Top

CIA's tool can trace journalists, whistleblowers, reports Wikileaks

The tool uses document tagging to trace classified documents with a special watermark

Wikileaks has now released a new set of documents in its Vault 7 series. This time it's a manual describing how the CIA wants to track whistleblowers, journalists and so on.

The documents are called Scribbles, or "Snowden Stopper," which is a piece of software designed with one purpose in mind — embedding web beacon tags into documents that are likely to get stolen. This is hypothetically supporsed to help the CIA figure out where its files have landed and to collect information about the end user of the document, relaying the information back to the CIA.

The released version of the document is dated March 1st 2016 and marked as classified until 2066.

"Scribbles is intended for off-line pre-processing of Microsoft Office documents. For reasons of operational security the user guide demands that "[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary," WikiLeaks notes.

The project's documentation has indicated that Scribbles is a watermarking tool. It seems the tool worked successfully on Microsoft Office 2013 (on Windows 8.1 x64), as well as documents from Office versions 97-2016, although it does not work on Office 95 documents.

The CIA looks to have encountered some issues but because of the limitations brought forth by only using Microsoft Office documents. "If the targeted en-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them," the file reads.

( Source : deccan chronicle )
Next Story