Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Wikileaks revealed the Scribbles tool used by the CIA to mark documents and track whistleblowers

Wikileaks has published a new piece of the Vault 7 leak that details a CIA project codenamed Scribbles (a.k.a. the “Snowden Stopper”). Scribbles is a software allegedly developed to embed ‘web beacon’ tags into confidential documents aiming to track whistleblowers and foreign spies. Wikileaks has leaked the Scribbles documentation and its source code, the latest released version […]

Wikileaks revealed the Scribbles tool used by the CIA to mark documents and track whistleblowers

Wikileaks has published a new piece of the Vault 7 leak that details a CIA project codenamed Scribbles (a.k.a. the “Snowden Stopper”).

Scribbles is a software allegedly developed to embed ‘web beacon’ tags into confidential documents aiming to track whistleblowers and foreign spies.

Wikileaks has leaked the Scribbles documentation and its source code, the latest released version of Scribbles (v1.0 RC1) is dated March 1, 2016, the date suggests it was used until at least last year.

According to documents leaked by Wikileaks, Scribbles is “a document-watermarking preprocessing system to embed “Web beacon”-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others.”

The Scribbles software was written in C# programming language and generate a random watermark that is inserted in each document.

“(S//OC/NF) Scribbles (SCRIB) is a document watermarking tool that can be used to batch process a number of documents in a pre-seeded input directory. It generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document.” reads the Scribbles user guide.

Every time the watermarked document is accessed by anyone it will load an embedded file in the background and creates an entry on the CIA’s tracking server. The record related to an access of a document contains the information about who accessed it, the time stamp and its IP address. In this way, it is possible to track document accesses and any abuses.

Unfortunately for the CIA agents, the Scribbles software only works with Microsoft Office. According to the user manual, the CIA tool was developed for off-line preprocessing of Microsoft Office documents, this means that if the watermarked documents are opened in any other application like OpenOffice or LibreOffice, they may reveal watermarks and URLs to the user.

According to the leaked documents, “the Scribbles document watermarking tool has been successfully tested on…Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97–2016 (Office 95 documents will not work!) [and]…documents that are not be locked forms, encrypted, or password-protected.”

Another limitation of the software is that watermarks are loaded from a remote server, so the tool should work only when the user accessing the marked documents is connected to the Internet.

This is the last batch of files released by Wikileaks, in order of time the organization leaked:

  • The Year Zero that revealed CIA hacking exploits for hardware and software.
  • The Dark Matter dump containing iPhone and Mac hacking exploits.he “
  • The Marble batch focused on a framework used by the CIA to make hard the attribution of cyber attacks.
  • The Grasshopper batch that reveals a framework to customize malware for breaking into Microsoft’s Windows and bypassing antivirus protection.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Scribbles , CIA)

[adrotate banner=”13″]