Slashdot Mirror
Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents (cnn.com)
A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.
with a dream and a pocket full of green
Where is the Federal Criminal Probe into illegal spying by our own government?
>cause havoc overseas
this is a loaded gun pointed directly at the US that her taxpayers footed the bill for
zero days give no shits about geography
...but we can't tell you what we're doing with your money.
Only deep government is allowed to leak documents, and it has to be something that helps the last administration.
If it's something that just exposes government over reach or something small like that, it's a security problem.
So, Just like Snowden, let's ignore the purportedly criminal and corrupt activity of the US Government and it's elected thugs - and just kill the messenger. Sweep the body under the run and strong arm anyone with evidence to go away.
Case Closed, mission accomplished, normality achieved.
First. HA HA!
And with that out of the way, lets probe why the CIA is producing tools that overlap another agencies goals. Let's probe the industrial thefts that occurred from commercial vendors when they reviewed their codebase and stole techniques they found (Read the anti-debug articles).
Basically the government forced these companies to provide code for review, possibly under secret order, then stole their techniques and published them on an internal wiki for their own developers to use. They named the actual company in one such page....
This is downright criminal.
Obama appointees.
They thought they were leaking some Trump stuff but they downloaded from the wrong database.
Can anyone say "plausible deniability"?
I can hear it now, "oh those attacks weren't us. Those tools were leaked by wikileaks. They could have come from ANYONE..."
Given the wide open door for plausible deniability I would not bet against the CIA orchestrating this leak themselves.
One of the biggest concerns for the people of the United States is if WikiLeaks publishes critical computer code on how operations are conducted, CIA/FBI hackers could take that code and cause havoc overseas AND/OR at home and blame someone else. False-flag ops are standard I hear.
Maybe they should have thought of that before hoarding vulnerabilities instead of disclosing them. Security by obscurity is equivalent to no security at all. The responsible thing for the CIA to do now is a disclosure of all known vulnerabilities to the parties of those products so they have some chance to patch them before exploits are in the wild. What they will do instead is waste taxpayer money on this investigation and continue to go after WikiLeaks while continuing to hoard vulnerabilities and continue illegal domestic spying.
The people who disapprove of the government's abuse of power are an entirely different set of people than those who take action on behalf of these agencies.
From their perspective, what they are doing is perfectly fine...ordinary people are beneath them and spying on them doesn't actually hurt them anyway (except, of course, in cases were they WANT it to hurt them, which is a positive). It is not like they secretly know they are doing something evil and now feel like a kid caught with his hand in the cookie jar. That is ridiculous. They think that their power-abuses are not abuses at all, and are in fact appropriate and responsible uses of power.
They also think this must all be kept secret, because the masses whine about it and because their tools won't work well if too much is known about them. Just treatment for the masses doesn't enter into these decisions at all.
So they don't feel caught or guilty. They only feel betrayed, and they are out to punish the betrayers and do what they can to prevent such betrayal in the future.
You will never change their views on these issues, by any means. Your moral arguments are just babbling nonsense to them.
Gotta keep cleaning house until all Democrat moles are gone.
CIA activity that security experts thought were associated with the Russians or Chinese until these documents were released? I wonder if this applies to anything else..... (commence the down voting)
I thought the Right loved Wikileaks now! We had our pundit friends calling for Assange's freedom and forgiving him for all his transgressions when he helped them win the White House! Why the sudden change of heart?
The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. However, WikiLeaks thus far has a 100% accurate record, so it would be absolutely shocking if even a single document is not authentic. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Of course, the federal government is merely deflecting blame on WikiLeaks, when it appears likely the CIA has already lost control of these tools to the hacking communities and agencies of the world.
Wow, the CIA and FBI only just noticed they might have a problem, after years of leaks from the intelligence community to the press?
I don't know what good a search will do when at this point it seems they are fundamentally riddled with leaks.
The glamorization of Snowden only serves to amplify the situation, I'm sure each of the intelligence agencies has a lot of Snowden's in the making, now that they can see Snowden has not been brutally assassinated as one would have expected before. The agencies have no teeth anymore.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
10 Times today it was repeated on CNN that the CIA "Only spies on foreign citizens, not on US citizens"
I don't believe that for one second. Knowing how little oversight the CIA gets from congress they could dragnet all of American communications and lie to congress and say they weren't doing it. Actually, wait isn't that exactly what the NSA did? Didn't Former NSA director James Clapper lie under oath to congress when he professed the NSA wasn't spying on americans, just a few months before snowden proved that they where? Why should we expect the CIA to do any different, just because their mission statement say's they don't have jurisdiction to spy within american borders?
Nobody's watching this watcher, which is why we shouldn't trust them one iota.
anyone who claims to be an expert, or the press says is one, is probably not... he said "...software bugs are a small part of the problem..." what rock is he under?
nothing to see here - move along
Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.
Seriously, was there any morale left to erode?
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
If you hire a bunch of honest people who are loyal to their country, and then ask them to do illegal and immoral things, eventually they rat you out (that being the decent thing to do, and all).
If you hire a bunch of crooks who have no qualms about betraying others for your profit, eventually they will betray you for their profit.
If you hire people stupid enough to believe that patriotism is the same thing as unquestioning obedience to government officials, they won't be competent enough to do their jobs.
I realize that government officials absolutely abhor transparency and public accountability...but....the new technological landscape is eliminating some options for secrecy that once allowed corruption to thrive.
The spooks do what they want because it's "important to security" and if they are called on it, they kill the messenger instead of cleaning up their act...
Seems both sides - not the messenger - but the spooks on either side have a similar character makeup and feed on each other to keep this game going.
The neverending story.....
Whether or not you agree with the data release, someone committed a felony. Searching for him or her is anything but a witch hunt.
Now we have a public database of exploits that can be sealed. Start hiring Americans again, even if it means going so far as recalling developers over forty, and get these vulnerabilities fixed.
... "other hackers could take that code and cause havoc overseas."
WTF!!??
What about the havoc that it could cause over here in the good ol' USA?
Who exactly are the CIA and FBI working for?
CIA crying a river that this leak will allow AV vendors to catch software trying to make use of these exploits and thus set them back years...my heart REALLY bleeds for them...NOT.
This bullshit 'secret government' has to end. I'm no conspiracy theorist by any means but I do know something about human nature & in ANY population you have to assume 'bad actors'. So there are criminals or simply people who are out to get someone in every large group of people. It's 'security 101', you simply "Can't trust anyone you do not know for a fact has your best interest at heart"...that doesn't mean the majority of people in the world aren't good, kind, decent people but you can't live your life betting that everyone is. And when its the government your dealing with you can't trust a single one of them to do the 'right thing' so we must limit the power of the government so that doing the 'wrong thing' doesn't end up in someone being stripped of their rights or worse being killed by being in the wrong place at the wrong time. 'Collateral damage' is just a 'buzz word' to make us all feel less responsible for the deaths of REAL people who are innocent of any crime, its WRONG, its murder end of story. By allowing such spin to go on we give up power to others, we lose our compassion & humanity & we allow bullshit operations to do 'regime change' when NO ONE in a given country was asking for it.
In watching the news on this last night once again we have talking heads saying Assange is a 'stated enemy of the US' & wondering why Wikileaks never publishes any secrets out of Russia...he's clearly stated why...e.g. we all KNOW that Russia is doing these things so there's no reason to expose their secrets but we BELIEVE the western world (especially the US) has some kind of 'moral high ground' that we operate under that we can all feel good about...this is of course bullshit and lifting the lid on the fact that our governments do NOT operate with our best interests in mind or with the 'moral basis' we individually profess to uphold provides the people the opportunity to actually decide just how far from our moral base we choose to allow our governments to stray since they are supposedly acting on our behalf.
next they'll come for you and no one will speak out. If its gotten to the point that the GOV is going after people who leak out illegal acts of GOV agencies that broke laws, democracy at that point is just a facade.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
here's a nice tidbit that, to me, nicely illustrates the problem with attribution: "one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA" Bear this in mind the next time someone says "that guy did it"
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
It's not called "The CIA." It's just "CIA."
Kriston
We stood by an election orchestrated by a foreign government, and we didn't stop, yet continued walking forward into Trump's madness. Trump was exactly what this country needed not!
https://www.youtube.com/c/BrendaEM
It's not Central Intelligence Agency, it's the Central Intelligence Agency. Abbreviate it and it's the CIA, not CIA.
Try it and see: "Jimmy was disappeared by CIA" vs "Jimmy was disappeared by the CIA".
It occurs to me that this Leak could be used as the argument for why placing a backdoor into encryption is a bad idea. At some point in time - somebody will figure it out and leak it to the world.
The idea that the government is going to be trusted with these BIG secrets and they won't get out is preposterous. See see -- don't look over there!! Ignore the man behind the curtain.
It is "the CIA" when used in a sentence. Usage from the CIA website:
https://www.cia.gov/about-cia/...
Go get Wikileaks' "summary" of the first Vault7 release. You'll know you're on the right one because it's a list of bullet points.
Now get the actual first Vault7 release from Wikileaks. You'll have to do a little searching, but see for yourself if the summary (made to be released to the Western media) actually corresponds to anything in the Vault7 release itself.
You will be surprised, especially if you think Wikileaks is a force for transparency.
If you're really lazy, go read some posts by infosec experts and pro-privacy bloggers. They're already doing some of this work for you, and you will still be surprised at what they say. I don't want to spoil it by telling you.
You are welcome on my lawn.
One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas.
Criminals that get ahold of this will loot AMERICA. This is exactly what every single security expert has warned against, pretty much since the internet existed.
All of which can allow these exact sorts of attacks, and at least two of which can be remotely updated just by getting a networked device on the same LAN with knowledge of the passive interface used for device bringup and remote management.
As soon as you can't trust your computer to be operating solely for your benefit, you also can't trust it to be operating for the benefit of others who might transmit data through you. Whether it is a fortune 500 company, or you volunteering encryption and bandwidth to Tor/I2P or another encrypted P2P network, all of them become untrustworthy if either your OS or hardware with supervisor (or greater) level privileges can snoop through your memory space and storage devices. Both of which have been shown possible through proof of concepts, neither of which can be fixed by end user or volunteer developer reverse engineering thanks to the computationally expensive signing techiques used where are nearly impossible to brute force as less than a nation-state actor without the original private key.
Food for thought in this day of massive exploits.
But we can point to U.S. law that makes searching of one's property without a warrant illegal. And since that is WHAT they are using those vulnerabilities for, perhaps we should charge them under criminal law.
If the Russian hacker group Fancy/Cozy Bear turn out to U.S. operatives.
Setup Password-less Access to Another Machine via SSH (hey, I didn't knew the ssh-copy-id command): https://wikileaks.org/ciav7p1/... ; C Coding Conventions: https://wikileaks.org/ciav7p1/... ; iptables rule to drop packets randomly: https://wikileaks.org/ciav7p1/...
Graham is a eyewash/whitewash artist. Every thing he writes/types is in apologia for the duplicative, plausibly deniable, government departments of mercenaries-posing-as-patriots and he presents his fallacious messaging in gatekeeping fashion so as to say "Nothing to see here. Move along." His duplicitous writing has led to a tremendous amount of archive.is activity for a podunk blog because he keeps changing his messaging after people comment to call him out on his bullshit.
