WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7'

Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."

Is any of this new?

[chispito]

1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.

That's part of the spying thing and has been for at least the last 2-3 decades.

2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.

Logically follows.

3) The CIA could use smart TVs to listen in on conversations that happened around them.

Smart device insecure; news at 11.

4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."

Explored and...? That's it? Okay.

5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.

Author doesn't know what an 0-day is good for.

Re:Is any of this new?

If they have to use malware to get on the phone, they have to get malware _into_ the phone before using it. Being able to tap a phone by installing a specially designed program doesn't necessarily mean they can unlock it while it's locked if such a program isn't already on the phone. They may still be able to do that, but it's a different task.

Re:Is any of this new?

Except that's why Snowden was such a big deal. But the response of the public? Some people were terrified but others thought he should have "obeyed his contract" and "gone through appropriate channels" (like everyone else who got screwed)... i.e. basically they're saying he should have been a dam* sheep. Meeting people like that, I stopped wondering a long time ago how people like Hitler came to power, stayed there, and were obediently followed when ordered to slaughter thousands of Jews. He had public support! The tale is old, and even movies today promote the same garbage: men are heroes when they convince people that the values of "loyalty" and "patriotism" and "brotherhood" are more important than peoples' lives, freedom, and sanity - and all under the guise of supporting the latter.

Betcha Trump is going to mad at Assange again

[rahvin112]

I'll bet serious money this enrages Trump and he threatens to arrest and detain Assange.

Re:Betcha Trump is going to mad at Assange again

[connect4]

The quote is from an alt-right shit site you moron.

#3

Point 3 is just dropping yet another reason on top of the large pile of reasons why I'll never ever buy a 'Smart TV'.

Smart TV is worrisome

[Spy+Handler]

3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.

I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.

But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.

Re:Smart TV is worrisome

[chispito]

But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.

Then don't put it on the network if you're concerned.

Re:Smart TV is worrisome

[Spy+Handler]

Then don't put it on the network if you're concerned.

Well that kind of defeats the purpose of buying the TV in the first place, I use it to watch Netflix.

I suppose I can disconnect it from my wifi like you said and then get a Chromecast stick or some such plug-in device. But having the feature built-in was a lot more convenient, no need to boot up a second device or use a second remote controller, etc.

Also if my TV is infected, how do I know if it's really disconnected from wifi? I suppose I would have to get a packet analyzer and record all packets for like a week and see if the TV sent anything over the network.

Re:Smart TV is worrisome

[Spy+Handler]

wait nevermind, it just occurred to me that i can check the wifi router's DHCP log and see if the smart TV connected.

The World According to Garp, er, Brill:

[rmdingler]

The government's been in bed with the entire telecommunications industry since the forties. They've infected everything. They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you. It's a brave new world out there. At least it'd better be.

As great as the internet's free flow of information has been for the average human, there is another entity that has benefited even more...

Endorse the ethics of software freedom

[jbn-o]

"Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure" is what makes running security-minded programs on non-free, user-subjugating, always-untrustworthy, proprietary OSes a joke. People get a sense that they're safer from malware then they really are and they think they get to keep their proprietary conveniences as well. Openwashing will not help you.

I know it's a lot of work to learn new things and change your views and your behavior. I understand that software freedom is differently political than what you're encouraged to adopt, and software freedom requires you to consider more than what's listed in virtually every features & money-based ad campaign from monied proprietors. And I get that coming to terms with the consequences of software freedom runs directly contrary to believing that you don't need to think any further than what proprietors and their "open source" friends tell you to think about (because no proprietor frames their offerings in terms of the freedoms to run, inspect, share, and modify the software, hence proprietors are more likely to sanction the open source movement which eschews these values and even celebrates partnering with proprietors like Red Hat's recent uncritical commentary on Microsoft's software and Microsoft's new campaign regarding "Linux"—no mention of GNU which might bring software freedom to mind). But in the real world you need to stop trusting proprietary systems to keep you safe, respect your privacy, or other practical consequences of software freedom. Proprietary software wasn't designed to do that and therefore that software never will do that job. There is no middle ground which allows you to run proprietary software while retaining the benefits of software freedom. It's time to value software freedom for its own sake.

