Solutions to the first 5 clues can be found here.

CLUE 6

Source

6. Start here: "Supporting technical consultations at the Consulate."

• There are 3 parts to Clue 6.
  
  
  
• PART 1: The text in the tweet is taken from a previously released Vault7 CIA document revealing how the Engineering Development Group (EDG) used/uses the US Consulate in Frankfurt, Germany, as a cover for their hacking operations.

Source

• The coordinates of the US Consulate in Frankfurt are:
  
  
  
  Source

Consulate Coordinates: 50°08'26.3"N 8°41'38.7"E

• PART 2: There were 2 images attached to the tweet.
  
  

Image 1

• Assuming the Hour Hand is Black, the Minute hand is Yellow, Second hand is Red the clocks would read (Hours | Minutes | Seconds):

LEFT CLOCK: 12:01:17

RIGHT CLOCK: 12:02:42

(Convert 12 to 00 for 24 hr clock.)

Image 2

• Image 2 was taken from the HIVE Engineering Development Guide, another Vault7 document.
  
  

• Here is a little about what HIVE is.
  
  
  
  

• PART 3: Wikileaks provides first hint.
  
  
  
  Source
  
  
• The highlighted portion of text was taken from the same HIVE Engineering Development Guide as above. The text reads:
  
  

(the system clock gets set back from the time of original execution)

(the system clock gets set forward by more than the delete delay)

• PART 4: Wikileaks provides a second hint. It's a picture of a buoy in a place called Null Island.
  
  
  
  Source

Null Island is a name for the area around the point where the prime meridian and the equator cross; in the WGS84 datum, this is at zero degrees latitude and longitude [0°N 0°E.] (the location is in the Gulf of Guinea off the west African coast).

• Now we have all the parts of the clue we can put them together.

Part 1
Consulate Coordinates: 50°08'26.3"N, 8°41'38.7"E

Part 2
LEFT CLOCK: 00.01.17
RIGHT CLOCK: 00.02.42

Part 3
(the system clock gets set back from the time of original execution)
(the system clock gets set forward by more than the delete delay)

Part 4
Null Island is at: 0°N 0°E.

• First use the Consulate coordinates (50°08'26.3"N, 8°41'38.7"E) as a starting point (like Null Island).

• Then subtract (set back) the LEFT CLOCK (00.01.17) from the first part of the Consulate coordinates (50°08'26.3"N).

• Finally, add (set forward) the RIGHT CLOCK (00.02.42) from the second part of the Consulate coordinates (8°41'38.7"E).

50°08'26.3"N - 00.01.17(Left Clock) = 50°07'09.3"N

8°41'38.7"E + 00.02.42 (Right Clock) = 8°44'20.7"E

• Search Google Maps for 50°07'09.3"N, 8°44'20.7"E

Source

• 200 meters to the right of where the coordinates took up is a data center owned by a company called Interxion. They claim to be the cloud hub of Europe.
  
  
  source

• Wikileaks confirm this in a later Tweet.

CLUE 7

Source

PART 1

• PART 1: First take the HEX color from each row of X and O.

687474703a2f2f6a7768696575776a36333263696274612e6f6e696f6e2f

• Turning the hex colors into one string and convert it using a hex to utf8 tool gives you a .onion address.

http://jwhieuwj632cibta.onion

• The .onion webpage contained a large amount of base64 text whiich you can find a copy of in this Paste Bin.

• PART 2: Convert the table into binary by swapping O for 0 and X for 1 (O=0 and X=1).

01110111011010000111000101110010011011010011011001101000011001110110111101110100011110010011011001100110011101110110010000110011001011100110111101101110011010010110111101101110

• Converting the binary to text using this tool returns a second onion address.

http://whqrm6hgoty6fwd3.onion/

• The second onion address contains a picture of a plane.

https://www.flickr.com/photos/45404673@N05/25278974689/in/photostream/

• The tail number is N379P. A quick search reveals this plane is dubbed "Guantánamo Bay Express" and was involved in covertly moving detainees to various blacksites around the world.

N379P was a tail number assigned to a Gulfstream V executive jet. The aircraft has been reported in several press sources as a U.S. Department of Defense prisoner transport, also known as "Guantánamo Bay Express". The craft has been reported to being used to transport suspected terrorists to undisclosed locations for either extraordinary rendition or into the CIA prison system. It has been the subject of criminal complaints and parliamentary inquiries.

• Read more about it here and here.

• Wikileaks then tweeted out 3 hints in a row. Each one pointing to the XOR function.

• By XORing the image of the rendition plane from part 2 and the base64 string from part one produces an mp3 file. The mp3 file contained morse code that spelt out WQYT651. (I've yet to recreate this step myself).

• Searching for WQYT651 takes you to a license agreement on the FCC website for a company called VADATA INC.

Source

• The FCC license page contains 2 addresses.

ADDRESS 1: 12900 WORLDGATE DR., FAIRFAX, HERNDON, VA

ADDRESS 2: VADATA, INC., 22651 DULLES SUMMIT CT., STERLING, VA 20166, ATTN WILLIAM LASSITER

• ADDRESS 1 is for a Amazon data center, ADDRESS 2 is a data center ran by Vadata inc. Here is a little bit about Vadata Inc getting a huge tax break.

Source

Source

CLUE 8

Source

• Increasing the exposure of the image in Photoshop reveals a bird in the background.

• The bird is a Gold Crest, the national bird of Luxembourg.

• Searching Gold Crest and Amazon returns a story about an Amazon tax scam in Luxemburg.

Revealed: how Project Goldcrest helped Amazon avoid huge sums in tax | Guardian

Documents released during the internet giant’s court battle with the US Internal Revenue Service over a possible $1.5bn in unpaid taxes detail a complex restructuring and a deal with Luxembourg that delivered Amazon multimillion-dollar savings.

• Wikileaks tweeted a hint.

... = 0

• Line 10 (...) has 0 syllables. Hints towards counting the syllables in the other lines.

Profits were not (4 )

subject to corporate taxation (9)

a result of (4)

part of the reorganization (9)

IP that was transferred to (7)

an empty shell (4)

reduced (2)

intangible as well (6)

Investigation showed (6)

... (0)

this is illegal (5)

In a comparable situation (10)

the holding company is not (8)

to avoid taxation (6)

• Put the numbers into GPS format.

49.497426, 6.051086

Source

• Wikileaks later confirmed the location in this tweet

CLUE 9

rl2w2tgacotbld6j.onion/

• The onion address take you to a page with a single picture of some clouds.

• Opening the image up in a text editor revels some plain text:

host vital digital infrastructure

• A quick search for 'host vital digital infrastructure' returns this article about a power outage at a data center in west Sydney, Australia.

Banks, websites down as wild weather knocks out Amazon Web Services | Financial Review - 06/06/2016

A ME Bank spokeswoman later said the outage was caused by a service crash at First Data, a third-party payment provider. First Data said it crashed due to a power outage at the Western Sydney Data Centre, which is owned by Fujitsu.

• A search for Fujitsu Western Sydney Data Centre on Google maps reveals another data center:

• Wikileaks have also confirmed the location of this data center in a recent tweet.

Source

"λέξον δή μοι, τί παθοῦσαι, εἴπερ νεφέλαι γ᾽ εἰσὶν ἀληθῶς, θνηταῖς εἴξασι γυναιξίν; οὐ γὰρ ἐκεῖναί γ᾽ εἰσὶ τοιαῦται."

• Translated:
  

"Tell me, if they're really clouds, what's the reason why they look so much like mortal women do? Sky-clouds don't resemble these clouds."

The verse is from Aristophanes' famous comedy, Clouds which is noted for its critique of philosophy, society and education.

VAULT 8

Source

Wikileaks references HIVE in this set of puzzles. HIVE was published on November 9th 2017. It was the first and only publication from their Vault8 series. Wikileaks when dark after this leak.

When Wikileaks published Day Zero, the first part of Vault7, they teased in a tweet that that was only 1% of the total leak so far. Judging by the size of the Zero Day documents, and the other Vault 7 publications that followed it I estimate there's still over 50% of the cache still to be released.

In Vault 7 we learned about the CIA hacking tools and the code behind them but we learnt very little about who they were used on, or for what reason. So I expect this up-coming leak will provide further details about who the CIA are hacking (data centers and cloud servers), and for what reason (espionage and mass surveillance).

Everything is pointing to the continuation of Vault8.

Puzzle breakthrough recognition goes to:
https://twitter.com/AlmeidaWagner
https://twitter.com/SerapChris
https://twitter.com/zlatinb
https://twitter.com/Nin_99

---

FORTIFIED

Steemit | Gab | Twitter

THANK YOU FOR READING

^{- If You Would Like To Help Me To Make More Great Original Content Please Consider Upvoting and Re-Steeming -}

‏