Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers (zerohedge.com)

Posted by BeauHD on from the here-we-go-again dept.

schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.

48 of 89 comments (clear)

  1. Next item on News at 10 by Alain+Williams · · Score: 3, Funny

    LibreOffice is just a Russian tool to help their spies in the USA. Presidential order to ban its use.

    1. Re:Next item on News at 10 by HiThere · · Score: 1

      I think you're wrong. This is my perspective:
        - - - - - -
      Sorry, but it's really "expect leaks". Every place has leaks. If your staff considers your actions immoral, then you should expect damaging leaks. If they are supportive, then you should expect supportive leaks. (They may actually be damaging, but their intended purpose will be to bolster your image. Similarly the "damaging leaks" may actually be harmless, or even useful, but their intended purpose would be to injure you.)

      People are lousy at keeping secrets, even when they intend to...and they'd often rather seem to offer proof that they "know what's what".

      Vetting your staff is supposed to ensure that they consider what you are doing as just and moral. The same as any criminal gang. (Note that I didn't mention legal.) That way when they leak it will be generally supportive.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    2. Re:Next item on News at 10 by sumdumass · · Score: 1

      There used to be a movie about prisoners of war unknowingly giving out information. IT was shown to enlisted recruits during the cold war but I do not know if it or something like it is still in use. Anyways, its entire premise was about what seems like innocent chatter with POWs and the interviewer was able to piece bits and pieces of things together and determine the troop strength of an air field, the location of a fuel depot and crap like that. You watched the interviews in real time as if ti was a movie then at the end, it told you how the interviewer pieced everything together to warn GIs about not giving information up if they were captured by the enemy.

      I guess the point I'm trying to make is that given enough people and a hint about what you are looking for, a good spy or investigator could likely cause people to leak information without even realizing they are leaking information. The outing of Valery Plame was supposedly because of some drunk dude
      (Richard Armatage) casually answering a question by someone completely unrelated to Plame's identity or role in the government. The reporter took what he already knew and filled the information in enough to make it dangerous.

  2. Air gap? by Anonymous Coward · · Score: 3, Insightful

    Or just use a machine not connected to any network when you open the files! Anyone who is opening stolen classified docs is going to use an air gapped machine

    1. Re:Air gap? by DontBeAMoran · · Score: 4, Funny

      Or you could simply use a MacBook Air. It's got Air in its name so you know it's secure.

      --
      #DeleteFacebook
    2. Re:Air gap? by AHuxley · · Score: 1

      A member of the press builds a large Faraday cage vault and walks in with the file on the media given to them.
      Some Faraday textile structure if they are in a hotel? A secure tent is always packed to protect a special computer.
      Using the power of Linux and quality open source software they soon see the links in the MS document to staging servers.
      They copy the document in full onto paper and then send a scan of their own new paper version to a document expert asking for a report.
      The expert asks for the original file.
      The file is driven out hours later to the expert who then clicks on the original file on their Windows computer...
      A competing publisher just double clicks on the file, passes it to their experts and then publishes.
      An air gap is good if time to publication is not an issue.

      --
      Domestic spying is now "Benign Information Gathering"
  3. bacon beats beacon by turkeydance · · Score: 1

    bacon bait plus Skittles not scribbles. c'mon man.

  4. Yeah, sure by zm · · Score: 4, Interesting

    it only works with Microsoft Office products

    That's what they want you to think.

    --
    Sig ?
    1. Re:Yeah, sure by HornWumpus · · Score: 1

      That's why I edit all files with a hex editor on a system running CP/M.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:Yeah, sure by DontBeAMoran · · Score: 1

      That's why I edit all files with a butterfly... ah, fuck it.

      --
      #DeleteFacebook
    3. Re:Yeah, sure by rtb61 · · Score: 1

      That reminds me of the old joke about the US spending millions developing a pen that could be used in space, whilst Russia just used an pencil. Sure you can use a hex editor and CP/M or you can just do what Russia does, use typewriters and a filing cabinets.

      The new smart method though is simply to not exchange plots and schemes, simply work with sufficiently intelligent who can formulate their own plans based upon the completely legal open exchange of thoughts and ideas. If it seems to be working in some areas, copy it to other areas.

      --
      Chaos - everything, everywhere, everywhen
    4. Re:Yeah, sure by AmiMoJo · · Score: 2

      It's irrelevant anyway because Snowden only accessed the documents on computers not connected to the internet, and told the journalists to do the same. His own computers all run Linux.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Yeah, sure by slashrio · · Score: 1

      ...Snowden only accessed the documents on computers not connected...

      Yes, because nobody was to know that Snowden was the leaker... oh, wait.

      --
      "Trump!!", the new Godwin.
  5. ha? by superwiz · · Score: 1

    Do the editors think CIA doesn't read slashdot or something? Or that it never heard of Linux or LibreOffice. Why would the beacons be limited to MS-products reading MS Office documents? They are not morons, you know.

    --
    Any guest worker system is indistinguishable from indentured servitude.
    1. Re:ha? by vtcodger · · Score: 4, Informative

      "Why would the beacons be limited to MS-products reading MS Office documents?"

      I'd assume the beacons use some sort of macro that's unique to MS products or that works differently in their free software equivalents -- like maybe asking permission before phoning home.

      That's the trouble with being a spook. All those persnickety details one has to worry about.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    2. Re: ha? by Anonymous Coward · · Score: 1, Insightful

      Going public instead of selling it is proof of patriotism.
      If he wanted to do harm he would have only given it to one side, not all.

  6. MS's role? by vistic · · Score: 4, Interesting

    Is this suggesting cooperation from MS?

    Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?

    1. Re:MS's role? by Anonymous Coward · · Score: 1

      It might be some kind of VB script embedded in the document.

    2. Re:MS's role? by Anonymous Coward · · Score: 1

      Viruses in my macros? It's more likely than you might think.

    3. Re:MS's role? by HornWumpus · · Score: 1

      The virus writers went elsewhere and people forgot. The CIA didn't forget.

      But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    4. Re:MS's role? by AHuxley · · Score: 5, Interesting

      The understanding that some member of the press will take the document back to work or networked home desktop computer and double click on the icon.
      As they read the document the network makes a connection.
      Its about the idea of the average reader in an average network location given the origin of the documents and their daily habits and the expectation of software they are provided with.

      If a document is ever found the in the wild, it looks like malware with a good cover story to read while the code reports the user.
      Add in OS X, Windows and Linux OS detection, complex ip reporting that works and a lot of different security researchers get interested and that adds interest to the document.
      A "CIA" document with MS malware, thats just malware with better than average bait to get the user to open it.
      A CIA document with unique phone home code that spans different OS's in very interesting ways would add to the CIA part.
      Sometimes simple is better given the tools the reader is expected to use daily. The reader could be expected to us MS software to see all the document and uncover other details in the document.
      A member of the press will want to look for any details in the document. Dates, notes, draft, corrections, history. Names, locations, officials that can be tracked to their job descriptions. If such simple facts hold, it can be passed on to document experts for further consideration.
      A member of the press does not know who else has the document and could be expected to want to read and understand and then get published.
      A security consultant looking over the document first could see rivals publishing first or finding details in the hours the security consultant was working.
      A person who understood security issues could take the document to a special computer and fake network and see how the document responds in a MS Windows and MS application setting.
      Does it phone home, what and how much data does it risk when it phones home.
      Same document, very different first approaches. The understanding of set time to publish and the need to publish will push back decades of expected document security advice.
      The US press does not care if they are tracked to their office as they have freedom to publish and freedom after publication. Read first, have the document looked over, get the story out.

      A CIA version of FIRSTFRUIT. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (2016-05-16) https://theintercept.com/2016/...
      "scanned 350 press items daily for “cryptologic insecurities” and maintained a database called FIRSTFRUIT with “over 5,000 insecurity-related records” ranging from “espionage damage assessments” to “liaison exchanges.”"

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:MS's role? by HornWumpus · · Score: 1

      You realize all the three letter agencies have internal politics/politicians? They leak for advantage _all_ the time. At that level, normal classified document rules don't seem to apply, depending on exactly who they aligned with and leaked for. Still they are politicians, we've recently seen how technically inept they (and their aids) are, as a group.

