Der Starke is a diskless, EFI-persistent version of Triton. Once active on a target system, the implant executed within diskarbitrationd and typically performs network ommunications through a browser process so that PSPs like Little Snitch cannot easily detect it's presence. This Companion User Guide is meant to supplement the Triton User Guide.
---
This is obvious to most people here but it might not be to others, if the attacker got physical access to the machine it's game over.
So the CIA is using components from the malware known as Carberp, a suspected Russian organized crime rootkit, which mean instead of helping people protection their computer from organized crime they allow the vulnerability to continue. How is this moral?
It's not an either-or; this is malware, not vulnerabilities. For the most part it doesn't make sense to think in terms of using malware components to protect systems from malware.
This misunderstanding has come up on a bunch of other threads too; it seems to be pretty widespread. You can't really "burn" most persistence techniques, publishing them in a way that makes them easy to defend against. If you could, a whole lot of platform security engineering would be much easier.
What part of a "persistence method" are not using vulnerabilities? If you infect the boot loader, bios, firmware, or some other methods to create persistence then those are vulnerabilities. That a system can get infected in such way is not by any intended design.
Could give an example of a persistence techniques that is using a intended feature of a computer system in order to hide the malware in unintended places in such a way that the system can't remove it (which itself is a unintended functionality).
Well intelligence-gathering is the CIA's nominal job. You could say this policy of using malware is a policy for the government as a whole, and I'm inclined to agree, but if you're going to have an agency devoted to espionage (and you'd be an idiot not to because every other country does) then it's unreasonable to expect them not to use whatever tools are available.
I have to say comments like this sound like you also worry that teaching CIA agents to pick locks might result in an increase in property crime, a position that's hard to take seriously.
Backdoors from the 90s included actual purpose-built compilers. Whatever the CIA is doing, a good bet is that it's clownshoes stuff.
(I'll leave this comment here, but it responded to the original editorialized title of the story, which pointed out that this trojan had "its own language".)
Sub7 had an editor back in the day that would allow you to build a custom client. I don't remember the technical nature of it. I believe it was just packing configuration and the client into a single executable w/o recompiling, but this is the kind of stuff teenage script kiddies were doing back in the day with VBS and/or Delphi.
At this point I think Wikileaks is largely trash. Their agenda is blatantly anti-us motivated.
This leak and the previous one are examples. The CIA is a spy organization. Their job is to spy on foreign influencers. As such, they have spy tools... Just like Russia, China, the UK, etc. etc. If the headline here mattered, it would be, "Spy Agency has Spy Tool". There is no evidence at all that this stuff has been used domestically. But wikileaks buries that headline.
Wikileaks continues to push the agenda that these leaks correlate with the legitimate PRISM leaks that we saw earlier. They push the narrative that these tools are being used on americans, should be ashamed, don't trust your intelligence agencies etc. Fueling the populist anti-intellectual bs we have going on in the world right now.
Don't get me wrong. The US government should be ashamed of PRISM and the actions of the NSA, but Wikileaks should be ashamed of these leaks and the way they're representing this information..
> An internal investigation by the C.I.A. has found that its officers penetrated a computer network used by the Senate Intelligence Committee in preparing its damning report on the C.I.A.’s detention and interrogation program.
Just because you find an error doesn't mean you get to declare the whole premise of the argument invalid. By that logic, we should not have police or military forces either, since police officers and military personnel have engaged in atrocious behavior at various times.
Why do so many people on HN reason like this? If you find a bug or design error in your code, do you fix it or delete the entire codebase and renounce such projects forever?
Which goes to my point. If you have any issues, you have an issue with the fact that they hack congressional computers, not that that possess exploits and malware, which this article is about.
You have an issue with their actions in that particular case, which is outside the scope of this article, or the argument that I was making.
> They push the narrative that these tools are being used on americans, should be ashamed, don't trust your intelligence agencies etc.
I then show public examples of the CIA not only using hacking tools against Americans, but against the very oversight framework that's supposed to keep them in check.
He's making the point that this is a tool. A weapon, but a tool. It's a very targeted tool, requiring manual delivery to an individual system. Getting upset at the CIA having this is like getting upset that they have assault rifles. Sure, they can do horrible things with assault rifles, and agents could even storm a US household and kill citizens. But as much as that would reflect horribly on the CIA, the fact that assault rifles exist and they have access to them is not indicative of their intent to use them on US citizens, regardless of whether it has happened in the past. Their charter means that these tools have valid reasons for existence under their normal, expected operating parameters.
I mean, your example is not really the best. Rifles are just another tool that I'd call for to be removed from the CIAs arsenal if they were on record as using them against the Senate Intelligence Oversight Committee.
Why? What if it was knives? Should be make sure the CIA has no knives? The problem isn't the tool, it's the people in place that let them be used inappropriately. If the Army used a tank inappropriately, I wouldn't call for all tanks to be removed from the Army's arsenal, I would call for a review of the people and procedures that allowed it to happen. Tanks are a valid and essential part of our offensive and defensive arsenal. As are assault rifles. As are missiles. As are digital infiltration and information gathering techniques and software.
> Uhhh.. yes.. it's pretty common for the army to be temporarily disbanded for using tanks against the government (ie. orchestrating a coup).
There you go. The tanks weren't removed, the organization was disbanded. Having tanks is not an indicator that an organization will attempt a coup, if having tanks is useful to the normal function of that organization.
At this point, you're making my points for me, so either it's evident to you at this point, or you aren't going to get it (as you're consistently misinterpreting the point), or you're trolling. In any case, I don't see this continuing productively past this point, since I'm just repeating myself.
You're just making a different point than the OP. He was arguing that there's no evidence that these tools have been used outside of the accepted bounds of the CIA. That's obviously false given the Senate hacking (which itself was over the CIA not liking the results of governance over another tool in their arsenal: "enhanced interrogation").
But going back to the temporary disbanding, how in practice do you think that would work? You can't just jail or execute all of the military. Wouldn't it stand to reason that the very weapons used against the government would be locked up until you could figure out who those 'domestic enemies' are that the Oath to the Constitution talks about? Yes the very existence of these tools isn't a problem, these tools being in the hands of those who have proved that they are systemically incapable of legally using these tools is a problem. You therefore remove those tools from their arsenal, going so far as to disband them entirely if necessary (ie. if their use of these tools threatens the country on a whole and you can't trust them to truly give the tools up completely).
I don't have a problem with the use of these tools in general by intelligence agencies, I have a problem with the CIA's access to these tools.
> I then show public examples of the CIA not only using hacking tools against Americans, but against the very oversight framework that's supposed to keep them in check.
Again, you're not arguing that the possession of the tools, which this article presents, is the bad thing. Your issue seems to be with the hacking of congressional computers, which I agree, is a bad thing.
The scope of this article (and the previous leak) is showcasing the tools and abilities of the CIA. I argue that we want the CIA, the espionage arm of the US government, to have the ability/tools to conduct espionage. Now how they apply those abilities/tools is up for debate and scrutany.
Good god people, this is literally the anti-encryption argument, with the tables flipped.
When they apply those tools against the very checks and balances governing the use of those tools, the only safe option is to (at least temporarily) remove those tools from their arsenal.
> There is no evidence at all that this stuff has been used domestically.
I read the article and they do not imply any connection to PRISM.
Anyway, why would you be fine with such tools being used on non-US targets? Would you not be outraged if an equivalent tool was used on US targets by a non-US government?
> Would you not be outraged if an equivalent tool was used on US targets by a non-US government?
As a targeted investigation of an individual (which is what this would be used for)? No.
> Anyway, why would you be fine with such tools being used on non-US targets?
Because I literally cannot envision a world where the incentives mean state actors are not going to be doing this. You can legislate it away, or make moralistic announcements, but unless you actually remove the incentive, it will happen. If it's happening, I want my government to have at least the average level of proficiency.
The difference with domestic spying is that based on our laws, ethos, type of government and the fact that the people doing the spying are also citizens means that there are some powerful counter-incentives along with the incentives to spy domestically. That at least gives it a chance to be curtailed in some ways. Foreign spying really doesn't have the same counter-incentives.
> Anyway, why would you be fine with such tools being used on non-US targets? Would you not be outraged if an equivalent tool was used on US targets by a non-US government?
This logic does not work.
Would you be okay getting shot if you broke into someone else's house? No. But other folks have a right to protect their houses.
The US has a right and constitutional duty to protect itself and it's citizens. You can argue about the best way to do that but it's a non-starter to say that we can only do the things that we would want other countries to do us.
Using that logic, we would get rid of all of our weapons.
>I read the article and they do not imply any connection to PRISM.
These leaks attempt to piggy back off of the snowden media frenzy
> Anyway, why would you be fine with such tools being used on non-US targets? Would you not be outraged if an equivalent tool was used on US targets by a non-US government?
It is the duty of each government to look after the well being of its people with the resources it has, up to and including spying. Spying has gone on since the dawn of civilization. My opinion extends to foreign governments attempting to spy on the US.
Does it help the human race as a whole? No, but that's a much bigger philosophical debate.
The activities of CIA are not and have not ever been good for we "people" of USA. Sometimes if one squints hard enough, it seems that perhaps they have been intended to be for our good, but usually that's not even the case.
