Wikileaks Exposes CIA Hacking Tools

[Zarathustra[H]]

Apparently CIA's archive of tools used to compromise targeted systems was recently circulated in an unauthorized manner among former CIA contractors and hackers, one or more of which provided the information to Wikileaks. This leak outlines how CIA has been able to compromise platforms like Apple's iPhone, Google's Android, Microsoft Windows and Samsung TV's which can be turned into covert microphones. It also includes exploits for OSX, Linux and routers.

I've always been a bit uneasy about all the connected devices that might be used to spy on me and collect data. When I heard that Samsung's voice command microphone was always on, I made the decision to disconnect my TV from any network. I'm not personally concerned with primary use of Google, Samsung and their ilk using the data to anonymously raise ad revenue, but I've always been concerned with how it can be compromised and misused, and the CIA data shows that this is very possible. The primary concern is always identity and/or financial theft, and if the CIA can do it, so can some shady Russian or Chinese hacker. On the other hand I'm torn about this information being made public. CIA certainly does use it to attempt to protect us from foreign threats, but on the other hand there are many fourth amendment concerns, especially when the NSA might use methods like this domestically. The release of this information can allow developers to patch their code, and make us all individually safer from identity theft and 4th amendment abuses.

"By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

Note: I know this is a difficult topic to tread without political arguments, but keep in mind these arguments are against forum rules, and will only get this thread locked.

Let's keep things civil, folks.

 

[Deleted member 93354]

The hackers got hacked. Well there's a taste of their own medicine.

When will generals and politicians learn that they aren't immune. Oh yes...FUCKING NEVER BECAUSE THEY ARE TOO GOD DAMN STUPID ABOUT COMPUTERS AND FUCKING GOD DAMN SECURITY.

Thanks for making us less secure US government.

So who wants to bet the government ask some of these program vendors (Microsoft/Apple/Google) leave these holes in place in interest of national security?...

So what are the lessons here kiddos?...not that our leaders will learn from this. They will just point fingers and blame other people.


Go:

 

[SeymourGore]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

 

[ymer]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

Not sure if serious or extremely good joke.

 

[auntjemima]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

Has to be a joke.

 

[Gigus Fire]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

I've been told by CNN that checking out wikileaks and their releases is illegal and i must wait for the reporters from CNN to disseminate that kind of information.

 

[bigthoughts]

SPY vs SPY

 

[GlowingGhoul]

More like unaccountable government employees abusing the power of the CIA for their own purposes.

 

[Deleted member 93354]

More like unaccountable government employees abusing the power of the CIA for their own purposes.

1) In other words, your organization is only as secure as your weakest link. IE: Edward Snoden Or people who don't know @#$@# about computer security that have access to the tools: IE: Career generals and politicians.

That's lesson 1.

Next lesson any one?

 

[dgz]

[heavy voice] Spy is not our spy!

 

[lcpiper]

Apparently CIA's archive of tools used to compromise targeted systems was recently circulated in an unauthorized manner among former CIA contractors and hackers, one or more of which provided the information to Wikileaks. This leak outlines how CIA has been able to compromise platforms like Apple's iPhone, Google's Android, Microsoft Windows and Samsung TV's which can be turned into covert microphones....................

Z, if you are going to completely cut off your smart TV, why not just isolate it on a vLan so it can't talk outside your home network? That way you could still benefit from it being connected to other devices. The same is really true for everything that you don't want talking outside your home.

Networking my man, it's just a little networking.

 

[Deleted member 93354]

Z, if you are going to completely cut off your smart TV, why not just isolate it on a vLan so it can't talk outside your home network? That way you could still benefit from it being connected to other devices. The same is really true for everything that you don't want talking outside your home.

Networking my man, it's just a little networking.

Doesn't do you much good if your networking hardware (router/switch/firewall) can be compromised to allow that traffic through....vlan or not if there is a physical path to the outside world, it can be exploited one piece of hardware at a time.

Or are you talking complete air gapped network? That would be doable but make things like voice search, & netflix useless.

 

[Master_shake_]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

someone get a mop and bucket.

this post is dripping with sarcasm.

 

[Meeho]

I don't know how accurate this is, I just checked CNN and haven't read any coverage about this news item.

