Slashdot Mirror
WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations (betanews.com)
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.
No need for zero-day exploits when Donnie's using a four-year-old Samsung that's probably got more holes than Jeff Sessions' Congress testimony.
Wikileaks is one of the few remaining upstanding journalistic organizations. They wouldn't waste their credibility on false flags. We already know the US uses Celebrite hacks and when asked to reveal the constitutionality of the process they simply refuse and drop the case. We have unconstitutional courts without defense, jury or oversight for domestic cases, how do you think they behave when they don't have to conform to the constitution.
Custom electronics and digital signage for your business: www.evcircuits.com
20 years ago there would have been hearings and elections and all sorts of excitement about this.
Now we just shrug cry and accept.
Today's word: bullshit.
From the press release:
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Uh oh. So combine with:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Doesn't that make attributing the source of a hack based on exploit fingerprinting essentially meaningless? If a motivated hacker had access to this trove, and therefore Umbrage, and say they wanted to hack the email server of a US political party, could they not simply leave behind a Russian fingerprint in order to implicate them?
Always seemed strange to me the DNC hackers used a Russian VPN. Isn't the first rule of haxx0ring to be behind 7 proxies? And the last of which sure as shit shouldn't be anywhere near where you really are?
We don't have a state-run media we have a media-run state.
Market forces are exactly what you want in play when you're lying on a gurney in the emergency room; that way people won't be saved for a penny less than they or their families value their lives.
The question isn't about the spy capabilities. It's about whether these tools are used without logging and review by elected officials from the Congressional security committees.
If they can be, then they will be by this or that faction spying not on the bad guys but their own political opponents. This is the reason for the 4th Amendment, to stop the king from filching through opponents' papers at will looking for stuff to tag them with.
They should have an automated and non-disablable logging system that stuff things into some MD5 file that is copied offsite to multiple places, to prevent editing of it. I'm pretty sure they have little more than a piece of paper with a checkbox "You did bother to get a warrant. Or at least a national security letter, right?" before all activity is not logged anyway.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
And we can totally trust James Clapper
I laughed at the weak who considered themselves good because they lacked claws.
NSA/CIA/GCHQ Shills kept down voting this from Score 3:
Your Intel CPU is backdoored and it is wide open, right now.
The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology.
Remember *3 Billion devices run JAVA* because everyone's motherboard is running it.
REcon 2014 - Intel Management Engine Secrets
CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
Towards (reasonably) trustworthy x86 laptops
Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
They're not using it on russia though.
They're using it against american journalists, american dissenters, american citizens, and even american polticians whose policies aren't tyrannical enough for their own tastes.
They're *SUPPOSED* to gather and use information to keep america safe, but it turns out they're the enemy we need to be protected from.
No, what he said was "I can deny it". Which isn't actually a denial is it. Its a statement, but a meaningless. I can say the "sky is red," its easy to do, but it does not make for a red sky. Clapper is a SOB that has been caught lying before under oath. He escapes prosecution I think because many politicians are afraid of the deep state.
They told us our phone records were private too unless and until someone got a warrant, turned out that was not exactly the case. We have a secret court FISA, a FUCKING SECRET COURT, for which even after investigation are closed and intelligence actions are completed the records from which remain under seal often for decades! Any truly reasonable interpretation of the Bill of Rights, part of Constitution the highest law of land does not all that shit. The leaks pretty much show the spooks are running basically wild. Its time to go after the three letters and the government can't do because they are scared of their own shadows. Unfortunately that leaves the likes of people who are probably not exactly of great character like Assange to do it.
So here we are with a CIA run by people Trump was insulting thorough his campaign. They participated in the attribution of the compromise of the DNC and foreign political propaganda (Note not election hacking or stealing because lets face it note vote total tampering has been alleged). Now we find them with a whole suite of tools for performing attacks and making it look like a foreign country, like Russia, did it. Can't get your flunky elected because she is to much a scandal ridden bitch half the country hates, do the next best thing undermine the credibility of the guy who does get elected so nobody will work with him, so he can't implement any reforms, and carry on business as usual. Right?
Trump might not have any real credibility but even if that is true he has a much as James Clapper, 0, and as much as any of the other three letters. As big a set back as it would be to our overall preparedness, I really believe nothing sort of a near complete housecleaning can fix this. Like literally dissolve the CIA, and NSA, and stand up a new organization with entirely new people former CIA/NSA workers need not apply and put the whole thing back under the control of the Pentagon inside the primary chain of command where it can be properly administrated and observed.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I'll concede that James Clapper's credibility isn't stellar, but it still contradicts GP's assertion that "nobody has denied." Would Obama be any more credible?
FTA:
“Neither President Obama nor any White House official ever ordered surveillance on any U.S. citizen. Any suggestion otherwise is simply false," said Kevin Lewis, a spokesman for the former president.
Also, James Comey asked the DOJ to deny the assertions, but that stops just short of being an actual denial.
Trump might not have any real credibility but...as much as any of the other three letters.
Are you really saying that information coming to us from DJT is as trustworthy as information being published by the FBI/NSA/CIA?
