Slashdot Mirror
WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk)
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
When I got my TV I bypassed the Mic and am feeding it "never gonna give you up" in a continuous loop. Glad my effort was not wasted.
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
That's part of the spying thing and has been for at least the last 2-3 decades.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
Logically follows.
3) The CIA could use smart TVs to listen in on conversations that happened around them.
Smart device insecure; news at 11.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
Explored and...? That's it? Okay.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
Author doesn't know what an 0-day is good for.
The Daddy casts sleep on the Baby. The Baby resists!
Point 3 is just dropping yet another reason on top of the large pile of reasons why I'll never ever buy a 'Smart TV'.
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
I'm safe. Turns out buying a Windows Phone was a good choice after all.
I am surprised that anyone would continue to risk themselves and leak this kind of information, since we have seen how willing the public is to stand up and defend its whistle-blowers (which is to say, not at all).
locking up a rival candidate would be really bad for democracy, no matter how much she deserved it.
locking up(or shooting) CIA operatives who interfered with democracy, however, would be great for democracy.
Snowden and Manning are heroes.
"Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure" is what makes running security-minded programs on non-free, user-subjugating, always-untrustworthy, proprietary OSes a joke. People get a sense that they're safer from malware then they really are and they think they get to keep their proprietary conveniences as well. Openwashing will not help you.
I know it's a lot of work to learn new things and change your views and your behavior. I understand that software freedom is differently political than what you're encouraged to adopt, and software freedom requires you to consider more than what's listed in virtually every features & money-based ad campaign from monied proprietors. And I get that coming to terms with the consequences of software freedom runs directly contrary to believing that you don't need to think any further than what proprietors and their "open source" friends tell you to think about (because no proprietor frames their offerings in terms of the freedoms to run, inspect, share, and modify the software, hence proprietors are more likely to sanction the open source movement which eschews these values and even celebrates partnering with proprietors like Red Hat's recent uncritical commentary on Microsoft's software and Microsoft's new campaign regarding "Linux"—no mention of GNU which might bring software freedom to mind). But in the real world you need to stop trusting proprietary systems to keep you safe, respect your privacy, or other practical consequences of software freedom. Proprietary software wasn't designed to do that and therefore that software never will do that job. There is no middle ground which allows you to run proprietary software while retaining the benefits of software freedom. It's time to value software freedom for its own sake.
Even if all published software were free, exploits like these are possible because all complex software has bugs. Perfect security is not the issue. The issue is who gets to control their own computer and how we treat each other. Even after these exploits are published by WikiLeaks and people have had time to consider them and protect against their adverse effects, proprietors will still have power over users who run their proprietary software. Users won't be able to tell what other exploits are out there and therefore it will be harder to protect against them. The difference between proprietary subjugation and software freedom becomes more clear: Free software users will be able to run, inspect, improve, and share improvements with others making that software more able to prevent future attacks. But proprietary software users won't be allowed to do the due diligence they need in order to help themselves no matter how technically skilled they are or how willing to repair things they are. No computer user deserves to be treated that way. It will take a lot of work to get people to understand why they too should care about software freedom even if they're non-technical (like most computer users are). So I urge you to understand software freedom for its own sake and to try to help others understand as well.
Relatedly, the Free Software Foundation's "Respects Your Freedom" campaign has some new hardware on the list. I recommend buying some and using it, even if it's not up-to-date with the latest capabilities and seemingly expensive for what's offered. We need more people to invest in free replacements for proprietary, locked-down, user-subjugating systems. We need to make investments in our own collective future by funding the free products available today so we can have modern, highly-capable, and fully user-controllable POWER8, RISC, etc. systems which will respect the owner's control.
Digital Citizen
Not locking her up is really bad for the concept of Rule of Law.
Not investigating and then, if necessary, pressing charges and letting a court decide is really bad for the concept of Rule of Law.
She was investigated, and the conclusion was that 'No reasonable prosecutor would take the case.' Hillary Clinton is, contrary to popular opinion, innocent in the eyes of the Law.
Forgetting about the presumption of innocence is really bad for the concept of Rule of Law.
