Mass Wiretapping - Recent Developments: DriftingShadows & GravityTurn

DriftingShadows and GravityTurn.

These are two products from the USA-based CIA/NSA labs for computer wiretapping, and data "exfiltration" - ie. hacking your computer and cellphone, wiretapping them without a warrant, and then removing copies of your private data without a search warrant. The current understanding (by me and many others, including the Supreme Court of Canada) is that these actions explicitly violate Canadian "black-letter" law.

As an analyst, I like to find out the origins of things.  There are a series of nasty ransomware exploits attacking internet-enabled machines around the world currently. This ransomware is really only the beginning, many fear.  Much of the base-level security of the internet, and of the various machines that run on it, appear to have been compromised.  And this has been by design.  It's not an accident, or the result of programming errors.

People should understand the risk this represents. Degrading the integrity of the internet will have economic consequences. It directly threatens global commerce. The software to do this, came from US labs that support the American spy agencies - the CIA and the NSA.   With global GDP, so goes global security.

I ran into this WikiLeaks document, which describes the success of  "process hollowing", while chasing down some information on something else.   It's a very interesting document.  These two utilities - DriftingShadow and GravityTurn - are specifically *not* detected by modern anti-virus software.   And rather than helping enhance and improve our security, the agents at the CIA and the NSA have worked with the vendors (Microsoft, especially, it appears) to degrade system and network security.  The American CIA has effectively increased the ease and the likelyhood that our modern, commerical world will be successfully hurt. Do these spy-guys not understand the damage they have done and are still doing?

If you trash the integrity of the internet you risk doing damage to global economic linkages, and the alternate reality that we might be facing is one of de-liberalization, and a return to a world of fortified, walled-off totalitarian nation-states that are suspicious and fearful of trading with each other.  (Many argue this is already happening in Turkey, for example.)

Do the 2030's have to look like the 1930's, but run at internet speed?  Imagine the liberalization of China run in reverse.  Imagine the Cold War, but fought with advanced nano-technology, false-flag "terrorist" attacks, and rapidly increasing levels of global poverty.  Wouldn't that outcome be the best breeding-ground for new terrorist entities?  Are we not just pre-programming war?

I've not seen the code for  "DriftingShadows" and "GravityTurn".   What can one really say? Perhaps: "Get off my lawn!"?   Except here in Canada, we have our own government in Ottawa, pushing a new law (Bill C-59) that will further exacerbate the risk, and enhance the damage being done. Bill C-59 specifically legalizes wiretapping activity that was previously unambiguously illegal, creates special legal status for the CSE, (the Canadian Security Establishment - essentially a wiretapping operation acting for the US government), and criminalizes various aspects of private communication.  It looks to be more questionable law and knee-jerk action, which may well serve to seriously reduce, not enhance, national and trans-national security.

Our own federally-funded research labs should be helping us harden and improve our security, and should not be cooperating with foreign agencies to degrade it and put internet operational integrity at risk.  The CSE should probably be shut down, and a new organization created with a specific mandate that benefits Canadians, not rogue foreign entities, as one might characterize the American CIA, given the overt hostility its weaponized software products demonstrate.

The foreign spy agencies and their hostile actions towards the necessary security of the internet may well be a more dangerous threat than anything "terrorists" are likely to do. The terrorist element may damage us. Those threats have always existed, and they will continue to exist. But continued successrful attacks against the internet and the commerical activity it supports - using these weapons developed in the CIA and NSA labs - will put global trade growth at risk, and encourage the re-establishment of the "fortified" nation-state economic model.  We are better to tear down walls between nations, than to build more of them.  To degrade our long-term future prosperity will hurt us all more than any terrorist action ever could.

