Slashdot Mirror
WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations (betanews.com)
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.
Your Intel CPU is already backdoored
Forget security, your Intel CPU is already backdoored and it is wide open.
Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.
REcon 2014 - Intel Management Engine Secrets
32c3 Intel backdoor live hack demonstration, keystrokes logged and downloaded over wire, wireshark can't detect:
Towards (reasonably) trustworthy x86 laptops
Tools to remove Intel backdoor firmware:
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Intel Active Management Technology
Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipset
As far as I'm aware, nobody has denied that Trumps (not the US president at the time) phones were tapped as part of an investigation into his shady links with Russia.
James Clapper did.
FTA:
The director of national intelligence at the time of the US election has denied there was any wire-tapping of Donald Trump or his campaign.
James Clapper also told NBC that he knew of no court order to allow monitoring of Trump Tower in New York.
He's getting rather old, but he's a good mouse.
The grenade attacks are from organized crime scaring people into protection schemes. You'll notice they started long before the refugees.
But nice Putin-defending strawman. Amazing how well people fall in line behind tyrants like sheep.
Your reading comprehension skills are terrible. Very first sentence of the article:
"The NY Times reported that wiretaps of people on the Trump team"
TRUMP TEAM. No where in either article mentioned does it say that Trump himself or Trump Tower was wire tapped. It's like you people don't even read...at all. I mean, it's EVEN IN THE HEADLINE TOO.
Another AC spewing pro-Trump, pro-Putin lies. FSB running in over-drive.
People keep pointing to this piece of an NY Times story and inserting claims that were not made. It's been known for fucking months that US security services were keeping a damned close eye on Russian communications. If the likes of Sessions and Flynn were so fucking stupid and incautious as to be just chatting up the Russian Ambassador on behalf of their boss, well they deserve what they get. The takeaway here is that Trump and his proxies are fucking morons, regardless of whether they were actually doing anything wrong or not. In politics, the perception of scandal can be as bad as an actual scandal.
The world's burning. Moped Jesus spotted on I50. Details at 11.
LOL, I don't know why you idiots kept saying it's for "Corporate" chip only when the thing is in all chips marketed under different "features"
As I had noted, the min Sku is required, but doesn't contain the "bad stuff"TM, it only has CPU uCode patch and Power config profiles, it shuts down the system for several reasons, the most notable is that Intel doesn't want unpatched uCode CPUs out there. The other notable reason is so that they could tell a particular customer (NDA'd) that they *had* to have it to boot, so why not just use the whole thing? That was a total marketing ploy, but ended up being nice for engineering, because we only had to support *one* FW kernel that way. There is a TON of overhead supporting multiple FW kernels, making it only one allowed us to move many people onto more useful projects, rather than parallel teams doing the same basic thing.
Show me the source code of the so called "FPT.exe" "FPTw.exe", what it actually does, do you have a before and after ROM comparison?
I'd love to, *but* I'd have to violate an NDA I signed when I left
Stop parroting Intel sales and look at the problem.
Hahahahahaha, I'm not parroting sales. I'm speaking from my having spent 6 years working on that project, from Version 3.2 through Version 11, at which point I left the company.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Don't we already have that in place? Don't families already have to stage car-washes and Fund-me campaigns to help pay for medical care?
Only I can judge you.
Yep it's called PSP instead of IME.