Slashdot Mirror
WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com)
An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
We have safely assume that Wikileaks aren't the only ones who have these tools. They have likely already been stolen by others, just like the NSA exploits before them.
Plus for most of us the CIA is just another adversary we want to defend against, no different than any other malicious actor out there.
I much prefer to know about these tools and vulnerabilities so I can defend against them. Patches will come quickly to quality software.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Alternatively, WikiLeaks could have consulted a few trusted security researchers to get any insight from the code, and released that insight with limited snippets of code. While that would likely aid attackers in making a similar infrastructure, they'd have to invent their own boilerplate, likely allowing the different reimplementations to be identifiable. The insight from the experts would also contribute more to coherent and realistic discussions on the actual capabilities of the tool, rather than encouraging more "the CIA is hacking everyone!" panic.
Even if the toolset had been sold to one "highest bidder", that would only be one other attackerto identify. The shared infrastructure would be a little confusing for researchers at first, but continued attacks would show distinct operation patterns as a signal rising above the noise. Yes, that does actually strike me as being more secure than opening the tools up to everyone at once, since it's now so much easier to hide any given attack in the higher amount of noise.
You do not have a moral or legal right to do absolutely anything you want.
You do have to wonder why Wikileaks and Assange are so eager to target everything U.S. - the intelligence agencies, political fuck-ups, armed forces fuck-ups...
Sure the U.S. isn't perfect and you will always find something to criticize, but there are much worse countries in the world, actively fighting against liberties, free press, human rights, etc. the most prominent and important being China and Russia. How come there are never any leaks from these autocratic countries?
By always putting the spotlight on the U.S. Wikileaks and Assange are playing right into the hands of these autocratic regimes, not just by exposing classified information, but also ideologically by repeatedly pointing out the U.S. as apparently being no better or even worse than the countries ruled by despots. Which in the grand scheme of things is simply false. And if you think so, you are deluded. Where would you rather live? The U.S. or Russia / China?
Considering all of this it's hard to shake the feeling that Wikileaks and Assange have degenerated into being agents for Russia. Maybe they have actually been infiltrated and controlled by Russia in one way or another.
How come there are ***never*** any leaks from these autocratic countries?
Never??? You can go to Wikileak and use the function 'search'. In case of it takes you too much time, here is a story published on Slashdot:
Wikileaks Releases Documents It Claims Detail Russia Mass Surveillance Apparatus
Keep in mind that Wikileaks is a tool to publish anonymous documents, you can't ask Wikileaks to publish what they don't have.
By the way, when you are SO angry that Assange 'seems to support repressive regimes', and DEMAND Wikileaks 'to do somethings' with these governments, I don't know where you were at those topic:
YouTube Suspends Account of Popular Chinese Dissident
Apple Pulls Anti-Censorship Apps from China's App Store
Bonus, don't blame Wikileaks and Assange for his 'so-called-anti-USA':
Cisco Leak: 'Great Firewall' of China Was a Chance to Sell More Routers
This is about spying. Snowden showed that the US is #1!!!
I'm sure Russia has a good spy program, as well as England, Israel, and China. Probably some European countries as well (maybe South Korea, but aimed at the North). Australia is in there as well, which is surprising to me.
And the US's spending on military is unmatched (but probably envied). We spend about as much as the next top 10 countries combined, those other countries represent well over 2 billion people (China and India are in there):
https://en.wikipedia.org/wiki/...
Same goes for spending on nuclear weapons:
http://www.icanw.org/the-facts...
Why is the US a primary target of things such as Wikileaks? Because everyone else in the world is a target of ours. And our own citizens are as well. Sad, as someone currently in power would say.
BlameBillCosby.com