Category Archives: Wikileaks

Flaw in open-source PDF viewer could put WikiLeaks users, others at risk

Posted on by

An open-source component used to display PDF files on WikiLeaks.org and other websites contains vulnerabilities that could be exploited to launch cross-site scripting (XSS) and content spoofing attacks against visitors.

The vulnerable component is called FlexPaper and is developed by a company called Devaldi, based in New Zealand. The company confirmed the issues, which were first reported Thursday on the WikiLeaks supporters forum, and released FlexPaper 2.3.0 to address them.

However, it seems that the component hasnt yet been updated on WikiLeaks.org, which was still using FlexPaper 2.1.2 on some pages Tuesday.

The incident comes after Wired reported last week that in 2012 the FBI used a Flash-based component to decloak Tor users and find their real IP (Internet Protocol) addresses in an operation that targeted users of child pornography websites hosted on the Tor network.

Since WikiLeaks audience includes a lot of users that value their privacy and anonymity, any vulnerability in the site that could potentially be used to expose their real location is likely to be viewed as a serious threat.

Given the fact that most browsers use plugins to enable the reading of PDFs, we strongly urge WikiLeaks to link directly to PDF files instead of using third party software that could put users at risk, said a user named Koyaanisqatsi, who reported the flaws on the WikiLeaks forum.

Thats what WikiLeaks did with two secret documents about travelling through airports using false ID that were allegedly leaked from the U.S. Central Intelligence Agency. The site published the documents Sunday and directly linked to the PDF files instead of displaying them in an embedded viewer.

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service. More by Lucian Constantin

Your message has been sent.

There was an error emailing this page.

See the original post:
Flaw in open-source PDF viewer could put WikiLeaks users, others at risk

Doh! WikiLeaks’ PDF viewer springs XSS vuln

Posted on by

Wikileaks' Flash-powered PDF reader has sprung a vulnerability or two.

The whistle-blowing website uses an open source Flash library called FlexPaper to display PDF files. Unfortunately various coding errors left FlexPaper open to cross site scripting and content spoofing.

Developers behind the open source web based document viewer software have developed a patch to resolve the bugs.

We have confirmed this XSS security vuln in our GPL flash viewer and patched it. New version: http://static.devaldi.com/GPL/FlexPaper_2.3.0.zip, FlexPaper told El Reg. Most Flash security holes were patched in flash version 9 and FlexPaper requires Flash 11 but we have confirmed this XSS.

The discovery of the bugs by security researcher Francisco Alonso has provoked http://www.wikileaks-forum.com/security-support/608/-flexpaper-pdf-viewer-used-on-wikileaks-org-presents-security-risk-for-users/32700/msg66862#msg668621:3 on WikiLeaks' forums that the vulnerabilities might be abused to de-cloak users, threatening the privacy of WikiLeaks users in the process.

Hackers (state sponsored or otherwise) might use Flash components specifically to de-cloak users. It might also be possible to post links to external content as part of attempts to (further) discredit WikiLeaks. Issues similar to the use by the Feds of Metasploit modules to uncover the identities of Tor users are feared.

Given the fact that most browsers use plugins to enable the reading of PDFs, we strongly urge Wikileaks to link directly to PDF files instead of using third party software that could put users at risk, a WikiLeaks forum member advised.

WikiLeaks did not respond to our requests for comment.

Sponsored: Todays most dangerous security threats

Read the original:
Doh! WikiLeaks' PDF viewer springs XSS vuln

WikiLeaks publishes CIA tips for travelling spies

Posted on by

Washington (AFP) - WikiLeaks on Sunday released two CIA documents that offered tips to help spies maintain their cover while using false documents as they crossed international borders.

The two documents, dating from 2011 and 2012, are marked classified and "NOFORN," which means they were not meant to be shared with allied intelligence agencies, WikiLeaks said.

The documents outline a number of strategies for agents to avoid secondary screening at airports and borders.

Some are obvious: don't buy a one-way ticket with cash the day before flying. Others perhaps less so: don't look scruffy while traveling on a diplomatic passport.