 

[Zarathustra[H]]

Z, if you are going to completely cut off your smart TV, why not just isolate it on a vLan so it can't talk outside your home network? That way you could still benefit from it being connected to other devices. The same is really true for everything that you don't want talking outside your home.

Networking my man, it's just a little networking.

I have some VLAN's for other stuff. For instance I isolate my network based TV tuners that way.

My Smart TV is my monitor though, and that's the only thing I use it for. I've never even looked at the smart features on it, as I have no interest in them.

 

[naib]

1984 was a warning NOT a damn instruction manual .... Telescreens..

 

[lcpiper]

The hackers got hacked. Well there's a taste of their own medicine.

When will generals and politicians learn that they aren't immune. Oh yes...FUCKING NEVER BECAUSE THEY ARE TOO GOD DAMN STUPID ABOUT COMPUTERS AND FUCKING GOD DAMN SECURITY.

Thanks for making us less secure US government.

So who wants to bet the government ask some of these program vendors (Microsoft/Apple/Google) leave these holes in place in interest of national security?...

So what are the lessons here kiddos?...not that our leaders will learn from this. They will just point fingers and blame other people.


Go:

I can't read the article that Dg linked cause it's wikilinks and the government blocks it, and if it is classified I am verboten from accessing it from unclassified systems.

That being said, just from the quote in DG's post it doesn't sound like the CIA was hacked at all. It sounds like someone who was authorized to access the tools stole them and gave them up for some reason.

What I do find a problem is this part of what DG posted;

The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

EO12333 does say that all SIGINT, (and network communications is being classified as SIGINT), is supposed to be done by the NSA and that no other US Government Agency or entity may conduct SIGINT unless it is done under NSA oversight. This is supposed to make sure that they aren't "doing it wrong". Now I don't know if the CIA is doing their SIGINT work under the control and supervision of the NSA or not. I do know that because SIGINT has grown to encompass network and internet signals, it's forced an expansion of SIGINT resources devoted to the work load. I can easily see that the CIA has additional areas of responsibility that the NSA isn't obliged to cover. The NSA is a DoD entity and has many restrictions on what in the world they can look into where the CIA has a specific mandate to look into these places that the NSA doesn't go.

But if this is a lot of money and a lot of redundancy then that is just more justification to look harder at what they both are doing and how it can be done better and cheaper. Add the FBI and the domestic piece to this problem and it really starts to add up to a problem.

 

[lcpiper]

I have some VLAN's for other stuff. For instance I isolate my network based TV tuners that way.

My Smart TV is my monitor though, and that's the only thing I use it for. I've never even looked at the smart features on it, as I have no interest in them.

I get you.

 

[Madoc]

I'm just glad the CIA would only use this on foreigners, not us God-fearing red-blooded Americans! (We won't talk about No Such Agency.)

 

[Zarathustra[H]]

I'm just glad the CIA would only use this on foreigners, not us God-fearing red-blooded Americans! (We won't talk about No Such Agency.)

Yeah, as long as you don't ever talk to a foreign national, then you are fair game

 

[Deleted member 278999]

1984 was a warning NOT a damn instruction manual .... Telescreens..

Reading this book lately really bothered me.

 

[Zion Halcyon]

I can't read the article that Dg linked cause it's wikilinks and the government blocks it, and if it is classified I am verboten from accessing it from unclassified systems.

That being said, just from the quote in DG's post it doesn't sound like the CIA was hacked at all. It sounds like someone who was authorized to access the tools stole them and gave them up for some reason.

What I do find a problem is this part of what DG posted;


EO12333 does say that all SIGINT, (and network communications is being classified as SIGINT), is supposed to be done by the NSA and that no other US Government Agency or entity may conduct SIGINT unless it is done under NSA oversight. This is supposed to make sure that they aren't "doing it wrong". Now I don't know if the CIA is doing their SIGINT work under the control and supervision of the NSA or not. I do know that because SIGINT has grown to encompass network and internet signals, it's forced an expansion of SIGINT resources devoted to the work load. I can easily see that the CIA has additional areas of responsibility that the NSA isn't obliged to cover. The NSA is a DoD entity and has many restrictions on what in the world they can look into where the CIA has a specific mandate to look into these places that the NSA doesn't go.

But if this is a lot of money and a lot of redundancy then that is just more justification to look harder at what they both are doing and how it can be done better and cheaper. Add the FBI and the domestic piece to this problem and it really starts to add up to a problem.

