As the latest installment of it's 'Vault 7' series, WikiLeaks has just dropped a user manual describing a CIA project known as ‘Scribbles’ (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release:
Today, April 28th 2017, WikiLeaks publishes the documentation and source code for CIA's "Scribbles" project, a document-watermarking preprocessing system to embed "Web beacon"-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and classified SECRET//ORCON/NOFORN until 2066.
Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that "[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary."
WikiLeaks releases 'Scribbles' the CIA's secret anti-leak "Snowden Stopper" software https://t.co/8ynyk8GJxg
— WikiLeaks (@wikileaks) April 28, 2017
CIA's first rule of stopping the next Manning/Snowden - don't leave CIA document tracking software on suspected source's computer pic.twitter.com/Jn3eAjw7tN
— WikiLeaks (@wikileaks) April 28, 2017
The ‘Scribbles’ User Guide explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document.
Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.
RELEASE: "Scribble" the CIA's secret system to track leakers. Full source code and documentation included. #vault7https://t.co/Mgph7jQkFCpic.twitter.com/5WZTYfG7pZ
— WikiLeaks (@wikileaks) April 28, 2017
Dr. Martin McHugh, Information Technology Programme chair at Dublin Institute of Technology, gave the RT more details on how the "Scribbles" tool can be used for "bad as well as good."
“Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge."
“Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon.”
But, the "Scribbles" user guide notes there is just one small problem with the program...it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.
According to the documentation, "the Scribbles document watermarking tool has been successfully tested on [...] Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected". But this limitation to Microsoft Office documents seems to create problems: "If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them."
So if you plan to steal some government documents at some point in the near future you may want to ditch Microsoft Word.