      Reading it: it sounds like they used this technique to test individuals/offices. Instructions say to test samples of documents using software identical to that used by the _target_ to see if it will work

      Not used on all classified documents on their system, you tell me why?

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    6. Re:MS's role? by Gravis+Zero · · Score: 4, Informative

      Is it MS' software that was reading these tags and relaying them to some other process that phones it home to the CIA? Or does MS' software do that directly?

      It's much less nefarious than that but it's criminally stupid on Microsoft's part.

      The article seems to indicate that word documents have the ability to grab online resources that are referenced within documents. I suspect the tool merely embeds a reference to a transparent image that must be grabbed from a CIA controlled server. Effectively, word documents are more like html documents that can embed resources or load them from an URI.

      --
      Anons need not reply. Questions end with a question mark.
    7. Re: MS's role? by Anonymous Coward · · Score: 1

      So, a HOSTS file can stop this, shit don't bring that up.

    8. Re:MS's role? by AHuxley · · Score: 1

      Also a nice way out without a software or hardware outgoing firewall to note a strange and unexpected new connection by something new to the OS.
      An existing user trusted application might have been given more freedom to connect to the internet.

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:MS's role? by _KiTA_ · · Score: 1

      No? All it has to be is an external image URL.

      hxxp://CIAFRONTWEBSITE .GOV/username=X&IP=Y&OSversion=Z&....

      Obfuscate that enough and put it someplace that Microsoft Office auto-loads and bammo. Instant tracking, no software needed. This is Spam Email 101 tactics here.

      Hell, it's the same trick they used (via a broken flash plugin) in Operation Pacifier to figure out who was connecting to the FBI's child porn server on TOR. You know, the operation that caused them to repeal the 4th Amendment for anyone using a computer that has TCP/IP installed?

    10. Re:MS's role? by _KiTA_ · · Score: 1

      The virus writers went elsewhere and people forgot. The CIA didn't forget.

      But the 'feature' is useless if it's so easy to detect. Bet they never let it into the wide of their own secure networks, for fear of their politicians getting 'caught' and embarrassed.

      Embarrassed? They don't embarrass politicians they catch. They secure funding from politicians they catch.

    11. Re:MS's role? by slashrio · · Score: 1

      If they did that on me, they would get the IP of the exit server that my TOR virtual machine comes out of.

      --
      "Trump!!", the new Godwin.
    12. Re: MS's role? by Anubis+IV · · Score: 1

      Shhh! You'll summon APK!

    13. Re:MS's role? by slashrio · · Score: 1

      I am routing all my traffic that I want to privacy-protect through a TOR VM which acts as the network device for my protected VMs. Nothing can leak out that way.

      Your second point, which I did not contest to begin with, is indeed valid and already known from the original article.

      --
      "Trump!!", the new Godwin.
  7. Bug report filed. by Narcocide · · Score: 1

    Don't worry, the LibreOffice team is diligently working on a fix for this missing feature.

  8. Re:OH SHIT! PREPARE FOR ANGRY LEFTIES! by fredrated · · Score: 1

    Wow are you deluded.

  9. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by HornWumpus · · Score: 2, Insightful

    I assume everybody on this thread (including me) are different voices in some schizo's head.

    You see it here once in awhile. A glimpse of their construct.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  10. Re:CIA is so stupid by sexconker · · Score: 1

    If you're taking documents from the CIA, then you should expect the original to be traceable in some way.

  11. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by TheOuterLinux · · Score: 2

    You know AC's (Anonymous Cowards) post political statements or plain ad hominem (Trump is popular) to distract the first page worth of comments right? People quickly skim the summary and then go straight for the comments. A person who may actually be able to have an intelligent discussion on the subject sees this and is no longer interested in presenting his/her opinion. Feel free to go back over the last few weeks regarding these leaks and privacy policies and see what I mean. I think it's being done on purpose because it's happening so much now. Being started by who, I'm not sure, that's why they're AC. If you don't actually know anything about how this stuff works, then let actual techies talk and let the others stick to sign panting. You're not helping anyone, or is that the point?