Vault 7 supposedly was an air-gapped system. So yes, supposedly the only way this could have gotten out was via an internal leaker.

 

[Darunion]

Vault 7 supposedly was an air-gapped system. So yes, supposedly the only way this could have gotten out was via an internal leaker.

Imagine going to work the next day, everyone trying to figure out who did it and hoping no one suspects them.

 

[Deleted member 278999]

Imagine going to work the next day, everyone trying to figure out who did it and hoping no one suspects them.

You mean the usual?

 

[Darunion]

You mean the usual?

haha shots fired!

 

[lcpiper]

Imagine going to work the next day, everyone trying to figure out who did it and hoping no one suspects them.

Usually this kind of thing happens when someone is no longer going to work anymore. At least, not for the people you outed.

 

[lcpiper]

You mean the usual?

He's not talking about busting ass in your work cubicle



So I'm guessing that Assange finally gave up on trying to get the US to leave him alone.

The trove had been “circulated among former U.S. government hackers and contractors,” one of whom “recently” gave the archive to WikiLeaks.

I'm just guessing here but I'm thinking the CIA and NSA both just stopped hiring ex-hackers and high school drop outs.

The world just got a lot darker.

 

[fuzzylogik]

I guess imho, CIA/NSA having tools like this to spy on people shouldn't be surprising to anyone. The sad part is that these leaks can be rather bad (not to mention illegal) for a fair number of reasons. But - the scary part is... who runs it? who do they report to and ultimately accountable to? Why/who were they spying on within the US of A? Was that even legal? Or was any of this tech used to purposefully spread miss-information and/or mislead US citizens?

 

[Zion Halcyon]

I guess imho, CIA/NSA having tools like this to spy on people shouldn't be surprising to anyone. The sad part is that these leaks can be rather bad (not to mention illegal) for a fair number of reasons. But - the scary part is... who runs it? who do they report to and ultimately accountable to? Why/who were they spying on within the US of A? Was that even legal? Or was any of this tech used to purposefully spread miss-information and/or mislead US citizens?

I think if you know that history repeats itself, then the answer to your questions is simple - Operation Mockingbird.

 

[MrCaffeineX]

Z, if you are going to completely cut off your smart TV, why not just isolate it on a vLan so it can't talk outside your home network? That way you could still benefit from it being connected to other devices. The same is really true for everything that you don't want talking outside your home.

Networking my man, it's just a little networking.

I don't use the smart features on my TV because my HTPC does a better job delivering streaming content, not because I am worried about the potential of someone spying on me (are these exploits even possible on Vizio models?). I don't need it to talk to anything else on my network. Perhaps Z does something similar?

 

[Zarathustra[H]]

I don't use the smart features on my TV because my HTPC does a better job delivering streaming content, not because I am worried about the potential of someone spying on me (are these exploits even possible on Vizio models?). I don't need it to talk to anything else on my network.

Vizio does a pretty good job of spying on their own, and you can bet if Vizio is collecting data, these guys have probably found a way in as well... It's so much easier to doif you can piggyback on the manufacturers data collection efforts, rather than writing your own from scratch...

Perhaps Z does something similar?

See my post above above.

 

[GlowingGhoul]

I had to laugh about the instantaneous determination "it was the Russians".

"The intelligence agencies found the signature of Russian hackers"

I found this hard to believe, so I kept following this thread of news for more information. What did I discover? The "signature" they were referring to was the name of the founder of the KGB, in plain text, in a piece of malware supposedly left behind by the "hackers". Really? The KGB has custom radioactive isotopes, only able to be made within nuclear reactors, made to order for assassinations, but they leave behind more tracks than a Nigerian scammer? Sounds much more like an influence operation intended to create a false narrative.

 

[Zion Halcyon]

I had to laugh about the instantaneous determination "it was the Russians".

"The intelligence agencies found the signature of Russian hackers"

I found this hard to believe, so I kept following this thread of news for more information. What did I discover? The "signature" they were referring to was the name of the founder of the KGB, in plain text, in a piece of malware supposedly left behind by the "hackers". Really? The KGB has custom radioactive isotopes, only able to be made within nuclear reactors, made to order for assassinations, but they leave behind more tracks than a Nigerian scammer? Sounds much more like an influence operation intended to create a false narrative.

