It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

WikiLeaks just dropped another CIA tool called Grasshopper

page: 1
15

log in

join
share:

posted on Apr, 7 2017 @ 11:18 AM
link   
Searching for something to take my mind off the Syria attack and found this from the Vault series. Unfortunately it doesn't make me feel better, just shows one more way agencies can make things up and lie

twitter

I am not tech oriented so those who are can figure it out



posted on Apr, 7 2017 @ 11:20 AM
link   
a reply to: liveandlearn

Saw that earlier but it went under the radar with today's actuality.


Grasshopper
7 April, 2017
Today, April 7th 2017, WikiLeaks releases Vault 7 "Grasshopper" -- 27 documents from the CIA's Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems.

Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to "perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration". Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular Antivirus product is running or not.

Grasshopper allows tools to be installed using a variety of persistence mechanisms and modified using a variety of extensions (like encryption). The requirement list of the Automated Implant Branch (AIB) for Grasshopper puts special attention on PSP avoidance, so that any Personal Security Products like 'MS Security Essentials', 'Rising', 'Symantec Endpoint' or 'Kaspersky IS' on target machines do not detect Grasshopper elements.

One of the persistence mechanisms used by the CIA here is 'Stolen Goods' - whose "components were taken from malware known as Carberp, a suspected Russian organized crime rootkit." confirming the recycling of malware found on the Internet by the CIA. "The source of Carberp was published online, and has allowed AED/RDB to easily steal components as needed from the malware.". While the CIA claims that "[most] of Carberp was not used in Stolen Goods" they do acknowledge that "[the] persistence method, and parts of the installer, were taken and modified to fit our needs", providing a further example of reuse of portions of publicly available malware by the CIA, as observed in their analysis of leaked material from the italian company "HackingTeam".

The documents WikiLeaks publishes today provide an insights into the process of building modern espionage tools and insights into how the CIA maintains persistence over infected Microsoft Windows computers, providing directions for those seeking to defend their systems to identify any existing compromise





posted on Apr, 7 2017 @ 12:02 PM
link   
I'm not tech savvy in the least, I'm from a previous generation that did not grow up with computers. When I was a kid, a transistor radio and later, a calculator from Texas Instruments was as technical as it got.

However, after having to purchase constant protection for my computer, and the literally tens of thousands of updates every month from Windows, I switchted to Linux. I love it. No more being forceably hooked up to Microsoft and being a prisoner to their update whims and constant 'patches' on their swiss-cheese program full of holes.

I've used it for 4 years now and highly recommend the change, for those who don't want to keep buying malware protection every year, and feel a bit of resentment towards Mr. Gates, who is in collusion with the government and left open more back doors for their spying than unattended kids at a daycare.



posted on Apr, 7 2017 @ 12:27 PM
link   
It looks like a simple method of hiding data transfer, just enough encryption by the use of XOR to not trigger the firewall / security system as it doesn't require much work but now its known the companies will patch their software to sort out the risk.

Modular viruses, most normally work on things like checksum or other ways but the problem is a lot of normal code can look like a virus so theres always a trade off as you get the 'my AV bricked my system' reports and even code heuristics doesn't always help.

By the time the CIA are interested in you lets just say you are a spear fishing target and as such will be a high value target so Dave in the garage won't be a target.



posted on Apr, 7 2017 @ 12:28 PM
link   
a reply to: FissionSurplus

Well, I was around when my grandparents got an early TV, about 1949-50. Caught on relatively fast to my first computer and became the go to person in the family. Didn't keep up a couple of years and lost it.

So did you have someone install Linux and how well does it work with other programs?



posted on Apr, 7 2017 @ 12:33 PM
link   
a reply to: FissionSurplus

Lost power during a Windows 10 update if you interfere with an update your computer will be scrambled you have to reset it to its original settings,you loose the lot if they cant have it you cant either.



posted on Apr, 7 2017 @ 12:36 PM
link   
Will they ever drop anything on Russia though?



posted on Apr, 7 2017 @ 12:49 PM
link   
a reply to: KiwiNite

Wikileaks has dropped many russian leaks.

And if you have some legitamate russian documents, they will be more than happy to accept them and publish them.



posted on Apr, 7 2017 @ 12:52 PM
link   
a reply to: liveandlearn

Most linux distros a easy to install.
Don't plan on running typical off the shelf software that runs on Windows unless you're tech saavy enough to operate a Virtual Machine under Wine emulator.
There's a plethora of Linux apps, I haven't found a need for ANY MS-based software (except TurboTax).

ganjoa



posted on Apr, 7 2017 @ 01:48 PM
link   
a reply to: ganjoa

Thanks for the attempt to help me understand. Think I would fear totally messing up my machine. Already did the deed of Win 10. Hate it



posted on Apr, 7 2017 @ 02:10 PM
link   
Don't worry, none of us here on ATS are infected.



posted on Apr, 8 2017 @ 11:31 AM
link   

originally posted by: khnum
a reply to: FissionSurplus

Lost power during a Windows 10 update if you interfere with an update your computer will be scrambled you have to reset it to its original settings,you loose the lot if they cant have it you cant either.


Even if you don't interrupt a Windows 10 update, it will still frazzle your computer. Had that happen to me last night. Was about to update my online shopping delivery for today, when Windows decided it was going to do some updates. I only had an hour to make the deadline for the order, but oh no, Windows just has to do an update right there an then. Waited an hour, then it restarted twice. Once finished, my network connections were scrambled. At least I was able to go back to an earlier version. Fortunately, it's a dual boot system with Linux on the other partition.

There are just too many squirrelly places on a PC where malware can be stashed; the UEFI, which are little blocks of software than can be loaded on the motherboard memory chips of your PC and have access to all resources such as memory and Internet connections. Then there is the OS and device drivers, the web browsers and plugins, not forgetting the ability to Chromecast and Miracast your screen to other devices. I'm still trying to investigate that one.



new topics

top topics



 
15

log in

join