The WikiLeaks page is reproduced below.  It is short and clear, and comes from a general discussion page discussing how to defeat PSPs - Personal Security Programs - also called "Anti-Virus" programs, such as AVG and Kaspersky.   Note this carefully.  The CIA is specifically working to develop monitoring systems - DriftingShadows and GravityTurn are specific examples - that degrade and compromise local computer system security.   This approach - and the actual weaponized code that supports these strategies - is how we got what we have now, an open-ended and growing slush-pile of ongoing system and network security failures that are hurting everyone everywhere. MadWhistle

This is image from WikiLeaks page, describing background work on DriftingShadows and GravityTurn exploits.

Mass Wire Tapping - First Facebook Post - Mar. 6, 2017

This needs to be known.

I just can't resist dropping this into the public domain. (This FBook post is set to "public"). I Listened to a bogus ABC news story this AM about US President Trump's assertion Obama wiretapped him. Folks are doubting Trump, as part of this game. Listen: I can assure you - with something close to statistical certainty - that the offices of Trump Tower were fully wiretapped. And if not just by PRISM and various meta-data gathering tools, perhaps also by BLARNEY (where they have actual call transcripts). Trump knows this (as President, he would have been briefed). And of course, Obama knows it also.

Don't take my word for it. Google "snowden slides" and just choose your rabbit-hole. Since the 1970's every long distance call leaving the USA is monitored. Guess what? Ever heard of the "Communication Research Establishment"? It's in Ottawa. The not-so-secret rumor is that they (we - in Canada) wiretap all the US<=>International calls, and fwd the database to the USA. (Law only requires *domestic* calls to be authorized by a Court or judge, and existing info-sharing treaties allow the datafiles to be handed over. This has been standard procedure since the 1970's)

The Brits watch US and Canada, Canada watches US and England, and USA watches/listens to everyone international - everywhere now. It is dirt-simple technology, and dirt-cheap now.

Note how Obama responded to Trump's "tweet". Obama did not say ("I/we did not do this"). He just says "I never authorized this".
He did not have to authorize it, because it was already happening. What's happened is that both Trump and the deeply dishonest Democrats know that some information linking Trump and the Russians has been leaked from the NSA or the FBI, and that this is being used to attack Trump - and Russia - politically.

Of course offices of Trump Tower were wiretapped. This posting will be stored and forwarded. Just about *anything* anyone does on the internet, or the phone system, is fully recorded and monitored now. They don't even need people. Word-recognition Artificial Intelligence (AI) does this fine. Just like SIRI on your iPhone, people!

Guys like me, who respect the law, support democracy and civil society - and believe in the need for *strong* and *enforcable* limits on the power of Governments, have been warning about this stuff since the 1980's. I've worked on election campaigns, and they are mean, nasty, serious business.

It looks like rogue elements in either the FBI, NSA or CIA have taken it upon themselves to release Trump's discussions with Russian Government representatives. Such discussions are not illegal, but perhaps now, President Trump - just like Chancellor Merkel of Germany - can understand now why personal private control of strong encryption technology is so necessary to ensure the survival of modern, civil democratic society. Not just the bad guys, but your political opponents *will* gain access to all data, otherwise, and use it. This is why a judge's warrant is supposed to be used to obtain wire-tap permission. The presumption of privacy must trump the desires of the spys. Only when evidence of a crime can be shown, should any wiretapping be allowed.

(Note: The "Wolframite" program slide is not from Snowden. It's one I found on the net. Shows funding startup 2011 for the British Gov't program to decrypt encrypted GSM (modern cellphone) communication - called "Wolframite" - program name comes from the secret magic substance used to defeat werewolves, in European mythology. It's old news. But folks need to understand why the debate on encryption matters.)

Ok, now you can go back to pictures of cats, and your kids. But your kids will grow up in a new world. Let's make it a *good* world, instead of a bad one.

This information is in the public domain.   Some of the Snowden pages detailing specific *illegal* wiretapping programs are shown.  There are good reaasons why a judge's warrant is required to install a wiretap.   In a free democracy, the rule of law, and the structure of civil society simply fails, if these legal protections are not present.  It's like getting maggots in your meat.  Once there are even just a few, folks decide they don't want to eat.