Even if all published software were free, exploits like these are possible because all complex software has bugs. Perfect security is not the issue. The issue is who gets to control their own computer and how we treat each other. Even after these exploits are published by WikiLeaks and people have had time to consider them and protect against their adverse effects, proprietors will still have power over users who run their proprietary software. Users won't be able to tell what other exploits are out there and therefore it will be harder to protect against them. The difference between proprietary subjugation and software freedom becomes more clear: Free software users will be able to run, inspect, improve, and share improvements with others making that software more able to prevent future attacks. But proprietary software users won't be allowed to do the due diligence they need in order to help themselves no matter how technically skilled they are or how willing to repair things they are. No computer user deserves to be treated that way. It will take a lot of work to get people to understand why they too should care about software freedom even if they're non-technical (like most computer users are). So I urge you to understand software freedom for its own sake and to try to help others understand as well.

Relatedly, the Free Software Foundation's "Respects Your Freedom" campaign has some new hardware on the list. I recommend buying some and using it, even if it's not up-to-date with the latest capabilities and seemingly expensive for what's offered. We need more people to invest in free replacements for proprietary, locked-down, user-subjugating systems. We need to make investments in our own collective future by funding the free products available today so we can have modern, highly-capable, and fully user-controllable POWER8, RISC, etc. systems which will respect the owner's control.

Re:Endorse the ethics of software freedom

[AHuxley]

Decades of thinking have gone into such efforts.
After the 1950's cryptography was weak and international standards got a lot of free support in the press.
A company, gov, mil or bank would buy in an approved network or some other nations product that was tested and worked well.
Governments and mil knew a one time pad was secure but they had so much data to move. So new hardware was imported.
The crypto on offer would be weak and US/UK would get all messages in real time.
Once the world moved to more secure crypto, the clandestine services went for the weak hardware/software that was trendy and global.
The OS and hardware used to read or create a message was junk but the crypto could be examined by all.
Everyone agreed the crypto was so safe and that it was always going to be tested, studied and kept safe.
If the academics and brands ever get the hardware, OS side fixed, expect a flood of new junk crypto again.
With open source at least the OS and hardware has been looked at. The network might not be secure but at least a private message can be created and trade secrets, product designs can be protected until they are ready for sale, publication.
The only other option is to fly staff around the world, use one time pads.

Re: Not surprise in the least...

[grcumb]

Not locking her up is really bad for the concept of Rule of Law.

Not investigating and then, if necessary, pressing charges and letting a court decide is really bad for the concept of Rule of Law.

She was investigated, and the conclusion was that 'No reasonable prosecutor would take the case.' Hillary Clinton is, contrary to popular opinion, innocent in the eyes of the Law.

Forgetting about the presumption of innocence is really bad for the concept of Rule of Law.

Fucking selectively moral hypocrites who have already decided not to accept what their own fucking law enforcement agencies have investigated and declined to prosecute is bad for the concept of the Rule of Law. You can complain about political factors weighing on the decision; you can complain about ineptitude and willful blindness. You can complain about any fucking thing you fucking want. But you cannot dispense with essential components of the legal/judicial system whenever its suits you.

You can't claim she's guilty in the absence of a trial and still pretend to uphold the rule of law. So either shut up about the rule of law, or stop claiming she should be locked up, because you can't do both at once.

Re: Not surprise in the least...

*wanking motion*

Re: Not surprise in the least...

You are indeed correct about the presumption of innocence. This is an important concept in the courtroom.

This case never saw a courtroom, however. It was tried entirely in the court of public opinion. And the system judged that the politically powerful get a different set of legal standards from the plebes.

