WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations

Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.

Interesting timing re Trump's claims

So while the US president is claiming his phones were tapped we get a great release of information about the hacking tools that would be used to do the tapping. No correlation at all. There is not some mysterious power supporting Trump. Nope, Naha. Pure coincidence.

Re:Interesting timing re Trump's claims

[Slashvertisment]

As far as I'm aware, nobody has denied that Trumps (not the US president at the time) phones were tapped as part of an investigation into his shady links with Russia. What is remarkable is his sudden claim without any supporting evidence or context that the then Whitehouse ordered a criminal investigation without any of the people responsible for performing the investigation knowing about it. Basically, it's childishly obvious as bullshit. In a burst of supreme hypocrisy, Trump was literally just last week wailing on the press for publishing articles without naming sources or revealing evidence. He has no sense of decency left whatsoever.

Re:Interesting timing re Trump's claims

[quonset]

Legality is EXTREMELY questionable. (ianal)

Obviously. That you think the government, any government, should be prohibited from using tools to monitor/spy/whatever on others would defeat the whole purpose of intelligence gathering. They have to use these means to find out what they don't know. It's their job.

Do you think Russia isn't doing the same thing? Are you going to whine about them doing this? How about Israel? What excuse will you use to justify them doing this but not the U.S.? How about we go back several thousand years and go after government agents of Egypt or Babylon who were using means at their disposal to do the same thing which would otherwise get citizens in trouble.

There's a reason people should seek legal help from real attorneys rather than some random stranger on the internet. Your comment clearly shows why this should be heeded.

Re:Interesting timing re Trump's claims

The man on your telescreen is unquestionable and no one should suspect that they only do good things and never abuse their powers

Re:Interesting timing re Trump's claims

[fizzer06]

The question isn't about the spy capabilities. It's about whether these tools are used without logging and review by elected officials from the Congressional security committees.

On the March 6, 2017 Tucker Carlson show, Congressman Jim Hines admitted Congress (and his committee) is not conducting any meaningful oversight of the spy agencies.

Re:Interesting timing re Trump's claims

[MightyMartian]

Just as plausibly, Flynn, Sessions and heaven knows who else simply got caught up in the US government's already well known spying on the Russian ambassador and other Russian officials in the US. In other words, there was no need to directly target Trump and his proxies at all. They literally walked into the existing monitoring that was going on. And really, at that point, if you have some US citizens chatting up Putin's representatives, how is that not justification for seeking FISA warrants to take a closer look at those proxies?

This is the part that amazes me. Even if I'm willing to accept that Sessions, Flynn, Kushner and whomever else was getting cozy with the Russians weren't committing any crimes, how could these people have gone around imagining that their activities wouldn't be noted by US security agencies? Sessions and Flynn have been around a long goddamned time and certainly must be at least vaguely aware of what the FBI, NSA, CIA and Secret Service are capable of. This either betrays a kind of supreme arrogance, or a level of base stupidity, and in either case doesn't exactly recommend these men to any kind of high office or position of trust. That Flynn and Sessions felt compelled to lie about it makes it all the more curious.

Here's my opinion, for the little bit it's worth. I don't think even they thought Trump would win. I think both Congressional Republicans and Trump's own team had no real expectation up until the last week or so before the election that they would ever have to be in a position to explain themselves. When he won, and suddenly they had to answer to somebody about their activities (Flynn to Pence and Sessions to the Senate confirmation committee) they suddenly had to answer questions they never imagined would be posed to them. If Trump had lost, nobody would given a flying fuck about Trump's chief advisers and supporters. There might still have been a peak into Trump-Russia leaks, but it wouldn't have been the kind of microscope that's being employed now. And the funniest part is that Trump's propagating the whole wiretapping claim has literally invited both the House and Senate Intelligence Committees to probe even deeper.

how would we know?

[gtall]

How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools? Or that Wikileaks knows they are Russian and is simply lying?

Does it include targets?

[guruevi]

The interesting thing would be to see the targets. Given it's the CIA, they are only authorized to surveil targets foreign to the US. The problem with malware and high tech devices is that they cannot always be accurately contained. So how many US citizens and US allies were "inadvertently" tapped? How about political targets?

Re:Does it include targets?

[meta-monkey]

The problem with malware and high tech devices is that they cannot always be accurately contained.

Oh, very insightful. What, in reading the story from WikiLeaks, about the leaked trove of CIA hacking tools, led you to believe the hacking tools could not always be contained?

Also, the existence of weapons isn't really a problem. Yes, the government has cyber weapons. They also have nuclear weapons that can annihilate the entire planet. What matters is the manner in which such things are, or are not used. I'm not terrified because the FBI has the ability to kick down my door at any time. Of course they can. Doors have been kickdownable since the invention of doors and kicking. My protection against having my door kicked down is not the removal of boots from the FBI or an unkickdownable door, but a piece of paper that says they can't do it without a warrant from a judge to whom they have demonstrated probable cause that I have committed a crime. So, the CIA's weapons are fine. But is anybody checking to see how they're using them, and who they're using them on? Somehow I doubt it.

Wikileaks is just Assange

"upstanding journalistic organizations"
Nah, they're Julian Assange, and he'll leak anything that comes his way that looks juicy. In this case it will be the same source as his DNC leaks, i.e. Russian intelligence using him as an outlet.

The timing is telling, Trump just did a "Obama spied on me to interfere with the elections" thing. Who hacked the elections? Well the US spies say it was Russia, but POTUS says it was Obama. That fell flat on it's face. And now from the same source, a lot of CIA zero day exploits, with the release brought forward to today. Tomorrow I wouldn't be surprised if we get Trump tweeting again, trying to leverage this into an attack on the CIA and FBI to back up his spy claims. Another day, another attack from POTUS on America, another defense of Putin.

