Author Topic: WikiLeaks CIA cache: Fool me once  (Read 6502 times)

0 Members and 1 Guest are viewing this topic.

Offline J.C

  • Hero Member
  • *****
  • Posts: 866
  • la plume est plus puissante que l'épée
    • Snowden
WikiLeaks CIA cache: Fool me once
« on: March 11, 2017, 12:02:35 PM »
WikiLeaks CIA cache: Fool me once




This week's poorly conceived distraction from Trump and Putin sittin' in a tree was brought to us by WikiLeaks, which dumped 8,761 documents of the CIA's hacking arsenal online for all to see. The leak factory didn't even bother trying to play coy -- it actually made the "Vault 7" password an anti-CIA JFK quote about destroying the agency.

Hilarity ensued. Well, if you think it's funny when the press parrots WikiLeaks' misleading claims wrapped in PR spin.

What sort of misleading claims? How about the suggestion that the safest encryption apps, Signal and WhatsApp (neither of which actually appear in the document dump), are broken. Or that the CIA bugs everyone's phones. That our government is spying on us through our TVs with the flick of a switch. And that the CIA, which is providing evidence to Congress in the Trump-Russia probe, is part of a conspiracy to damage ... Russia.

When the news hit Tuesday morning, the bigger outlets ran wild, uncritically repeating the WikiLeaks press statement, and reporting on the documents without having them verified. If only being first was better than being correct.

WikiLeaks framed the whole media-attention sideshow as a giant embarrassment for an out-of-control CIA. Breitbart loved it. Especially the bit about how the CIA is trying to frame those completely innocent Russian government hackers. Hey, at least it was a break from WikiLeaks lending support to Trump's ravings that Obama wiretapped him.

By Tuesday afternoon, people were starting to get over the shock of learning that the CIA is a spy agency. A few news outlets started to correct their shit. They might've even felt a bit swindled by having regurgitated that crucial first round of PR from WikiLeaks, casting the dump as some sort of Snowden 2.0. (Snowden, for his part, has done his very best to make it a Snowden 2.0.)

Many in hacking and security weren't taking the bait to begin with. Many hackers were less interested this time by what was in the drop than by who it was from, and why it was being released now.

By now the press has started to sort things out -- but only after the misinformation had spread. But as Zeynep Tufekci writes, this is just a page from the WikiLeaks playbook. This time, she said, "there are widespread claims on social media that these leaked documents show that it was the C.I.A. that hacked the Democratic National Committee, and that it framed Russia for the hack. (The documents in the cache reveal nothing of the sort.)"

In an unusual turn, the CIA made a statement. Intelligence officials told press the agency was aware of a breach leading to this very dump, and is looking at contractors as the likeliest source. A formal criminal probe has been opened.

Thanks to the disinformation, lots of people are concerned about what was in the dump and how it affects their privacy and security. The contents haven't been confirmed by the CIA but it looks like it's shaping up to be the real deal. It mostly contains a lot of attack tools, and lots of clues that CIA operatives love Dr. Who, Nyan Cat, and hoard cheesy memes.

The files consist mostly of notes and documentation on the CIA's hack attack tools -- very specific tools used when the agency focuses on a very specific target. These aren't just hoovering up everyone's data like the lazy old NSA -- this is what a modern Bond's "Q" would use to go after a special someone, or someones.

As in, probably not you.

The attacks focus on operating systems, not on apps themselves. That bit you read about the CIA cracking Signal and WhatsApp was false. What this all shows, interestingly, is that encryption on those apps is tight enough that even the CIA hasn't been able to break them and needs to pop old versions of iOS just to read some ambassador's uncreative sexts.

There is literally no surprise here. The ubiquity of large systems having exploitable bugs, and the implications of this, have been reported on for decades.

Perhaps the nonstop cycle of social-media outrage has given us collective amnesia. What's old is new, and suddenly everyone is shocked to hear that there are 0-days in Windows and Android, and people are taking advantage of exploits. We all jump on a chair and lift our skirts and cry "rat!" because someone, somewhere, hasn't taken our advice about what to do with vulnerabilities.