"In one incident during transit of a European airport in the early morning, security officials selected a CIA officer for secondary screening," one of the documents reads.

"Although the officials gave no reason, overly casual dress inconsistent with being a diplomatic-passport holder may have prompted the referral."

The CIA agent involved went on to have his bag swabbed for explosives and it tested positive. Despite extensive questioning, he stuck to his cover story that he had been involved in counterterrorism training in the United States, and eventually was allowed to continue his journey.

"Consistent, well-rehearsed, and plausible cover is important for avoiding secondary selection and critical for surviving it," the CIA wrote.

In a statement, WikiLeaks said this example "begs the question: if the training that supposedly explained the explosives was only a cover story, what was a CIA officer really doing passing through (a European Union) airport with traces of explosives on him, and why was he allowed to continue?"

One of the CIA documents, called "Schengen Overview," reveals that the CIA is very concerned about EU nations introducing biometric security measures for people traveling on US passports and that new systems pose an increased "identity threat" -- in other words, making it harder for agents to travel on false documents.

Original post:
WikiLeaks publishes CIA tips for travelling spies

WikiLeaks Releases Alleged CIA Documents Detailing Travel Tips For Undercover Agents

Posted on by

WikiLeaks on Sunday released what it claimed were two classified documents issued by the CIA to its operatives detailing measures to avoid having their cover blown while crossing international borders. The documents also list a number of tips for CIA agents to ensure that they are not singled out for secondary screening at airports.

The documents, dated September 2011 and January 2012, were issued by the CIA to circumvent security systems and passport checks implemented by authorities worldwide, including by countries in the European Schengen Area, according to a statement released by WikiLeaks.

The two classified documents detail border-crossing and visa regulations, the scope and content of electronic systems, border guard protocols and procedures for secondary screenings, WikiLeaks said, in the statement. The documents show that the CIA has developed an extreme concern over how biometric databases will put CIA clandestine operations at risk.

In the leaked documents, the CIA also expressed concerns over the impact the implementation of a biometric security system in the Schengen Area would have on its undercover operatives traveling under false identities, adding that it would increase the identity threat level for all US travelers. The Schengen Area comprises ofa bloc of 22 European nations that have relaxed passport and border controls at their common borders.

Justifying the leaks, WikiLeaks founder Julian Assange said in the statement that the documents proved that the CIA, which had carried out kidnappings from European Union states, including Italy and Sweden, during the Bush administration, had continued to do so under the current U.S. government.

These manuals show that under the Obama administration the CIA is still intent on infiltrating European Union borders and conducting clandestine operations in EU member states, Assange said in the statement.

Continued here:
WikiLeaks Releases Alleged CIA Documents Detailing Travel Tips For Undercover Agents

Wikileaks: Classified report detailed assassination shortcomings

Posted on by

By Jamie Crawford, CNN National Security Producer

updated 5:31 PM EST, Thu December 18, 2014

A classified CIA document was posted by the anti-secrecy group Wikileaks on Thursday.

STORY HIGHLIGHTS

Washington (CNN) -- Targeted assassinations or the capture of senior insurgent leaders in larger counterinsurgency operations can provide both positive and negative outcomes according to a classified CIA document posted by the anti-secrecy group Wikileaks on Thursday.

The use of so-called high-value targeting, or HVT, programs are the subject of a document titled "Best Practices in Counterinsurgency" and labeled as secret -- and not for the eyes of foreign nations -- dates back to July 2009 in the early days of the Obama administration.

According to the document, the CIA assessed the results of such operations by either U.S. government personnel or other countries during operations in Afghanistan, Iraq, Libya, Israel and eight other countries.

READ: Swedish court refuses to revoke Julian Assange's arrest warrant

Use of high-value targeting programs can have beneficial effects such as eroding insurgent effectiveness, weakening insurgent will, and fragmenting or splitting the insurgent group among others.

However, the report cites the possibility of increasing the level of support for insurgent groups, radicalizing an insurgent group's remaining leaders and creating a vacuum for additional radical groups to enter as potential adverse effects for such operations.

