Category Archives: Privacy

Mainstream Media Kept Susan Rice Story Secret To Protect Obama

Mike Cernovich broke the story that Obama’s National Security Advisor, Susan Rice, was the person behind the unmasking of the identity of various members of Trump’s team who were under surveillance during the 2016 campaign. Cernovich did not need leaks from within the US Government, his sources were actually people inside Bloomberg & The New York Times. Cernovich explains that both Eli Lake of Bloomberg and Maggie Haberman of the New York Times were sitting on the Susan Rice story in order to protect the Obama administration.

“Maggie Haberman had it. She will not run any articles that are critical of the Obama administration.”

“Eli Lake had it. He didn’t want to run it and Bloomberg didn’t want to run it because it vindicates Trump’s claim that he had been spied upon. And Eli Lake is a ‘never Trumper.’ Bloomberg was a ‘never Trump’ publication.”

“I’m showing you the politics of ‘real journalism’. ‘Real journalism’ is that Bloomberg had it and the New York Times had it but they wouldn’t run it because they don’t want to run any stories that would make Obama look bad or that will vindicate Trump. They only want to run stories that make Trump look bad so that’s why they sat on it.”

“So where did I get the story? I didn’t get it from the intelligence community. Everybody’s trying to figure out where I got it from. I got it from somebody who works in one of those media companies. I have spies in every media organization. I got people in news rooms. I got it from a source within the news room who said ‘Cernovich, they’re sitting on this story, they’re not going to run it, so you can run it’.”

“If you’re at Bloomberg, I have people in there. If you’re at the New York Times, I have people in there. LA Times, Washington Post, you name it, I have my people in there. I got IT people in every major news room in this country. The IT people see every email so that’s how I knew it.”

Top Obama Adviser Sought Names of Trump Associates in Intel

Eli Lake
Bloomberg : April 3, 2017

White House lawyers last month learned that the former national security adviser Susan Rice requested the identities of U.S. persons in raw intelligence reports on dozens of occasions that connect to the Donald Trump transition and campaign, according to U.S. officials familiar with the matter.

The pattern of Rice’s requests was discovered in a National Security Council review of the government’s policy on “unmasking” the identities of individuals in the U.S. who are not targets of electronic eavesdropping, but whose communications are collected incidentally. Normally those names are redacted from summaries of monitored conversations and appear in reports as something like “U.S. Person One.”

The National Security Council’s senior director for intelligence, Ezra Cohen-Watnick, was conducting the review, according to two U.S. officials who spoke with Bloomberg View on the condition of anonymity because they were not authorized to discuss it publicly. In February Cohen-Watnick discovered Rice’s multiple requests to unmask U.S. persons in intelligence reports that related to Trump transition activities. He brought this to the attention of the White House General Counsel’s office, who reviewed more of Rice’s requests and instructed him to end his own research into the unmasking policy.

he intelligence reports were summaries of monitored conversations — primarily between foreign officials discussing the Trump transition, but also in some cases direct contact between members of the Trump team and monitored foreign officials. One U.S. official familiar with the reports said they contained valuable political information on the Trump transition such as whom the Trump team was meeting, the views of Trump associates on foreign policy matters and plans for the incoming administration.

Rice did not respond to an email seeking comment on Monday morning. Her role in requesting the identities of Trump transition officials adds an important element to the dueling investigations surrounding the Trump White House since the president’s inauguration.

Both the House and Senate intelligence committees are probing any ties between Trump associates and a Russian influence operation against Hillary Clinton during the election. The chairman of the House intelligence committee, Representative Devin Nunes, is also investigating how the Obama White House kept tabs on the Trump transition after the election through unmasking the names of Trump associates incidentally collected in government eavesdropping of foreign officials.

Rice herself has not spoken directly on the issue of unmasking. Last month when she was asked on the “PBS NewsHour” about reports that Trump transition officials, including Trump himself, were swept up in incidental intelligence collection, Rice said: “I know nothing about this,” adding, “I was surprised to see reports from Chairman Nunes on that account today.”

Rice’s requests to unmask the names of Trump transition officials does not vindicate Trump’s own tweets from March 4 in which he accused Obama of illegally tapping Trump Tower. There remains no evidence to support that claim. (Editor’s note: None of Trump’s tweets on March 4th actually claim the actions were illegal, he only question’s whether it was legal.)

But Rice’s multiple requests to learn the identities of Trump officials discussed in intelligence reports during the transition period does highlight a longstanding concern for civil liberties advocates about U.S. surveillance programs. The standard for senior officials to learn the names of U.S. persons incidentally collected is that it must have some foreign intelligence value, a standard that can apply to almost anything. This suggests Rice’s unmasking requests were likely within the law.

(read the full article at bloomberg)

NGA: The Massive Spy Agency You Haven’t Heard Of

Alice Salles
The Anti-Media : March 29, 2017

If you’re one of the countless Americans who was distraught to learn of the revelations made by former National Security Agency (NSA) contractor Edward Snowden, the mere idea that there might be yet another agency out there — perhaps just as powerful and much more intrusive —  should give you goosebumps.

Foreign Policy reports that the National Geospatial-Intelligence Agency, or NGA, is an obscure spy agency former President Barack Obama had a hard time wrapping his mind around back in 2009. But as the president grew fond of drone warfare, finding a way to launch wars without having to go through Congress for the proper authorization, the NGA also became more relevant. Now, President Donald Trump is expected to further explore the multibillion-dollar surveillance network.

Like the Central Intelligence Agency (CIA) and the National Security Agency (NSA), the NGA is an intelligence agency, but it also serves as a combat support institution that functions under the U.S. Department of Defense (DOD).

With headquarters bigger than the CIA’s, the building cost $1.4 billion to be completed in 2011. In 2016, the NGA bought an extra 99 acres in St. Louis, building additional structures that cost taxpayers an extra $1.75 billion.

