CIA malware BothanSpy and Gyrfalcon targeting Windows and Linux

WikiLeaks has dumped its newest Vault 7 documents, detailing the capabilities of two alleged CIA hacking tools dubbed BothanSpy and Gyrfalcon. The malware payloads have allegedly been designed to steal SSH credentials from systems running both Windows and Linux operating systems (OS).

According to WikiLeaks, while BothanSpy targets Windows computers, Gyrfalcon goes after Linux platforms. SSH credentials or Secure Shell credentials are cryptographic keys designed to securely access a remote computer or server. In other words, the two alleged CIA malware strains would allow spies to remotely hack into systems, likely without being detected.

— source

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by using weaponized USB drives as an exfiltration channel. Per the documentation, deployment of the tool takes place by unwitting targets; however, the use of such tools could also easily be deployed purposefully by complicit insider actors.

— source

U.S. Preps Arrest Warrant for Assange

Pulitzer Prize-winning journalist Glenn Greenwald responds to reports that the Trump administration has prepared an arrest warrant for WikiLeaks founder Julian Assange. Attorney General Jeff Sessions confirmed the report at a news conference Thursday. Last week, CIA chief Mike Pompeo blasted WikiLeaks as a “hostile intelligence service,” in a stark reversal from his previous praise for the group. Pompeo made the remarks last week at the Center for Strategic and International Studies in his first public address as CIA director. Pompeo went on to accuse WikiLeaks of instructing Army whistleblower Chelsea Manning to steal information. He also likened Julian Assange to a “demon” and suggested Assange is not protected under the First Amendment. It’s been nearly five years since Julian Assange entered the Ecuadorean Embassy in London seeking political asylum, fearing a Swedish arrest warrant could lead to his extradition to the United States. Greenwald’s story for The Intercept is “Trump’s CIA Director Pompeo, Targeting WikiLeaks, Explicitly Threatens Speech and Press Freedoms.”

Glenn Greenwald talking:

What’s interesting is, the Justice Department under President Obama experimented with this idea for a long time. They impaneled a grand jury to criminally investigate WikiLeaks and Assange. They wanted to prosecute them for publishing the trove of documents back in 2011 relating to the Iraq and Afghanistan wars, as well as the U.S. State Department diplomatic cables. And what they found, the Obama Justice Department found, was that it is impossible to prosecute WikiLeaks for publishing secret documents, without also prosecuting media organizations that regularly do the same thing. The New York Times, The Guardian, many other news organizations also published huge troves of the documents provided by Chelsea Manning. So it was too much of a threat to press freedom, even for the Obama administration, to try and create a theory under which WikiLeaks could be prosecuted.

Fast-forward five years later, there’s been a lot more WikiLeaks leaks and publications, including some really recent ones of sensitive CIA documents, as well as having spent all of last year publishing documents about the Democratic National Committee, which means they’ve made enemies not just of the right in America, but also the Democratic Party. And the Trump administration obviously believes that they can now safely, politically, prosecute WikiLeaks. And the danger, of course, is that this is an administration that has already said, the President himself has said, the U.S. media is the enemy of the American people. And this is a prosecution that would enable them not only to prosecute and imprison Julian Assange, but a whole variety of other journalists and media outlets that also routinely publish classified information from the U.S. government.

Julian Assange said, ”
Pompeo said explicitly that he was going to redefine the legal parameters of the First Amendment to define publishers like WikiLeaks in such a manner that the First Amendment would not apply to them. What the hell is going on? This is the head of the largest intelligence service in the world, the intelligence service of the United States. He doesn’t get to make proclamations on interpretation of the law. That’s a responsibility for the courts, it’s a responsibility for Congress, and perhaps it’s a responsibility for the attorney general. It’s way out of line to usurp the roles of those entities that are formally engaged in defining the interpretations of the First Amendment. For any—frankly, any other group to pronounce themselves, but for the head of the CIA to pronounce what the boundaries are of reporting and not reporting is a very disturbing precedent. This is not how the First Amendment works. It’s just—it’s just legally wrong.

The First Amendment is not a positive definition of rights. It’s a negative definition. It limits what the federal government does. It doesn’t say the federal government must give individuals rights and enforce that. It limits what the federal government can do to take away a certain climate of open debate in the United States. So, the First Amendment prevents Congress and the executive from engaging in actions themselves which would limit not only the ability of people to speak and to publish freely, but would also limit the ability of people to read and understand information, because it is that climate of public debate which creates a check on a centralized governmental structure from becoming authoritarian. It’s a right, from that perspective, for all the people, not just the publisher.

Glenn Greenwald talking:

I think the key point here to understand is the way in which governments typically try and abridge core freedoms, because what they know is that if they target a group that is popular or a particular idea that people agree with, there will be an uprising against the attempt to abridge freedom. So what they always do, for example, when governments try and abridge freedom of speech, is they pick somebody who they know is hated in society or who expresses an idea that most people find repellent, and they try and abridge freedom of speech in that case, so that most people will let their hatred for the person being targeted override the principle involved, and they will sanction or at least acquiesce to the attack on freedom because they hate the person being attacked. But what happens is, the abridgment then gets institutionalized and entrenched. And that way, when the government goes to start to apply this abridgment to other people that you like more, it’s too late, because you’ve acquiesced in the first instance. And that’s why groups like the ACLU, when they want to defend civil liberties, are often—so often defending the most marginalized and hated groups, like neo-Nazis or white supremacists or the KKK, because that’s where the attacks happen.

This is what Mike Pompeo is strategizing to do now and what Jeff Sessions wants to do, as well, is they know WikiLeaks is hated on all sides of the political spectrum. The right has long hated WikiLeaks because of all the publications they did of Bush-era war crimes, and Democrats now despise WikiLeaks, probably more than anybody else that they hate, because of the role that Democrats believe WikiLeaks played in helping to defeat Hillary Clinton. And so, what Jeff Sessions is hoping, and probably with a good amount of validity, is that Democrats, who should be the resistance to these sorts of attacks, will actually cheer for the Trump administration while they prosecute WikiLeaks, because they hate WikiLeaks so much, and that U.S. media outlets, which also hate WikiLeaks, won’t raise much of a fuss. And that way, this very dangerous precedent of allowing the CIA and the Trump Justice Department to decide who is and who is not a journalist, what types of journalism are protected by the First Amendment and what types aren’t, will be entrenched as precedent. And that way, the next time there’s a leak that they hate in The New York Times or by NBC News, they will have this theory, that everybody signed on to, that said that the First Amendment doesn’t apply to certain people if you publish documents that are sensitive enough, or if you work enough with certain sources before the publication, that you’re deemed a collaborator. That’s what makes this moment so dangerous for core press freedoms.

– MIKE POMPEO: Russian military intelligence, the GRU, had used WikiLeaks to release data of U.S. victims that the GRU had obtained through cyber-operations against the Democratic National Committee.

first of all, there’s been no evidence, of course, presented by the U.S. government that that’s actually true. They’ve stated that over and over, but there’s been no evidence presented of it so far.

But let’s assume for the sake of argument that they’re actually telling the truth, that the Trump CIA director is being honest and that that’s really what happened. What does that mean in terms of WikiLeaks? Nobody suggests that WikiLeaks did the actual hacking. In this case, even if what they’re saying is true, it would mean that WikiLeaks received information from a source—in this case, a foreign government—and then published that information that every U.S. media outlet in the country deemed newsworthy, because they constantly reported on it. This is a very common practice, where U.S. media outlets receive information from sources, often foreign sources, including officials within foreign governments, and then publish or report on the information that they’ve been provided. If you allow that process to be criminalized simply because WikiLeaks’ source in this particular case happened to be a foreign government or a foreign intelligence agency, you are, again, endangering press freedoms in a very substantial way, because that is something that media outlets do very often. That’s where they get their information from.

– MIKE POMPEO: The Intercept, which has in the past gleefully reported unauthorized disclosures, accused WikiLeaks in late March of, quote, “stretching the facts” in its comments about the CIA. In the same article, The Intercept added that the documents, quote, “were not worth the concern WikiLeaks generated by its public comments.”

So that was an article written by one of our reporters assessing WikiLeaks’s journalism. We criticize the journalism of pretty much every media outlet. We’ve certainly written far more scathing critiques of The New York Times and NBC News and The Washington Post when they’ve published fake stories or when they’ve done misleading and deceitful journalism. So the fact that we’ve been critical of some of WikiLeaks’s journalism, just as WikiLeaks has sometimes been critical of ours, doesn’t justify turning them into felons and prosecuting them. If bad journalism or making poor journalistic choices can now justify having the Justice Department prosecute you, there will be no media organizations left. So, he was trolling there by citing one of our articles that was mildly critical of WikiLeaks’s journalism, but that obviously does not remotely justify prosecuting WikiLeaks for having published secret documents.

