a farmer.

Pardon me for a moment.

Hahahahahahahahahahhaahahahahahahahahahahha... Microsoft Office... Hahahahhahaahhahaahahahhahaha

HAHA

AHAHAHahahaahahHAHAHAAHhahahHHAHAHAHhah!

CIA is so stupid

If you really want to do it, there's always ways.
  - Take pictures with your phone of the documents or take screenshots
  - Open them with a different software (OpenOffice, as suggested)
  - Print them on physical paper and scan them afterwards
  - Print them as PDF

And there may be many other option to bypass this stupid protection. In general, this kind of protection is only for the really stupid, anyone who has a bit of brain will find a way around it.

Re:CIA is so stupid

Well, if you know that the document is booby-trapped with a beacon, of course there are dozens of ways to avoid sending the message. Obviously, the point of the trap is for it to trigger people who don't know it's there.

Re:CIA is so stupid

[sexconker]

If you're taking documents from the CIA, then you should expect the original to be traceable in some way.

Re: CIA is so stupid

Well that's why there's defense in depth.

- no cameras or phones in secure areas
- disable screen shot capabilities
- disable removable media, require it be transferred to a single machine and have an authorized agent check out the file and burn it to disc
- random checks going out of the building to look for people sneaking documents out

None of its fool proof but you can raise the bar on how hard it is to exfil sensitive information

Re: CIA is so stupid

[Gizan]

Nubtard... The "leaker" already has the files... were talking about opening them after they already have them...

bacon beats beacon

[turkeydance]

bacon bait plus Skittles not scribbles. c'mon man.

Zerohedge is garbage

Member when slashdot wasn't 'play by play on everything wikieleaks does, some other tech stuff'

Re: Zerohedge is garbage

How is that nice fat CIA pay check working out for you scrub?

Re:Zerohedge is garbage

Member when slashdot wasn't 'play by play on everything wikieleaks does, some other tech stuff'

Holy shit, the first post in this thing was talking about assmad lefties bitching about Zerohedge and, welp, THERE YOU ARE.

The first post was actually... prescient for once. Jesus christ.

Yeah, sure

[zm]

it only works with Microsoft Office products

That's what they want you to think.

Re:Yeah, sure

[HornWumpus]

That's why I edit all files with a hex editor on a system running CP/M.

Re:Yeah, sure

[DontBeAMoran]

That's why I edit all files with a butterfly... ah, fuck it.

Re:Yeah, sure

[rtb61]

That reminds me of the old joke about the US spending millions developing a pen that could be used in space, whilst Russia just used an pencil. Sure you can use a hex editor and CP/M or you can just do what Russia does, use typewriters and a filing cabinets.

The new smart method though is simply to not exchange plots and schemes, simply work with sufficiently intelligent who can formulate their own plans based upon the completely legal open exchange of thoughts and ideas. If it seems to be working in some areas, copy it to other areas.

Re:Yeah, sure

[AmiMoJo]

It's irrelevant anyway because Snowden only accessed the documents on computers not connected to the internet, and told the journalists to do the same. His own computers all run Linux.

Re:Yeah, sure

[slashrio]

...Snowden only accessed the documents on computers not connected...

Yes, because nobody was to know that Snowden was the leaker... oh, wait.

Re:Yeah, sure

You can do that with pip, right?

Re:Yeah, sure

it only works with Microsoft Office products

That's what they want you to think.

True enough. It probably doesn't even work with Microsoft Office.

ha?

[superwiz]

Do the editors think CIA doesn't read slashdot or something? Or that it never heard of Linux or LibreOffice. Why would the beacons be limited to MS-products reading MS Office documents? They are not morons, you know.

Re:ha?

I guess the CIA should file a bug report with those projects.

Re: ha?

Who cares. This would obviously not have stopped Snowden since he wasn't afraid of being traced. He went public for crying out loud!

Re:ha?

[vtcodger]

"Why would the beacons be limited to MS-products reading MS Office documents?"

I'd assume the beacons use some sort of macro that's unique to MS products or that works differently in their free software equivalents -- like maybe asking permission before phoning home.

That's the trouble with being a spook. All those persnickety details one has to worry about.

Re: ha?

Going public instead of selling it is proof of patriotism.
If he wanted to do harm he would have only given it to one side, not all.

MS's role?

[vistic]

Is this suggesting cooperation from MS?

Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?

Re:MS's role?