Fucking selectively moral hypocrites who have already decided not to accept what their own fucking law enforcement agencies have investigated and declined to prosecute is bad for the concept of the Rule of Law. You can complain about political factors weighing on the decision; you can complain about ineptitude and willful blindness. You can complain about any fucking thing you fucking want. But you cannot dispense with essential components of the legal/judicial system whenever its suits you.
You can't claim she's guilty in the absence of a trial and still pretend to uphold the rule of law. So either shut up about the rule of law, or stop claiming she should be locked up, because you can't do both at once.
Crumb's Corollary: Never bring a knife to a bun fight.
Food for thought: Michael Hastings was apparently investigating the C.I.A. when he died in what sounds like a suspicious car crash. Officially, foul-play was ruled out. Quote from Wikipedia: "Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard A. Clarke said that what is known about the crash is "consistent with a car cyber attack". He was quoted as saying "There is reason to believe that intelligence agencies for major powers — including the United States — know how to remotely seize control of a car. So if there were a cyber attack on [Hastings'] car — and I'm not saying there was, I think whoever did it would probably get away with it."" (This quote is from 2013.) Source: https://en.wikipedia.org/wiki/...
Here's a few excerpts...
V2.5.1 /var/.config timer file if it does not already exists. Note that the trigger listening function will automatically self delete the executable if it discovers that the /var/.config file does not exists. If a self delete occurs, the normally empty /var/.config will contain a time stamp when the actual self delete occurred using a yymmddHHMMSS format. Previous versions would allow the /var/.config file was removed. Version 2.4's Caution for Solaris shells still applies. A new
11/29/2012
Modifies all mikrotik, linux, and solaris code so any successful beacon or trigger will also create a
executable to stay on the box but would stop the process whenever the
Hive updating script called hiveReset_v1_0.py was added which also resets the self-delete timer for all linux, Mikrotik, and Solaris devices.
(S) Below is the list of files included in this release, along with their size and MD5 hashes.
Filename File Size(bytes) MD5 Hash
CCS.xml 490235 1dd06dd5b74ceb7cab9b599a22f99975
cutthroat 1095780 caba38dc033c86f5f9daa837dfe4c2fa
hive670859 216f0da2dca51fb33044e5b525db45a3
hive-patcher 1368840 dee62bac8aa66f6a309c2bb1c675c3e0
hiveReset_v1_0.py 60292 d3153e378e24f4bed0ceddfcab599fb8
honeycomb.py 15500 5ef80df352e52e191556663c0bcc3059
swindle.cfg 680 3b9185be038c826c39734f1be273b37f
Unpatched Binaries
hived-linux-i386-unpatched 165280 a7729c8b0c5f1b0f3bc1888a43be3525
hived-mikrotik-i386-unpatched 163426 7905ecba0e020fe8883099fb45ff2e50
hived-mikrotik-mipsbe-unpatched 234944 e74ad934ff90aa2354d3874009563343
hived-mikrotik-mipsle-unpatched 235307 4f2d7d2e817684a21f2de8315c2d9eb3
hived-mikrotik-ppc-unpatched 175812 0806e6641cafe014266d30ee1d4b37ef
hived-solaris-i386-unpatched 174764 3adb8dfaf459948a0eea6a9439396059
hived-solaris-sparc-unpatched 207720 aa853024ec50b914c3cb3717b36d7e5c
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
I did, have you? Cause Al Franken didn't even ask the question but Sessions said point blank he had no contact with the Russians. It was an unforced error since that wasn't what Franken was asking as Franken was just trying to find out what Sessions would do with any evidence he might find.
... and the conclusion was that 'No reasonable prosecutor would take the case.'
You're assuming that the only reason no reasonable prosecutor would take the case is her innocence.
No, for fuck sakes, I'm saying that you can't defend the rule of law, and then jump straight to a guilty verdict without passing through these interim steps.
My entire point is that it's perfectly fair to complain about the lack of consistency in prosecutorial decision-making. It's perfectly fair to question the FBI's investigative techniques. It's perfectly fair to discuss at length and in detail all of the countless deficiencies that exist in the American criminal justice system. People spend lifetimes doing just that.
But you do NOT get to say, 'That bitch is guilty' when she's never even gone to trial. Not if you stand for the rule of law.
