Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.
Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.
Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.
Today, June 15th 2017, WikiLeaks publishes documents from the CherryBlossom project of the CIA that was developed and implemented with the help of the US nonprofit Stanford Research Institute (SRI International).
CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.
The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.
Missions may include tasking on Targets to monitor, actions/exploits to perform on a Target, and instructions on when and how to send the next beacon. Tasks for a Flytrap include (among others) the scan for email addresses, chat usernames, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser (e.g., to Windex for browser exploitation) or the proxying of a Target’s network connections. FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the Flytrap’s WLAN/LAN for further exploitation. When the Flytrap detects a Target, it will send an Alert to the CherryTree and commence any actions/exploits against the Target. The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).
Thursday, May 11, 2017 – Savage Warns Trump: We discuss the sound advice radio host Michael Savage gave President Trump on how to deal with the fake narratives the establishment left is using against him. Journalist Michael Snyder also reveals how the trendy zombies are behaving like sheep to this fake narrative. And speaking of sheeple, New Orleans activist Michael DiBari confronted a woman on the street who wanted to kill Alex Jones, and he explains what happened. Tune in!
Editor’s note: This article was authored under a pseudonym by a high level source.
Donald Trump’s decision to launch cruise missile strikes on a Syrian Air Force Base was based on a lie. In the coming days the American people will learn that the Intelligence Community knew that Syria did not drop a military chemical weapon on innocent civilians in Idlib. Here is what happened:
1. The Russians briefed the United States on the proposed target. This is a process that started more than two months ago. There is a dedicated phone line that is being used to coordinate and deconflict (i.e., prevent US and Russian air assets from shooting at each other) the upcoming operation.
2. The United States was fully briefed on the fact that there was a target in Idlib that the Russians believes was a weapons/explosives depot for Islamic rebels.
3. The Syrian Air Force hit the target with conventional weapons. All involved expected to see a massive secondary explosion. That did not happen. Instead, smoke, chemical smoke, began billowing from the site. It turns out that the Islamic rebels used that site to store chemicals, not sarin, that were deadly. The chemicals included organic phosphates and chlorine and they followed the wind and killed civilians.
4. There was a strong wind blowing that day and the cloud was driven to a nearby village and caused casualties.
5. We know it was not sarin. How? Very simple. The so-called “first responders” handled the victims without gloves. If this had been sarin they would have died. Sarin on the skin will kill you. How do I know? I went through “Live Agent” training at Fort McClellan in Alabama.
There are members of the U.S. military who were aware this strike would occur and it was recorded. There is a film record. At least the Defense Intelligence Agency knows that this was not a chemical weapon attack. In fact, Syrian military chemical weapons were destroyed with the help of Russia.
This is Gulf of Tonkin 2. How ironic. Donald Trump correctly castigated George W. Bush for launching an unprovoked, unjustified attack on Iraq in 2003. Now we have President Donald Trump doing the same damn thing. Worse in fact. Because the intelligence community had information showing that there was no chemical weapon launched by the Syrian Air Force.
Here’s the good news. The Russians and Syrians were informed, or at least were aware, that the attack was coming. They were able to remove a large number of their assets. The base the United States hit was something of a backwater. Donald Trump gets to pretend that he is a tough guy. He is not. He is a fool.
This attack was violation of international law. Donald Trump authorized an unjustified attack on a sovereign country. What is even more disturbing is that people like Secretary of Defense Jim Mattis, CIA Director Mike Pompeo and NSA Director General McMaster went along with this charade. Front line troops know the truth. These facts will eventually come out. Donald Trump will most likely not finish his term as President. He will be impeached, I believe, once Congress is presented with irrefutable proof that he ignored and rejected intelligence that did not support the myth that Syria attacked with chemical weapons.
It should also alarm American taxpayers that we launched $100 million dollars of missiles to blow up sand and camel shit. The Russians were aware that a strike was coming. I’m hoping that they and the Syrians withdrew their forces and aircraft from the base. Whatever hope I had that Donald Trump would be a new kind of President, that hope is extinguished. He is a child and a moron. He committed an act of war without justification. But the fault is not his alone. Those who sit atop the NSC, the DOD, the CIA, the Department of State should have resigned in protest. They did not. They are complicit in a war crime.