Skip to main content

Wikileaks: DarkMatter

From Wikileaks:

"Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStake” are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."

Comments

Popular posts from this blog

Iraqi Security Update Ending March 30 2017

English: Market in Mosul. (Photo credit: Wikipedia)Reprinted brief synopsis via ISHM

Key Takeaways:

Hundreds of Civilian Casualties in Western Mosul Blamed on Coalition Airstrikes - On March 17, U.S.-led international coalition warplanes carried out airstrikes on a suspected ISIS location in the al-Jadida neighborhood of western Mosul. The airstrikes leveled multiple buildings, and likely caused the deaths of an estimated 101 to 263 civilians. Both Iraq’s Defense Minister Irfan Hiyali and U.S. Central Command have ordered inquiries into the incident. On March 28, Lt. General Stephen Townsend, commander of Operation Inherent Resolve, told reporters that “if we did it - and there is a fair chance that we did - it was an unintentional accident of war, and we will transparently report it to you when we’re ready.” A sharp rise in civilian casualties in Mosul has outraged several Iraqi politicians and members of the public - most of whom do not accept an alternative narrative circulating in…

Is Amnesty International Report on Assad Government Hangings, Propaganda?

There has been lots of suspicion lately about FakeNews, with much of the commentary from establishment types, saying it's from the Alternate News Media. I'm not so sure that's right, as lately, well, as of the 2nd Iraq War, it has been increasingly the western Main Street Media, our Corporate Media titans that have been leading that charge. In my opinion of course - and that of many others.
In terms of this post, I'm posting a rebuttal to the report from two individuals, both Syrians. The translated, formated document is linked to my Google Drive. All I have done is format it in a way that's easier to read, rather than one sold block of single spaced text. Since this is a translation from Arabic to English and not done by a professional translation service, there are some mistakes in language. Not enough to obscure any meaning, in my opinion. I didn't want to correct those, as I wanted to keep it as close to virgin as possible.

It's a worthwhile read (below…

Events in Iraq for the Week September 23-29 2016

As listed on the ISHM (Iraqi Security & Humanitarian Monitor) web siteKirkuk Reported to be Forcing Returns of IDPs without Explanation as Conditions in Hawija Worsen  According to the UNHCR, officials in Kirkuk have pressed nearly 8,000 IDPs to depart the province since the beginning of September--allegations that the Kirkuk Provincial Council denies. At least 30 of these expelled families are living on the outskirts of farming villages north of Baquba in Diyala Province without access to adequate food, water, or medical care. The reason for the expulsions is under investigation after an agreement was reached between a Parliamentary Delegation and the Governor of Kirkuk, Najmaddin Karim, to allow the continued presence of IDPs in Kirkuk until the end of the year. Meanwhile, Iraqi Security Forces remain hesitant to clear Hawija (a city of about 100 thousand in Kirkuk Province) of ISIS militants despite deteriorating humanitarian conditions.
ISIS Increases Restrictions in Mosul as …