when Mike Pompeo made his speech, the one that you’ve been playing, it was very deliberately threatening. He was saying things like “We are no longer going to allow them the space to publish this information. This ends now.” And the question that you just raised is the towering one for me, which is, OK, so the U.S. government indicts WikiLeaks and issues an arrest warrant for Julian Assange. It doesn’t change the fact that he’s currently in the Ecuadorean Embassy, where he has received asylum. And remember, the reason the Ecuadorean government gave Julian Assange asylum in the first place was because they said they were worried that if he were extradited to Sweden, that that would then be used to send him to the United States, where he would be prosecuted for publishing information, for doing journalism. That was always what Ecuador was most worried about. So it seems very unlikely that Ecuador is going to voluntarily withdraw its asylum.

So then the question becomes: Do they have any plans to physically seize Julian by invading the Ecuadorean Embassy, something the U.K. government actually thought about doing early on? Do they—are they trying to do a deal with the new Ecuadorean government to provide them benefits, or threaten them, in exchange for handing Julian over and withdrawing the asylum? Or is this just theater? Is this just show? Is this just a way of the Trump administration showing that they’re trying to crack down on leaks? I don’t think we know the answer to that question. But the asylum that Julian has should prevent the U.S. government from apprehending him, even if they do decide to go ahead and indict WikiLeaks.

So the Obama administration, when they were trying to prosecute WikiLeaks, thought about: How can we do this in a way that makes it so that we’re accusing them of more than just publishing? And they said, “Maybe we can find evidence that Julian actually participated with Chelsea Manning in the theft of this material.” And ultimately, they found no evidence whatsoever to support that theory. Nonetheless, Mike Pompeo asserted that this was true, obviously in anticipation of trying to use this as a theory to say, “We’re not prosecuting WikiLeaks for publishing. We’re prosecuting them for collaborating or conspiring in the theft of this information.” There’s been no evidence ever that the Obama administration found. And I seriously doubt the Trump administration has found evidence for that, as well, but they asserted it in order to say, “We’re not prosecuting them for publishing.”

Glenn Greenwald
Pulitzer Prize-winning journalist and one of the founding editors of The Intercep

— source

A New McCarthyism

Julian Assange talking:

We have said quite clearly that our source is not a member of any state, including the Russian government. Now, if you look at these statements by James Comey, James Clapper, going back a couple of months, statements by Barack Obama, they all are harmonious with our description. Now, what—what the U.S. investigation by James Comey seems to be trying to say, at least in public, is that they perceive that there was some Russian hacking, or at least some hacking from somewhere, of the DNC, other institutions in the United States. In fact, the allegations are that several thousands of people were hacked in those operations.

We look very closely at our publications. We tend to come to a good understanding of them. And so, we’re not willing to go into details about our source, because it might describe the sort of person they are, the sort of jurisdiction that they’re in, which could put them at risk. But we have said clearly that our source is not a member of the Russian state. And even the U.S. government is not suggesting that our source is a member of the Russian state.

And what appears to be going on is that there have been observations of hacking of thousands of people or attempted hacking of thousands of people. That’s quite normal in intelligence gathering activity before an election. Presumably, that’s been carried out by many states. I would be surprised if that doesn’t include Russia. And over here, there’s the publications of WikiLeaks. And what there isn’t is something in between the middle. So, there’s an allegation that, well, if there’s been hacking here, and there’s publication over here, then these must be directly, causally, intentionally related. But so far, there’s no evidence for that.

Adam Schiff is a Democratic congressman who’s trying to whip up a kind of neo-McCarthyist fervor in order to distract from the epic failure of Hillary Clinton and that team when they lost, of all people, to Donald Trump. So, it’s not particularly interesting.

I think we should pull back and put things in context. The United States government, since 1950, has intervened in 81 elections—interfered, to use Schiff’s language, in 81 elections. That is not including coups, which have overthrown the government. So there’s a long history of the United States doing this to places around the world, in infamous ways, and, most recently, alleged interference in the election of Israel. So, I think we should understand that the United States is in a glass house when it comes to allegations of attempting to interfere with or influence election results.

But let’s look at what is the real meat of this issue. How is it alleged that Russia has interfered in the U.S. election process? While they say there’s been a variety of hacks, well, that’s quite normal intelligence gathering process, as far as can be determined, and a few extremely ineffectual websites, such as DC Leaks or Guccifer 2.0, that no one really paid any attention to, and then there’s our publications, which people really did pay attention to.

