By Lisa Haven


On Tuesday, March 7th, Wikileaks downloaded to its website one of their biggest data dumps on the CIA to date. A dump that Wikileaks is calling Vault 7.

For years alternative media has been making the claim that agencies within the government have been publicly spying on the American people, and with this dump, their theories have been confirmed, not only via Edward Snowden but now Wikileaks.

Wikileaks exposed the CIA’s global covert hacking program:

“The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”

In the video below, I reveal FURTHER information being leaked by Wikileaks’ Vault 7… PLEASE DON’T MISS THIS THESE LATEST REVEALS


Here are just a few of Wikileaks LATEST data dumps on Vault 7:


7 September, 2017

Today, September 7th, 2017, WikiLeaks publishes four secret documents from the Protego project of the CIA, along with 37 related documents (proprietary hardware/software manuals from Microchip Technology Inc.). The project was maintained between 2014 and 2015.

Protego is not the “usual” malware development project like all previous publications by WikiLeaks in the Vault7 series. Indeed there is no explicit indication why it is part of the project repositories of the CIA/EDG at all.

The Protego project is a PIC-based missile control system that was developed by Raytheon. The documents indicate that the system is installed on-board a Pratt & Whitney aircraft (PWA) equipped with missile launch systems (air-to-air and/or air-to-ground).

Protego consists of separate micro-controller units that exchange data and signals over encrypted and authenticated channels:

» On-board TWA are the ‘Master Processor’ (MP) and the ‘Deployment Box’. Both systems are layed-out with master/slave redundancy.

» The missle system has micro-controllers for the missle itself (‘Missle Smart Switch’, MSS), the tube (‘Tube Smart Switch’, TSS) and the collar (which holds the missile before and at launch time).

The MP unit receives three signals from a beacon: ‘In Border’ (PWA is within the defined area of an operation), ‘Valid GPS’ (GPS signal available) and ‘No End of Operational Period’ (current time is within the defined timeframe for an operation). Missiles can only be launched if all signals received by MP are set to ‘true’. Similary safeguards are in place to auto-destruct encryption and authentication keys for various scenarios (like ‘leaving a target area of operation’ or ‘missing missle’).



31 August, 2017

Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as “C:\Windows\system32\svchost.exe” and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named “zf”.

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the ‘UserInstallApp’.



24 August, 2017

Today, August 24th 2017, WikiLeaks publishes secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.



10 August, 2017

Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.



3 August, 2017

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.



Or Call – 888-596-7916



For More Information See: