I follow all of their leaks, but i'm not aware of these "summaries" you are referring to. It sounds like perhaps your interaction with wikileaks is mediated by the media, and your problem is with the media.
For instance, this link we are commenting on is directly to a primary document, with no summary provided. The only "summaries" i am aware of, would be their tweets, which are inherently oversimplified.
I recommend the wikileaks subreddit for navigating the "unreadably large cache" if that is an issue you are facing.
> The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion
There's no evidence the CIA has ever done this. This is pure conjecture based on the fact that there's demo code showing that the library supports Unicode.
They're pretty obviously trying to push the idea that attribution of hacks (such as the DNC hack) can be really easily spoofed, and you shouldn't trust them. And it's working:
> They're pretty obviously trying to push the idea that attribution of hacks (such as the DNC hack) can be really easily spoofed, and you shouldn't trust them.
OK, and? Is it incorrect that they can spoofed? If not, doesn't that necessarily mean that you can't take "the Russians did this" at face value?
It's entirely irrelevant to this release. The attribution to Russia has nothing to do with the language of strings embedded in the malware.
It's based on the re-use of the same exact techniques, including command-and-control server addresses and encryption keys that have been used in many, many other attacks that align extremely closely with Russian interests.
Successfully hacking, over the course of about a decade, American government interests, Eastern Ukrainian militias, Russian dissidents, the Olympic anti-doping committee investigating Russia's wide-spread doping scandal, journalists investigating the downing of MH17, etc. would be a very convoluted and expensive way to spoof attribution of this one attack.
> It's based on the re-use of the same exact techniques, including command-and-control server addresses and encryption keys that have been used in many, many other attacks that align extremely closely with Russian interests.
Is there an official source that actually breaks down the similarities to which attacks? I have my doubts about the attribution of the DNC hack to _state_ agents. The only specific I've read was the Gucifer 2.0 windows language being set to Russian.
Every other attribution has been a "trust us, we've seen this before" but I am very skeptical of intelligence and law enforcement agencies unattributed claims and I think they've earned that distrust.
You are correct that the publicly available evidence doesn't point directly to the GRU, but rather merely to an anonymous extremely well-resourced group whose interests align extremely well with Russian military interests. While the GRU is the most reasonable conclusion, this would leave open, for example, the possibility that some contractor to the Russian military is operating with independence, not actually under direct order from the Kremlin.
The intelligence community claims to have knowledge, through conventional intelligence rather than forensics, that this was done by the GRU themselves, under order from the highest levels of leadership. This presumably means they know who the hackers actually are, whom they report to, and the general structure of the agency. They claim they have multiple, strong, independent sources confirming this, but they can't reveal their intelligence publicly without compromising those sources.
>There's no evidence the CIA has ever done this. This is pure conjecture based on the fact that there's demo code showing that the library supports Unicode.
Where is the conjecture? the exact quote is "this would permit" not "this has happened"
> They're pretty obviously trying to push the idea that attribution of hacks (such as the DNC hack) can be really easily spoofed, and you shouldn't trust them.
They are ~revealing~ the capability and intent of attribution obfuscation. I disagree with your assessment that they are ~pushing~ something, implying that there is something which is not self-evident which requires some kind of coercion for belief.
Stop being obtuse. Human communication is more nuanced that formal programming language. The context in which you say something is just as important as the content.
It is very easy imply something and push a specific agenda without technically lying.
What if I take out an add that says:
"elif regularly participates on hacker news--a forum for computer programmers and 'hackers', and he is a programmer who can create malicious programs. The libraries he uses support multiple languages, like Chinese and Russian, giving him the capability to make it look like these programs were created by foreigners."
I'm just describing your capabilities. But the way I said it implies to non-experts that your actually writing malicious code, because they lack the context to understand what they're reading.
They don't understand that all programmers have the capability to create malicious programs. And most importantly, just like the readers of Wikileaks commentary, they don't realize that supporting Unicode is very common, and it's necessary if you want to parse text written in it. It's not a specialized capability that you'd only want if you intended to write in Russian or Chinese.
They're ~revealing~ the capability for computers to store text in foreign languages, even if the programmer doesn't speak that language natively? All the source docs say is that if a programmer wrote text in a foreign language, the code isn't going to blow up.
Wikileaks is implying -- heavily enough that every news article I've seen mentions it (some, even, without the "might" or "could") -- that the main reason the CIA would support Unicode is so that they can trick people into thinking they're Chinese.
Mentioning (the quite obvious fact) that it's possible to include foreign text in code as an effort to confuse adversaries, while discussing an actual implementation of text obfuscation, will confuse reasonable people who lack the technical understanding of what this is into thinking the software obfuscates text by somehow changing the language it's in.
Here's a more egregious example:
This doc (https://wikileaks.org/ciav7p1/cms/page_13763790.html) contains one line "Vehicle Systems (e.g. VSEP)." It doesn't elaborate what "Vehicle Systems" they mean or define "VSEP," but given the other projects worked on by the same team (all using embedded systems to spy on you), the most reasonable interpretation to me is that they'd be trying to intercept GPS and other sensor data, including voice and video from cameras and microphones.
Wikileaks wrote "As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations." In this case, they added the word "control" from nothing, making the completely unsupported claim that the CIA is investigating the possibility of assassinating people by hacking their cars (which, hey, might be true... but there's nothing supporting that idea here).
Sure enough, dozens of article were written about how the CIA is killing people by driving their cars off cliffs.
>They are ~revealing~ the capability and intent of attribution obfuscation.
This framework is used to obfuscate. The document itself seems to suggest they built this framework to be very generic and prevent attribution.
Where in this document do you see Wikileaks is misdirecting attribution? It is possible the CIA does miss-attribution, but none of these documents suggest that (which is not in line with how Wikileaks is framing it)
If you read the articles published in the media they often contain phrases like "according to WikiLeaks" or "Wikileaks said". That is because Wikileaks gives summaries and comments. For a taste of how they mislead journalists, you can follow the wikileaks twitter account.
I follow all of their leaks, but i'm not aware of these "summaries" you are referring to. It sounds like perhaps your interaction with wikileaks is mediated by the media, and your problem is with the media.
For instance, this link we are commenting on is directly to a primary document, with no summary provided. The only "summaries" i am aware of, would be their tweets, which are inherently oversimplified.
I recommend the wikileaks subreddit for navigating the "unreadably large cache" if that is an issue you are facing.