Now, what is in our publications? Well, from our perspective, we have just published, accurately and fairly, what Hillary Clinton said her positions were, in her secret speeches to Goldman Sachs and in relation to the DNC and its attempt to rig the election to exclude the primary—primary person, sorry, to exclude Bernie Sanders. So, at the heart of this issue is whether people were told the truth about Hillary Clinton and the DNC. If there hadn’t been an ugly truth there, it wouldn’t have made any difference. There was an ugly truth. And we published, accurately and fairly, that ugly truth. Now, our source wasn’t from the Russian state. But if it had been from a state, would we have suppressed that information before an election, or would we have accurately and fairly published it? Of course we would have published it.

I think it is interesting that, early on, that Trump and people around him took a position of rapprochement towards Russia, very strong position of rapprochement towards Russia, and not a classically Republican position. I think that is interesting. It is somewhat compatible with Trump’s statements going back a very long time.

But I would be surprised if that turns out to be significant. Why do I say that? Well, Trump had very little business success in Russia. He hasn’t managed to build a hotel in Russia. He hasn’t gotten any—as far as can be determined, any good deals in Russia. And when you see him making statements during the election campaign on the stage—”Hey, Russia, if you’ve got those emails, give them to our—give them to the press. They’ll be very pleased about it”—when you see statements like that, this is not the sort of statement that you make if you are already—if you already have a communications channel and you’re already engaged in an active conspiracy. For people like Paul Manafort, that’s someone who’s perfectly capable of engaging in—in, well, let’s say, dodgy activities. They have a long history of working for various parties in different ways. Have they asked for support through Paul Manafort? Maybe. But if you’re looking at the top level, involving Trump, what I see is a great weakness, an inability to get anything concretely done in Russia.

– relationship with Roger Stone.

I don’t want to be an apologist for these people, but, really, party politics in the United States is something that everyone has to get away from, this creation of two polarities by different elites that then suck up all the political energy in the country. Well, we can talk a little bit later about what’s happened to the Trump administration and this fascinating process that we have been seeing about how many days does it take for the security sector to digest a president. Something like 75 appears to be the answer.

OK, Roger Stone, I’ve never communicated with the guy, and he’s never communicated with me, other than very recently to say, “What are you doing, saying that we have communicated? Please explain,” because as far as all our records are concerned, we haven’t. He has simply brilliantly inserted himself into this equation. Now, remember, Stone was pushed out in 2015 from the Trump campaign. When WikiLeaks was engaged in its publications exposing interference in the primary process at the DNC, that was the biggest thing on the political radar for that time period. And so, Stone, having nowhere to be, decided to suggest that he had communications with us.

But let’s look at his predictions. He predicted that our publications were going to be about the Clinton Foundation. He was wrong. All his other predictions, where they’re accurate, are statements that we made them public. We said we had information about Hillary Clinton, that we were going to publish it, etc. So, when you hear Adam Schiff saying, oh, that Roger Stone said that there’s—that WikiLeaks publications are coming, we were saying—I was saying on TV interviews that we had publications that were coming that were about Hillary Clinton. So, Stone predicted that we were going to publish on October 4. We didn’t publish on October 4. That was our 10-year anniversary, etc. Literally, there’s no predictions that he has made in relation to us, that have come true, that have not been public.

So, I think, you know, you have to admire the chutzpah of how he has played on Democratic desires to see a connection, and has exploited that in order to sell his books and in order to gain prominence. I mean, it’s very impressive. He just simply lays out a piece of bait that he understands that the Democratically aligned press will leap forward slavishly and put that hook in their mouth because it suits him.

Julian Assange
founder and editor-in-chief of WikiLeaks.

— source

Release of the Largest Leak of Secret CIA Documents

WikiLeaks has published what it says is the largest leak of secret CIA documents in history. The thousands of documents, dubbed “Vault 7,” describe CIA programs and tools that are capable of hacking into both Apple and Android cellphones. By hacking into entire phones, the CIA is then reportedly able to bypass encrypted messenger programs, such as Signal, Telegram and WhatsApp, although, contrary to many news reports, the documents do not show the CIA has developed tools to hack these encrypted services themselves. The documents also outline a CIA and British intelligence program called “Weeping Angel,” through which the spy agency can hack into a Samsung smart television and turn it into a surveillance device that records audio conversations, even when it appears to be off.