Enjoying the extra budget Obama threw at them, the NGA became one of the most obscure intelligence agencies precisely because it relies on the work of drones.

As a body of government that has only one task — to analyze images and videos captured by drones in the Middle East — the NGA is mighty powerful. So why haven’t we heard of it before?

The Shadow Agency That Sees It All

Prior to Trump’s inauguration, the NGA only targeted the Middle East or whatever spy satellites orbiting the globe captured. As far as most of us knew, the agency refrained from pointing its ultra-high-resolution cameras toward the United States. That alone may be why the NGA has been able to stay out of scandals for the most part.

But under Trump, things may look much worse — as if spying on countless people abroad weren’t enough.

Recently, for instance, he gave the CIA the power to wage covert drone warfare, shielding important information on such operations simply by allowing the agency to carry out missions without first seeking authorization from the Pentagon.

Now, Trump might as well move on to NGA, hoping to boost “national security” by turning the agency’s all seeing eyes toward American soil.

As the president hopes to get more money for defense, many have speculated whether he will start to use drones at home, especially since he has already suggested he supports agencies like the NSA based on his desire to target “terrorists.” There’s nothing that implies he wants to slow down the surveillance state.  The White House has expressed its desire to renew Obama-era spying powers — even as the president battles critics who deny his claims that his conversations were intercepted at the same time foreign nationals were under surveillance in 2016.

A partially redacted March 2016 report released by the Pentagon revealed that drones had already been used domestically on about 20 or fewer occasions between 2006 and 2015. Though some of these operations mostly involved natural disasters, National Guard training, and search and rescue missions, quotes from an Air Force law review article found their way into the report. In it, Dawn M. K. Zoldi wrote that technology designed to spy on targets abroad could soon be used against American citizens.

As the nation winds down these wars,” the report explains, and ”assets become available to support other combatant command (COCOM) or U.S. agencies, the appetite to use them in the domestic environment to collect airborne imagery continues to grow.

Up until 2015, oversight was so loose that the capabilities provided by the DOD’s unmanned aircraft system weren’t under scrutiny by any other agency. Without statutes that specify the rules such federal government agencies should follow, watchdogs find it hard to keep track. But would it be any better if there were an agency or a branch of the same government overseeing what the government itself is doing?

The short answer is no.

NGA Has A Precedent, And Trump May Want To Explore It

As fears grow that Trump will revamp the NGA, domestic stories of police departments using drones to spy on locals are also resurfacing.

Some of the most highly publicized instances involved Baltimore and Compton, where police departments deployed aerial surveillance technology without issuing a warrant or seeking authorization from local or state lawmakers.

With a precedent already set, the president might as well ignite a new fight in his continued efforts to fight a war against an imaginary, impossible-to-target enemy. After all, he’s not a stranger to scandals and likely wouldn’t feel overwhelmed one bit if he decided to turn the country’s ultra-high definition cameras toward its citizens.

What could help to put an end to his plans might be exactly what helped halt President George W. Bush’s attempts at setting up spy satellites domestically. In 2007, Bush’s Department of Homeland Security set up an agency known as the National Applications Office with the goal of establishing direct spy satellite stakeouts in America. Thankfully, Congress stepped in and cut off the agency’s funding.

But with Americans seldom showing any interest for important violations of privacy or even basic human rights here and abroad, it’s easy to see how this massive spying agency could end up getting a carte blanche to do whatever it wants once Trump realizes he has the power to order it done. After all, who will pressure Congress to stop him?

Source: The Anti-Media (cc)

Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic…

Wikileaks reveals ‘Marble Framework’ from Vault 7

Today, March 31st 2017, WikiLeaks releases Vault 7 “Marble” — 676 source code files for the CIA’s secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

Marble forms part of the CIA’s anti-forensics approach and the CIA’s Core Library of malware code. It is “[D]esigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.

The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.

wikileaks

US Government Secretly Paying To Keep US Software Unsafe

AlternativeFreePress.com

Edward Snowden’s first impression of the Wikileaks Vault 7 release is that it is authentic, and genuinely a big deal. He points out that this leak has provided the first public evidence that the US Government is secretly paying to keep US software unsafe & that any hacker can use the security holes the CIA left open.

Inside the CIA’s global hacking force: “Vault 7” CIA Hacking Tools Revealed

Wikileaks : March 7, 2017

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that “There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”

Wikileaks has carefully reviewed the “Year Zero” disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in “Year Zero” for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

* * *

Analysis

CIA malware targets iPhone, Android, smart TVs

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details).

The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.

The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.

The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

 

CIA malware targets Windows, OSx, Linux, routers

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as “Assassin” and “Medusa”.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB).

The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

 

CIA ‘hoarded’ vulnerabilities (“zero days”)

In the wake of Edward Snowden’s leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or “zero days” to Apple, Google, Microsoft, and other US-based manufacturers.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

The U.S. government’s commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.

“Year Zero” documents show that the CIA breached the Obama administration’s commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

 

‘Cyberwar’ programs are a serious proliferation risk

Cyber ‘weapons’ are not possible to keep under effective control.

While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber ‘weapons’, once developed, are very hard to retain.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services.

Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.

A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.

Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

 

U.S. Consulate in Frankfurt is a covert CIA hacker base

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( “Center for Cyber Intelligence Europe” or CCIE) are given diplomatic (“black”) passports and State Department cover. The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: “Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport”

 

Your Cover Story (for this trip)
Q: Why are you here?
A: Supporting technical consultations at the Consulate.

Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.

Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland.

A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.

 

How the CIA dramatically increased proliferation risks

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of “Vault 7” — the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‘battlefield’ of cyber ‘war’.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator’s intent.

Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted “malware injections” (commercial jargon) or “implant drops” (NSA jargon) are being called “fires” as if a weapon was being fired. However the analogy is questionable.

Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‘target’. CIA malware does not “explode on impact” but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.

