Slashdot Mirror
WikiLeaks Dump Reveals CIA Malware That Can Sabotage User Software (bleepingcomputer.com)
An anonymous reader writes: "While the world was busy dealing with the WannaCry ransomware outbreak, last Friday, about the time when we were first seeing a surge in WannaCry attacks, WikiLeaks dumped new files part of the Vault 7 series," reports BleepingComputer. This time, the organization dumped user manuals for two hacking tools named AfterMidnight and Assassin. Both are malware frameworks, but of the two, the most interesting is AfterMidnight -- a backdoor trojan for stealing data from infected PCs. According to its leaked manual, AfterMidnight contains a module to "subvert" user software by killing processes and delaying the execution of user software. Examples in this manual show CIA operatives how to kill browsers every 30 seconds to keep targets focused on their work, how to delay the execution of PowerPoint software with 30 seconds just to mess with their targets, or how to lock up 50% of PC resources whenever the user starts certain software. Basically, the CIA created nagware.
how to lock up 50% of PC resources whenever the user starts certain software
Isn't that just windows updates?
to kill browsers every 30 seconds to keep targets focused on their work
As a web programmer, I need tons of documentation that is mainly available on-line. If I got the CIA's luddite infection, I couldn't deliver much useful
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
...that Wikileaks never seems to publish any russian or chinese state cyber security leaks. Now either security is particularly bad in the US security services compared to russia and china, which means information is easy to get hold of, or someone in wikileaks has a rather anti-US agenda. I know which I'd lay money on.
Powerpoint gets delayed 30 secs... and so on.
Isn't that just standard Windows "user experience" anyway?
Do you not think the other agencies don't have access to such tools and information already? Exploits are sold and distributed in the darkweb on a daily basis, you can even these days buy malware as a service. It's a highly advanced, highly lucrative industry with professionals at work on all sides. And not all the players are state actors, plenty of them have commercial interests in mind and these people don't care who's buying.
Now, someone else said it well in a recent story about WannaCry: the lesson of this story is not just 'guard your weapons better' but also 'make better armor'
Putting these exploits out there allows for people to defend themselves against them. Following the mentality of 'well let's just not tell anyone of this exploit we found and no $BAD GUYS will ever find it" is arrogant and stupid because there are billions of dollars involved in the industry of seeking out and taking advantage of these exploits. There are millions of people across the planet right now working for criminal enterprises whose day-to-day job it is to seek these security holes out, with or without sites like WikiLeaks.
I personally think the whole tactic of not informing companies of serious security flaws in their products in the hopes of one day being able to use said exploits to target $BAD GUYS, is incredibly stupid and shortsighted because it simultaneously puts EVERYONE running these systems in the US/west at risk of being attacked by whoever else has found the same exploit. It's literally the same as finding out a vaccine for a deadly virus but trying to keep it a secret in case one day you decide to start full-scale biological war against $BAD GUYS; if your population is not vaccinated and is hit first by the enemy, you're fucked. The risk-reward ration is absurd.
But then again, I'm not american, so that must mean I'm the enemy, right?
"It is the business of the future to be dangerous" -Alfred North Whitehead
If you feel left out, you can simply install some anti-virus software.
I thought Windows was just like that by default - little did I know I was being hacked by the CIA. I'll be more careful in future ;-)
Anyone else a bit disappointed by the sophistication of the tools & docs wikileaks are releasing?
If this is the extent of the CIA's super-impressive cyber capabilities, then the tax payers probably deserve a refund.
The difficult/expensive bit are the zero day exploits & getting nafarious/nagging code onto a target system & running with sufficient privileges.
Finding a hole in an EOL OS like windows XP or social engineering someone to install something that kills powerpoint every 30 seconds probably isn't worth the millions (billions?) of dollars thrown into these programs by the government.
Maybe I've just seen too many spy movies, but I kind of expected something a bit more exotic.
>washington post
>hearsay via anonymous former officials
>directly contradicted on the record by multiple current high-level officials who were in the room at the time
>not even illegal even if it was true
Never mind though, if you want it to be true badly enough it will magically be true. That impeachment's juuuuuust around the corner!
Trump does something monumentally stupid every day it's just not news anymore
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Is this why WoW gets slower with every release?
So they are passing out weapons now. Lots of international law about that. Most of it very nasty.
Yeah people like you would rather have fake news that has been sanitized for your protection. All wikileaks does is report stuff. Don't blame them for being the messenger. You want to shoot someone, shoot the guy in charge of internal security at the CIA/NSA or wherever these "tools" get stolen from. And shoot the guy at Microsoft who knew about all these vulnerabilities years ago and decided to sit on his hands.
But I'm wasting my breath - your statement proves you are incapable of dealing with the real world.
