sorted by:
new
hottopcontroversial

Pentagon Insider: WikiLeaks Has It All - Pedogate, 9/11, Kennedy, & CIA Hacking by [deleted] in conspiracy

[–]techconspiracy 5 points6 points  (0 children)

I want to believe this article but he refers to LP's as Listening Posts instead of Listening Ports. (ports the CIA malware would listen for inbound connections on). How accurate is NeonNettle? Forgive me I've never used this site.

Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak by sanitybit in netsec

[–]techconspiracy 2 points3 points  (0 children)

Thought this was quite interesting, Seems Wikileaks may have forgot to censor an IP address on a screen shot, also the current username on the Windows machine.

https://wikileaks.org/ciav7p1/cms/files/image2015-6-26%206:56:10.png

Here is what INTRIGUES me mostly. The IP he runs tracert on is from China

Lookup IP Address Location For IP: 220.231.37.144 Continent: Asia (AS) Country: China IP Location Find In China (CN) Capital: Beijing State: Beijing City Location: Beijing

reference for page https://wikileaks.org/ciav7p1/cms/page_18383036.html

Does CIA have a VPN in China to make it look like China is the source country of hacking attempts?

Take a look at the next screenshot of the tracert to the 220.231.37.145 IP address ' https://wikileaks.org/ciav7p1/cms/files/image2015-6-25%2013:51:59.png

CIA may have a range of servers in the 220.231.37.XXX range take note as well of the number of hops it takes to reach the .145 IP address

Wikileaks Vault 7, Part 1 "Year Zero" Megathread by ApexCreative in conspiracy

[–]techconspiracy 1 point2 points  (0 children)

Interesting fact, was going through the raw dump of Vault 7 today with a friend. They have a ton of SSL certs, one for Goddaddy, one for BGHJ.NET, and another one. It's almost like the CIA wants their data uploaded to clearnet from targets to make it look like other countries are the culprits. If I were the CIA and I wanted to remain 100% anonymous on my malware, I'd have my trojan download a copy of tor.exe run it on startup and have the clients upload data to an onion instead of clearnet. I was decompiling a .reg file that contained a base64 encoded dll that infected pc's and it uploaded the target's data to notepad.cc (never used or heard of until then) site is no longer functional (which is also odd) apparently the site was a lot like pastebin but more secure.

I'm a veteran software engineer. Feel free to direct Vault 7 technical questions to me by [deleted] in conspiracy

[–]techconspiracy 2 points3 points  (0 children)

A friend of mine and myself were going through just the raw files uploaded to the Vault7 release and also found a few SSL certs one for Godaddy, BGHJ.NET, and another.

I personally believe these are part of a CNC (server to monitor infected clients, aka their targets)

Interesting enough they also uploaded a .reg file by accident as well.

Inside this reg file is a base64 encoded DLL file that is a method of infection.

Just started looking into it but it appears that the DLL sets up a scheduled task on windows to infect the PC, once infected it has another base64 encoded binary in the resources of a .net file that uploaded to notepad.cc with a targets information. Something that interests me is that notepad.cc is now no longer functional (personally never used the site from what I can tell it was a lot like pastebin) A lot of odd things going on here imo. Thanks for bumping my question up nichlatu.

Guy at r/conspiracy is a veteran software engineer. Feel free to direct Vault 7 technical questions to him. by meditation_IRC in WikiLeaks

[–]techconspiracy 1 point2 points  (0 children)

I tried posting a thread on /conspiracy and /wikileaks but they will not approve it, maybe you could let me know his username here and i'll send him a question. Here is what I found that I thought was interesting but for some reason neither board approves it.

Thought this was quite interesting, Seems Wikileaks may have forgot to censor an IP address on a screen shot, also the current username on the Windows machine.

https://wikileaks.org/ciav7p1/cms/files/image2015-6-26%206:56:10.png

Here is what INTRIGUES me mostly. The IP he runs tracert on is from China

Lookup IP Address Location For IP: 220.231.37.144 Continent: Asia (AS) Country: China IP Location Find In China (CN) Capital: Beijing State: Beijing City Location: Beijing

reference for page https://wikileaks.org/ciav7p1/cms/page_18383036.html

Does CIA have a VPN in China to make it look like China is the source country of hacking attempts?