A successful ‘attack’ on a target’s computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization’s leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation.

 

Evading forensics and anti-virus

A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as Apple, Microsoft, Google, Samsung, Nokia, Blackberry, Siemens and anti-virus companies attribute and defend against attacks.

“Tradecraft DO’s and DON’Ts” contains CIA rules on how its malware should be written to avoid fingerprints implicating the “CIA, US government, or its witting partner companies” in “forensic review”. Similar secret standards cover the use of encryption to hide CIA hacker and malware communication (pdf), describing targets & exfiltrated data (pdf) as well as executing payloads (pdf) and persisting (pdf) in the target’s machines over time.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window’s “Recycle Bin”. While Comodo 6.x has a “Gaping Hole of DOOM”.

CIA hackers discussed what the NSA’s “Equation Group” hackers did wrong and how the CIA’s malware makers could avoid similar exposure.

 

Examples

The CIA’s Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by “Year Zero”) each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation (“implanting”), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks’ “Year Zero”.

 

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

 

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals. The ‘Case Officer’ is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The ‘menu’ also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA’s ‘JQJIMPROVISE’ software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

 

Improvise (JQJIMPROVISE)

‘Improvise’ is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from ‘Fine Dining’ questionairies.

 

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a ‘Blot’ server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the ‘Honeycomb’ toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

See the classified user and developer guides for HIVE.

 

* * *

FREQUENTLY ASKED QUESTIONS

Why now?

WikiLeaks published as soon as its verification and analysis were ready.

In Febuary the Trump administration has issued an Executive Order calling for a “Cyberwar” review to be prepared within 30 days.

While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.

Redactions

Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.

  1. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
  2. Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
  3. Archive attachments (zip, tar.gz, …) are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
  4. Attachments with other binary content are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
  5. The tens of thousands of routable IP addresses references (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
  6. Binary files of non-public origin are only available as dumps to prevent accidental invocation of CIA malware infected binaries.

Organizational Chart

The organizational chart corresponds to the material published by WikiLeaks so far.

Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.

Wiki pages

“Year Zero” contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.

The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).

What time period is covered?

The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).

WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.

What is “Vault 7”

“Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks.

When was each part of “Vault 7” obtained?

Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.

Is each part of “Vault 7” from a different source?

Details on the other parts will be available at the time of publication.

What is the total size of “Vault 7”?

The series is the largest intelligence publication in history.

How did WikiLeaks obtain each part of “Vault 7”?

Sources trust WikiLeaks to not reveal information that might help identify them.

Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series?

No. That would be certainly counter-productive.

Has WikiLeaks already ‘mined’ all the best stories?

No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

Won’t other journalists find all the best stories before me?

Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.

wikileaks

Flynn’s Gone But They’re Still Gunning For You, Donald

by David Stockman
Ron Paul Institute for Peace & Prosperity : February 17, 2017

General Flynn’s tenure in the White House was only slightly longer than that of President-elect William Henry Harrison in 1841.  Actually, with just 24 days in the White House, General Flynn’s tenure fell a tad short of old “Tippecanoe and Tyler Too”.  General Harrison actually lasted 31 days before getting felled by pneumonia.

And the circumstances were considerably more benign. It seems that General Harrison had a fondness for the same “firewater” that agitated the native Americans he slaughtered at the famous battle memorialized in his campaign slogan. In fact, during the campaign a leading Democrat newspaper skewered the old general, who at 68 was the oldest US President prior to Ronald Reagan, saying:

Give him a barrel of hard [alcoholic] cider, and… a pension of two thousand [dollars] a year… and… he will sit the remainder of his days in his log cabin.

That might have been a good idea back then (or even now), but to prove he wasn’t infirm, Harrison gave the longest inaugural address in US history (2 hours) in the midst of seriously inclement weather wearing neither hat nor coat.

That’s how he got pneumonia! Call it foolhardy, but that was nothing compared to that exhibited by Donald Trump’s former national security advisor.

General Flynn got the equivalent of political pneumonia by talking for hours during the transition to international leaders, including Russia’s ambassador to the US, on phone lines which were bugged by the CIA. Or more accurately, making calls which were “intercepted” by the very same NSA/FBI spy machinery that monitors every single phone call made in America.

Ironically, we learned what Flynn should have known about the Deep State’s plenary surveillance from Edward Snowden. Alas, Flynn and Trump wanted the latter to be hung in the public square as a “traitor”, but if that’s the solution to intelligence community leaks, the Donald is now going to need his own rope factory to deal with the flood of traitorous disclosures directed against him.

In any event, it was “intercepts” leaked from deep in the bowels of the CIA to the Washington Post and then amplified in a 24/7 campaign by the War Channel (CNN) that brought General Flynn down.

But here’s the thing. They were aiming at Donald J. Trump. And for all of his puffed up bluster about being the savviest negotiator on the planet, the Donald walked right into their trap, as we shall amplify momentarily.

But let’s first make the essence of the matter absolutely clear. The whole Flynn imbroglio is not about a violation of the Logan Act owing to the fact that the general engaged in diplomacy as a private citizen.

It’s about re-litigating the 2016 election based on the hideous lie that Trump stole it with the help of Vladimir Putin. In fact, Nancy Pelosi was quick to say just that:

‘The American people deserve to know the full extent of Russia’s financial, personal and political grip on President Trump and what that means for our national security,’ House Minority Leader Nancy Pelosi said in a press release.

Yet, we should rephrase. The re-litigation aspect reaches back to the Republican primaries, too. The Senate GOP clowns who want a war with practically everybody, John McCain and Lindsey Graham, are already launching their own investigation from the Senate Armed Services committee.

