[cryptome] wholeaked - a new open source program to catch whistle blowers

Undiscussed Horrific Abuse, One Victim of Many gmkarl at gmail.com
Mon Feb 21 06:14:44 PST 2022 

thanks for this inspiring share

summary: utkusen is a productive open source greyhat with some
projects listed below. the hilighted project may sound like a downer
for some: "wholeaked" provides for free access to traceable document
watermarking, which is often something paywalled by powerful
organisations. hence, open source implementations are a gain.
https://github.com/utkusen/wholeaked utkusen's other github
repositories showcase many other tools.

if you have existing tools for working with watermarking, this tool
could likely be used to give them a thorough testing.

i did not visit the links when reviewing this post.

> this post is an attempt to get this list back to the roots of what
> cryptome is based on: leaked files. I attempt to share an interesting
> coder, the coders shared work in his github and what is his most
> interesting creation yet called wholeaked in hopes of drumming up
> interesting discussions on leakers and related software, and hopefully
> we can leave behind some of the insane and inane discussions of recent
> history on this list.
>
> Ill first go over his github and the various projects he created and
> the skills/languages he used to create the tools and then go onto
> wholeaked, what it does, a brief explanation on how it does what it
> does, its uses, its shortfalls and why its an interesting and
> important addition to those who are for and/or against leaks and/or
> leakers (it helps and works against both leakers and anti-leakers
> both). Lets begin.
>
> the original Developer of this code quote about the project he named
> "wholeaked":
> "a file-sharing tool that allows you to find the responsible person in
> case of a leakage"
>
> The github project page has 19 forks, uses the BSD-3-Clause License
> and was created on January 26th, 2022 appears to be made by a talented
> hacker named Utku Sen who's written other pro-privacy and published
> them on github such as his "house party" emergency data locker tool
> that encrypts every file in your home directory via remote command in
> an attempt to block a thief's access to your documents, as well as
> several anti-ransomware tools that detect when encrypting of files has
> begun and stops the process and warns you as soon as it sees it
> happening. A re-write of the program was done to have the code
> available in python.
>
> His other open source tools include:
> -several DoS tools,
> -a url-shortener reversal tool,
> -a fork of "empire" windows exploit toolkit for automated pwning of
> windows domain controllers,
> -an IRC based botnet/bot tool,
> -a second fork of Empire with modifications to timing and order of
> loading is functions for IDS evasion,
> -a stresstester
> -a program called jeopardize; a threat intelligence&response tool
> against phishing domains
> -and a mass-security-auditing toolkit
> -a blackjack analyzer
> -other interesting hack tools.
>
> The languages he uses to create these tools spans across various major
> languages from C to python to visual basic to c# and finally Go. His
> repos can be found here: https://github.com/utkusen?tab=repositories
>
> While the method this program uses is not brand new the program itself
> is and it is more than a simple single functioning binary with only
> one function..., it crosses platforms to every major 64 bit OS (linux
> x64, macOSX  x64and windows  x64) which makes this program all the
> more versatile to use
>
> Classification of program type:
> The program might be whats known as a type of "traitor tracing"
> software (see here:  https://en.wikipedia.org/wiki/Traitor_tracing )
> ..and uses a canary trap to finger the leaker (see here:
> https://en.wikipedia.org/wiki/Canary_trap )..
>
> ..... some might be offended by such strong labels such as 'traitor'
> to describe this software, as the word "traitor" could be replaced
> with "brave unwavering ethical bar-setting/bar-raising whistleblower
> hero" and the functionality of the software would be the exact same
> even if the intent is different.
>
>
> ...., the program helps you keep track of everyone who gets a copy of
> the file that you suspect will be leaked (or you might do this as a
> form of anti-copying enforcement in hopes of distributing the book
> with consequences of getting fired from their job, fined or
> imprisoned. Each copy that gets sent out gets its own unique invisible
> watermark which is essentially just metadata that ties that particular
> copy to the email address (or person) who you sent it too.
>
> When the file or files get leaked (or if it gets leaked) then you can
> check the metadata in the copy of the now public file and see which
> person the watermarks show that it was tied to, and then you've just
> found your leaker.
>
> Here are the several ways you are able to tag the file (copied
> directly from the github here: https://github.com/utkusen/wholeaked )
>
> "wholeaked can add the unique signature to different sections of a
> file. Available detection modes are given below:
>
> File Hash: SHA256 hash of the file. All file types are supported.
>
> Binary: The signature is directly added to the binary. Almost all file
> types are supported.
>
> Metadata: The signature is added to a metadata section of a file.
> Supported file types: PDF, DOCX, XLSX, PPTX, MOV, JPG, PNG, GIF, EPS,
> AI, PSD
>
> Watermark: An invisible signature is inserted into the text. Only PDF
> files are supported."
>
> A note of caution: Of course this tool will only reveal the most
> inexperienced and/or over confident of leakers, as anyone with half a
> brain will realize, 19th attempt to strip all metadata from the file
> before leaking, if not altogether re-creating the document with
> screenshotting each page of data one at a time with something like the
> good old printscreen button and pasting and saving in ms paint or
> something similar, One should consider using a brand new VM that was
> spun up for this single purpose or a live linux distro like ubuntu
> live or tails will also work (those who work in digital forensics are
> much better to discuss this part of the topic!)
>
>  This is but one way to by-pass someone using a
> unique-injection-of-watermark-per-file leak-detection technique (try
> saying that 5x fast!). among other methods,
>
> The _actual_ common term of this technique is called the canary trap
> for the laymen, It is actually used in many different contexts that
> are much different than someone breaching national security with PDF
> files or whatever, like for example, some AV programs use canary files
> that are placed in your documents folder and if the AV detects that
> they are no longer accessible (yet still remain in your documents
> folder) or if they appear to be modified, then the AV might cause all
> processes to stop and block any processes from writing to disk until
> the user either lets the processes  continue after confirming that it
> was not ransomware that modified, encrypted or changed the file.
>
> Wholeaked is essentially making every distributed file its own unique
> identifiable canary. If that canary is ever found anywhere by being
> leaked, then at the very least you will know who was responsible for
> the file becoming public (if it was their intent on spreading the file
> to the public or not!).
>
> What makes this one note-worthy is that it is now trivial to do it
> easily without the need to understand concepts like unique
> watermarking and metadata or how to add them correctly. Also that it
> is open source with compiled binaries for windows, OSX and linux (you
> can find the project, binaries and source code on github here:
> https://github.com/utkusen/wholeaked/releases/tag/v0.1.0 )
>
> Its a reminder to those who are experienced in leaking to stay
> vigilant , less they be exposed (and in some states/places this could
> mean death or worse to you and your family).
>
> Its also a wakeup call for those who leak who dont know what they are
> doing , and might mean lost jobs, legal action, imprisonment and
> possibly a lot more if they don't smarten up about their opsec.
>
> On the other hand, it could also mean the capture of those who are
> leaking classified documents to rogue states who routinely deny
> mountains of evidence of human rights abuses (im looking at you China)
> for money, in which case, it would be a good thing exposing those who
> give aid to powerful unethical monsors.
>
> No matter the use case, the tool is now in the hands of everyone and
> anyone is free to add and change it for their own uses and publish
> their own versions as a fork if they like.
>
> To end this post which has gone on far too long, here is the creators home
> page:
>
> https://utkusen.com/
>
> kudos you, Utkusen!
>
>

More information about the cypherpunks mailing list