Вся ваша база принадлежит нам.
WikiLeaks released the third tranche of its leaked CIA documents trove on Friday, which in this episode focuses on anti-forensics tools. The previous two releases from Vault7 have focused on manuals and supporting documents for the spy agency's hacking tools. The first set of leaked files, released on 7 March, described …
I've never trusted those conclusions anyway, since the exploit author may live in one nation but sells the exploit to an agency of another nation. I doubt that the CIA is writing all its code in-house, and probably ends up out-sourcing it to foreigners.
I wouldn't be surprised to find out there is a black-hat that has been selling the same malware code to both the Russians and NATO members.
Comments in compiled C/C++ code? LOL! Lots of malware analysis experts around...
Also, from a quick glance, it looks to me the foreign text there looks to be there to show Marble can work on wchar_t data, but the algorithms to obfuscate text looks to be designed to avoid text strings to be identified as such - they are too easy to detect. A malware may need to perform its own text matching in the target system language.
Error message text is probably embedded in the C executable binary file. Some of it may be quite informal. I don't know if you also get variable names.
Across in, let's see, I think it was comments on this week's "On Call" article (lightning which damaged the PC in a novel way), were a couple of mentions of error code of such various sorts where amongst the debris of your data appeared the word "bollocks". This word is used in Britain to mean "Oh dear what a shame", so it would implicate British programmers.
The story suggests that this could be fake evidence created by the CIA with a reverse function provided to translate back to American English. So I wonder what the original American text may have been for "bollocks" and what it was changed back to. Perhaps "Oh Sunhat" in the original version, and more computer-istic "inoperative statement" afterwards. Actually that derives from the Nixon administration, where the White House was caught lying and issued a sort-of-correction on lines of "What we told you yesterday is now an inoperative statement. The operative statement (what we're now trying to get you to believe) is as follows." In other words, the inoperative statement is known to be bollocks - in the sense of "not what I like to swallow."
It simply doesn't work. Everybody can pose as everybody else. Secret services commonly make false flag operations.
So whenever someone claims that a certain piece of malware comes from country X, you should either laugh at them or punch them in the face. There is no way they could know that... unless they wrote it themselves.
Way to give up and pretend something isn't possible because you can't imagine it!
The [lack of] power in the human mind is [not] astonishing!
Think about this, genius. The persons at the end of the line of the data movement is the culprit, no matter what language or IP they borrowed along the way. You can't hide a device "phoning home," ever. There will be packets, and when you exclude all the wacky "no, we're the Chinese" obfuscation attempts, you come up with the answer. Just because some desktop jockey can't image it, doesn't mean it can't be solved. Perhaps you should stick to changing the toner in the printers today, guy? Calling a real process a myth is not a strong argument.
But even then, where it phones home is no clue as to who actually owns it. Its not unreasonable to believe that someone like the US would use a couple machines in China to attack Russia. China is a big enough country were it'd be perfectly possible for the CIA to plant someone in the Chinese government to infect computers and to perform all the the malware-control work form within that network and just transfer the data manually.
It'd be perfectly possible for the CIA to compromise a friend of a Chinese government official (Doesn;t even need to be someone very far up). This 'friend' then gives the dupe a hard drive full of movies or games or some other data that they'd want. The media on the drive contains a malware package to turn the dupe's computer into a malware C+C machine when they go to open any of it (Hell, the media itself could actually work with the dupe even suspecting that something is wrong). The malware then collects its data and stores it onto the drive which is then taken back to the friend for more media. The 'friend' pulls off the retrieved data and puts on new media containing updated attack code and commands. This would proceed for quite some time until found out. But even then, it'd looks like just a regular malware infection, not a spy operation. The data retrieved would be hand-delivered to the US embassy to be passed back to the CIA itself.
In that scenario, the malware neither phone home to, or appears to originate from, the US. If the campaign was launched against the Russians, all evidence points to the Chinese being behind the attack, as all the data is coming and going from a Chinese Government IP address. With it just looking like two people exchanging pirated and/or illegal media, no one but a paranoid lunatic would think that the CIA was behind it.
"Lucky then that all of our security services can confirm that everything leads back to Putin."
I would assume they have a lot more information than just where the malware phoned home before accusing a foreign country of such things. The problem is the that the first rule of counter-intelligence is to never reveal how you figured out how the enemy is doing it, lest they change their tactics and become undetectable. By keeping your methods a secret, it is possible to confuse enemy spies by feeding misinformation through that leak. Like if you know your enemy is just stealing information from a diplomatic courier, you are going to keep sending couriers as usually, but giving them false information for the enemy to steal, and since they have no reason to know that you know about the theft, they'll believe the data valid.
