WikiLeaks publishes user guide and source code for CIA's secret leaker-tracking tool Scribbles
The CIA's Scribbles program allegedly allowed spies to track leakers by planting beacons in Word files.
WikiLeaks released details of the CIA's alleged whistleblower-tracking program dubbed "Scribbles" on 28 April. The Word document-tracking tool, according to WikiLeaks, was designed to assist the spy agency to keep tabs on files leaked to whistleblowers and journalists.
Scribbles allegedly allows spies to embed "web beacon-style tags" into Word documents. A web beacon is a transparent graphic image, generally planted into emails and web pages that can be exploited to send back information on whether a file has been opened. The bug can also reveal the IP address of the computer that requested the image.
The tool can allegedly send back document analytics to the CIA, allowing the agency to surveil the contents. WikiLeaks said the tool was aimed at targeting "documents that are likely to be copied by insiders, whistleblowers, journalists or others".
Scribbles' source code and user guide were released by WikiLeaks as part of its Vault 7 Dark Matter dump, which it began publishing in March. Scribbles allegedly works exclusively with Microsoft Office documents and according to the leaked user guide, has been "successfully tested" to work with "Microsoft Office 2013 (on Windows 8.1 x64) and Office 97-2016 running on Windows 98 and above".
Scribbles' user guide also reveals that the tool can be used to create copies of identical or unique files.
According to Scribbles' leaked user guide, if a target opens up the tool in a different application "such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user".
"For this reason, always make sure that the host names and URL components are logically consistent with the original content," the user guide reads. "If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them."
A Microsoft spokesperson told Threatpost: "Customers using Office 365 or Office 2013 and newer are protected by default, as these documents will open in Protected View, which blocks network access."The CIA is yet to comment on WikiLeaks' latest release.
WikiLeaks has long had a contentious relationship with the US government. However, the recent Vault 7 publications have tipped the scales and the whistleblowing platform as well as its members are now being hunted by US intelligence agencies. WikiLeaks founder Julian Assange also faces the possibility of being formally charged by the US government.
US President Donald Trump reversed his views on WikiLeaks. Trump recently said that his "I love WikiLeaks" comment, which he made less than a year ago during one of his political rallies was "just a figure of speech". Trump added that he would be "Ok" with Assange being arrested.
© Copyright IBTimes 2024. All rights reserved.