LEAKED NSA MALWARE THREATENS WINDOWS USERS AROUND GLOBE…

Capture

By Sam Biddle

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.

The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.

The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.

via Matthew Hickey

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Hickey provided The Intercept with a video of FUZZBUNCH being used to compromise a virtual computer running Windows Server 2008an industry survey from 2016 cited this operating system as the most widely used of its kind.

https://player.vimeo.com/video/213263277?title=0&byline=0&portrait=0&badge=0&color=ff0179

Susan Hennessey, an editor at Lawfare and former NSA attorney, wrote on Twitter that the leak will cause “immense harm to both U.S. intel interests and public security simultaneously.”

A Microsoft spokesperson told The Intercept “We are reviewing the report and will take the necessary actions to protect our customers.” We asked Microsoft if the NSA at any point offered to provide information that would help protect Windows users from these attacks, given that the leak has been threatened since August 2016, to which they replied “our focus at this time is reviewing the current report.” The company later clarified that “At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.”

Update: April 14th, 2017, 7:20 p.m.

This post has been updated with an additional comment from Microsoft.

40 targets in 16 countries: Scale of CIA-linked #Vault7 hacking tools revealed by Symantec

Hacking tools linked to the CIA in the recent WikiLeaks Vault 7 release were used to target at least 40 organizations in 16 countries, according to internet security firm Symantec.

*

READ MORE: WikiLeaks publishes #Vault7: ‘Entire hacking capacity of the CIA’

The techniques detailed in Vault 7 were almost certainly developed and used by the same group, Symantec said Monday. The tech company has corroborated a number of the tool “development timelines” put forward by WikiLeaks.

While Symantec does not specifically mention the CIA – instead referring to the group responsible for the attacks as ‘Longhorn’ – the latest revelation gives further credence to WikiLeaks’ assertion that Vault 7 is part of the intelligence service’s “hacking tools”.

Screen Shot 2017-04-10 at 10.32.14 AM

“The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,” a Symantec statement said.

“The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tacts to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”

Screen Shot 2017-04-10 at 10.33.28 AM

Longhorn has been active since at least 2011, according to Symantec, infiltrating targets in the financial, telecoms, aerospace and natural resources industries.

READ MORE: #Vault7: WikiLeaks reveals ‘Marble’ tool could mask CIA hacks with Russian, Chinese, Arabic

“All the the organizations targeted would be of interest to a nation-state attacker. Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally,” Symantec added.

WikiLeaks recently published a tranche of information purportedly comprising files from a CIA center in Langley, Virginia. The hacks detailed in the documents included using of malware and trojans designed by a CIA Engineering Development Group to be “unaccountable” and “untraceable”, Julian Assange said.

READ MORE: #Vault7: Key revelations from WikiLeaks’ release of CIA hacking tools

A WikiLeaks description of a “Fire and Forget” process for a tool called Archangel is “closely matched” with a Longhorn tool called “Backdoor.Plexor”, according to Symantec.

Meanwhile, WikiLeaks’ release of a development timeline for malware called Fluxwire closely aligns with a Longhorn tool tracked and labeled Corentry by Symantec. Evidence of Longhorn’s use of advance “zero day” techniques leaves “little doubt” about the group’s link to Vault 7, the internet firm adds.

The CIA has refused to comment on the authenticity of the WikiLeaks documents, which so far have been published in four batches online.

“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America,” the CIA said in a statement last month.

“Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools to do us harm.”

SHADOW BROKERS HACKERS RELEASE NSA HACKING TOOLS TO PUNISH TRUMP FOR ‘ABANDONING’ HIS BASE

NSA whistleblower Edward Snowden has confirmed that the leak included authentic NSA software

Hacking group Shadow Brokers has released the password to a trove of NSA exploits in what they say is a form of protest against President Donald Trump for going back on his campaign promises, and warning the president, “Don’t forget your base.” 

The shadowy group first emerged last August and released hacking exploits used by the NSA’s Equation Group, which included vulnerabilities in firewall products, and a list of IP addresses the NSA had exploited, which the group released at a later date.

Screen Shot 2017-04-09 at 4.42.30 PM

Shadow Brokers released passwords to the rest of the exploits on Saturday, in a move they described as a protest against Trump, who they say has “abandoned” his base by going back on many promises made on the campaign trail.