Because people aren't stupid enough to give execute privileges to anything that asks for them. You're merely delaying the inevitable. The problem lies between the keyboard and the chair. Most people REFUSE to think. Grandma would rather ask her son to buy her a new laptop than have to read dialog boxes or set file permissions.
Seven puppies were harmed during the making of this post.
And would it not also be great if that executable flag where automatically stripped when downloading a file so all things downloaded by a browser/mail-program had to be manually enabled in order to run?
i would assume the worst, totally wipe windows off the drive, do a clean install without allowing windows internet access, reboot my dual boot system to Linux and then wait for the shitstorm to subside and then maybe boot up windows for offline only purposes and use Linux for a general purpose internet access OS
Politics is Treachery, Religion is Brainwashing
To all those who keep looking forward to the year of Linux in the desktop - don't. The status quo is excellent. You can run Linux in the desktop without any problems and without much effort, if you want to, to do just about everything that you need and want. As long as Windows maintains its stranglehold, the bad guys and three letter government agencies world over will focus their efforts on Windows, leaving Linux desktops alone. The time has come to understand that the dominance of Windows in the desktop is a blessing to those of us who wish to run Linux in the desktop. We do not want for Linux to rule in the desktop, we want for Windows to carry on taking the heat. Fortunately, the asinine efforts behind Gnome and KDE (and the fading Unity) almost guarantee that Windows will remain the desktop of choice for the masses. And that is a very good thing for the rest of us.
I'm not sure about other readers, but one of the things I've noticed is that as time passes, so more and more potentially useful software becomes "chatty" - in other words software that we'd normally trust to do "what it says on the tin" and nothing else has suddenly sprouted a great deal of extra activity.
This makes it much harder to spot suspicious activity on "ordinary" machines.
Now, we have to accept that there is a great deal of "free" software available today (firewall software like ZoneAlarm, anti-virus software like AVG) which offer both free and paid-for versions, but for which the free-to-use editions "phone home" an extraordinary amount of data about your PC. You get what you pay for.
But when your OS is the worst offender, (W10), when your video driver maintains a running commentary (nVidia), when almost any piece of software on your computer believes that it has the need or right to "phone home", it becomes orders of magnitude more difficult to understand when something suspicious might be happening with your computer. I recently had to re-install a Windows 10 machine for a friend of mine; after applying a 3rd-party firewall utility and configuring it to block all outbound traffic until it had been positively vetted, I was absolutely stunned by the number of different packages that claimed the need to "phone home".
I am sure there are many legitimate reasons for this to happen [such as checking for updates]. However, the current state of affairs seems to be stacking the odds against the average user. It's a bit like the tic-tac-toe ending to Wargames: the only way to avoid losing is to not play the game... and the only way to avoid having your PC pwned is to not have a PC in the first place.
OK, that's a [small] exaggeration. But it illustrates the point. #Depressing.
This could also be yet another "look over here, pay no attention to the man behind the curtain" scenario. Do not fool yourself, all of the world's intelligence communities has been doing this for decades of influencing the masses with carefully orchestrated information dumps. Because they know most people prefer the ignorance is bliss mentality. I bet you still consider the DNC staffer was the victim of a botched robbery, right?
All of this is the classical "Divide and Conquer" rules of war that has been going on for centuries. They have successfully implemented the first phase by dividing the country in half. What would the next step be?
More importantly, who is the they in the equation?
Cant Microsoft sue for infringement about selling malware that can sabotage user software?
This is the best description of Microsoft Windows I have seen in print, to date.
It also provides excellent context for the creation and promotion of systemd.
"Flyin' in just a sweet place,
Never been known to fail..."
So... we get exciting news every day now?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The Russians are looking to own both the left and the right.
Heads they win, tails we lose.
Jill Stein travelled to Russia in 2015, and we still don't know who paid for that trip or why (and she's keeping mightly quiet).
It's probable that Russia helped amplify Bernie Sander's message to disrupt Hillary's primary run (though it is equally clear that Bernie himself did not know this or collaborate, unlike Trump).
It is certain that they will mess with our primaries, and the 2020 presidential campaign (as well as congressional race in 2018), and equally clear that we'll have our heads up our asses still, and be unable to prevent or counter any of it. One party is actively trying to slow-walk and even block investigations, not to mention provide political cover, for our Traitor in Chief, so our ability to learn and act on these events is severely diminished, and if this continues, our democracy is very unlikely to survive the next election cycle.
So yeah, it's hard to tell the good guys from the bad guys sometimes, and thanks to the outcome of this election, and the craven behavior of our congressional "leaders," its only going to get worse. Much worse.
... this raises the possibility that Windows might actually be a functional and performant piece of work, one that has been unfairly maligned over the years due to the CIA's actions!
Seriously. What did they do? Specifically.
That's not nagware. Stop with the self-righteous software vigilantiism.
Children.
deleting the extra space after periods so i can stay relevant, yeah.
The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much. animal jam | five nights at freddy's | hotmail login