Julian Assange talking:

Vault 7 is the largest intelligence leak in history. We’ve published so far less than 1 percent of that material. Now, so far, the publications that we have published reveal that the Central Intelligence Agency has decided to create, in the last 10 years, its own captive version of the National Security Agency, not specialized in bulk interception, but specialized in semiautomated hacking processes. That’s creation of viruses, Trojans, etc., to put in people’s computer systems, telephones, TVs, and have those then report back to CIA listening posts that collect that information, ingest it into the broader CIA process. And also information can be pushed, using these mechanisms, onto those telephones, computers, etc., etc., to, for example, plant information that could implicate someone falsely, or perhaps even truly, in a crime.

So, I think it’s—it’s significant that as the Central Intelligence Agency gained budgetary and political preeminence over the National Security Agency, which used to have a bigger budget—in the post-9/11 environment, the CIA’s budget has now increased to about 1.5 times that of the National Security Agency. So, in response to that increased political power, where increased budgetary spending comes from, it has created its own effective air force, using drones, and its own large hacker squad. So it is able to do things internally that it would previously have to go out for others to do. So, the Central Intelligence Agency, like all institutions, is maximizing its institutional power. And it is slowly succeeding, compared to other institutions.

Now, in response to the various disclosures about the National Security Agency—most importantly, the Edward Snowden disclosures of 2013—industry has responded to market demand in various places, and various engineers ideologically also invested in this, to introduce encryption, in WhatsApp, in Signal, greater type—more types of encrypted email and so on. Now, the Central Intelligence Agency’s hacking approach does not target the intermediaries like the National Security Agency does for these bulk intercepts. Instead, it targets the endpoints, and then it doesn’t need to worry about the encryption. For example, if you and I, Amy, are communicating using, say, Signal on a smartphone, on an Apple or Android, then the Signal encryption protocol is actually quite good and, as far as is known, cannot be decrypted by an intermediary bulk spying on communications traffic going across the Atlantic, like the National Security Agency does. But if either you or I have our phones hacked, and the CIA software specializes in doing this, it means that that encryption doesn’t matter, because the—because the information is gathered either before it’s encrypted or after it is decrypted.

we made this offer publicly, and we also wrote to a number of the large companies, such as Apple, Microsoft, Google, Mozilla, which produces the Mozilla browser, etc. Now, the European companies responded almost immediately. Some even approached us. A couple of U.S. companies, such as Mozilla, responded immediately. And we were also approached by a security engineer at Cisco.

Google, Apple and Microsoft took eight or nine days, depending on the company, to respond. Now, that means that they were putting the—all the users at risk for eight or nine days. What was happening in that eight or nine days? Well, we hear—we’re not sure it’s true for all of the companies, but we hear from one of the companies that what was happening is that they were engaging their lawyers, they had been worried about the politics, etc., etc. My guess is that, on the legal front, a type of collaboration involving classified material could be argued to be conspiracy to commit espionage. Now, of course, that’s not actually practically possible in the U.S. court system or politically possible. And then these companies have individuals within them who have security clearances, because they work on classified projects for the government. And particularly the security divisions of Apple, Google, Microsoft, etc., have people with security clearances in them and who might lose their security clearances if they’re engaged in working on information that has been distributed not through a formal process. So, what you see in the—all those big three taking eight or nine days is some kind of collaboration, either directly with each other or through a third party, say, like the Department of Justice, to understand what role that they’re going to play.

And the role that they ended up playing is saying, “No, we don’t agree to fix anything,” which we had asked for, within 90 days. “No, we don’t agree to say that any fix came from you.” This was our requirement. “Instead, you can just throw something at our regular security reporting mechanism.” So, what’s going on there? Well, no record of collaboration, in a formal sense or in a political sense, that could be used to make political problems for those companies in terms of their contracts with the United States government or potentially introduce problems in relation to the Espionage Act or security clearances. That’s my supposition. We don’t know that’s true for sure. We know that some of that is true for at least one of these companies. But looking at the timing, it’s very unusual that Google, Microsoft and Apple all wrote back to us on the eighth or ninth day, whereas the other companies wrote back immediately or at various times.

Julian Assange
founder and editor-in-chief of WikiLeaks.

— source

WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows

WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.

Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

The leak, which includes a user manual of Athena, overview of the technology, and demonstration on how to use this spyware, reveals that the program has two implications: Primary: Athena for XP to Windows 10. Secondary: Hera for Windows 8 through Windows 10

— source