NSA whistleblower Edward Snowden has confirmed that the leak included authentic NSA software. The leak doesn’t contain the entire spy tools library, Snowden tweeted.

However, he added that “NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it’s a scandal.”

Screen Shot 2017-04-09 at 4.44.59 PM

Back in August, The Intercept used unreleased documents from Snowden to confirm the Shadow Brokers’ exploits were authentic.

The files appeared to be from up to late 2013, after Snowden had revealed the NSA’s spying reach. They included code to exploit unknown security flaws in CISCO hardware.

Screen Shot 2017-04-09 at 4.47.01 PM

The password provided by Shadow Brokers unlocks the hacking tools, which include servers belonging to companies and universities which are allegedly used to deploy malware, according to researchers who have examined some of the documents. WikiLeaks tweeted the dump includes “hacking attacks on EU states, Russia, China, Japan and South East Asia.”

Screen Shot 2017-04-09 at 4.48.17 PM

Screen Shot 2017-04-09 at 4.49.30 PM

Screen Shot 2017-04-09 at 4.50.05 PM

Shadow Brokers listed some of the reasons they were unhappy with Trump in a Medium blog post:

W (TheGlobalists) and Military Industrial Intelligence Complex (MIIC), cabinet, #2 — Backtracked on Obamacare, #3 — Attacked the Freedom Caucus (TheMovement), #4 — Removed Bannon from the NSC, #5 — Increased U.S. involvement in a foreign war (Syria Strike).”

The group also criticized Trump for launching the cruise missile strikeagainst Syria, saying: “Whose war are you fighting? Israeli Nationalists’ (Zionist) and Goldman Sachs’ war? Chinese Globalists’ and Goldman Sachs war? Is not looking like you fighting the domestic wars, the movement elected you to be fighting.”

The group earlier attempted to auction the “best files” for more 1 million Bitcoin, but abandoned the plan in January.

The post seemingly lends clues as to the identity of the group. “Did you know most of theshadowbrokers’ members have taken the oath ‘…to protect and defend the constitution of the United States against all enemies foreign and domestic…’.” it reads. “Yes sir! Most of us used to be TheDeepState everyone is talking about.”

While the Shadow Brokers were accused of being Russians, several NSA insiders earlier told the media that signs pointed to it being someone within the NSA.

Intel Agencies Obstruct Trump On Leaks – Reassign Analysts To Aleutians, Sudan, Yemen

By Rick Wells

It was one thing when the John Kerry State Department refused to provide Hillary Clinton emails while the enemy Democrats were in power or when DHS and DOJ were obstructionists in prosecutions, investigations or FOIA requests under Lynch, Comey and Jihadi Jeh Johnson. That was a little surprising at first but we soon learned as the Obama regime dragged on that it was not a government as much as it was a mechanism of social manipulation and perpetrator protection.

What is surprising is that the stonewalling and obstructionism is continuing under President Trump, with some of the denials directly impacting him in a negative manner. Most prominent and incredible are the revelations that the intelligence community is stonewalling the investigation into leaks of classified information to the “press” about Trump associates. In doing so the deep state operatives are not only telling the president to “stick it,” they’re telling members of Congress the same thing.

Fox News cites one unnamed source who sits on the House Intelligence Committee, likely a Republican, who said, “Our requests are simply not being answered. The agencies are not really helping at all and there is truly a massive web for us to try and wade through.”

The same story was told to them by a Senate Intelligence Committee member who said, “Any information that will help find the wide extent on the unmasking and surveillance is purposely not being provided.”

The NSA denied it was happening, saying, “Allegations that the National Security Agency is ‘withholding information’ from congressional intelligence committees investigating Russian interference in the 2016 election are categorically untrue.”

They added, NSA fully supports the committees’ work. We have already made available significant information in response to their requests, and we look forward to continuing to work with them in the execution of their important responsibilities.” That sounds eerily like Clinton’s statements about the 33,000 email pages of spam that were held up as proof of their cooperation.

Surely President Trump can find a solution to this problem without too much effort. It would seem that within the web of think tanks and retired experts in DC there would be twenty people with top level security clearances, ten of which could be assigned as a special operations unit to the NSA and another ten to the CIA. They would need to be familiar with the capabilities and procedures so that they couldn’t be lied to about whether or not something could be done and the amount of time required.

Then President Trump could simply send them out as information posses, with instructions to not leave the facility they where they went for the documents until they were in their possession. If they needed a military escort in order to secure its release, that would be pre-arranged with the Pentagon or whatever was the most appropriate military facility.

He’s the Commander-in-Chief, for crying out loud. How difficult can this be? If the recalcitrant analyst persisted, he could be escorted off property, his access cards confiscated and a transfer to the Aleutian Islands or similar “prime” duty station set up for the following day. There would be plenty of empty time in a hellhole like that to think about their attitude and what could be done to improve their willingness to work with others andfollow instructions.

After one or two postcards home from the reassigned troublemakers, the rest of the malcontents would likely decide that it’s better to do their job than to freeze or get shot at on some misguided principle. As cold as DC is in the winter, it’s nothing like Alaska, the information would start flowing immediately. Maybe they need analysts in Libya, Yemen, or Somalia. The possibilities for motivational readjustment assignments are endless.

US lawmakers want to know how many Americans under surveillance

Top members of the House Judiciary Committee have asked the Trump administration to reveal how many Americans are affected by expiring foreign surveillance programs that gather massive amounts of personal data.

*

In a letter to Director of National Intelligence Dan Coats, House Judiciary Committee chairman Bob Goodlatte (R-Virginia) and ranking member John Conyers (D-Michigan) have called for an estimate, according to Reuters, on how many Americans are involved in surveillance operations that expire at the end of the year. The surveillance programs in question are vested in Section 702 of the Foreign Intelligence Surveillance Act (FISA).

“It is clear that Section 702 surveillance programs can and do collect information about U.S. persons, on subjects unrelated to counterterrorism,” wrote Goodlatte and Conyers. “It is imperative that we understand the size of this impact on U.S. persons as our committee proceeds with the debate on reauthorization.”

The pair have requested an answer by April 24, Reuters reported.

*

Section 702 of FISA authorizes warrantless data collection of electronic communications stored by US internet service providers, including the likes of Google and Facebook, or that moves across the internet “backbone” located in the US via telecom providers such AT&T. The statute, while explicitly aimed at non-US persons overseas, allows the collection of innocent Americans’ data as long such information is bundled with a single communication involving or related to a target.

The statute, which gives legal cover to the National Security Agency spying programs PRISM and Upstream, which were revealed by Edward Snowden in 2013, also does not require for communications collection that an individual be a suspected terrorist, spy or foreign agent, nor does it demand judicial approval to target someone. Information gleaned by such data collection can be kept for years and be used for purposes that do not have to be related to national security.

Section 702 of FISA may be at the root of Trump’s claims that the Barack Obama administration collected data on he and his staff prior to taking office.

An estimate on how many Americans’ communications have been collected through Section 702 justification is “crucial as we contemplate reauthorization” of the statute prior to December 31, 2017, the committee members wrote, according to Reuters.

*

The House Judiciary Committee made a similar request of the Obama administration in December, but a report did not materialize before Donald Trump took office on January 20.

Section 702 was added to FISA, a law first passed in 1978 to collect foreign intelligence information, with bipartisan support in 2008. The amended law was then reauthorized for five years in 2012.

Disclosures by former US intelligence employee Edward Snowden showed that, through the program PRISM, the NSA uses Section 702 as a legal basis for collecting both content and metadata stored by several major internet companies that pertain to specific selectors, such as an email address. Through the program Upstream, also revealed by Snowden and justified by Section 702, the NSA intercepts telephone and internet traffic that is pulled from internet data routes that travel through the US.

Section 702 “is used to collect the communications of tens of thousands of people for broad purposes that go well beyond fighting terrorism,”says the Center for Democracy & Technology.

Last month, during a House Judiciary Committee hearing on Section 702, Elizabeth Goitein, co-director of the Liberty and National Security Program, said an estimated 250 million internet communications were gathered under authority of the statute in 2011 alone.

#Vault7: WikiLeaks release shows CIA ‘Grasshopper’ used stolen ‘Russian mafia’ malware

WikiLeaks has released the fourth part of ‘Vault 7’, named ‘Grasshopper’, the latest in a series of leaks detailing alleged CIA hacking techniques. It details malicious software WikiLeaks claims was taken from “suspected Russian organized crime.”

*

The latest release consists of 27 documents WikiLeaks claims come from the CIA’s ‘Grasshopper framework’, a platform for building malware for use on Microsoft Windows operating systems.

Screenshot 2017-04-07 11.29.05

In a statement from WikiLeaks, ‘Grasshopper’ was described as providing the CIA with the ability to build a customized implant which will behave differently, depending on the security capabilities of a computer.

Screenshot 2017-04-07 11.30.27

According to WikiLeaks, Grasshopper performs “a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration.”

This allows CIA operators to detect if a target device is running a specific version of Microsoft Windows or if an antivirus is running, according to the statement.

Screenshot 2017-04-07 11.32.01

Grasshopper allows tools to be installed and run on a machine without detection using PSP avoidance, allowing it to avoid Personal Security Products such as ‘MS Security Essentials’, ‘Rising’, ‘Symantec Endpoint’ or ‘Kaspersky IS’.

One of the so-called persistence mechanisms, which allows malware to avoid detection and remain on a computer system indefinitely, is known as ‘Stolen Goods’.

In the WikiLeaks release, it is credited to Umbrage, a group within the CIA’s Remote Development Branch (RDB) which was linked in the ‘Year Zero’ release to collecting stolen malware and using it to hide its own hacking fingerprints.

READ MORE: #Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracks

The components of the Stolen Goods mechanism were taken from a malware known as Carperb, “a suspected Russian organized crime rootkit,” alleges WikiLeaks.

Stolen Goods targets the boot sequence of a Windows machine, loading a driver onto the system that allows it to continue executing code when the boot process is finished.

WikiLeaks confirmed that the CIA did not merely copy and paste the suspected Russian malware but appropriated “[the] persistence method, and parts of the installer,” which were then modified to suit the CIA’s purposes.

READ MORE: WikiLeaks publishes #Vault7: ‘Entire hacking capacity of the CIA’

The latest release came with an emblem containing a grasshopper and the words: “Look before you leap,” a possible reference to how the latest leaked tools would allow the CIA to prepare a machine for future hacking, without raising suspicion.

The rootkits can be installed and used as a ‘man on the inside’ who can allow more malicious software through undetected in future, if the CIA felt it necessary. If suspicions were raised on initial installation, they would know not to proceed with a more extensive operation.

Also detailed in the release are Buffalo and Bamboo, modules that hide malware inside DLL’s, a collection of shared libraries, on a Windows system.

The two modules operate in slightly different ways: Buffalo runs immediately on installation whereas Bamboo requires a reboot to function properly.

The goal of today’s release is to help users seeking to defend their systems against any existing compromised security systems, Wikileaks stated.

Also detailed in the release is ScheduledTask, a component of ‘Grasshopper’ that allows it to utilize Windows Task Scheduler to schedule executables.

The component would allow the executables to automatically run at startup or logon, before killing it at the end of its duration. Included in ScheduledTask are commands that allow the executables names and description to be hidden.

The release is the fourth in a series called ‘Vault 7’ which WikiLeaks claims contains documents taken from within the CIA. Releases so far include ‘Zero Days’ which detailed the CIA’s hacking of Samsung smart TVs and ‘Marble’, which allowed the CIA to disguise their hacks and attribute them to someone else, including Russia.

READ MORE: #Vault7: WikiLeaks reveals ‘Marble’ tool could mask CIA hacks with Russian, Chinese, Arabic

What You Need To Know About The Susan Rice Scandal

Published on Apr 4, 2017

As CNN anchors Don Lemon, Jim Sciutto, and others try to push the Susan Rice scandal under the rug, the internet answers back. In this video, we go over the latest information you need to know about Susan Rice scandal, its implications on possible legal action against the Obama administration.

ThePuppyman12

Luke, the most trusted name in independent news! Keep it up!
Fight the NWO With Kunal

The Deep State Shadow Government wants to remain in control.
Droopy Dog

Cernovich is great! Almost always right. I trust him as much as any other journalist.
Darko Kovacevic

Mike Cernovich In conjunction with other great people are ripping the deep state to shreds be on the lookout in the coming weeks for serious stories to come out … his sources are real & Mike is basically the new TROJAN HORSE that the so called left did not see coming.
WTF BBQ

I’ll bet you my lunch money that none of these criminals will go to Jail.
Danny

total waste, this is a distraction, for all of the war crimes committed by Obama and company.
death 2 globalism

Obama has politicized intelligence numerous times. The discussions did not contain illegal activity but they unmasked it anyway! An absolute disgrace!