It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Exactly, apparently liberals think Russians are herp-derps when it comes to hacking.
originally posted by: andrew778
a reply to: DJW001
You're delusional. I don't read ATS very often because of idiotic statements made by complete fools. It's sad that this site is attracting people like you. It's so obvious Russia had nothing to do with this and the people who continually push that they did are the same people who are ruining this world.
originally posted by: theultimatebelgianjoke
a reply to: TrueBrit
In case someone suggests the Russians hacked the CIA :
Former CIA Deputy Director Mike Morell: CIA leak 'absolutely' an 'inside job'
originally posted by: theultimatebelgianjoke
Your neo-McCarthyism has reached pathological levels.
7 April, 2017
Today, April 7th 2017, WikiLeaks releases Vault 7 "Grasshopper" -- 27 documents from the CIA's Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems.
Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to "perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration". Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular Antivirus product is running or not.
Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). The requirement list of the Automated Implant Branch (AIB) for Grasshopper puts special attention on PSP avoidance, so that any Personal Security Products like 'MS Security Essentials', 'Rising', 'Symantec Endpoint' or 'Kaspersky IS' on target machines do not detect Grasshopper elements.
One of the persistence mechanisms used by the CIA here is 'Stolen Goods' - whose "components were taken from malware known as Carberp, a suspected Russian organized crime rootkit." confirming the recycling of malware found on the Internet by the CIA. "The source of Carberp was published online, and has allowed AED/RDB to easily steal components as needed from the malware.". While the CIA claims that "[most] of Carberp was not used in Stolen Goods" they do acknowledge that "[the] persistence method, and parts of the installer, were taken and modified to fit our needs", providing a further example of reuse of portions of publicly available malware by the CIA, as observed in their analysis of leaked material from the italian company "HackingTeam".
The documents WikiLeaks publishes today provide an insights into the process of building modern espionage tools and insights into how the CIA maintains persistence over infected Microsoft Windows computers, providing directions for those seeking to defend their systems to identify any existing compromise
Today, April 14th 2017, WikiLeaks publishes six documents from the CIA's HIVE project created by its "Embedded Development Branch" (EDB).
HIVE is a back-end infrastructure malware with a public-facing HTTPS interface which is used by CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets. HIVE is used across multiple malware implants and CIA operations. The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.
Anti-Virus companies and forensic experts have noticed that some possible state-actor malware used such kind of back-end infrastructure by analyzing the communication behaviour of these specific implants, but were unable to attribute the back-end (and therefore the implant itself) to operations run by the CIA. In a recent blog post by Symantec, that was able to attribute the "Longhorn" activities to the CIA based on the Vault 7, such back-end infrastructure is described:
For C&C servers, Longhorn typically configures a specific domain and IP address combination per target. The domains appear to be registered by the attackers; however they use privacy services to hide their real identity. The IP addresses are typically owned by legitimate companies offering virtual private server (VPS) or webhosting services. The malware communicates with C&C servers over HTTPS using a custom underlying cryptographic protocol to protect communications from identification.
The documents from this publication might further enable anti-malware researchers and forensic experts to analyse this kind of communication between malware implants and back-end servers used in previous illegal activities.
The Government Is Planting Child Porn On Your Computer
A new virus has been catalogued, and it appears to be planting and distributing child pornography files. Hackers? No. The government is planting child porn on your computer, or so an alert published today indicates.
Political Dissenters, Beware
Before Its News has interviewed a person, who spoke on condition of anonymity, that has been a victim of the virus implantation. The person was engaged in journalistic exposure of political corruption, and suddenly police appeared on his doorstep with a search warrant specifying a search for evidence of possessing and distributing child pornography. The story is a bit convoluted here, but basically the gentleman did a little more investigation and found rogue .exe files on his computer that appeared as normal emule sharing directories but contained hundreds to thousands of child pornography files. The potential whistleblower claims the virus was deliberately planted on his computer in order to stop his activity.
The article surmises the Internet Crimes Against Children task force may be behind the virus planting, though why is unclear.
Are You A Victim?
According to a USWGO Virus Report:
I believe it was surrounded by comine.exe??along with another exe file that had??random characters so I dont remember that file name since it had??a certain kind of random characters and I believe it may have??been in the TEMP folder.
It came with three rogue P2P file sharing applications that were not stored in??the usual file directories for programs or even portable programs. Those files are called ares.exe,??emule.exe, and shareaza.exe. They share possibly illegal files and files with Trojans embedded without the computer owners??permission despite invalid claims by law enforcement that no one can force a user to download and share files on P2P networks. When the user discovers them and attempts to shut down??the program using process termination on Task Manager(taskmgr.exe) the rogue??Trojan control program attempts to revive the operation of the rogue??P2P programs and will fully operate within 3-5 seconds or even??up to 10 seconds depending on??processing speed from CPU. No matter how many times the user continues stopping the program it comes right back. When the user attempts to end the task then quickly remove the files even with certain software, the Trojan that controls the rogue programs seems to regenerate the rogue programs which continues to share and??download illegal material which can get??the user in trouble
ESET Virus Radar has recognized the virus, and calls it??Win32/MoliVampire. The short description indicates, Win32/MoliVampire.A is a trojan which tries to download other malware from the Internet. Win32/MoliVampire.A may be spread via peer-to-peer networks.
The trojan contains an URL address. It tries to download a file from the address. Files are copied into a??shared folder of various instant messengers and P2P applications, according to the description.
In a hurried article posted on Before Its News, a reporter emoted:
So anyone whom receives this virus or variants of Trojans similar to this virus, is at risk of being accused of distributing and possessing child pornography then having the computers and family photos, videos, and other personal data taken away forever. Then will likely end up years in federal or state prison then receives a lifetime sex offender record, isn???t that just great!!!!!
ICE Pads Their Stats
Evidently, it isnt only alternative-news journalists who are being targeted. ??According to a Facebook page supporting 17-year-old autistic youth Andrew Rose:
Operation Flicker was started By ICE [Immigration and Customs Enforcement Agency]. U.S. Immigration and Customs Enforcement is the principal investigative arm of the U.S. Department of Homeland Security (DHS) and the second largest investigative agency in the federal government. Created in 2003 through a merger of the investigative and interior enforcement elements of the U.S. Customs Service and the Immigration and Naturalization Service,?????Operation Flicker??? is part of Project Predator, a nationwide ICE initiative to protect children from sexual predators, including instances of sex tourism with minors, Internet child pornographers, criminal alien sex offenders, and child sex traffickers, according to the agency. Unfortunately, due to the system being used to net these predators, many children are being exposed to the the same Child Porn they were trying to stop.
Apparently, in an effort to catch these dangerous internet predators, ICE attached child pornography images to .mp3 files on P2P sharing sites like LimeWire. Young Andrew Rose downloaded two songs that came with little surprise packages attached. Scandalously and shamefully, Andrew is actually being prosecuted. His lawyer, on the support page, stated:
The FBI and ICE are the ones who exposed Andrew Rose to Child Pornography .. They were the Traffickers and became That which they Seek.
What Can You Do?
Computer users, especially those who use P2P file sharing programs and messaging, are encouraged to use ESET of McAfee virus scan/destroy software as both recognize the virus. It is noted that virus protection is not bulletproof with regard to this virus, and certainly will not protect against hidden attached files in normal sharing operations. If the government is planting child porn on your computer as some people have claimed, taking any and all steps possible to protect yourself and your family, including ceasing use of P2P applications, is advisable.
The Government Is Planting Child Porn On Your Computer.