See the rest here:
Wikileaks: Classified report detailed assassination shortcomings

Wikileaks pins accused spy Rolando ‘Roly’ Sarraff Trujillo as Cuban political prisoner

Posted on by

MIAMI -

Rolando "Roly" Sarraff Trujillo was arrested on espionage charges in Cuba in 1995.

Sarraff, now 51, worked as a cryptographer in Cuba's Directorate of Intelligence. About a decade after he was accused of helping the CIA crack the Cuban intelligence codes, his name came up on a document Wikileaks released in 2008 where the U.S. identified him as a political prisoner.

Sarraff was sentenced to 25 years in prison. He had a journalism degree from La Universidad de La Habana and enjoyed painting and writing poetry. His family said he was the subject of random interrogations, and shared a letter he wrote in 2012.

"My spirit is still strong, full of hope, and my honor intact," the letter said in Spanish. "I confront this brutality and severe punishment with the utmost dignity, but without losing my tenderness, the sense of justice and my limited capacity to offer love."

President Barack Obama's administration claimed Wednesday that Cuba released 53 political prisoners, but The White House did not identify any of them, and while releasing three Cuban spies said the release of Alan Gross was a humanitarian gesture.

His family in Cuba hopes Sarraff could be one of the 53 releases.

Sarraff's sisters live in Spain. Katia Sarraff Trujillo, who lives in Palma de Mallorca since 1998, and Vilma Sarraff Trujillo, have been providing updates on their brother on a blog in Spanish.

Their Thursday post was titled "48 hours missing." They told reporters Friday that their parents, Odessa Trujillo and Rolando Sarraff, were afraid that something had happened to their son and blamed the Cuban government for the lack of information.

"We are alarmed at the unjustifiable secrecy and lack of humanity," the family blog post said.

Follow this link:
Wikileaks pins accused spy Rolando 'Roly' Sarraff Trujillo as Cuban political prisoner

Drone strikes counterproductive, says secret CIA report

Posted on by

WORLD EXCLUSIVE

Drone strikes and other "targeted killings" of terrorist and insurgent leaders favoured by the US and supported by Australia can strengthen extremist groups and be counterproductive, according to a secret CIA report published by WikiLeaks.

According to a leaked document by the CIA's Directorate of Intelligence, "high value targeting" (HVT) involving air strikes and special forces operations against insurgent leaders can be effective, but can also havenegative effects including increasing violence and greater popular support for extremist groups.

The leaked document is classified secret and "NoForn" (meaning not to be distributed to non-US nationals) and reviews attacks by the United States and other countries engaged in counter-insurgency operations over the past 50years.

The CIA assessment is the first leaked secret intelligence document published by WikiLeaks since 2011. Led by Australian publisher Julian Assange, the anti-secrecy group says the CIA assessment is the first in what will be a new series of leaked documents relating to the US agency.

Advertisement

The 2009 CIA study lends support to critics of US drone strikes in Afghanistan, Iraq, Pakistan, Somalia and Yemen by warning that such operations "may increase support for the insurgents, particularly if these strikes enhance insurgent leaders' lore, if non-combatants are killed in the attacks, if legitimate or semi-legitimate politicians aligned with the insurgents are targeted, or if the government is already seen as overly repressive or violent".

Drone strikes have been a key element of the Obama administration's attacks on Islamic extremist terrorist and insurgent groups in the Middle East and south Asia. Australia has directly supported these strikes through the electronic espionage operations of the US-Australian Joint Defence Facility at Pine Gap near Alice Springs in the Northern Territory.

The CIA study observes that the US-led coalition in Afghanistan made "a sustained effort since 2001 to target Taliban leaders", but "Afghan government corruption and lack of unity, insufficient strength of Afghan and NATO security forces, and the country's endemic lawlessness have constrained the effectiveness of these counter-insurgency elements".

"Senior Taliban leaders' use of sanctuary in Pakistan has also complicated the HVT effort," the CIA says. "Moreover, the Taliban has a high overall ability to replace lost leaders, a centralised but flexible command and control overlaid with egalitarian Pashtun structures, and good succession planning and bench strength, especially at the middle levels."

View post:
Drone strikes counterproductive, says secret CIA report