You opinions about the CIA's actions are just that. I have negative opinions about the CIA's actions in many instances as well. Their possession of these types of tools however, clearly falls within their official stated goal, the standards we should judge them by.
It's interesting that 50-USC-46 doesn't seem to actually "officially state" any goal for the agency. That seems too glaring an oversight to be unintentional, so your appeal to such standards seems unfounded. I suggest that by any reasonable standard, CIA should have been shuttered decades ago. Even the tools seen here are indicted elsewhere in this thread by a knowledgeable person as "clownshoes".
I don't have time to read the entire law regarding the CIA, so I'll take your word on that, but from their website:
The function of the Central Intelligence Agency is to assist the Director of the Central Intelligence Agency in carrying out the responsibilities outlined above.
To accomplish its mission, the CIA engages in research, development, and deployment of high-leverage technology for intelligence purposes. As a separate agency, CIA serves as an independent source of analysis on topics of concern and also works closely with the other organizations in the Intelligence Community to ensure that the intelligence consumer—whether Washington policymaker or battlefield commander—receives the best intelligence possible.
Though I will agree with you that this is just a statement on their website, not law.
>That seems too glaring an oversight to be unintentional, so your appeal to such standards seems unfounded. I suggest that by any reasonable standard, CIA should have been shuttered decades ago. Even the tools seen here are indicted elsewhere in this thread by a knowledgeable person as "clownshoes".
Speculation and opinions are just that, speculations and opinions.
Speculation and opinions are just that, speculations and opinions.
Hilarious! We're discussing CIA. The whole point is that they don't submit to the scrutiny of their employers. "You don't know what we're doing, so we could be doing the right thing!"
Um... Need I remind you, that everything from Vault 7, was leaked on flash drives, (vault 7 shit doesn't require infrastructure to deploy or use as most nsa implementations do), and given to ex spooks, contractors, ex contractors, private contractors, even those with no intention of working for the government. Basically a deal sweetener, for those with similar status or ideals. Has been showing up in pieces for sale in various places online. I suggest looking into where Assange got his copy of the flash drive from. Pretty interesting.
Also, 'the hammer' was purchased by blixtech, who's owner (Edra Blixseth) used it to hack her husband's lawyer during divorce proceedings, upon finding out, he confronted the engineer behind it, who had previously filed 18 formal whistleblower reports with the White House and was denied all 18 times. He has recorded full video testimony and a dozen affidavit's, and received full immunity, finally, two weeks ago. When the story first broke, no judge would pursue it. Eventually Joe arpaio tried to, and Fox recorded extensive reports, which have not yet aired. The engineer provided 800 million recorded phone calls, as many bank records, and emails. The system was just some sort of brute force which broke ssl. This has been mentioned in vault 7, briefly, but will be expanded on in a release very soon. Fox was provided with 10 million sample users, so they could take local callers who were willing to hear their conversations on air to prove this. There is an hour of recordings with Tim Blixseth, Joe Arpaio, and a few others, going over many more details. Definitely worth looking into, however it shouldn't be much longer until it is revealed in full. Pretty insane. Look into it, will blow your mind.
I'll add that this isn't normal collection. This was off the books. As in, he was routinely given 5,000$ cash to take to Lockheed facility to give to a contact who would 'sneak' him into use a faster machine.(1 billion attempts per minute.) As well as an sending stuff to the oval offices direct fax line. Everyone believes Trump is saving this as the big reveal, an answer to Obama wiretapping, and as the reason Obama got up, said forget the whole 'build a team to fight trump in DC' thing, got up left his family, and flew to Tahiti (non extradition) for the foreseeable future.(went from month to months to foreseeable future.)
You really, really need to back up assertions like this with sources. Whether it's true or not, it comes across as ranting conspiracy theory without them to anyone that doesn't have the same background information as you. At best you do nothing, the likely case is you get downvoted to oblivion, and the worst case is you actively hurt your cause, as people will have cataloged some of the claims as likely false based on the presentation and source, so future exposure will suffer.
Cite your sources. If you think the sources will be discounted by the people you are presenting to, make a case why they should not be, reexamine why you think they are trustworthy, or both.
Obviously to understand the scope and scale of the events I tried to use as an example, a vast number of things are required. Im unable to use a computer until tonight and on the run, however, everything I mentioned is all very easy to find online, it's just not on giant websites. Everything I claimed or presented as fact is all findable, and so much contextual information on this and many other events is widely unknown, which is why, if one is interested in seeing the big picture, you need to learn to ignore all the noise. Ignore both sides of all arguments, it's all bs. There's a reason polls are now claiming as high as 70% don't trust the validity of the msm. I'll provide as many sources as I can come up with briefly below.
https://m.soundcloud.com/stephenlemons/fruit-of-the-poisonou... (part two from same user 20min section is part 1 url misleading) more information can be found out about this recording, but it's going to take some searching. I suggest duckduckgo or similar, nothing is great really, but since the election time, Google removes massive amounts of useful indexing based on who knows what, and ends up being useless half the time when politics and sourcing information is concerned.
