Today's Quote

In the end, we will remember not the words of our enemies, but the silence of our friends. -- Martin Luther King, Jr.

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Friday, 25 August 2017

CIA also spied the neighbouring Government organisations - Wikileaks

Express-lane the Application that captured all the biometric records from Government services like FBI, CBP, DHS and NSA.


The Biometric device must have support for USB.

This malware creates hidden partition and the output from the biometric is stored

This malware creates an executable  as  installer of  CROSS MATCH mobs update and splashes an installer but silently creates a partition and starts logging the biometric information of the company workers

this tools remains persistent and keeps storing the data  until application "ExitRamp" is executed which decrypts the collected data to an external flash drive

Probably ExitRamp is secretly executed during System assistance or System Maintainance

For Official Documentation  WikiLeaks

UPDATE: Crossmatch is the same organization that proposed Indian Government for Aadhar BioMetric Verification. So there could be further Chance's CIA also have the all the access for Aadhar Database

Friday, 18 August 2017

Apple's Secure - Enclave decryption Key goes online

Secure Enclave Processor Handles all the cryptographic operations in the IOS device
SEP is first embedded in iPhone  5S, and SEP is completely isolated from the Device module's and manages the activities like Touch-ID, ICloud verification, and other security features 

The SEP generates UID which varies from device-to-device, once SEP is decrypted Gaining UID value from the device is simple 

Apple Key was released Here, Using the executable version of this Code  the SEP can be decrypted

According to Apple Spokesperson about SEP,

 The customer Data is safe and it's not an easy leap to say it would make getting at customer data possible 
Though it's difficult to decrypt SEP, it's still possible to develop exploits that can reset iCloud Activation or bypass touch ID payment process.

SEP decryption will help researchers find new bugs in the Touch-ID. Brace Yourselves.

Saturday, 12 August 2017

Couch Potato Can spy your live streams wikileaks

This exploitable Python binary was deployed in Feb 2014 to NSA computers. The exploit has helped the Gov to check videos you were streaming 

Supported formats are
 RTSP/H.264 video streams and can capture the screen  frames as JPG and store them in an output directory

Before the usage, the python file has to be configured with its -output folder for the media to save

 Example: rtsp://
• -vcodec copy o Directs the decoder to “copy” the video data from the stream. For use when collecting video files only.
• -acodec copy o Directs the decoder to “copy” the audio data from the stream. For use when collecting video files only.
• -an o Directs the decoder to ignore audio data from the stream. For use when collecting video files only.
 • -f [output file format] [output path] o The only currently supported options are avi and image2.
The output path should always be “-“ (as in a STDOUT pipe). 

Example argument strings: 
-i rtsp:// –f image2 – 
-i rtsp:// –t 300 –vcodec copy –an –f avi –
-i rtsp:// –t 300 –vcodec copy –acodec copy –f avi 

This malware leaves no trace of spying you.

The reason of being stealthy is the application includes In-Memory Code Execution exploit where the program gets executed directly without being stored in your disk

Documentation release of the CouchPotato v1.0 -- User Guide.

Saturday, 5 August 2017

CIA can take over your home surveillance cameras, and disable webcam, mic - WikiLeaks

This exploit v1 and 2 is limited to Windows XP

It has the ability to
Disable MIC and WebCam activities
Delete all the recordings
and corrupt the camera drivers

This malware is classified into 3 different versions 

Dumbo V1.0

Released Date 25 June 2012

Creates an Executable  module.
Executable should store in a USB stick to persistently log the Data

Dumbo V2.0
Release Date: 10 June 2015

ISPY is included in V2 of this program. Which runs Parallelly with the Dumbo,  The user uses iSpy to look over the surveillance data

Tools runs aside 
   Runner.exe- Malware
   scanner.sys- System Environment Scanner

Dumbo V3.0

Release Date: 6 July 2015

Added features to update the details of the CCTV  and work in Windows 7 Environment

Remotely triggers all the updates to server's every Second

Output log

Tools runs aside in V3 

GUI.exe (Main executable)

wscupd.exe and wermgr.exe 
 Creates BSOD

System Scanner

Developer:  Physical Access Group 

PAG is a special branch within the CCI (Center for Cyber Intelligence), its task is to gain and exploit physical access to target computers in CIA field operations

Source WikiLeaks

Monday, 31 July 2017

Game of Thrones Upcoming episodes may be leaked - HBO Data breach

Just after few hours of Airing episode 3 in HBO a Hacker emailed with  URL to Download Game Of Thrones upcoming episodes as POC

A conversation from the hacker said:

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”

After the incident Company, Spokeperson  replied  

“We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

The Leaks also has the upcoming episodes of Series "Room 104" and "Baller", And this would be the first time Game Of Thrones will be pirated over Torrent sites before the official release in case the leak is legit

Russia Bans VPN and proxy service

UnCensoring your favourite torrent site was fun to unblock but fear it's not anymore for Russians from November

President of Russia Vladimir Putin, Passes a law today against all unblocking routines.

 This helps the people divert their viewpoints from unlawful websites.

Leonid Levin, the Head of the Information Policy of Russia, said  This law wasn't passed  to route the people views but block the access to  sites that are unfavourable to people in Russia 


By seeking to perfect Russia’s mechanisms of digital censorship and surveillance, these bills trample on the freedoms guaranteed by the Constitution and the European Convention on Human Rights

Hope this network routing don't create Privacy issue (Intercepting all the traffic of Russia channels and ISP) for the people in Russia and Soviet union

Saturday, 29 July 2017

CIA exploit for MacOS - "Imperial"

This malware includes three different tools

  • Achilles
                  - Cryptor and Binder + reverse connection malware for Mac
  • SeaPea    

                - RootKit MAC OS
  • Aeries 
                - Targets  Linux kernels

Rootkit for MacOS
SeaPea has 3Ver


            The rootkit is injected to a normal process and not stealthy.

            Which mode is pretty stealth and process is hidden      


            An elite process can also be executed as super elite when the NSA wants to remain covered from your sight and MacOS logs ultimately.
  Drawback of SeaPea was few

In a single user system, SeaPea will fail to run as hidden process

Versions affected:
Mac OSX 10.6 and 10.7


Aeries :

Aeries binaries were used to  attack the following Linux kernels :

  •  Debian Linux 7
  •  Red Hat Enterprise Linux 6 (i386)
  •  Solaris 11 
  •  FreeBSD 8
  •  CentOS 5.3 (32-bit edition)
  •  CentOS 5.7 (32-bit edition)

Aeries based on C code and needs Python library to start executing commands
It has Task_handler binary of Python to create a payload, and once They are executed, The  user may be a victim to CIA operative agent
NSA can encrypt the data in your  Linux Disk with this payloads
All the reverse communication from Aeries malware to NSA lab were highly encrypted with AES256 encryption

Achilles :

Injects the Backdoor to legit DMG (Disk Image)

DMG is a format similar to ISO in windows  most of the pirated applications for Mac are distributed over torrent via DMG 

How the DMG is infected:

The malicious binary is stored as DMG and binded with a Legit DMG's  creating a backdoor malware Crypted to a legit application. which helped NSA to be in stealth mode

When the user executes the DMG and run the application

      The frst time a user runs the Application all executables will run after the real application has launched

This persistent malware is stored as hidden .app file to log the user details