WikiLeaks Vault 7 Releases Scribbles
April 28, 2017. WikiLeaks publishes the documentation and source code for CIA’s “Scribbles” project, a document-watermarking preprocessing system to embed “Web Beacon“-style tags into documents that are likely to be copied by Insiders, Whistle-Blowers, Journalists or others. The released version 1.0 RC1 is dated March 1, 2016 and classified SECRET//ORCON/NOFORN until 2066.
The CIA Scribbles project is designed to ‘track’ via an electronic watermark when documents are ‘leaked’ by whistle-blowers or foreign intelligence officers and the recipients of such documents. Dubbed as the anti Snowden/Manning web beacon tool, it watermarks documents likely to be stolen or leaked so the CIA or other intelligence operations can identify who, when, where and from which computer someone is reading, accessing or copying the document.
Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that “the Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary.”
According to the documentation, “the Scribbles document watermarking tool has been successfully tested on:
- Microsoft Office 2013 (on Windows 8.1 x64)
- Documents from Office versions 97-2016 (Office 95 documents will not work!)
- Documents that are not locked forms, encrypted, or password-protected”
This limitation to Microsoft Office documents seems to create problems: “If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content.
If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them.”
Security researches and forensic experts will find more detailed information on how watermarks are applied to documents in the source code, which is included in this publication as a zipped archive.
Edited by NHN