Say, she should be prosecuted, she should be re-investigated, say that what she's doing is dodgy as fuck. I'm right beside you there. Say that she and her husband are conscience-free, calculating sociopaths. Say that she's insincere. Say whatever the fuck you want. But you still don't get to say she's guilty until she's convicted. Not if, as the poster did, you claim to support the rule of law.
Too many people think presumption of innocence is a trivial thing, that it only applies when trials run right. That's not true. Presumption of innocence is essential to a society run by laws, and it says, if you didn't get convicted by a court, you're innocent of the crime. There's not one iota of ambiguity there.
This matters to me because, as a journalist, I regularly see people accused of horrible crimes, and I see the human toll of people who are put through the ringer of social opprobrium. I've seen what happens when vigilante justice prevails, and trust me, you don't ever want to see it happen.
We have the rule of law because we as a society agree to play by the rules. That means that you stop making exceptions when someone that you don't like benefits from those rules. It sucks sometimes, but there it is.
Crumb's Corollary: Never bring a knife to a bun fight.
... innocence is not a legal concept.
Presumption of Innocence is a formal concept in Common Law.
Crumb's Corollary: Never bring a knife to a bun fight.
It's more sinister than that.
Consider a one year old child today who may grow up to be a politician, high-level businessman, civil servant, inventor, etc.
That child is going to grow up with his communications logged, messages recorded, phone conversations intercepted, and what's more all his porn interests, mistakes in teenage years, drug taking, cheating, law breaking, foolish racist or bigoted or cruel utterances, web searches, fucking everything.
Then when they're making something of themselves they get a knock at the door and someone comes in with a big file.
The end consequence of this project means that the intelligence agencies will become our permanent rulers. Not even democracy can overturn them because democracy's players, our politicians, have and do make mistakes, mistakes which are captured by the agencies. And any revolution would be thwarted before it even began.
Again, you are presuming, based on your limited information, that she's guilty.
The reason we have trials, rather than relying on the snap judgement of people like you, is that *all* the evidence is brought out, explored, and argued over. Until that is done, you cannot rightly presume anything other than innocence.
The Feds did their investigation, came up with more evidence and counter-evidence than you will ever know about, and judged that in total, it wasn't enough to even make a reasonable case. You can claim to disagree with the Feds' judgement all you like, if you think someone will listen; you can demand the investigation be re-opened, or insist that she go straight to trial, but you *still* need a trial and court decision, because you don't have all the facts.
Of course, requiring political opponents to be re-investigated until something turns up is a practice normally associated with oppressive regimes, and opens your own preferred politicians to the same treatment, so maybe be careful what you wish for.
Why would anyone engrave "Elbereth"?
The quote is from an alt-right shit site you moron.
What is it with the quality of reporting now?
No, this does NOT make signal, etc completely insecure - this means they need to specifically target one end of the conversation, before
it happens - why is always likely to be possible.
What is DOES NOT mean is that they can auto-vacuum up all the conversations for later 'analysis', as they can do with just about every
other form of internet base communication. THAT is a critical difference. What it means is when you get on the wrong side of an ever
expanding range of government bureaucrats, they can trawl through less of your life to look for a suitable 'punishment'.
Of course they would LOVE everyone to think encrypted communication is useless, because they more people wouldn't bother......
Bears a close resemblance to a false flag reporters.....
And no, I dont need to post that AC, because being sensible about your personal communications is sensible, not illegal.
So they've scared you that bad, huh? Ready to sacrifice all so long as they keep you safe from the boogeyman.
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
That is nonsense. The IT guy that wiped her server, after the investigation began, posted on this very site asking for advice on how to destroy the evidence.
He posted on Reddit, not here, and his inquiry didn't read to me like an attempt to destroy evidence. He was trying to figure out how to redact email addresses from a large corpus of archived messages. This is standard practice during electronic discovery and document production, and isn't a sign of anything nefarious.
Jeb Bush performed the same scrubs on his email archives, after first releasing them unredacted and causing an uproar because they were full of constituents' personal data.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I think the biggest revelation is the fact that the CIA can, indeed, hack a car and potentially assassinate the driver: http://yournewswire.com/wikile...
Interestingly, Michael Hastings died when his car suddenly accelerated out of control and crashed, killing him instantly. He was currently investigating the director of the CIA, John Brennan!
Coincidence???????
???
??
?
Slashdot Flashback time...
In Soviet America, TV watches you!