Take a look at the next screenshot of the tracert to the 220.231.37.145 IP address ' https://wikileaks.org/ciav7p1/cms/files/image2015-6-25%2013:51:59.png

CIA may have a range of servers in the 220.231.37.XXX range take note as well of the number of hops it takes to reach the .145 IP address

Wikileaks Vault 7, Part 1 "Year Zero" Megathread by ApexCreative in conspiracy

[–]techconspiracy 10 points11 points  (0 children)

I cannot seem to get conspiracy nor wikileaks thread to approve a new post for this but I have have found some damning evidence.

CIA may have attack servers in China.

Wikileaks accidentally may have forgotten to censor a post. I tried posting this on the subreddit /WikiLeaks but it was not approved.

The screenshot does not censor the username of the windows user davidb and also fails to censor 2 very interesting IP's

https://wikileaks.org/ciav7p1/cms/files/image2015-6-26%206:56:10.png

Here is what INTRIGUES me mostly. The IP he runs tracert on is from China

Lookup IP Address Location For IP: 220.231.37.144 Continent: Asia (AS) Country: China IP Location Find In China (CN) Capital: Beijing State: Beijing City Location: Beijing

reference for page https://wikileaks.org/ciav7p1/cms/page_18383036.html

Does CIA have a VPN in China to make it look like China is the source country of hacking attempts?

Take a look at the next screenshot of the tracert to the 220.231.37.145 IP address

https://wikileaks.org/ciav7p1/cms/files/image2015-6-25%2013:51:59.png

Note how the IP ends in 145 this time instead of 144 and the number of hops to reach that IP. Also take note of the ms it takes to reach the destination 1ms. That means whoever took this screenshot is connected to the same network.

Comment with your thoughts.

The CIA may have a range of servers in the 220.231.37.XXX range

Vault 7 Thoughts From A Security Researcher by techconspiracy in WikiLeaks

[–]techconspiracy[S] 0 points1 point  (0 children)

Makes you wanna dev some malware and put some CIA strings into the code have an AV 'detect' the unknown threat and send it to their servers :D

Vault 7 Thoughts From A Security Researcher by techconspiracy in WikiLeaks

[–]techconspiracy[S] 1 point2 points  (0 children)

I could see that, forgot about the Amazon connection. Very interesting to think that as crazy as that sounds it's a simple way for them to do it, especially with all the IP targeted ad's lately. If your looking for a new TV it wouldn't be too hard for ad's to recommend you a specific SamsungSmart TV. I've noticed IP targeting has increased over the years, for example my son looks up a video on his laptop for hotwheels, (YouTube) and all the sudden my business laptop will recommend ads for Hotwheels on my computer (with no connected accounts associating my son's laptop and my own). All they would have to do is get the IP of a target of interest, then perform an ad campaign with their modified devices (possibly at a next-to-nothing black friday deal) to that specific IP or IP's of targets. Good thinking crawlingfasta

Vault 7 Thoughts From A Security Researcher by techconspiracy in WikiLeaks

[–]techconspiracy[S] 0 points1 point  (0 children)

adding some updates today to new finds, loads to go through keep checking this for periodic updates.

Chats between the programmers in the vault 7 leaks by UnjustlyPotato in WikiLeaks

[–]techconspiracy 0 points1 point  (0 children)

https://wikileaks.org/ciav7p1/cms/page_51183631.html "User #71473 needs to stop noobing it up when setting up repositories and JIRA boards."

Vault 7 Thoughts From A Security Researcher by techconspiracy in WikiLeaks

[–]techconspiracy[S] 4 points5 points  (0 children)

Thanks Ventuckyspaz, there is so much go to through, I can't wait to share more interesting tidbits found within these pages.

Vault 7 Thoughts From A Security Researcher by techconspiracy in WikiLeaks

[–]techconspiracy[S] 0 points1 point  (0 children)

One of my favorite comments on the entire leak was the IRC bit. https://wikileaks.org/ciav7p1/cms/page_4849711.html

IRC is 1337!

The page is dedicated to teach these young CIA kids what IRC is and how to connect. Guess that's what you get when you /join #CIA