And Senator Graham, the member of the boobsey twins who ran for President in 2016 while getting a GOP primary vote from virtually nobody,  made clear that General Flynn’s real sin was a potential peace overture to the Russians:

Sen. Lindsey Graham also said he wants an investigation into Flynn’s conversations with a Russian ambassador about sanctions: “I think Congress needs to be informed of what actually Gen. Flynn said to the Russian ambassador about lifting sanctions,” the South Carolina Republican told CNN’s Kate Bolduan on “At This Hour. And I want to know, did Gen. Flynn do this by himself or was he directed by somebody to do it?”

We say good riddance to Flynn, of course, because he was a shrill anti-Iranian warmonger. But let’s also not be fooled by the clinical term at the heart of the story. That is, “intercepts” mean that the Deep State taps the phone calls of the President’s own closest advisors as a matter of course.

This is the real scandal as Trump himself has rightly asserted. The very idea that the already announced #1 national security advisor to a President-elect should be subject to old-fashion “bugging,” albeit with modern day technology, overwhelmingly trumps the utterly specious Logan Act charge at the center of the case.

As one writer for LawNewz noted regarding acting Attorney General Sally Yates’ voyeuristic pre-occupation with Flynn’s intercepted conversations, Nixon should be rolling in his grave with envy:

Now, information leaks that Sally Yates knew about surveillance being conducted against potential members of the Trump administration, and disclosed that information to others. Even Richard Nixon didn’t use the government agencies themselves to do his black bag surveillance operations. Sally Yates involvement with this surveillance on American political opponents, and possibly the leaking related thereto, smacks of a return to Hoover-style tactics. As writers at Bloomberg and The Week both noted, it wreaks of ‘police-state’ style tactics. But knowing dear Sally as I do, it comes as no surprise.

Yes, that’s the same career apparatchik of the permanent government that Obama left behind to continue the 2016 election by other means. And it’s working. The Donald is being rapidly emasculated by the powers that be in the Imperial City due to what can only be described as an audacious and self-evident attack on Trump’s Presidency by the Deep State.

Indeed, it seems that the layers of intrigue have gotten so deep and convoluted that the nominal leadership of the permanent  government machinery has lost track of who is spying on whom. Thus, we have the following curious utterance by none other than the Chairman of the House Intelligence Committee, Rep. Devin Nunes:

‘I expect for the FBI to tell me what is going on, and they better have a good answer,’ he told The Washington Post. ‘The big problem I see here is that you have an American citizen who had his phone calls recorded.’

Well, yes. That makes 324 million of us, Congressman.

But for crying out loud, surely the oh so self-important chairman of the House intelligence committee knows that everybody is bugged. But when it reaches the point that the spy state is essentially using its unconstitutional tools to engage in what amounts to “opposition research” with the aim of election nullification, then the Imperial City has become a clear and present danger to American democracy and the liberties of the American people.

As Robert Barnes of LawNewz further explained, Sally Yates, former CIA director John Brennan and a large slice of the Never Trumper intelligence community were systematically engaged in “opposition research” during the campaign and the transition:

According to published reports, someone was eavesdropping, and recording, the conversations of Michael Flynn, while Sally Yates was at the Department of Justice. Sally Yates knew about this eavesdropping, listened in herself (Pellicano-style for those who remember the infamous LA cases), and reported what she heard to others. For Yates to have such access means she herself must have been involved in authorizing its disclosure to political appointees, since she herself is such a political appointee. What justification was there for an Obama appointee to be spying on the conversations of a future Trump appointee?

Consider this little tidbit in The Washington Post. The paper, which once broke Watergate, is now propagating the benefits of Watergate-style surveillance in ways that do make Watergate look like a third-rate effort.  (With the) FBI ‘routinely’ monitoring conversations of Americans…… Yates listened to ‘the intercepted call,’ even though Yates knew there was ‘little chance’ of any credible case being made for prosecution under a law ‘that has never been used in a prosecution.’

And well it hasn’t been. After all, the Logan Act was signed by President John Adams in 1799 in order to punish one of Thomas Jefferson’s supporters for having peace discussions with the French government in Paris. That is, it amounted to pre-litigating the Presidential campaign of 1800 based on sheer political motivation.

According to the Washington Post itself, that is exactly what Yates and the Obama holdovers did day and night during the interregnum:

Indeed, the paper details an apparent effort by Yates to misuse her office to launch a full-scale secret investigation of her political opponents, including ‘intercepting calls’ of her political adversaries.

So all of the feigned outrage emanating from Democrats and the Washington establishment about Team Trump’s trafficking with the Russians is a cover story. Surely anyone even vaguely familiar with recent history would have known there was absolutely nothing illegal or even untoward about Flynn’s post-Christmas conversations with the Russian Ambassador.

Indeed, we recall from personal experience the thrilling moment on inauguration day in January 1981 when word came of the release of the American hostages in Tehran. Let us assure you, that did not happen by immaculate diplomatic conception — nor was it a parting gift to the Gipper by the outgoing Carter Administration.

To the contrary, it was the fruit of secret negotiations with the Iranian government during the transition by private American citizens. As the history books would have it because it’s true, the leader of that negotiation, in fact, was Ronald Reagan’s national security council director-designate, Dick Allen.

As the real Washington Post later reported, under the by-line of a real reporter, Bob Woodward:

Reagan campaign aides met in a Washington DC hotel in early October, 1980, with a self-described ‘Iranian exile’ who offered, on behalf of the Iranian government, to release the hostages to Reagan, not Carter, in order to ensure Carter’s defeat in the November 4, 1980 election.

The American participants were Richard Allen, subsequently Reagan’s first national security adviser, Allen aide Laurence Silberman, and Robert McFarlane, another future national security adviser who in 1980 was on the staff of Senator John Tower (R-TX).

To this day we have not had occasion to visit our old friend Dick Allen in the US penitentiary because he’s not there; the Logan Act was never invoked in what is surely the most blatant case ever of citizen diplomacy.