  12. Re:OH SHIT! PREPARE FOR ANGRY LEFTIES! by harperska · · Score: 1

    As someone firmly left of center, and also craving a civil grownup conversation on the issues without being called names (getting sick of being called a cuck and a snowflake for simply showing compassion to others), I would like to take you up on your offer to talk about the issues you mentioned. In particular, I would like to discuss healthcare as it is the first one you brought up, and interestingly for this topic in particular, those on the left would argue that they are the ones who are attempting to find solutions while the right is stonewalling. So I would open by asking what do you as someone right of center perceive as being broken with our healthcare system, and could you describe what an ideal 'fixed' system would look like?

  13. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by Anonymous Coward · · Score: 1

    That's a perfect example of the name-calling knee-jerk response he was referring to. Add some value, make a point, instead of name-calling.

  14. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by wasteoid · · Score: 1

    Most people, if not all, should have access to quality medical care. The service exists, but it is currently setup to be too expensive for most people without insurance. Also, most people don't like to pay for some random strangers' medical bills, although we all do that very thing for local government services like police and fire. As long as the burden isn't too different from those services, add medical to that list of socially-funded services. This is from a non-leftie.

  15. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by harperska · · Score: 1

    I think we are in strong agreement here. I think most on the left if they stop and think about it really didn't like Obamacare, because a system that just makes sure as many people have health insurance as possible, plus a few regulatory tweaks to insurance, doesn't really solve anything as it is the health insurance system itself we have in the US that enables the system to be broken. When a hospital can charge $400 for a single pill of ibuprofen (not hyperbole, that's exactly what my wife's EOB said after she gave birth) because the insurance company will gladly pay for it, it provides an impenetrable barrier to those who can't afford that sort of care, and can't afford the premiums to get the insurance.

    The problem lies in the fuzzy boundary between "most people don't like to pay for some random strangers' medical bills" and "As long as the burden isn't too different from those services". I am sure there are plenty of people who don't like to pay for some random stranger's house fire to be put out as well. Especially with many of those who identify as libertarian considering all taxes to be theft. So the question is how do you convince people that the taxes required to fund a universal healthcare system will be an acceptable burden?

  16. It's a little too late... by HalAtWork · · Score: 1

    It's a little too late to stop Snowden

    --
    Twinstiq, game news
  17. interesting... by Tom · · Score: 1

    So what's the copyright on this tool? Can I embed it in the reports I write to spot if my competitors steal them? (they're not using LibreOffice or anything, if they were smart enough for basic security, they wouldn't have to steal my stuff...)

    We'll see adaptations of this everywhere in the near future. I know a dozen consulting companies immediately who are afraid that their stuff is stolen by competitors.

    --
    Assorted stuff I do sometimes: Lemuria.org
  18. Re: CIA is so stupid by Gizan · · Score: 1

    Nubtard... The "leaker" already has the files... were talking about opening them after they already have them...

  19. Nothing new by allo · · Score: 1

    Create a Canary Token and place it on your server: https://canarytokens.org/gener...

  20. "Snowden stopper" ? Whistleblowers ? by GuB-42 · · Score: 3, Insightful

    Is there something in the leaked documents that mention Snowden or whistleblowers?
    This is a watermark system system mostly intended to unmask foreign spies. It wouldn't have stopped Snowden since he used airgaps and released everything at once after leaving and was quickly caught after that.
    It looks similar to the kind of tool content owners use to track pirates.
    Not all secret documents are stolen by whistleblowers and journalists, far, far from it.

    1. Re:"Snowden stopper" ? Whistleblowers ? by Striek · · Score: 2

      1) Snowden didn't "release" anything. He turned it over to Glenn Greenwald, trusting his decision on what to release.
      2) Snowden was never caught.

      --
      "Government is like fire; a handy servant, but a dangerous master." -- George Washington
  21. Re:OH SHIT! PREPARE FOR ANGRY LEFTIES! by HiThere · · Score: 1

    Clearly, you converse with a different group of people than I do. But so far you haven't raised any substantive issues to discuss.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  22. I was just about to..... by 3seas · · Score: 1

    ... say we need a anti-anti-Whistleblowers tool but then I see we already have it. Gotta love open source.

  23. Re: OH SHIT! PREPARE FOR ANGRY LEFTIES! by harperska · · Score: 1

    I am genuinely curious how a conservative and a liberal actually having a respectful intelligent conversation about the issues constitutes trolling in the mind of some ./ moderator.