Well, consider now we know, thanks to the leaks, that the CIA can now pretend to be "Russian hackers". Or Chinese or any other country.

 

[Zion Halcyon]

Big picture time - we know CIA has people who have been on the payroll working in CNN (Anderson Cooper and I think Tapper are two) and we know from the Project Veritas leak that CNN cares more about driving a narrative than reporting fact. CIA "loaned" Jeff Bezos hundreds of millions of dollars to buy the Washington Post. So combine that with these tools, and you now have an institution that can do whatever it damn well pleases, and its own print and tv media that can spin it however it wants the American public to perceive it.

Someone want to convince me how that is a good thing?

 

[thejokker]

It seems some in our intelligence community (isn't that an oxymoron?) have cut themselves wide open trying to use a double-edged weapon...

 

[maxius]

Vault 7 supposedly was an air-gapped system. So yes, supposedly the only way this could have gotten out was via an internal leaker.

In before everyone with access to that system is found dead.

 

[Deleted member 93354]

The only two ways you can comprimise an air gapped system:

1. Install some type of wireless component
2. Transfer storage via some port like USB.

So the question is, "why the @#%@# do they not have alarm bells going off on an air gapped system when something is plugged into it?"

People were laughing at me for saying a "USB port killing device has legitimate uses." I don't think they are laughing now.

 

[haste.]

Reading thru the comments, cmon guys it's getting extreme. Please provide factual information on Anderson Cooper and Jake Tapper being undercover CIA agents that doesn't preside on the absolute most fringe portions of the internet... So is Reuters and the BBC part of this grand conspiracy as well? They report the same information as CNN most of the time.

 

[lcpiper]

I guess imho, CIA/NSA having tools like this to spy on people shouldn't be surprising to anyone

No it shouldn't. it's their job, and when it comes to the CIA, operations designed to mislead and confuse enemies and encourage other countries to take actions favorable to ourselves makes some things look strange or disconnected when you don't know the whys.

The sad part is that these leaks can be rather bad (not to mention illegal) for a fair number of reasons. But - the scary part is... who runs it? who do they report to and ultimately accountable to?

I have no idea what you mean when you say "who runs it, or who is ultimately responsible. It's not a guessing game, there is a chain of command that goes right up to the President. The only way the President is ever excused from responsibility is if it happened before he was in the chair or if it's reasonable and understandable that he didn't know anything about it, and even then, he still has to carry some water.

This article says that the CIA group involved is the "Center for Cyber Intelligence in Langley, Va"

A simple Google search shows that;
Mike Pompeo, is the Director of the CIA and Gina Haspel is the Deputy Director
https://www.cia.gov/index.html

And this is where I run into a problem. I don't see a part of the CIA listed as the Center for Cyber Intelligence.

Under the Office of the Director of National Intelligence I see a Cyber Threat Intelligence Integration Center. But that isn't CIA.
https://www.dni.gov/index.php/about/organization/ctiic-who-we-are
https://www.dni.gov/index.php/about/organization/ctiic-who-we-are
OK, a little more digging shows that this new Center for Cyber Intelligence is a very new thing and was just announced in December. That doesn't mean they weren't doing Cyber shit before, just that this organization within the CIA is new enough that they haven't updated their website with it yet. That also means the person in charge of that Center isn't as easy to identify yet.

It's tough finding a news release for who has been named the head of this new group as it seems everyone wants to call their cyber operation a "center for cyber intelligence".

Why/who were they spying on within the US of A? Was that even legal?

They spy on the entire world outside of the USA, and on any non-US person within the USA. That's a lot of people and organizations.

Or was any of this tech used to purposefully spread miss-information and/or mislead US citizens?

Misinformation is a CIA specialty even if US Citizens fall for it as well as the targets.

 

[lcpiper]

Big picture time - we know CIA has people who have been on the payroll working in CNN (Anderson Cooper and I think Tapper are two) and we know from the Project Veritas leak that CNN cares more about driving a narrative than reporting fact. CIA "loaned" Jeff Bezos hundreds of millions of dollars to buy the Washington Post. So combine that with these tools, and you now have an institution that can do whatever it damn well pleases, and its own print and tv media that can spin it however it wants the American public to perceive it.

Someone want to convince me how that is a good thing?

You believe that Anderson Cooper is a CIA Agent?
You spend too much time on Youtube man.