It might be some kind of VB script embedded in the document.

Re:MS's role?

Viruses in my macros? It's more likely than you might think.

Re:MS's role?

[HornWumpus]

The virus writers went elsewhere and people forgot. The CIA didn't forget.

But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.

Re:MS's role?

Unlikely.
Politicians won't be viewing the documents on computers connected to the net. So no risk of 'embarassment.'
And if someone with access did make that mistake, the CIA would want to know about it ASAP so they could come clean it up.

But never let the real world in get in the way of a poorly conceived conspiracy, amirite?

Re:MS's role?

[AHuxley]

The understanding that some member of the press will take the document back to work or networked home desktop computer and double click on the icon.
As they read the document the network makes a connection.
Its about the idea of the average reader in an average network location given the origin of the documents and their daily habits and the expectation of software they are provided with.

If a document is ever found the in the wild, it looks like malware with a good cover story to read while the code reports the user.
Add in OS X, Windows and Linux OS detection, complex ip reporting that works and a lot of different security researchers get interested and that adds interest to the document.
A "CIA" document with MS malware, thats just malware with better than average bait to get the user to open it.
A CIA document with unique phone home code that spans different OS's in very interesting ways would add to the CIA part.
Sometimes simple is better given the tools the reader is expected to use daily. The reader could be expected to us MS software to see all the document and uncover other details in the document.
A member of the press will want to look for any details in the document. Dates, notes, draft, corrections, history. Names, locations, officials that can be tracked to their job descriptions. If such simple facts hold, it can be passed on to document experts for further consideration.
A member of the press does not know who else has the document and could be expected to want to read and understand and then get published.
A security consultant looking over the document first could see rivals publishing first or finding details in the hours the security consultant was working.
A person who understood security issues could take the document to a special computer and fake network and see how the document responds in a MS Windows and MS application setting.
Does it phone home, what and how much data does it risk when it phones home.
Same document, very different first approaches. The understanding of set time to publish and the need to publish will push back decades of expected document security advice.
The US press does not care if they are tracked to their office as they have freedom to publish and freedom after publication. Read first, have the document looked over, get the story out.

A CIA version of FIRSTFRUIT. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (2016-05-16) https://theintercept.com/2016/...
"scanned 350 press items daily for “cryptologic insecurities” and maintained a database called FIRSTFRUIT with “over 5,000 insecurity-related records” ranging from “espionage damage assessments” to “liaison exchanges.”"

Re:MS's role?

[HornWumpus]

You realize all the three letter agencies have internal politics/politicians? They leak for advantage _all_ the time. At that level, normal classified document rules don't seem to apply, depending on exactly who they aligned with and leaked for. Still they are politicians, we've recently seen how technically inept they (and their aids) are, as a group.

Reading it: it sounds like they used this technique to test individuals/offices. Instructions say to test samples of documents using software identical to that used by the _target_ to see if it will work

Not used on all classified documents on their system, you tell me why?

Re:MS's role?

[Gravis+Zero]

Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?

It's much less nefarious than that but it's criminally stupid on Microsoft's part.

The article seems to indicate that word documents have the ability to grab online resources that are referenced within documents. I suspect the tool merely embeds a reference to a transparent image that must be grabbed from a CIA controlled server. Effectively, word documents are more like html documents that can embed resources or load them from an URI.

Re:MS's role?

You are all over the map.
First its "internal politicians"
Then its "leaking"

Tell us more!

Re: MS's role?

So, a HOSTS file can stop this, shit don't bring that up.

Re:MS's role?

[AHuxley]

Also a nice way out without a software or hardware outgoing firewall to note a strange and unexpected new connection by something new to the OS.
An existing user trusted application might have been given more freedom to connect to the internet.

Re:MS's role?

Elegant one might say.

Re:MS's role?

[_KiTA_]

No? All it has to be is an external image URL.

hxxp://CIAFRONTWEBSITE .GOV/username=X&IP=Y&OSversion=Z&....

Obfuscate that enough and put it someplace that Microsoft Office auto-loads and bammo. Instant tracking, no software needed. This is Spam Email 101 tactics here.

Hell, it's the same trick they used (via a broken flash plugin) in Operation Pacifier to figure out who was connecting to the FBI's child porn server on TOR. You know, the operation that caused them to repeal the 4th Amendment for anyone using a computer that has TCP/IP installed?

Re:MS's role?

[_KiTA_]

The virus writers went elsewhere and people forgot. The CIA didn't forget.