I don't blame them though, because noone wants anyone to know which people have been caught and which haven't, as obscurity and surprise prove to be huge assets when trying to get people to come forward to testify against superiors. There is a ton of fuckery on both sides here, but it is all unraveling and record pace. Dennis Montgomery is name of whistleblower. Got immunity two weeks ago facilitated by freedom something. Press release by some popular free speech group has more information. Freedom something. Julian Assange provides ton of insight in last couple live interviews as to source of vault 7. And there are about 50 different ex Intel guys who have offered insight into it's source, they are all over the place. Doesn't matter if you are in such heavy denial you refuse to look, but spend enough time and it really is all there, no question or speculation. Sorry, driving, terrible fragmented reply. I'll hook it up fat when I get home. Although all the queries are here to find everything. Avoid Google, use quotes, confirmation bias is fine to locate the information, but seek further context upon locating it.
On rare occasions, dogs have been known to fly away into the sky. The proof is on the internet and easy to find. You just won't see it on the major websites. You need a lot of historical context and specific knowledge to truly understand it and see through the lies. I won't go into the context here because it would take too long, but you can easily research it yourself. Everything I've claimed is fact. Believe me, I said its fact.
If you can't find the information I'm talking about, its because big business and Obama removed it from the internet. This is a huge story and it would be all over the news if it weren't for leftists trying to hide the truth.
WikiLeaks publishes what they get, if it is authentic, if it wasnt yet published elsewhere and if they find it historically significant. They cant really choose what to publish, since in case they would try to censor some leaker, he can easily leak via some other channel and accuse WikiLeaks of being biased and not publishing his leaks.
Would you like them more if they would publish what they get, unless it somehow hurts American institutions?
Why should WikiLeaks protect only US? They arent US organization, Assange is Australian, most staffers are European based.
Your arguments sounds like it came from somebody who would say, that leaked DNC and Podesta emails should not be read, because they can hurt DNC campaign. I advise you to start advocating for big American firewall, something like China has, so you can protect US citizens from all information that might open their eyes but hurt some officials.
It very important that these tools are published, so software companies can patch their software and people are able to protect themselves. Not everyone is US citizen. Rest of the world greets any leaks from intelligence agencies from any country. If you dont want, dont update your OS and security software, the rest of the world will.
Maybe they do, but it's also within their power to withhold information or publish selectively. It seems a little odd that they only seem to get information that hurts the US and its allies, but never information that would create problems for other superpowers.
Perhaps that's entirely coincidental but then again perhaps it's not. I support Wikileaks' existence but don't take their claims at face value and question whether they are really the disinterested actors they claim to be.
An important consideration is that if Wikileaks publishing criteria is as simple as the GP asserts, it's easy for them to be used by third parties to push an agenda. If, for example, Russia was behind a lot of the information leaked, then Wikileaks is the possibly unwitting mouthpiece of the Russian state, and are in fact laundering the information to present it without context. In both cases you find out about tools the U.S. intelligence apparatus uses for espionage, or about DNC emails, but if you know that comes from a foreign government, that is an important piece of context that's being lost. Normally, that government would be forced to either release it anonymously, or through a fictitious online identify, or as themselves. Having Wikileaks injected into the chain of custody changes the context it's perceived in.
Agree with your point re. Wikileaks, but I disagree that the PRISM leaks were legitimate, or anything to be ashamed of. To my knowledge, no compelling evidence indicates that the Constitutional or legal rights of Americans have been violated.
I guess you could argue whether PRISM was lawful or not. I think we can all agree though that there was a recognizable moral gray area there that needed to be brought to the attention of the people. When brought to the light, the legitimacy could be argued.
These current leaks are just attempts at undermining.
---
Der Starke is a diskless, EFI-persistent version of Triton. Once active on a target system, the implant executed within diskarbitrationd and typically performs network ommunications through a browser process so that PSPs like Little Snitch cannot easily detect it's presence. This Companion User Guide is meant to supplement the Triton User Guide.
---
This is obvious to most people here but it might not be to others, if the attacker got physical access to the machine it's game over.
https://wikileaks.org/vault7/document/Grasshopper-v2_0_2-Use...
---
Grasshopper has the following system dependencies:
Python 3.4: The Grasshopper build system was developed and tested for Python 3.4
---
Nice! A lot of government projects are stuck on older versions of Python tied to ancient OS versions.
I gotta say, the rule matcher syntax and the overall design is done very well. Hat tip to the authors if they are reading this.