This is a ping-pong pattern, Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.

When you have a foreign countries propaganda unit at your disposal, and Republican putting party before country, you have a takeover. It's the same pattern repeating itself.

Re:Wikileaks is just Assange

[meta-monkey]

Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.

Did they pay for all the grenade attacks, too? Seriously, is there anything Putin cannot hack?! The DNC, Hillary, the elections of every nation, and, unimaginably, he can even hack the minds of peaceful Somalians in Sweden to turn them into violent savages entirely unlike the Somalians in Somalia. Amazing, this Putin.

Turmp complains about wire tapps, just ask the NSA

[SysEngineer]

The NSA records every phone call, every email, every SMS and most web access, especially foreign people. Obama did not have to order a special wire tapp (Trump's spelling), it is done routinely. Trump may have shot himself in the foot by making surveillance an issue. Everybody does not like being under surveillance so I will throw the canned response back at this administration, "If you have nothing to hide, why complain about surveillance?"
I expect privacy and anonymity, but I know I do not have right.

Your CPU is running a backdoor right now

*3 Billion devices run JAVA* because everyone's motherboard is running it.

32c3 Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops

REcon 2014 - Intel Management Engine Secrets

Tools to remove Intel backdoor firmware (The backdoor firmware sits outside the BIOS, you need to physically clip onto a 8pin chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]

The Management Engine (ME) is an isolated and protected co

Re: Your CPU is running a backdoor right now

Thank you for the information! Does AMD do anything similar that you are aware of?

Indeed, how do YOU know?

[Zontar_Thing_From_Ve]

Wikileaks is one of the few remaining upstanding journalistic organizations. .

The fact that you don't like how the US operates does not in and of itself prove that Wikileads is as upstanding as you hope. Take a look at Russia and China. Can you and I at least agree that those countries have their own problems of various kinds? Don't you find it funny that nobody, not one single person, who lives there and has access to their secrets is willing to send them to Wikileaks? Back in the old days of the USSR, the US was able to find Soviet citizens who would risk their lives to pass on information to the US and not for profit. Why is it that today nobody seems willing to leak documentation on Russia and China? It's not difficult to find born and raised in China people who aren't very fond of their government. So I wonder could it possibly be that people actually are submitting leaks from Russia and China and Wikipedia isn't publishing them? I don't know. But I think anybody who blindly supports Wikileaks as the champion of right should wonder why it seems that only leaks from the USA (and apparently Saudi Arabia once) make it there.

What's their job again?

[HeckRuler]

"Well they're the CIA, that's their job right?"

What really bugs me about this sort of thing is that they're charged with keeping America safe. THAT'S their job. And I fully understand that to keep us safe, the state has to make certain other people very much unsafe. In the dead sort of way. Sad but true. And towards that end the CIA has developed weapons to help them with that.

But these are weapons that can be used against us. Zero-day exploits. Unknown vulnerabilities in critical systems that US citizens and officials and generals use on a daily basis.

Do they think they're the only ones who found these exploits?

Has the CIA made any effort to fix these exploits? To help the maintainers patch up the holes? I don't know. It's hard to know anything about the CIA. But I doubt it since they had a pile of zero-day exploits. The nature of the weapon is that it goes away if other people know about it.

By not being ethical hackers, and keeping these exploits secret and useable for themselves, they've traded DEFENSE of the USA for their own OFFENSIVE capabilities. Which runs counter to their stated goal.

Re:Intel CPU backdoors

[networkBoy]

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it)

Not actually true. You can politely ask the ME to overwrite itself with the FPT.exe or FPTw.exe (dos/windows version). There is also a uEFI and Linux version available, but they're much harder to source.

The SPI ROM of the system contains 4 regions (normally):
* BIOS (just what it says)
* ME (the manageability engine, required to have a min set of features present to boot newer platforms)
* GbE (your MAC address and the magic numbers for configuring the PHY/MAC are here)
* OEM (Things like OEM product keys, service tags, etc.

Now, that min sku that is required to boot the platform in the ME region contains:
CPU uCode patch
Power config profiles
(I really don't remember what else, but it is quite benign)

What the min sku doesn't contain:
AMT (advanced management technology: The remote power on/off setting sleep states etc.)
SOL/IDER (Serial Over LAN / IDE Redirection: essentially the ability to load a local (to you) HDD image to the remote machine and boot to it over lan, rather than the remote machine's local HDD)
KVM (just what you would think)

So, in a nutshell, if you're afraid of the big bad ME, then buy min sku'd parts. Avoid Q series (as those have everything enabled).

The ARC processor is gone BTW, replaced with Tiny IA. Licencing on the ARC and the fact that Intel was shipping an ARM CPU with every board... yeah, not popular internally. The signed Java operations is dead. AFAIK it never shipped live, though there was a hell of a push for it. Customers (Dell, HP, Lenovo) liked it but didn't want to deal with what was involved and most importantly wanted it for free...

Out of band ethernet for ME was killed off in the transition from ARC to TinyIA.

  And finally, it's not all horrible:
This feature was designed for corporate users, basically putting a RILO card embedded into every corp desktop. From that perspective it's actually a really cool feature. Now, that it was so tightly integrated was Intel's way of making sure the OEMs bought it. Security was taken *VERY* seriously about this entire environment. Intel knows that if this was breached in a big bad way it would be devastating for it's customers, and thus for it as well.

Any other questions?

Re:Hi CIA

[Motherfucking+Shit]

It's likely they're doing more than just reading. Slashdot visitors have been specifically targeted before, there's no reason to assume that's not ongoing.