Wednesday, March 8, 2017

Takin' umbrage to UMBRAGE

While my taking umbrage implies, for example, that  I find the bizarre claims of Russia hacking the US election without evidence, offensive- (Too bad Wikipedia doesn’t take umbrage to such absurdity)
The CIA's UMBRAGE Program takes an entirely different type of offence: a transgression of the law; the act of attacking- to a whole new level
Sadly, no. This is serious stuff
The CIA’s UMBRAGE programme could provide us all a glimpse into how it was the CIA, er I mean, Russia hacked the US election. If we are to believe the claims at all. Could UMBRAGE be employed in other situations? Seems likely. Thoughts?

To understand the direction we're heading in let’s define “umbrage” as employed by the CIA programme
 5.a shadowy appearance or semblance of something.
Umbrage... A shadowy appearance or semblence of something- semblance, of course, being related directly to resemblance. A shadowy appearance resembling something- umbrage

WikiLeaks files detail CIA 'UMBRAGE' project, which would allow spies to pin attacks on other countries

The program allows the CIA, to pin a hack on others, by leaving a shadow/y appearance resembling something....done by another.

"The CIA had a special programme allowing it to trick people into thinking they had been hacked by other countries, according to WikiLeaks.

The agency was cataloguing the hacking methods of outside cyber attackers, including those from Russia, according to files published by the organisation. Once it had them catalogued, it could use them to break into other countries or people's computers or phones – making it look like a different country had done so.

The project, called UMBRAGE, is just one of a range of different hacking tools that appear to be have been revealed by the leak

UMBRAGE works in part by getting around the problems of those hacking techniques. Any cyber attack inevitably leaves a trace of how it was done – but by cataloguing other hackers' tricks, those traces could look like they come from someone else entirely.

"The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation," WikiLeaks wrote in its release. "With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from."

The UMBRAGE project includes a variety of cyber weapons, including tools that can allow data to be deleted, webcams to be spied on and various other survey techniques, according to the documents"
 Therefore the CIA could have been the party responsible for the DNC hacks and subsequent email leaks blamed on the Russians - and isn't choosing the bear such an obvious moniker... I don't know? Why not pick vodka ;)

 In October 2016, U.S. President Barack Obama used the red phone line to directly contact Putin and issue a warning to him regarding the cyber attacks.[8] Russian officials have repeatedly denied involvement in any DNC leaks or hacks.[9][10][11]
"In June 2016, the Democratic National Committee (DNC) first stated that the Russian hacker groups Cozy Bear and Fancy Bear had penetrated their campaign servers and leaked information via the Guccifer 2.0 online persona.[24][25]"

Additional reading RT:

Every hacking technique leaves a “fingerprint” which, when collated, can be used to connect different attacks and tie them to the same culprit.

The CIA’s Remote Development Branch (RDB)’s Umbrage sub-group collects an archive of hacking exploits created by other actors, like Russia and other hackers, and leaves this false trace for others to detect.

Hacking Team

An Umbrage document shows how the agency mined information from a breach of Italian “offensive security” vendor Hacking Team, that boasts governmental and law enforcement clients.
Some 400GB of data including “browser credential stealing” and “six different zero-day exploits” was released in the breach, which Umbrage studied and added to its repository.

While the documents released don’t tie Crowdstrike to the CIA’s Umbrage program, the data demonstrates how easily fingerprints can be manipulated, and how the CIA’s vast collection of existing malware can be employed to disguise its own actions.
Crowdstrike, a private security firm linked to the Atlantic Council, found the hackers who accessed the DNC emails
Former Pentagon official Michael Maloof says that by using Russian “fingerprints” the CIA may have deliberately put the blame for hacking on the Russians.
“Apparently they were able to obtain Russian malware and then they can turn that around and make it look like [attacks] were coming from Russia. And that gets into a political narrative that we’re hearing these days of hacking and what have you, blaming it all on the Russians.


  1. Hi Penny, hope you're ok. Sorry that I haven't been commenting as much lately. I will be busy with exams for the next few months. Still meeting up with those Turkish students that I told you about. 1 of them told me that he converted to Christianity and supports Erdogan because Erdogan's government is the first gov in Turkey that cares about minorities. He said he feels safe in Turkey because Erdogan protects the Christians. Who would have thought it?? I told him that the Western media has made Erdogan out to be an Islamic extremist and he said that Erdogan respects everyone in the country.

    1. Hi Ally:

      thanks for letting myself and the other readers know that!- it's amazing the difference in presentation via western media vs actual reality.

      Exams is a busy time- I know, that's ok.
      Come by when you can I always look foward to you sharing your thoughts :)

    2. Yes he is ethnic Greek and his family converted to Islam a hundred years ago. The guy told me that he decided to convert to Orthodox Christianity and feels free. He lives in a small city and can walk freely now in Turkey because of Erdogan. Extremist groups are no longer attacking religious minorities. Even I was shocked to hear this. He is a very smart guy and there is another girl that is here as well. She lives outside Istanbul and is ethnic Zaza. She considers herself to be Turkish, not Kurdish. She said that Zazas aren't Kurds.

    3. Hey Ally!

      I've come across the Zaza people in other reading and have mentioned them in previous posts- I'm not surprised she does not consider herself a Kurd- since many Kurds do not consider Zazas kurds- but somehow they got lumped in with the 'kurds'- Likely to up the numbers for perception management purposes-

      Stop by when you can and keep me updated :)