This is a slide of the Blarney project. Note the insept date. 1978. How many of you reading this were even alive back then? Well, mass-wiretapping was alive and well.

Mass Wire Tapping - Second Facebook Post - Mar. 6, 2017

I typically avoid politics, but this is too important to our future.

It has been suggested that my assertion that Trump Tower was wiretapped cannot be proven. Well, the existence of BLACKPEARL, TARMAC and most clearly - ASPHALT and ASPHALT/A, prove that if any person in Trump Tower NYC made a long-distance telephone call, used the SWIFT network to do an electronic transfer of money, or the internet to do a Google-search, their information and activity - date-stamped - would have been recorded as part of the "five-eyes" monitoring program - in which Canada is a *major* participant.

This is known, because the Security Agencies were harvesting *all* international communications traffic. It is impossible that a high-value economic target like Mr. Trump's New York location would *not* have been fully monitored. Trump, Obama and the Democrats who are attacking Trump because he perhaps spoke with Russian Government people - all know this.

And it was Canada - almost certainly - that was operationally involved in some this activity. It is possible that some of the Trump Tower communication activity might have been leaked from here. Of course, I have no knowledge of any such thing. But the mass-wiretapping is real, even if it is technologically complex. And the CRE in Ottawa has some very smart people working there.

Canada punches well above our weight here - given our proximity to the USA, and our significant expertise with digital networks and communications technology. We designed and built the first communications satellite. Our early telephone system was the best in the world. Nortel, until it was taken over by criminals, was not just a world-class company, it was this amazing communications design/develop/implement powerhouse. It is sad that it was destroyed the way it was. But lots of those bright folks got new jobs. Ottawa still has lots of communication technology work available.... (Note the tiny "Cdn" code on some of Snowden's NSA slides, showing the various mass-wiretapping programs.)
DropoutJeep, (slide below), which is part of ChimneyPool framework, is interesting.  It specifically targets Apple iPhones.  No details on ChimneyPool, but a "framework" typically describes a suite of programs that focus on providing a specific ability - in this case, to monitor supposedly "encrypted" cellphone communications.

 

DropoutJeep is used to hack and monitor an Apple iPhone. But it runs in real-time, which is why breaking into an locked iPhone is still difficult. Not impossible. Just difficult.

This little gem was found with a Google-search. Wolframite was the mythical substance used to defeat werewolves. Here, it describes a method for monitoring and decrypting GSM cell phone traffic, in the UK.

The "New Collection Posture" => collect everything. This is quite serious, and absolutely feasible. Note that Canada is a participant to this **explicitly illegal** activity.

Extensively "Redacted", but this slide specifically shows how private networks are compromized, as per policy. The "SWIFT" network is an original inter-bank network used to transfer funds between major banks. BLACKPEARL is a network traffic monitoring system - which illegally monitors data packets on private networks.

If you have *any* network traffic - voice or data - and it gets even *near* the USA, it will be collected, and retained and processed. Same also, for the UK. Canada effectively has no choice but to participate in this. At some point in the future, I hope this changes.

WISTFULTOLL is described as a STRAITBIZZARE plug-in, and shows how a Windows XP machine can be completely compromised using Windows instrumentation monitoring, and by remotely hacking the Windows Registry. STRAITBIZZARE and UNITEDRAKE (as in UNITED RAKE), are tools that covertly transmit encrypted data from each Windows XP machine, back to an NSA dropbox server. This is from 2008 - almost 10 year old technology - but this technology has made it very easy for "botnets" to be set up by criminals who then can engage in various attack strategies against DNS servers, and other internet infrastructural components. That the USA would build this - and then keep it a secret - appears itself to represent a serious criminal activity, on par with poisoning a food supply. It could be viewed as an actionable "casus belli", or a legitimate reason for starting a war, were such actions directed at the national electronic and communications network infrastructure of another country.