But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.

Embarrassed? They don't embarrass politicians they catch. They secure funding from politicians they catch.

Re:MS's role?

[slashrio]

If they did that on me, they would get the IP of the exit server that my TOR virtual machine comes out of.

Re:MS's role?

Office 2016 at least tell you that the document/powerpoint contains embedded content from an online source. It needs to be enabled in a similar sense as macros.

Unless this is something different and it automatically pings a server somewhere without any forewarning.

Re:MS's role?

According to the pdf, it's something different since it affects Office 2016 as well. Disregard the above

Re:MS's role?

If they did that on me, they would get the IP of the exit server that my TOR virtual machine comes out of.

No they wouldn't. They'd get your personal IP address. MS Office doesn't use the TOR browser to retrieve remote images. Unless your entire computer somehow routes everything through TOR even without the TOR browser, you'd get identified.

Besides, they're not interested in "you" the reader who is doing nothing illegal. They're interested in identifying the leaker, who is identified by the specific web beacon embedded in the document. So even if you're safe, your source is caught.

Re: MS's role?

[Anubis+IV]

Shhh! You'll summon APK!

Re:MS's role?

[slashrio]

I am routing all my traffic that I want to privacy-protect through a TOR VM which acts as the network device for my protected VMs. Nothing can leak out that way.

Your second point, which I did not contest to begin with, is indeed valid and already known from the original article.

Bug report filed.

[Narcocide]

Don't worry, the LibreOffice team is diligently working on a fix for this missing feature.

So they admit to being unpatriotic

Sick bunch of fucks

Open source wins again!

Fuck M$.

Latest vuln patch

[will_vK]

Just speculating, but this may be why it took so long for the latest MS Office vulnerability to be patched.

It's a little too late...

[HalAtWork]

It's a little too late to stop Snowden

beacons?

can't you simply use a terminal with the iftop command running to see what addresses are coming and going?

interesting...

[Tom]

So what's the copyright on this tool? Can I embed it in the reports I write to spot if my competitors steal them? (they're not using LibreOffice or anything, if they were smart enough for basic security, they wouldn't have to steal my stuff...)

We'll see adaptations of this everywhere in the near future. I know a dozen consulting companies immediately who are afraid that their stuff is stolen by competitors.

Nothing new

[allo]

Create a Canary Token and place it on your server: https://canarytokens.org/gener...

"Snowden stopper" ? Whistleblowers ?

[GuB-42]

Is there something in the leaked documents that mention Snowden or whistleblowers?
This is a watermark system system mostly intended to unmask foreign spies. It wouldn't have stopped Snowden since he used airgaps and released everything at once after leaving and was quickly caught after that.
It looks similar to the kind of tool content owners use to track pirates.
Not all secret documents are stolen by whistleblowers and journalists, far, far from it.

Re:"Snowden stopper" ? Whistleblowers ?

[Striek]

1) Snowden didn't "release" anything. He turned it over to Glenn Greenwald, trusting his decision on what to release.
2) Snowden was never caught.

Prepare for CIA trolls to derail discussion...

Prepare for CIA trolls to derail discussion...

Prepare for CIA trolls to derail discussion...

Prepare for CIA trolls to derail discussion....

I was just about to.....

[3seas]

... say we need a anti-anti-Whistleblowers tool but then I see we already have it. Gotta love open source.

Easy to defeat for the skilled people who do this.

Easily defeated... Get multiple copies from different "accounts", diff them. Then summarize the contents and don't directly post their wording or ordering of the content.

Summarizing removes ambiguous markers... like saying the same thing many ways. "John went to the store" "John traveled to the store" "One day John shopped at the store".

Reodering removes marking you by giving you legit content just re-ordered depending on who you are....

Diffing between many accounts shows you which things are real, which types of marking are used, and in general who may be more trusted than you.

Even better if you wait awhile and see if any soon-to-happen information actually happens to disprove a disinformation campaign.

Avoid taking photos or photocopies. Simply changing the size of periods and their offsets can encode binary information into a document even if a quick glance shows yours and your other accounts copies to be identical.

Leakers are too smart for this.

Good to know

I think the takeaway here is that Wikileaks and whistle-blowers now know to open documents in an offline VM and convert them to a safe format before reading or submitting. Something the ultra-paranoid would already be doing...

Copy, paste as text. Finished.

Copy, paste as text. Finished.