He's getting rather old, but he's a good mouse.
Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.
This is misinformation at its worst.
The riots in Rinkeby were sparked by a police arrest.
Are people really modding up this feces, this worst kind of fake news?
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Mod me flamebait if you will, but that's how Trump got to "I was wiretapped!" Via a conspiracy theory from a right wing radio host that Breitbarts picked up and Fox ran with. We have a man at the top of the one of the most powerful espionage machines the world has ever known, and he gets "intel" from right wing commentators. Can't you see this for what it is, a massive vulnerability at the very top of the US Government? A foreign power could game the system by selectively feeding the likes of Levin and Breitbart stories of this kind, and because Trump clearly has no trust of his own departments, and spends far too much time watching television, he would be supremely vulnerable to such manipulation.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Clapper isn't trustworthy, but then again, neither is Trump, who clearly just picked up on a bunch of garbage coming from Levin and Breitbarts, more conspiracy theory nonsense, and running with it. It's pretty clear that no one else in the White House even saw this coming, which is why they really had no way of countering it other than "The President has ways of knowing things!" Considering we can trace the wiretap claim right back to Levin, who was exaggerating the already well known fact that Russian communications were being monitored during and after the election (because concocting anti-Obama conspiracy theories is what right wing radio shock jocks have been doing for eight fucking long years), so we know Trump didn't likely get any of this information from the FBI or any other government intelligence services.
And now we see as Trump's mouthpieces basically dilute the entire wiretap claim to the point where it was "something", that they're trying to make the entire "wiretapping of Trump Tower" conspiracy theory go away, because what Trump really did was empower and invite Congressional oversight to begin looking even closer at the nonsense going on between Trump's proxies and the Russians during and after the election.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Whatever Wikileaks was, what it is now is a combination of the Julian Assange Fan Club and mouthpiece for Russian security services. It doesn't do journalism, it does targeted leaks on behalf of the Russians.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Possibly. Also, possibly, nobody gives a shit because every Russian and Chinaman (and everyone else) already knows their governments have bugged their assholes. "The corrupt commie governments are doing corrupt commie shit!" isn't exactly breaking news.
There is zero evidence WikiLeaks is compromised by Putin. There is zero evidence Trump is compromised by Putin. If anything the "Putin is super powerful and can haxx0r the whole planet and everyone's minds!!!" narrative is the Russian propaganda to make Putin seem far, far more powerful than he actually is. In reality, Russia is a paper tiger (bear?) with a GDP smaller than that of Spain. The left needs a boogeyman to distract from their failures and they're happy to buy right into Putin's propaganda and spread it for him.
We don't have a state-run media we have a media-run state.
No. But isn't that the point. When you have marginally real 'news' organizations like Breitbart, and partially real ones like Fox laundering the fake news rantings of a circus clown like Levin into 'real' news, we have a problem.
In the past, The National Enquirer could blissfully print their space alien abduction stories, and nobody even considered that they were real. Facebook trolling fake news click-bait stories are probably not intended to be believed literally either - though they're harder to detect, and easy to emulate by those who intend to deceive. But Breitbart and Fox demand that we treat them as the real thing - though they uncritically disseminate this kind of crap, and rarely (if ever) retract stuff when proven wrong.
For what it's worth, Facebook could easily put a big crimp on it's fake news by vetting its news sources. Only publish stories from sources that adhere to some set of standards for truth and/or retractions. Why they don't eludes me. Other news aggregators surely do this. FB is making money off of fake news, and they'll keep doing it until their users protest. In fact lets start a "Day without Facebook" protest right now, shall we?
Posted from my Android phone. Oh, I can change this? There, that's better...
If you believe all the "IT'S THE RUSSIANS" narrative then you're a real idiot.
That's the DNC line that has kinda stuck so they keep running with it. We've heard easily ten different arguments trying to discredit Trump before "the russians!".
- He's unexperienced!
- He's not as rich as he says!
- He wants war with Russia!
- He hates women!
- He grabs your pussy!
- He's crazy!
- The Pope says he's no good!
- He's probably doing Ivanka!
- He's abusing Melania!
- He hates being president!
- He's in bed with Russia! -- you are here
All the above have been attempts at bringing him down. You guys are really running out of ideas.
It doesn't have to be to be very useful to Putin. If he has a third party pass on stuff to Assange, Assange serves as a very useful cutout to avoid tracing the leak back.
False. Trump's team is known to have had contacts with Russian officials. Trump is trying to change US foreign policy to be pro-Russia. We know the Trump empire has had a lot of dealings with Russia. There isn't any strong evidence, which is very likely because Trump and associates are doing their best to avoid handing over any evidence that might bear on this, which is consistent with them being compromised. This would normally call for an investigation, but neither Trump nor congressional Republicans want one.
Putin wields a great deal of power in Russia, and I'd expect Russia to have good hackers. While the Soviet Union was economically and technologically backward compared to the West, it had really, really good mathematicians and theoretical scientists. In the meantime, Russia's economic problems have not stopped Russia from military aggression. Russia is more of a threat than its GDP would suggest.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes