In a shocking revelation, WikiLeaks has revealed that the US Central Intelligence Agency or the CIA has been using a vulnerability in Microsoft Office to snoop on people.
The program which has been termed as the Scribbles or Snowden Stopper, involves installing tags in the form of Web Beacons to the documents. This beacon gives out the information of any person who accesses the documents.
According to WikiLeaks, CIA took a longshot and installed these tags in those Microsoft Office documents which they believed could be stolen by the journalists, whistle blowers, and WikiLeaks. Thus, in essence, what the agency termed as stolen actually meant leaks.
Scribbles is basically watermarking of Microsoft Office documents intended for ensuring its security and safety. It is developed to make sure that the originality of the documents can be verified and its original creator can be identified.
It involves adding a unique watermark to each of the files and the Scribbles program allows adding unique watermarks to even the batches of files. As a part of the its user manual, Microsoft has stipulated that the Scribble program files, which include the executable files, logs, receipts, and parameter files should not be installed or even shared with a target machine that is different from the machine where the file was created.
The manual also warns against sharing these files with a competitor who might manipulate the watermarks if they get hold of it.
The CIA used this watermarking feature to embed web beacons that will give out the location of the persons or other details such as the IP addresses who open these files on their computers. This would send a signal back to the CIA that their files have been leaked as someone else is accessing them.
However, there is a loophole in this watermarking process which could render it ineffective. The watermarking works only when the documents are accessed on Microsoft Office tools. For other tools such as Open Office, the watermarking is revealed. This leaves the spying by the CIA ineffective