My grandfather used to work in intelligence back during WW2 and continued into the Cold War. The technology changes, but the techniques never really did. Social Engineering, Phishing, Spear-phishing, false-flags, false-false-flags, blackmail, bribery, etc have all existed in one form or another since the dawn of civilization.
Well you assume that. There is no actual need for evidence if your assumption is in line with politics. Just thinl about the first Gulf War which was started by something we now know was a lie.
If you believe that secret services somehow have superpowers that can defy logic, you would have to ask yourself why they didn't use them to afcually do something in the firsr place.
"Just thinl about the first Gulf War which was started by something we now know was a lie."
What seriously? I never knew that Iraq never invaded Kuwait. It goes to show you learn something new every day!
On a separate note, it's good to know that only the CIA and GCHQ manufacture evil software and that it is beyond impossible that Russian, Chinese or other powers can create software to spy on our nation...all government sponsored malware is created in the West and anyone who says otherwise is a CIA stooge. It is such a relief to know that only our own security services have malicious and evil intent towards us. Was there a garage sale of tin foil hats around here?
"What seriously? I never knew that Iraq never invaded Kuwait. It goes to show you learn something new every day!"
Yes, I wondered about that too... pretty sure I remember oil fields set on fire by the Iraqis, a limited action to liberate Kuwait and some criticism that the first war wasn't prosecuted all the way back to Baghdad.
Which led to Bush the younger starting the second Gulf war to finish what his daddy started.
I'm still surprised they didn't *find* (know what I mean...) any WMD. I don't classify myself as an evil genius, but if I were to start a potentially illegal war on the flimsy basis of the presence of WMD, my first thought would be
"If we don't find any WMD then we'd better bring some that we can find."
If you send the data back using a Usenet group then there is no way to tell who the receiver is as news servers propagate the information across the internet. Like broadcast radio it is effectively impossible to tell who the listeners are. The only disadvantage is that the relay time from a message being added to Usenet to it appearing at a distant server can be minutes (or even hours) instead of the fraction of a second for a direct TCP or UDP link.
For example an encrypted RAR file could be added to the alt.binaries.etc newsgroup using GigaNews in one country and then at some future time be read using NewsDemon in another country.
"to it appearing at a distant server can be minutes (or even hours)"
With many targets for espionage, a delay of even days or weeks tends to be acceptable. Most intelligence work's priority is protection of transfer medium rather than how quickly the data can be transferred. If it takes weeks for a spy to get specs on an adversary's new bit of kit, they spying country can accept several weeks delay in getting it as the adversary isn't going to be deploying, let alone replacing, that new piece of kit anytime soon (Like the Harrier jet or the Minuteman ICBM). Protecting their source is going to be much more important in that case.
But back to the original topic, the only real way to determine who is spying on you is to observe the actions of everyone else and see how they react. Especially if the information is that your country is planning to move troops form one location to another. If any country moves their troops closer to the destination or away from the source, it becomes obvious who is and is not spying.
@Duncan Macdonald: "If you send the data back using a Usenet group...it is effectively impossible to tell who the listeners are."
The thought has occurred to me that if I really wanted to communicate with someone anonymously, I'd post my encrypted message on an agreed-upon place such as El Reg.
(OK, that's actually from /dev/random. Of course, I _would_ say that...)
"...If you are a player in the spying game, can you be 100% certain that your /dev/random hasn't been compromised?"
If I thought I was a target of a major spy agency, I'm not sure I'd trust anything these days short of creating a one-time pad using dice in a room with copper walls. Seems as if no matter how paranoid you are, it's hard to keep up. As it stands, my life is sufficiently uninteresting (from their viewpoint) that I can post under my own name.
I have some plans, time permitting, to use a junk Webcam pointed at a fish tank, bird feeder, etc. as a source of entropy : https://github.com/Bill-Gray/miscell/blob/master/vid_dump.c , with said entropy fed into a Fortuna-like scheme. As you say, still not 100%... but not even the one-time-pad in a copper-lined room would be; I don't see that as reason to give up.
As a concerned (US) citizen, I do think that things should be made as difficult for snoopers as possible. It's my patriotic duty (to my country and, for that matter, other countries... though not to their governments) to ensure they waste time trying (and failing) to decipher 9f7f860a9676ada7bda50a4057d464b6f644c45a05abf86a7e6fcd5f9a7c39ae361d1cc99. (Which may just be random. Or it may be a message to Russians/terrorists/The New-York Times... I probably should just add some random text to all e-mails and posts; this also has the advantage that, if I _do_ have to communicate secretly someday, the switchover would go unnoticed.)
