WikiLeaks released the source code for a CIA tool known as project “Scribbles” in the latest installment of their Vault 7 leaks.
— WikiLeaks (@wikileaks) April 28, 2017
WikiLeaks released the source code for the CIA “Scribbles” project, describing it as a document watermarking pre-processing system that would allow the CIA to embed tags within documents that are likely to be copied by whistleblowers or journalists, allowing the CIA to trace exactly who leaked the documents.
Information Technology Programme chair at Dublin Institute of Technology Dr. Martin McHugh told RT: “Methods of tracking have historically been developed for our protection but have evolved to become used to track us without our knowledge. Web beacons typically go unnoticed. A tiny file is loaded as part of a webpage. Once this file is accessed, it records unique information about you, such as your IP address and sends this back to the creator of the beacon.”
“Scribbles is intended for off-line preprocessing of Microsoft Office documents,” writes WikiLeaks. “For reasons of operational security the user guide demands that ‘[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary.'”
The documentation relating to Scribbles states, “the Scribbles document watermarking tool has been successfully tested on […] Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) [and d]ocuments that are not be locked forms, encrypted, or password-protected.”
However, this software limitation within Microsoft Office seems to create issues: “If the targeted end-user opens them up in a different application, such as OpenOffice or LibreOffice, the watermark images and URLs may be visible to the end-user. For this reason, always make sure that the host names and URL components are logically consistent with the original content. If you are concerned that the targeted end-user may open these documents in a non-Microsoft Office application, please take some test documents and evaluate them in the likely application before deploying them.”