WikiLeaks’ latest Vault 7 release reveals that the CIA uses a tool called “Scribbles” to track people by snooping on their Microsoft Word documents.
CIA Is Tracking Leakers With Scribbles, Says WikiLeaks
Allegedly, the tool is an attempt by the CIA to keep track of journalists and prevent them from leaking classified information. In this effort, Scribbles apparently embeds a beacon tag into watermarks located on Microsoft Word documents that can report document analytics back to the CIA.
WikiLeaks released information about the tool on Friday and, according to a user manual describing Scribbles, it can be used to generate copies of identical or unique files, each with distinctive watermarks that includes a web beacon-like tag.
According to WikiLeaks, the tool works exclusively with Microsoft Office documents. Additionally, Scribble’s user manual says that it will not work on encrypted on password-protected documents.
However, according to a Microsoft spokesperson, customers who use Microsoft Office 2013 or Office 356 and newer are protected by default because these updated versions open up documents in protected view, blocking network access.
Additionally, security expert Udi Yavo, CTO and co-founder of enSilo talked to Threatpost about the CIA tool saying that it was taking advantage of a feature in Microsoft Office that allows it to embed remote objects, like images, in documents.
Vault 7 Project Marches On
This recent batch of leaks is the 7th time since early March, when the leaks began, that WikiLeaks has revealed confidential material regarding the CIA. The leaks have been a part of a series, dubbed “Vault 7,” with WikiLeaks calling it the single largest ever publication of confidential documents on the agency.
They began to publish the documents on March 7, 2017, with the first group of documents being code-named “Year Zero” by WikiLeaks.
These first documents, consisting of 7,818 web pages with 943 attachments, by itself, surpassed the entire volume of Edward Snowden’s infamous series of leaks in 2013 that disclosed surveillance programs conducted by the NSA.
The subsequent leaks that followed the first batch uncovered a variety of CIA hacking tools and capabilities that allowed the agency to perform their own electronic surveillance as well as cyber warfare.
When the CIA was first contacted about the leaks they refused to comment on the authenticity of the information, however, they did release a statement saying that the American public should be “troubled” by WikiLeaks’ activities:
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists or other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.”
What do you think of these recent leaks? What do you think of WikiLeaks’ vault 7 project? Let’s hear your thoughts.
Images Vva CIA, WikiLeaks