It might also be that a country's spooks have real reasons to think that the malware came from enemy 'X' but don't want to disclose their sources - hence "We found tell-tale signs of 'X' in the code".
Whatever the truth is, none of the spooks will have any interest in disclosing it so you just have to hope that your spooks are on your side.
Will read this as proof "the DNC emails weren't hacked by Russia, it was someone else making it look like they did and US intelligence was fooled". Just because you can replace some text strings with Russian doesn't mean experienced intelligence operatives will be fooled.
I'll bet when the CIA does this they know they won't fool the Chinese equivalent of the CIA into thinking something the US did was done by Russia. The CIA is doing this with lower tier targets in mind, like if they hacked some random Chinese bank or Iranian bank trying to track terrorist financing, They probably contact some security firm who will have a quick look, see the Cyrillic alphabet, and say "our detailed analysis concludes it was Russians trying to steal some money, here's our bill for $5000. We can fix your security to insure they aren't successful in taking millions from you for another $50,000, just sign here!"
I think we usually hear that the actual foreign-state hackers include complete patriotic propaganda messages in their work - and the specific up to date ones, too. Technically those still could appear in false-flag efforts, but it seems more likely that it's real enthusiasts for whichever nation is involved, maybe not even paid but just happily changing the U.N. web site to a Syrian flag or making the BBC tweet trash talk about Ukraine. The basic futility of such exercises in a situation where people are getting killed for wearing a hat that suggests the wrong political sympathy also supports a point of view that this isn't the CIA faking it. But it could be.
So the Russian hackers wrote the code in Russian so people would think it was the CIA trying to make it look like Russian hackers.
Of course perhaps they thought of this and wrote it in Russian so that people would think it was the Russians trying to make it look like the CIA were trying to make it look like the Russians trying to make it look like the CIA.
Everyone knows the milk marketing board is behind it all
(yes I know it's not true but) So, it's possible there is only one government hacking group in the world, the CIA. In order to keep their job and get more fun-ding, they pretend to be the enemy one day, then the hero the next. Hell, it might be so compartmentalized that the CIA peeps that have coffee together in the afternoon, not realizing they have been playing war with each other all day.
I wouldn't be surprised if all nations didn't just end up contracting with the same group of black-hats that are playing all sides. Telling the Americans that Russia has a new tool, and they have their own tools for detecting it, and then telling the Russians that the US has discovered their attack vector, but their group can make something the Americans can't detect.
Reminds me of a story I read about scientists during the Cold War that set up "Think Tanks" in both the US and Russia. They'd communicate between each other claiming the other group is their spies so they can build something that would defeat the other sides' new toys. Then they'd also need access to both sides' current toys so they can evaluate them for weaknesses and areas for improvement. They'd go to the governments of either side with something the other team built, claim the other side is building it, and then ask for money to design something to counter it (which they'd send that new project to the other team for them to present it to the other government). Can't remember if it was fiction, but I'm pessimistic enough to believe that something like that could happen...
An interesting choice of variable names...
BOOL SetScrambler(WCHAR *&wcChoice)
if (wcChoice == NULL)
BOOL bRet = TRUE;
WCHAR *wcCopy = _wcsdup(wcChoice);
WCHAR wcSeps = L"\".";
// account for full paths
WCHAR *fuckme = wcsrchr(wcCopy, '\\'), *wcName = NULL;
if( fuckme == NULL )
wcName = wcstok(wcCopy, wcSeps);
if( !wcName )
wcName = wcstok(NULL, wcSeps);
wcName = fuckme + 1;
I mean you used to know if they spoke with thick german accents, they were German, or at least Bristsih actors with colds.
Now who knows what to believe, or who to trust?
It really is...most unsettling.
Anyone else noticed that whatever icon you select, a troll shows up?
A alternate view. Wiki releases code to change languages to make uncle sam look bad and be trying to hide his/her tracks with false flag ops. Ok its plausible but ask yourself this, what about recursion?
What if the wiki code is a false flag, to make us all think that, and muddy the waters more.
That would be a absolute barnstormer of a false flag idea, just like a nation state that has invested massive resources into psyops for decades would be proud of!
Who to trust, not Julian either. Keep all options on the table...
Biting the hand that feeds IT © 1998–2022