So what's vulnerable, according to the CIA's hack attack tools circa 2013-2016? That would be Windows (Exchange 7 and 10 especially), OS X El Capitan, some Apple iPhone operating systems, and as we'd expect, a range of Android system exploits. The documents indicate that antivirus products like F-Secure, Bitdefender and Comodo are a pain in the ass to deal with, which makes them look pretty good.

The irony is that the best way to avoid these kinds of attacks is to update your system software when you're supposed to, don't get phished and try not to become a CIA target by, say, committing treason. Oh, and don't stop using reputable encrypted apps. Especially not because some guy with a hard-on for the CIA told the press the apps were compromised.

The docs do reveal that the CIA is well into hacking Internet of Things devices to use for surveillance with its Embedded Development Branch. According to journalists who are actually reading the documents, meeting notes from 2014 show that the CIA's analysts "are looking at self-driving cars, customized consumer hardware, Linux-based embedded systems and whatever else they can get their hands on."

This is to be expected, because spies gotta spy. Of course, because we live in a time when companies are using connected teddy bears to surveil kids and then getting owned by malicious hackers, we should expect spy agencies to roll IoT into their bespoke little government-funded "Q" laboratories.

It should make you uncomfortable -- and angry -- as hell that the CIA can use your smart toaster to spy on you. But, what's really troubling is that it's just piggybacking on data that companies are already collecting. Truth is, the US government isn't the early adopter here; Amazon, Google and Facebook are really the front-line developers of the surveillance state.

https://www.engadget.com/2017/03/10/wikileaks-cia-cache-fool-me-once/

cc:



https://www.engadget.com/2017/03/10/wikileaks-cia-cache-fool-me-once/
Assange fears the Pigeon.

https://goo.gl/QjIHja

Offline Jerbar

  • Administrator
  • *****
  • Posts: 668
Re: WikiLeaks CIA cache: Fool me once
« Reply #1 on: March 11, 2017, 13:40:57 PM »


   I have to say this latest fiasco by Assange was more affirmation of the severity of his decline. I read a large thread of comments following the NYT post on how Assange was promising that WikiLeaks was going to work with tech companies to correct the vulnerabilities of products to the big evil CIA.

   The great majority of all the comments were along the lines of "No way would I let that Kremlin pawn near my phone!".... "I don't want Putin in my phone!" .... "Isn't that like letting the fox guard the hen house?"... on and on that way.

   Yet Assange seems oblivious to all of this. It is as if he is completely unaware of his total lack of credibility among the general public these days.

   There are a few, very few Assange fanatics that still completely worship the conman. This new bone that he has thrown them is the kind of stuff that keeps them clinging to whatever fantasy world he has created for them. I think Assange blocks out all bits of reality to create his self delusion and remain a legend in his own mind.

   Assange has absolutely no interest in the privacy of others. He will very willingly expose very private information of anyone that gets in the way of his political agenda. He has absolutely no interest in transparency, he is only releasing damaging material on western democracies selectively, allowing corrupt regimes a free pass on all of their dirty little secrets.

   Ecuador is about a month out from holding its presidential elections. In the running is at least one or two candidates that have vowed to get Assange out of their embassy in London if they win. Things could get interesting if Assange losses his little hiding place. 

   

Offline J.C

  • Hero Member
  • *****
  • Posts: 866
  • la plume est plus puissante que l'épée
    • Snowden
Re: WikiLeaks CIA cache: Fool me once
« Reply #2 on: March 12, 2017, 19:21:47 PM »
"Assange was promising that WikiLeaks was going to work with tech companies to correct the vulnerabilities of products to the big evil CIA."

Assange couldn´t work a normal 40hrs standard week in a office. he thinks he still is an expert on the matter of everything connected to IT topics from 4.0 to Vulnerabilities.
There are Kids out there 45yrs younger than Assange with much better skills.

this guy is outdated and with all that cyber espionage stuff going on. cyber will suffer a lot in the future.

Assange fears the Pigeon.

https://goo.gl/QjIHja