Please don't believe someone or adopt a consensus groupthink belief in someone's expertise just because that someone is proclaimed to be an "expert". More often than not, groupthink-proclaimed experts are compromised puppets who are carrying water for the-powers-that-shouldn't-be. Robert Graham ought to be considered to be a part of the overall problem, not someone clarifies it. Graham's effortless gatekeeping of the Vault 7 situation is an absolute whitewash that favors the "legitimate" spy stuff that the CIA carries out not against foreign adversaries, but against the taxpayers it claims it does things for in the interest of national security, interest of which it can neither confirm nor deny because an alert and avid citizenry is more dangerous than a placid and entranced citizenry.
One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas.
Do they think that US-based "hackers" are too shy to fuck shit up domestically? I don't get this 'overseas' concern.
What's the big deal? Nobody who's been paying attention is going to be surprised that the CIA and/or NSA developed viruses.
While I assume the CIA and NSA employ very good malware writers, I don't see any reason to think they're the best out there. It wouldn't surprise me at all to find out that the Russian ones are better. By putting a virus out there, without even a copyright notice, the CIA is asking for people to reverse-engineer it and understand it. Not all of these people have pure hearts and good intentions, and it's almost certainly possible to repurpose such malware. Improved malware defense means that the Russians and Chinese and Israelis and other people have more trouble hacking into our computers.
Also, once such a virus is published, it will become less effective. If the CIA/NSA efforts were competent, they'd have more and different malware waiting around to be used, so this wouldn't set CIA operations back for years.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
And then there's the whole 5 eyes thing, where other countries can spy on and hack us citizens and corps, and then turn the data over to our spooks without even getting so much as a FISA warrant, as secretive and unaccountable as those are. Total extrajudicial ownage of the US Constitution.
If Trump is serious about making America great again - I think one of the first and most important steps to achieving that goal would be to put an end to this illegal, unconstitutional and intrusive behaviour by the spying agencies. Reduce their budgets and stop their illegal activities, once that happens America will be on the road to being grate again.
Does the CIA has to obey local laws?
I see that the discussion so far is centered around wheter the CIA operated in US soil (illigal) or not (legal?, according to the US law).
But operating on foreign soil the CIA is just breaking somebody else laws, that may in fact be totally equivalent to US law (you can't installalware, stole private information, assasinate someone, etc).
So, supporting the CIA operations leads to a strange state of affairs, where you support the abbiding of your local law (presumably because is the only way of having a developed society) but opposse the respect of somebody law (that has the same purpose). Worse, is not even a law that you dispute (that could very well be the case of certain culturally driven laws), but standard law against common crime.
Wasn't it pretty much all CIA assets and Saudis who attacked the country on 9/11? Drug smuggling into LA to support foreign regime changes? The CIA attacks its own country quite a bit.
Time to make it a federal crime for any organisation public or private that knows of vulnerabilities to fail to disclose those vulnerabilities to the vendor. Circumventing computer security and knowingly allowing vulnerabilities to persist is tantamount to sabotage enabling financial and reputational damage to organisations and individuals that use those computer systems/software. Class action?
Mainstream (News) Media.
When making things illegal that shouldn't be and hinderance of participation in government is the norm, 8 illegalities is the general conduct of everyone.
When the government is so corrupt, as well as other prevailing conditions, how do you propose doing that effectively?
Just who do you think 'WE' are? The people whose task it is supposed to be to charge people with crimes is just as corrupt as the rest of the government.
as security experts would also get a hold of it. Most would be patched within days. You'd probably have to throw out your old android phone or change it to cyanogen / replicant if possible.
Thank you. Now I know.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
It's called our masters.
WikiLeaks became the news before, on purpose with the intent to DISTRACT and change the conversations to the messengers instead of the messages. On top of that to send a signal to any future leakers or publishers or press.
WikiLeaks worked with 3 serious news organizations with their big leak before that got all the news and all we heard was attacks on Wikileaks and Manning. Discussing the act of leaking and punishment etc, purposely to take away from discussing the leaks themselves. The information itself when known justifies the leaking of it; so the goal is to avoid it and focus on imagined damages etc and attribution of BLAME to the wrong groups of people.
