#Vault7: WikiLeaks reveals CIA ‘Scribbles’ tool can track whistleblowers & foreign spies
A user manual describing a CIA project known as ‘Scribbles’ has been published by WikiLeaks, exposing the potential for the spying agency to track when documents are leaked by whistleblowers or “Foreign Intelligence Officers.”
Released as part of the whistleblowing organization’s ‘Vault 7’ series, the project is purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen,” according to a press release from WikiLeaks.
Dr Martin McHugh, Information Technology Programme chair at Dublin Institute of Technology, said web beacons can be used for “bad as well as good.”
“Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge,” he told RT.com.
“Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon.”
WikiLeaks says ‘Scribbles’ uses similar technology, which suggests the CIA would have been able to see when sensitive documents are accessed by third parties, including when they’re accessed by potential whistleblowers.
WikiLeaks notes that the latest iteration of the tool is dated March 1, 2016 – indicating it was used up until at least last year – and was seemingly meant to remain classified until 2066.
The ‘Scribbles’ User Guide explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document.
Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.
The tool was successfully tested on Microsoft Office versions 1997-2016 and documents that are not locked forms, encrypted, or password protected.
CIA's first rule of stopping the next Manning/Snowden - don't leave CIA document tracking software on suspected source's computer pic.twitter.com/Jn3eAjw7tN— WikiLeaks (@wikileaks) April 28, 2017
The guide notes that the program has a number of flaws.
Significantly, the watermarks were tested only with Microsoft Office applications so if the “targeted end-user” opened them with an alternative application, such as OpenOffice, they may be able to see the watermarks and URLs, potentially exposing the fact that the document is being tracked.
The tool also sometimes generates errors for temporary reasons, like when the Microsoft Office applications do not properly “clean up their resources.” To rectify this the guide advises users to close all Office applications and then run Scribbles again with the same input parameters.