So let’s get to the heart of the matter and be done with it. The Obama White House conducted a sour grapes campaign to delegitimize the election beginning November 9th and it was led by then CIA Director John Brennan.

That treacherous assault on the core constitutional matter of the election process culminated in the ridiculous Russian meddling report of the Obama White House in December. The latter, of course, was issued by serial liar James Clapper, as national intelligence director, and the clueless Democrat lawyer and bag-man, Jeh Johnson, who had been appointed head of the Homeland Security Department.

Yet on the basis of  the report’s absolutely zero evidence and endless surmise, innuendo and “assessments”, the Obama White House imposed another round of its silly school-boy sanctions on a handful of Putin’s cronies.

Of course, Flynn should have been telling the Russian Ambassador that this nonsense would be soon reversed!

But here is the ultimate folly. The mainstream media talking heads are harrumphing loudly about the fact that the very day following Flynn’s call — Vladimir Putin announced that he would not retaliate against the new Obama sanctions as expected; and shortly thereafter, the Donald tweeted that Putin had shown admirable wisdom.

That’s right. Two reasonably adult statesman undertook what might be called the Christmas Truce of 2016. But like its namesake of 1914 on the bloody no man’s land of the western front, the War Party has determined that the truce-makers shall not survive.

The Donald has been warned.

Source: The Ron Paul Institute

BC Liberals Posted Unprotected Voter Information Online; Caught Lying In Cover-up

The Canadian Press : February 10, 2017

An Independent member of British Columbia’s legislature has stepped forward to shed light on Premier Christy Clark’s allegations that the New Democrat Opposition hacked the B.C. Liberal party’s website.

Vicki Huntington, the member for the riding of Delta-South, says her staff found unprotected, personal information about voters posted on the B.C. Liberal party website.

Huntington says she shared the information with a reporter and was shocked when the Liberal party blocked access to the formerly unprotected section of its website and Clark claimed someone with malicious intent, working from within legislature, had hacked the site.

Huntington says she burst out laughing when Clark said the alleged hacking was an attempt to thwart the democratic process.

(read the full article at thechronicleherald.ca)

US Government Can Legally Access Your Facebook Data — and Now We Know How

Alice Salles
The Anti-Media : December 26, 2016

The end of the year is approaching, and data concerning government abuses of power has begun pouring in.

According to Facebook’s Global Government Requests Report, government’s requests for Facebook account data rose 27 percent in the first half of 2016.

Facebook’s official announcement explained that requests for user data went from 46,710 in the last half of 2015 to 59,229 in the first half of 2016. At least 56 percent of these requests, Facebook added, “contained a non-disclosure order that prohibited us from notifying the user.

Law enforcement agencies from across the globe, Facebook continued, often send restriction requests demanding Facebook remove content from its forums. Fortunately, these requests dropped substantially this year, from 55,827 in the last half of 2015 to 9,663 in 2016 — an 87 percent drop. Most of the 2015 requests revolved aroundFrench content restrictions of a single image from the November 13, 2015 terrorist attacks.”

Additionally, Facebook used its report to disclose for the first time what the company does when law enforcement agencies request “snapshots” of a user account that might be relevant to law enforcement for undisclosed reasons.

These “preservation requests,” as they are known, are requests to “preserve data pending receipt of formal legal process.” They are often processed by the social media website as snapshots, which are preserved temporarily. According to Facebook, the company does notdisclose any of the preserved records unless and until we receive formal and valid legal process.” In the first half of 2016, Facebook received 38,675 preservation requests regarding 67,129 accounts, a staggering number of requests.




Further, Facebook insisted it does not give law enforcement any “back doors” to user information. Adding that requests are only fulfilled if they meet legal requirements or “legal sufficiency,” as Facebook puts it, they claim to “apply a rigorous approach to every government request [they] receive to protect the information of the people who use [their] services,” the company added. But this rigorous approach is not rigorous enough if “reforms” designed to avoid privacy overreach in America simply don’t go far enough.

Take the USA Freedom Act, for instance. The 2015 law was once supported by libertarian-leaning congressmen like Rep. Justin Amash (R-MI). Later, however, Amash criticized the bill after changes giving government more power were adopted.

Mentioning the new rule by name, Facebook added that “as a result of transparency reforms introduced this year by the USA Freedom Act, our report also contains additional information concerning National Security Letters (NSLs).” NSLs are “extraordinary search procedures” that give the Federal Bureau of Investigation (FBI) the power to “compel the disclosure of customer records held by banks, telephone companies, Internet Service Providers, and others.” They are extraordinary because detailed information can be surrendered without proper oversight, an issue that has led to countless cases of abuse.

While NSLs are still being implemented, the gag order related to the procedure has changed. Now, “the government goes to court to justify the gag order only if an NSL recipient notifies the FBI of its desire for judicial review in the first place.” While the government bears “the burden of immediately going to court and proving its necessity,” NSLs give the FBI the power to bypass this important step.

Explaining that “the government lifted a gag requirement on one NSL issued in the second half of 2015,” the company decided to publish it. It’s unclear sure how many other NSLs Facebook has received.

Facebook may promise to “apply a rigorous approach to every government request” that comes its way, but rigor may only be practiced within the boundaries of U.S. law. If the law fails to protect the user’s privacy by allowing agencies to use “extraordinary” procedures, your data is never protected, no matter how well-meaning companies like Facebook claim to be.

According to Facebook, other government requests concerning “imminent risk of serious injury or death” are also granted on a regular basis. At least 3,016 of these requests were made in the first half of 2016. They targeted 4,192 accounts.

Search warrants were produced in only 13,742 cases of request for data while only 781 others were backed by court orders.


This article (US Government Can Legally Access Your Facebook Data — and Now We Know How) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to Alice Salles and theAntiMedia.org.