Democracy Now! - uncensored, anti-establishment news
If you read a little bit about the history of the CIA it appears that barrier was eroded away on day one or close to it. Hiring Mafia types (just like the postwar British spooks did with various criminals but without keeping them at arms length) did not appear to be a good idea and they never seems to have recovered from early mistakes like that despite things like Helms and Angleton being fired in the 1970s for the CIA's domestic activities.
Apparently those of us who don't know are "Cucks" or something.
It's a "Alt-right" woman hating angry virgin bit of terminology and those of us who have dared to kiss women are not in the in group to discuss how the mainstream media is at the root of all the evil that is not supplied by women and people who are not pale nordic types. Since they go on about it so often they have shortened it to MSM.
Don't worry, they'll have more confusing terms next week that we'll have to either work out or ignore.
Problem is Democrats don't believe government is evil, and Republicans don't believe government is necessary.
The MSM abbreviation predates the alt-right by over a decade.
Linux, you magnificent bastard, I read the fucking manual!
How can "Cucks" or "Cuck" be a woman hating term?
Cuckolding is a great example of unmitigated matriarchal control of sexuality and sexual expression. If you are a good liberal you will be happy to be a Cuckold as it demonstrates your support of feminism by allowing women to express their sexuality without patriarchal interference, judgement, or restriction.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
How can "Cucks" or "Cuck" be a woman hating term?
Cuckolding is a great example of unmitigated matriarchal control of sexuality and sexual expression. If you are a good liberal you will be happy to be a Cuckold as it demonstrates your support of feminism by allowing women to express their sexuality without patriarchal interference, judgement, or restriction.
Only if I can watch
Of course the insult makes no sense. A bunch of woman hating virgins calling people cuckolds as their insult of choice shows how little sense they have and how utterly pathetic they are.
Solution: Howard Stern now gets the security briefing and then calls up Trump to tell him about the daily security threat.
It's also called USA and not US. The dollar sign is a U and S on top of each other, not two lines through a S. No one cares.
The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents
The government is using YOUR PROPERTY to eavesdrop on you, your family and the ones you love to be used as testimony against you when required but without legal permission or accountability. And your response is to suggest that it doesn't matter because we can probably defend ourselves against it in the future?
Prosecuting people in the CIA, for failing to disclose known security problems in products to the products' firms, right?
There's no time like the present. Well, the past used to be.
That's not how this works. How this does work: "What can be asserted without evidence can be dismissed without evidence." If you persist in being a lazy commenter, we'll move to the stage of the conversation where I casually assert that you like to have sex with farm animals in school playgrounds, since it's your now job to disprove the assertion made online. And while we're on the subject of debunking false narratives.....
Yes, Hillary setting up a email server was a disastrous, corrupt, arrogant decision for her to make. Dems think they're making a great point with the "but her emails!" meme, but all you're doing is highlighting the fact that Hillary had no business running for dog catcher of the DNC, much less POTUS.
Two years after savaging the Bush Administration, "Our Constitution is being shredded. We know about the secret wiretaps, the secret military tribunals, the secret White House email accounts" she was doing the same damn thing herself. If that wasn't bad enough, she kept her server after Republicans took the Senate in the 2010 elections, who then had the power to subpoena her.
Dem's like to whine that the GOP smear machine has had it out for her for a quarter of a century, which is true. But then how dumb of a fuck did she have to be to hand them a real scandal, one that could still send her to prison. Warmed over Vince Foster bullshit no longer needed, now you can prosecute her dumb ass for mishandling classified evidence and obstruction of justice, when she deleted thousands of emails before her server could be inspected. And you can skip all the tired excuses for Hillary's unsecured, unauthorized server when a man is currently serving time for taking selfies on his unsecured, unauthorized cell phone.
If her name was Hillary Johnson, she'd already be in prison serving 20 years - for obstruction of justice charges alone. Then Dems have the nerve to whine about Comey, when they should be thanking him for not perp walking her into an arraignment.