I can guarantee that if you had similarly handled classified documents, you would be facing prosecution. Similarly, if you had moved communications to a private server to avoid FOIA requests, you'd be facing disciplinary action at a minimum, prosecution as a possibility.

The "no reasonable prosecutor" finding was telling. The finding was "I have a case that I could prove in any court in the land, but there's no chance a prosecutor is going to commit career suicide by prosecuting the likely next president of the United States". Not "there is no case here, she's innocent".

So although your "innocent until proven guilty in a court" take is a truism, it doesn't hold much weight in this case. Hillary was guilty of multiple felony and misdemeanor crimes that any federal prosecutor would happily have taken to court against an ordinary plebe. Her political clout is the reason she avoided that fate.

So 'not guilty" in a court of law, but far from innocent.

Re:now we know why tech is protected

[pslytely+psycho]

Because it was on every sitting presidents watch since the formation of government?
As far as the electronics hacking goes, ever since electronics became a thing.
Hell, Nixon got caught up in early electronic eavesdropping,
This isn't new knowledge, just confirmation of what has been suspected all along.

Vault 7 sounds like a great title for a new TV series...

Re: Not surprise in the least...

I did, have you? Cause Al Franken didn't even ask the question but Sessions said point blank he had no contact with the Russians. It was an unforced error since that wasn't what Franken was asking as Franken was just trying to find out what Sessions would do with any evidence he might find.

Re: Not surprise in the least...

[grcumb]

... and the conclusion was that 'No reasonable prosecutor would take the case.'

You're assuming that the only reason no reasonable prosecutor would take the case is her innocence.

No, for fuck sakes, I'm saying that you can't defend the rule of law, and then jump straight to a guilty verdict without passing through these interim steps.

My entire point is that it's perfectly fair to complain about the lack of consistency in prosecutorial decision-making. It's perfectly fair to question the FBI's investigative techniques. It's perfectly fair to discuss at length and in detail all of the countless deficiencies that exist in the American criminal justice system. People spend lifetimes doing just that.

But you do NOT get to say, 'That bitch is guilty' when she's never even gone to trial. Not if you stand for the rule of law.

Say, she should be prosecuted, she should be re-investigated, say that what she's doing is dodgy as fuck. I'm right beside you there. Say that she and her husband are conscience-free, calculating sociopaths. Say that she's insincere. Say whatever the fuck you want. But you still don't get to say she's guilty until she's convicted. Not if, as the poster did, you claim to support the rule of law.

Too many people think presumption of innocence is a trivial thing, that it only applies when trials run right. That's not true. Presumption of innocence is essential to a society run by laws, and it says, if you didn't get convicted by a court, you're innocent of the crime. There's not one iota of ambiguity there.

This matters to me because, as a journalist, I regularly see people accused of horrible crimes, and I see the human toll of people who are put through the ringer of social opprobrium. I've seen what happens when vigilante justice prevails, and trust me, you don't ever want to see it happen.

We have the rule of law because we as a society agree to play by the rules. That means that you stop making exceptions when someone that you don't like benefits from those rules. It sucks sometimes, but there it is.

Re: Not surprise in the least...

[Namarrgon]

Again, you are presuming, based on your limited information, that she's guilty.

The reason we have trials, rather than relying on the snap judgement of people like you, is that *all* the evidence is brought out, explored, and argued over. Until that is done, you cannot rightly presume anything other than innocence.

The Feds did their investigation, came up with more evidence and counter-evidence than you will ever know about, and judged that in total, it wasn't enough to even make a reasonable case. You can claim to disagree with the Feds' judgement all you like, if you think someone will listen; you can demand the investigation be re-opened, or insist that she go straight to trial, but you *still* need a trial and court decision, because you don't have all the facts.

Of course, requiring political opponents to be re-investigated until something turns up is a practice normally associated with oppressive regimes, and opens your own preferred politicians to the same treatment, so maybe be careful what you wish for.

But terrible reporting as usual...

[thesupraman]

What is it with the quality of reporting now?

No, this does NOT make signal, etc completely insecure - this means they need to specifically target one end of the conversation, before
it happens - why is always likely to be possible.

What is DOES NOT mean is that they can auto-vacuum up all the conversations for later 'analysis', as they can do with just about every
other form of internet base communication. THAT is a critical difference. What it means is when you get on the wrong side of an ever
expanding range of government bureaucrats, they can trawl through less of your life to look for a suitable 'punishment'.

Of course they would LOVE everyone to think encrypted communication is useless, because they more people wouldn't bother......

Bears a close resemblance to a false flag reporters.....

And no, I dont need to post that AC, because being sensible about your personal communications is sensible, not illegal.

Re:What is the surprise exactly?

[dbreeze]

So they've scared you that bad, huh? Ready to sacrifice all so long as they keep you safe from the boogeyman.

Ok, let's go at this piece by piece...

[XSportSeeker]

1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
It's basically, if it's Internet connected, it's probably vulnerable to some degree. But I wanna see the CIA remotely invading my unconnected Windows 7 PC used for maintenance purposes. Unless they get a warrant and physically get to my computer, they can't.

2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
Wrong. Encryption is used on these device to protect messages DURING transit and it's not only from the CIA or for criminal purposes. So yeah, it's still secure if you are not being actively targeted by the CIA, and if you keep your devices outside the reach of malicious actors.

3) The CIA could use smart TVs to listen in on conversations that happened around them.
This just adds up to not buying smart TVs at all, or at least don't connect them to the Internet. Several big brands like Samsung, LG, Vizio among others have been caught red handed harvesting information using smart TV functions for all sorts of purposes, so this recommendation came before the CIA papers leak.
It might not have shown up in papers just yet, but this also applies to your IoT devices and whatnot. Do NOT get a Google Home, Alexa or whatever always listening device you can avoid it. Your privacy will be put at risk as potentially your security also will.

4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
Hackers are also into this, and it'll remain an issue as long as car manufacturers continue to ignore major security flaws in their systems. Just so people know, most cars these days are wholly insecure. Hacking could come with something hard to accomplish like connecting a device into the electronic diagnostic systems on you car, needing physical access, to shoving malware on your Android based car system and taking control remotely from there. Unfortunately, it's one of those cases where a fatality will need to happen for car manufacturers to be blasted for malpractice and change their ways.

5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
This, along with several other cases like the iPhone thing and the more recent of a pedophile being released because a government agency didn't want to release the tools used for his arrest to the public just shows how governmental agencies are not focused on security and worries on the public, they are focused on power. This is the core issue with NSA, CIA, FBI and other public agencies promoting erosion or privacy: they want the power to spy on everyone and anyone, which gives them control to do anything.

All of the revelations and the spying programs governmental agencies have reveals one big problem in itself: the US will soon become a country where something like Watergate, or something more recent like the Snowden leaks, could never happen. How long do people think that an empowered state that is able to spy on everyone including journalists (which btw, the current government sees as "the enemy") will use these tools to actively persecute, blackmail and shut up anyone who has something negative to say about the administration? You are basically diving into a well disguised totalitarian regime. And with morons currently running the country it's going to be very hard to convince them that these powers have nothing to do with making police work easier, or going after terrorists, and all to do with these agencies having enough power to do just about everything they want.

There already have been plenty of reports on police mishandling public cameras and using tools for stuff like stalking people, going after ex-girlfriends and stuff like that. Going from there to actively blackmailing people, using the information collected for their own profit, all the way into covering scandals and shutting off corruption case investigations is not a joke. Yes, no one is interested in your boring life and your boring messages or e-mails, but there is a reason why privacy is the cornerstone of democracies. If you don't fight for it and lose, the consequences will come crashing down soon enough, and then there's nothing you can do anymore.