15 News Stories from 2015 You Should Have Heard About But Probably Didn’t

Carey Wedler
theAntiMedia.org : December 30, 2015

In 2015, the iron fist of power clamped down on humanity, from warfare to terrorism (I repeat myself) to surveillance, police brutality, and corporate hegemony. The environment was repeatedly decimated, the health of citizens was constantly put at risk, and the justice system and media alike were perverted to serve the interests of the powers that be.

However, while 2015 was discouraging for more reasons than most of us can count, many of the year’s most underreported stories evidence not only a widespread pattern that explicitly reveals the nature of power, but pushback from human beings worldwide on a path toward a better world.

 1. CISA Pushed Through the Senate, Effectively Clamping Down on Internet Freedom: For years, Congress has attempted to legalize corporate and state control of the internet. In 2011, they attempted to pass PIPA and SOPA, companion bills slammed by internet and tech companies and ultimately defeated after overwhelming public outcry. Then they passed  CISPA — which the president threatened to veto, having caught wind of the public’s opposition to heavy regulation of the internet (earlier this year, Obama reversed his position). However, corporate interests, like Hollywood’s studio monopoly, kept lawmakers’ tenacity afloat.

In October, Congress passed CISA, the Cybersecurity Information Sharing Act, but as the Electronic Freedom Foundation explained: “CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise. Further, the bill does not address problems from the recent highly publicized computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.” Just before Christmas, Congress went even further, adding an amendment to the annual omnibus budget bill that strips CISA’s minimal privacy provisions even more. That budget bill was approved, though Representative Justin Amash of Michigan has vowed to introduce legislation to repeal the CISA provisions when Congress reconvenes.

But CISA wasn’t the only attack on citizens’ privacy this year. Though lawmakers touted the USA Freedom Act as a repeal of the mass surveillance state, in reality, it simply added a bureaucratic step to the process by which government agencies obtain private information. Further, a hack on Italian security firm, aptly called Hacker Tools, revealed that various agencies — including the DEA, NSA, Army, and FBI — possess software that enables them to, as Anti-Media reported, “view suspects’ photos, emails, listen to and record their conversations, and activate the cameras on their computers…” At the same time, the United Kingdom and France moved to tighten their already comprehensive surveillance apparatuses in the wake of multiple terrorist attacks. Though governments claim systematic surveillance is necessary to protect citizens — and Snowden’s leaks endangered that safety — the United States government has been unable to produce sufficient evidence the programs work. Instead, the documents the Department of Defense released this year as proof of the alleged endangerment were entirely redacted.

2. CIA Whistleblower Sent to Prison for Revealing Damning Information to a Journalist: While the government has no problem invading the privacy of its citizens, it offers swift backlash for those who attempt to violate its own clandestine operations. Jeffrey Sterling, a former CIA agent, had his first altercation with the CIA when he sued for racial discrimination in 2001. He was subsequently fired. Years later, the CIA filed espionage charges against him for speaking with New York Times journalist, James Risen. Sterling had revealed a botched CIA scheme, Operation Merlin, to infiltrate Iranian intelligence that ultimately worsened the situation, gave Iran a nuclear blueprint, and was deemed by some to be espionage, itself. Rather than acknowledge the woeful misstep, the CIA arrested him, charged him, and ultimately sentenced him to 42 months in prison. The trial was reportedly biased, but nevertheless, was severely underreported by the media. Sterling’s conviction reflects the ongoing war on whistleblowers, which Obama has successfully expanded during his presidency. Sterling joins the ranks of Edward Snowden, Chelsea (formerly Bradley) Manning, and others, including a whistleblower who worked for OSHA’s Whistleblower Protection Program and was fired for exposing dysfunction and incompetence within the ranks.

3. Press Freedom Continued to Deteriorate: An annual report from the World Press Freedom Index saw the United States slip 29 spots from last year, landing 49th out of 180 total. In January, journalist Barrett Brown was sentenced to five years in prison for exposing the findings of hacker Jeremy Hammond. Brown was charged with obstructing justice, aiding and abetting, and separate charges of allegedly threatening the FBI in a rant. Hammond, who exposed severe violations of privacy on the part of Stratfor, a CIA contractor, was sentenced to ten years in prison. Brown’s experience was not an isolated incident. Journalists around the world, like several journalists who were killed while investigating ISIS in Turkey, faced increased danger. One small-town journalist in India was burned alive after exposing a corrupt politician.

4. Multiple Activists Arrested, Charged with Felonies for Educating Jurors About Their Rights: In an ongoing trend, otherwise peaceful, non-violent individuals were harassed by police and courts — not for exposing secret information, but for providing information to potential jurors about their rights in the courtroom. One Denver jury nullification activist, followed by another, was charged with multiple felonies for handing out pamphlets that explain a juror’s right to vote “not guilty” in a verdict, even if the defendant is clearly guilty. This right was established to allow jurors to vote with their conscience and question the morality of laws, from the 19th century’s Fugitive Slave Act to Prohibition, both of alcohol in the 1920s and of marijuana today. The Denver activists are awaiting trial, while more recently, a former pastor was charged with a felony for the same reason.

In other unjust convictions and failings of the “justice” system, an African-American man was sentenced to seven years in prison for barking at a police dog, a Kansas mother faces decades in prison for using marijuana to treat her debilitating Crohn’s disease, and a mentally ill man died in jail after being held for stealing five dollars worth of snacks from a convenience store. He had inexplicably been waiting months to be transferred to a medical facility. Ross Ulbricht, founder of the dark web marketplace, the Silk Road, was sentenced to life in prison in spite of the fact that he committed no violent crimes — though the FBI attempted to paint a false picture that he did, albeit without filing formal charges. The prosecution was rife with corruption and scandal; two FBI agents involved in the case were charged with stealing Bitcoin during the investigation. In July, one admitted to stealing $700,000 worth of the digital currency.

