Search operators can help narrow your search with a lot of flexibility. Some operators can also allow you to be more vague in your search parameters - for instance by specifying that all matching documents must contain a certain number of some given words. The operators must be typed into the usual search box, and most of them can be combined with other search operators.
You can read detailed description of most of the operators and how to use them on Search WikiLeaks page. Here are few most common examples. How to contact WikiLeaks? What is Tor? Tips for Sources After Submitting. Contact us if you have specific problems If you have a very large submission, or a submission with a complex format, or are a high-risk source, please contact us. What computer to use If the computer you are uploading from could subsequently be audited in an investigation, consider using a computer that is not easily tied to you.
No vet at Bathinda's Bir Talab Zoo, leopard project stalled. Farmers andolan blurred caste, political lines, united all. Polls to Chandigarh Municipal Corporation to be held on December This November, dengue stings Chandigarh hard. Car theft, snatching: Canada-returned youth among 2 held. Three rob Mansa Devi Complex family of Rs 5. Delhi govt lifts ban on construction and demolition activities: Environment Minister Gopal Rai. Delhi Environment Minister Gopal Rai to hold meeting to review restrictions in view of air pollution.
Delhi woman stabbed 17 times by contract killers hired by husband, 3 held. Four new cases in Jalandhar district. Pay Rs Stolen cycles recovered, accused held. BadMFS is a library that implements a covert file system that is created at the end of the active partition or in a file on disk in later versions. It is used to store all drivers and implants that Wolfcreek will start.
All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf". Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire , removing files from AngelFire , etc.
Transitory files are added to the 'UserInstallApp'. The OTS Office of Technical Services , a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.
ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen. The core components of the OTS system are based on products from Cross Match , a US company specializing in biometric software for law enforcement and the Intelligence Community.
The company hit the headlines in when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan. It provides the ability to collect either the stream as a video file AVI or capture still images JPG of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless Bluetooth, WiFi or wired networks. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.
Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. Achilles is a capability that provides an operator the ability to trojan an OS X disk image. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.
It runs on Mac OSX The documents were submitted to the CIA between November 21 st , just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse and September 11 th , They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field. Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch RDB of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.
HighRise is an Android application designed for mobile devices running Android 4. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.
These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server so the implant never touches the disk on the target system or save it in an enrypted file for later exfiltration by other means.
BothanSpy is installed as a Shellterm 3. Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms centos,debian,rhel,suse,ubuntu. The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration.
OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes.
The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system.
OutlawCountry v1. Also, OutlawCountry v1. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp.
The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors. Additional back-end software again using public geo-location databases from Google and Microsoft converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives.
Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables. The documents describe how a CIA operation can infiltrate a closed network or a single air-gapped computer within an organization or enterprise without direct access.
It first infects a Internet-connected computer within the organization referred to as "primary host" and installs the BrutalKangeroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware.
If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Julian Assange could serve jail time in Australia if convicted, US lawyer says.
Published 29 October at am , updated 29 October at am. Europe World. Topics that may interest you National. Australian Politics. Follow SBS News. SBS News Update. If you are a high-risk source and the computer you prepared your submission on, or uploaded it from, could subsequently be audited in an investigation, we recommend that you format and dispose of the computer hard drive and any other storage media you used.
In particular, hard drives retain data after formatting which may be visible to a digital forensics team and flash media USB sticks, memory cards and SSD drives retain data even after a secure erasure. If you used flash media to store sensitive data, it is important to destroy the media. If you do this and are a high-risk source you should make sure there are no traces of the clean-up, since such traces themselves may draw suspicion.
If a legal action is brought against you as a result of your submission, there are organisations that may help you. The Courage Foundation is an international organisation dedicated to the protection of journalistic sources. WikiLeaks publishes documents of political or historical importance that are censored or otherwise suppressed. We specialise in strategic global publishing and large archives. The following is the address of our secure site where you can anonymously upload your documents to WikiLeaks editors.
0コメント