WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations

Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.

how would we know?

[gtall]

How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools? Or that Wikileaks knows they are Russian and is simply lying?

Turmp complains about wire tapps, just ask the NSA

[SysEngineer]

The NSA records every phone call, every email, every SMS and most web access, especially foreign people. Obama did not have to order a special wire tapp (Trump's spelling), it is done routinely. Trump may have shot himself in the foot by making surveillance an issue. Everybody does not like being under surveillance so I will throw the canned response back at this administration, "If you have nothing to hide, why complain about surveillance?"
I expect privacy and anonymity, but I know I do not have right.

Your CPU is running a backdoor right now

*3 Billion devices run JAVA* because everyone's motherboard is running it.

32c3 Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops

REcon 2014 - Intel Management Engine Secrets

Tools to remove Intel backdoor firmware (The backdoor firmware sits outside the BIOS, you need to physically clip onto a 8pin chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.

Neutralize your Intel backdoor:

Neutralize ME firmware on SandyBridge and IvyBridge platforms

First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.

https://hackaday.com/tag/intel-management-engine/

Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

Intel Active Management Technology

Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]

The Management Engine (ME) is an isolated and protected co

Re: Your CPU is running a backdoor right now

Thank you for the information! Does AMD do anything similar that you are aware of?

Indeed, how do YOU know?

[Zontar_Thing_From_Ve]

Wikileaks is one of the few remaining upstanding journalistic organizations. .

The fact that you don't like how the US operates does not in and of itself prove that Wikileads is as upstanding as you hope. Take a look at Russia and China. Can you and I at least agree that those countries have their own problems of various kinds? Don't you find it funny that nobody, not one single person, who lives there and has access to their secrets is willing to send them to Wikileaks? Back in the old days of the USSR, the US was able to find Soviet citizens who would risk their lives to pass on information to the US and not for profit. Why is it that today nobody seems willing to leak documentation on Russia and China? It's not difficult to find born and raised in China people who aren't very fond of their government. So I wonder could it possibly be that people actually are submitting leaks from Russia and China and Wikipedia isn't publishing them? I don't know. But I think anybody who blindly supports Wikileaks as the champion of right should wonder why it seems that only leaks from the USA (and apparently Saudi Arabia once) make it there.

Re:Does it include targets?

[meta-monkey]

The problem with malware and high tech devices is that they cannot always be accurately contained.

Oh, very insightful. What, in reading the story from WikiLeaks, about the leaked trove of CIA hacking tools, led you to believe the hacking tools could not always be contained?

Also, the existence of weapons isn't really a problem. Yes, the government has cyber weapons. They also have nuclear weapons that can annihilate the entire planet. What matters is the manner in which such things are, or are not used. I'm not terrified because the FBI has the ability to kick down my door at any time. Of course they can. Doors have been kickdownable since the invention of doors and kicking. My protection against having my door kicked down is not the removal of boots from the FBI or an unkickdownable door, but a piece of paper that says they can't do it without a warrant from a judge to whom they have demonstrated probable cause that I have committed a crime. So, the CIA's weapons are fine. But is anybody checking to see how they're using them, and who they're using them on? Somehow I doubt it.

Re:Intel CPU backdoors

[networkBoy]

Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it)

Not actually true. You can politely ask the ME to overwrite itself with the FPT.exe or FPTw.exe (dos/windows version). There is also a uEFI and Linux version available, but they're much harder to source.

The SPI ROM of the system contains 4 regions (normally):
* BIOS (just what it says)
* ME (the manageability engine, required to have a min set of features present to boot newer platforms)
* GbE (your MAC address and the magic numbers for configuring the PHY/MAC are here)
* OEM (Things like OEM product keys, service tags, etc.

Now, that min sku that is required to boot the platform in the ME region contains:
CPU uCode patch
Power config profiles
(I really don't remember what else, but it is quite benign)

What the min sku doesn't contain:
AMT (advanced management technology: The remote power on/off setting sleep states etc.)
SOL/IDER (Serial Over LAN / IDE Redirection: essentially the ability to load a local (to you) HDD image to the remote machine and boot to it over lan, rather than the remote machine's local HDD)
KVM (just what you would think)

So, in a nutshell, if you're afraid of the big bad ME, then buy min sku'd parts. Avoid Q series (as those have everything enabled).

The ARC processor is gone BTW, replaced with Tiny IA. Licencing on the ARC and the fact that Intel was shipping an ARM CPU with every board... yeah, not popular internally. The signed Java operations is dead. AFAIK it never shipped live, though there was a hell of a push for it. Customers (Dell, HP, Lenovo) liked it but didn't want to deal with what was involved and most importantly wanted it for free...

Out of band ethernet for ME was killed off in the transition from ARC to TinyIA.

  And finally, it's not all horrible:
This feature was designed for corporate users, basically putting a RILO card embedded into every corp desktop. From that perspective it's actually a really cool feature. Now, that it was so tightly integrated was Intel's way of making sure the OEMs bought it. Security was taken *VERY* seriously about this entire environment. Intel knows that if this was breached in a big bad way it would be devastating for it's customers, and thus for it as well.

Any other questions?

Re:Interesting timing re Trump's claims

[fizzer06]

The question isn't about the spy capabilities. It's about whether these tools are used without logging and review by elected officials from the Congressional security committees.

On the March 6, 2017 Tucker Carlson show, Congressman Jim Hines admitted Congress (and his committee) is not conducting any meaningful oversight of the spy agencies.

Re:Interesting timing re Trump's claims

[MightyMartian]

Just as plausibly, Flynn, Sessions and heaven knows who else simply got caught up in the US government's already well known spying on the Russian ambassador and other Russian officials in the US. In other words, there was no need to directly target Trump and his proxies at all. They literally walked into the existing monitoring that was going on. And really, at that point, if you have some US citizens chatting up Putin's representatives, how is that not justification for seeking FISA warrants to take a closer look at those proxies?

This is the part that amazes me. Even if I'm willing to accept that Sessions, Flynn, Kushner and whomever else was getting cozy with the Russians weren't committing any crimes, how could these people have gone around imagining that their activities wouldn't be noted by US security agencies? Sessions and Flynn have been around a long goddamned time and certainly must be at least vaguely aware of what the FBI, NSA, CIA and Secret Service are capable of. This either betrays a kind of supreme arrogance, or a level of base stupidity, and in either case doesn't exactly recommend these men to any kind of high office or position of trust. That Flynn and Sessions felt compelled to lie about it makes it all the more curious.

Here's my opinion, for the little bit it's worth. I don't think even they thought Trump would win. I think both Congressional Republicans and Trump's own team had no real expectation up until the last week or so before the election that they would ever have to be in a position to explain themselves. When he won, and suddenly they had to answer to somebody about their activities (Flynn to Pence and Sessions to the Senate confirmation committee) they suddenly had to answer questions they never imagined would be posed to them. If Trump had lost, nobody would given a flying fuck about Trump's chief advisers and supporters. There might still have been a peak into Trump-Russia leaks, but it wouldn't have been the kind of microscope that's being employed now. And the funniest part is that Trump's propagating the whole wiretapping claim has literally invited both the House and Senate Intelligence Committees to probe even deeper.

Re:Hi CIA

[Motherfucking+Shit]

It's likely they're doing more than just reading. Slashdot visitors have been specifically targeted before, there's no reason to assume that's not ongoing.