5. Six-Year-Old Autistic Boy Killed by Police: 2015 established not only that the justice system remains broken, but the the enforcement class — police officers — continues to terrorize citizens. In one underreported case, a six-year-old boy was fatally caught in the crossfire of a police shootout against his father, who was unarmed. In another case, an African-American motorist was shot and killed by University of Cincinnati police over a missing front license plate. While high-profile cases of misconduct, including Freddie Gray and Sandra Bland, rightly dominated the news cycle, many more cases of police brutality received little attention. In fact, in 2015, it was revealed not only that the media-propagated “War on Cops” in America was a myth, but that American police kill exponentially more people in weeks than other countries’ police kill in years. On the bright side, many police officers did face charges — and even prosecution — in 2015, including one repeat rapist who recently cried upon being convicted of his crimes. The officers involved in the shooting of the six-year-old boy were also charged with murder.

6. Earth Enters Sixth Mass Extinction: 2015, like many years before, was disastrous for the environment. Researchers from Stanford University, University of California, Berkeley, and Princeton determined Earth is entering its sixth mass extinction, reporting that species are disappearing at a rate 100 times faster than the normal rate between mass extinctions. Further, thanks, in part, to the widespread use of Monsanto’s glyphosate-based Roundup herbicide, populations of bees and Monarch butterflies dwindled — though, happily, the Monarchs appear to have bounced back. Polar bears also met continued endangerment.

The much-anticipated Paris Climate Conference yielded what many environmental activists deemed weak, if not fraudulent, solutions. Meanwhile, man-made environmental catastrophes endangered humans. In Flint, Michigan, lead levels in the water led to increased rates of contamination in children’s blood, prompting the mayor to declare a state of emergency. A massive methane gas leak in the San Fernando Valley, located just north of Los Angeles, has sickened residents and forced countless families to relocate. Authorities have been unable to stop the leak.

Thankfully, some measures to help the environment were taken in 2015, including creative solutions to stop animal poaching, the first flight of a solar-powered plane, the launch of a solar-powered airport in India, and Costa Rica’s successful effort to draw 99% of its energy from renewable sources.

7. Civilian Casualties in Western Wars Continue: Though ISIS and other terrorist groups were rightly condemned for killing civilians in 2015, the West pointed fingers while committing the same crimes. In fact, one U.N. report released in September found U.S. drone strikes have killed more civilians in Yemen than al-Qaeda. Another analysis released this year concluded Obama’s ongoing drone wars have killed more people than were murdered during the Spanish Inquisition. Though the U.S. military’s bombing of a Doctors Without Borders (MSF) hospital received global attention and outrage, many other incidents went underreported. In May, one U.S. airstrike on Syria killed 52 civilians in one fell swoop. Additionally, U.S.-backed coalitions have bombed civilian populations, like in Yemen, where Saudi Arabia killed at least 500 children, not to mention two thousand more adult civilians. In other egregious misdeeds, it was revealed that the U.S. military sanctions pedophilia in Afghanistan.

8. Insurrection at the Pentagon’s Defense Intelligence Agency Over Misleading Reports on ISIS: Over the summer, dissent grew within the ranks of the DIA, the Pentagon’s internal intelligence agency. In September, news broke that 50 intelligence analysts filed a report with the Department of Defense’s Inspector General to expose their superiors’ alleged manipulation of intelligence. The intention of the coverup was reportedly to downplay the threat of ISIS and the U.S.’s losing effort to fight it, all to maintain the Obama administration’s narrative the bombing campaigns have been successful.

Similar mishandlings of foreign affairs plagued 2015. It was revealed that the Pentagon had no idea what it did with $8.5 trillion, lost track of $500 million worth of weapons and equipment, and spent $43 million on a single gas station in Afghanistan. A DIA report released in June intimated the military was aware of the rising threat of ISIS, and not only allowed it, but welcomed it. The program to train moderate rebels in the fight cost half a billion dollars but yielded only four or five fighters. Further, multiple generals spoke out this year about the U.S. military’s role in creating ISIS. Additionally, news broke in 2015 that one ISIS recruiter had previously been trained by infamous Iraq War profiteer, Blackwater.

9. Activists Inch a Small Step Closer to Exposing the Actors Behind 9/11: Though few Americans heard about it, in August, a New York judge allowed a trial to move forward that could expose a potential government cover-up in the notorious terrorist attack. The ruling was tepid, allowing a 60 to 90 day window for the case to be dismissed or proceed. A later ruling hindered the effort, citing a lack of evidence; but activists have not stopped fighting for the release of 28 redacted pages from the 9/11 commission report that allegedly implicate Saudi Arabia (a majority of the hijackers on 9/11 were of Saudi origin).

Whatever the truth may be, 2015 witnessed growing doubts about the Saudi government, which beheaded more people than ISIS this year. It also sentenced a poet to beheading for writing poetry about his experience as a refugee from Palestine, sentenced a young man, Ali al-Nimr, to crucifixion for participating in anti-government protests, attempted to issue 350 lashings to a British man in possession of wine (though the U.K. intervened on his behalf, and that of al-Nimr; neither will be punished), and initiated a punishment of 1,000 lashings for a pro-democracy blogger, Raif Badawi.

10. The FDA Approved OxyContin for Use in Children: Though the approval of the powerful, addictive painkiller for use in 11-year-olds and younger children was unsurprising to those who follow the agency’s track record, the FDA’s justification was shocking. After lawmakers wrote a letter expressing concern to the FDA, the agency’s spokesperson, Eric Pahon, said the news was, in fact, not that serious because it was already standard practice. It’s important to stress that this approval was not intended to expand or otherwise change the pattern of use of extended-release opioids in pediatric patients,” Pahon said. “Doctors were already prescribing it to children, without the safety and efficacy data in hand with regard to the pediatric population.

However disturbing, the FDA’s decision comported with other related events this year: President Obama appointed a pharmaceutical lobbyist Deputy Commissioner of medical and tobacco products, a study found swaths of heroin users graduate from prescription painkillers, and similarly, 75% of high school students who used heroin had previously abused pharmaceuticals.

In other stories regarding the misconduct of agencies tasked with keeping people safe, the FDA continued to allow meat companies to use a pharmaceutical additive banned in 150 countries, while whistleblowers at the USDA revealed several plants were producing pork products filled with fingernails, hair, bile, and feces.

11. The Federal Government Admitted Cannabis May Help Fight Brain Cancer: Though the government has long known about the medical benefits of cannabis — it holds patents on several medicinal qualities — the National Institute on Drug Abuse made waves this year when it published a document acknowledging the healing properties of cannabidiol, a non-psychoactive endocannabinoid. In particular, it noted “[e]vidence from one animal study suggests that extracts from whole-plant marijuana can shrink one of the most serious types of brain tumors.” Though more research is needed, the government’s admission was unexpected, albeit welcomed by many cannabis enthusiasts. Other studies this year suggested cannabis may help heal broken bones and is associated with lower rates of obesity.

Though many Americans still faced criminal prosecution for treating themselves and their children with cannabis, 2015 demonstrated the long-term trend of decriminalization and legalization will not be reversed. Nations around the world, from Ireland to Costa Rica to Canada laid groundwork to legalize marijuana to various degrees, while a majority of Americans now support legalization.

12. Nestle Paid $524 to Plunder the Public’s Water Resources: This year, Anti-Media reported on the insidious relationship between Nestle and the Forest Service in California. The investigation found not only that Nestle was using an expired permit to turn exponential profit on 27 million gallons of water, but that a former Forest Service official went on to consult for the company.

While corporate exploitation ran rampant in 2015, many countries around the world fought back. India sued Nestle after finding one of its products contained lead, while nations around the world banned Monsanto and GE products. Scotland, Denmark, and Bulgaria, among others, all moved to ban GE crops, while multiple lawsuits, highlighted the serious potential health consequences of the widespread use of pesticides (though the EPA disputed that glyphosate, the key ingredient in Monsanto’s Roundup, was an endocrine disrupter in June, in November, news broke that the majority of studies the EPA used to make its decision were funded by industry). Though corporate power remains all but monolithic, 2015 saw humans across the world rise up to resist it. Most recently (and comically), a proposed initiative in California is about to enter the next phase — signature gathering — to place it on the 2016 ballot. If placed on the ballot and passed, it will force California legislators to wear the logos of their top ten donors while they participate in legislative activities. The effort has drawn widespread praise and enthusiasm.

13. Establishment Caught Manipulating News to Fit Narratives: Following the death of Freddie Gray in Baltimore, contentious protests broke out, eventually resulting in limited rioting and looting. However, while the media attempted to paint protesters as aggressive, it failed to report officers’ prolonged prohibition of their physical movement, to say nothing of the riot gear police showed up wearing. After being unable to move, a brick was thrown, but the media failed to report the instigation and discrimination law enforcement imposed that ultimately led the students and protesters to grow unruly.

In other manipulations, it was revealed that one Fox News contributor lied about his experience as a CIA agent; he had never been employed at the agency, and only obtained later national security jobs by lying about his CIA experience. Further, CBS edited out comments from Muslims, who discussed U.S. foreign policy as a driver of Islamic extremism during a televised focus group.

A study by fact checker, Politifact, revealed that all the major outlets surveyed — Fox News, CNN, and MSNBC— consistently report half-truths and lies. It is little wonder, then, that another survey found only 7% of Americans still harbor “a great deal of trust” in the mainstream media.

Still, it wasn’t just the media that lied. On multiple occasions, government employees were caught attempting to distort facts. In March, news emerged that an IP address linked to the NYPD had attempted to edit the Wikipedia page on Eric Garner. Computers inside Britain’s parliament were linked to attempted edits on pages detailing sex scandals, among other transgressions. In a related story, the FBI reported it had foiled yet another terrorist plot, and once again, it was revealed the culprits were provided support from an informant working for the bureau. Further, in August, Wikileaks released cables that showed an American lobbyist for Saudi Arabia organized a $6 million ad campaign against the president’s nuclear deal with Iran, all through a well-funded group called the “American Security Initiative.” The lobbyist, Norm Coleman, is a former Republican senator.

14. TPP: In one of the most widely-contested pieces of legislation in recent memory, the Trans-Pacific Partnership moved forward, often in secret. The TPP has been condemned as a corporate power grab that ensures profit for pharmaceutical companies, among many other loathed industries. From clamping down on internet freedom to effectively sanctioning sex trafficking, TPP signals an ominous fate for the future of freedom.

15. Sharp Uptick in Islamophobia: Amid the carnage of the Paris terror attacks, the recent shooting in San Bernardino, and the surge in Syrian refugees seeking asylum in Western nations, attacks against Muslims skyrocketed in 2015. In the United States, Muslims have been attacked for praying in public, wearing traditional head scarves, and for simply being out in public. Sikhs have been caught in the crossfire for the crime of being brown and wearing cloth on their heads — and thus being confused with Muslims — while at least one Christian has been terrorized as a result of the unmitigated hate currently permeating modern society. Many European nations and U.S. states have rejected the influx of refugees from war-torn Syria.

Amid the increased hate against Muslims, however, has come an outpouring of love and tolerance. Muslim groups across the world have condemned terror attacks, raised money to help the families of victims, and promoted programs to discourage extremism. At the same time, citizens across Europe, Canada, and even parts of the United States have welcomed Syrian refugees with open arms.

2015 was a year of chaos, violence, hate, and an ongoing struggle of freedom versus oppression. In many ways, it was like the years, decades, and even centuries and millenia that came before. But amid the conflict and often discouraging headlines, humanity has continued to persevere, offering resistance to seemingly all-powerful forces and paving the way for, if nothing else, potential peace, freedom, and respect for human life.

The Anti Media (cc)