WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk) 457
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
now we know why tech is protected (Score:2)
Re:now we know why tech is protected (Score:4, Insightful)
As far as the electronics hacking goes, ever since electronics became a thing.
Hell, Nixon got caught up in early electronic eavesdropping,
This isn't new knowledge, just confirmation of what has been suspected all along.
Vault 7 sounds like a great title for a new TV series...
Re: (Score:2)
Everything described is EXACTLY what the CIA is expected to do. It is literally their job to spy on other people.
If Wikileaks publishes something along the lines of the CIA using these tools on people within the US, then that would be something that is notable (and illegal).
Now the NSA having these tools is more problematic, as they are tasked with both spying on others for USA's economic gain, but it is also their job to secure America from foreign espionage, so keeping software vulnerabilities (which pre
Re: now we know why tech is protected (Score:3)
More like the prequel to Fallout IRL
In Soviet Russia, TV Watches You! (Score:5, Funny)
Slashdot Flashback time...
In Soviet America, TV watches you!
Surprise! (Score:2, Informative)
There is no surprise...
Re:Surprise! (Score:5, Interesting)
I am surprised that anyone would continue to risk themselves and leak this kind of information, since we have seen how willing the public is to stand up and defend its whistle-blowers (which is to say, not at all).
But terrible reporting as usual... (Score:5, Insightful)
What is it with the quality of reporting now?
No, this does NOT make signal, etc completely insecure - this means they need to specifically target one end of the conversation, before
it happens - why is always likely to be possible.
What is DOES NOT mean is that they can auto-vacuum up all the conversations for later 'analysis', as they can do with just about every
other form of internet base communication. THAT is a critical difference. What it means is when you get on the wrong side of an ever
expanding range of government bureaucrats, they can trawl through less of your life to look for a suitable 'punishment'.
Of course they would LOVE everyone to think encrypted communication is useless, because they more people wouldn't bother......
Bears a close resemblance to a false flag reporters.....
And no, I dont need to post that AC, because being sensible about your personal communications is sensible, not illegal.
Yes! I knew it. (Score:5, Funny)
When I got my TV I bypassed the Mic and am feeding it "never gonna give you up" in a continuous loop. Glad my effort was not wasted.
Re: (Score:2)
Why not give them a more annoying audio like sex noises, scratching on chalkboard, etc. ;)
Re:Yes! I knew it. (Score:5, Funny)
my ip addr is 0.0.0.0 on my 'smart' tv. can't get in, like that!
oh man, I just checked - I have a routing entry in my cable modem for all zeros! should I be scared?
(uhm, lol?)
Stop using computers! (Score:2)
Re: (Score:2)
Nah, just flood their data bases with computer generated bullshit. Computers are capable or producing volumes of data which they would be forced to sort, categorise and store. Fake coms, fake movements, fake activity, fake searches, fake everything digital. Want to talk to some one, be a human being and go see them and talk to them. Leave the computers to talk empty waffle to each and the agencies can get the erections and play with themselves. Bury them in their own bullshit.
Is any of this new? (Score:5, Insightful)
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
That's part of the spying thing and has been for at least the last 2-3 decades.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
Logically follows.
3) The CIA could use smart TVs to listen in on conversations that happened around them.
Smart device insecure; news at 11.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
Explored and...? That's it? Okay.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
Author doesn't know what an 0-day is good for.
Re:Is any of this new? (Score:5, Funny)
My mother tells me that when black and white TV first came out, some people used to dress all nice and clean to watch TV, like if they were going to a wedding or something. Apparently, they weren't sure if the guy in the TV could see them and they wouldn't trust you if you told them he couldn't.
Man, those people were visionaries!
Re:Is any of this new? (Score:4, Interesting)
Not surprising, some people today are just as ignorant about computers.
Though it scares me to think I may be ignorant about some FUTURE tech that comes out when I'm old.
Re:Is any of this new? (Score:5, Interesting)
The fact of the matter is that the main reason the government is turning into Big Brother is because unlike most of the people on this site, the typical American believes that all of those things are ridiculous conspiracy theories. Hence politicians who find a surveillance state to be reprehensible are few and far between. I can think of Ron Wyden and Rand Paul off the top of my head and they're treated like whackos.
To flippantly dismiss it at "that's spying and that's how it's been for the last 2-3 decades" is the type of submissive attitude that has allowed this to happen in the first place. The generations of our time exist at a crucial moment in history when the very notion of liberty is in jeopardy. If we allow an Orwellian government to take hold—which all of these actions by the CIA are precursors for—then it may be impossible to reverse.
I may sound hyperbolic but the extreme nature of the changes our society currently face only sound ridiculous to people because most don't want to believe that horrible things are happening (or at least, they don't want to believe they'll happen in their own lifetime). It's the same with climate change. People just hope that when the shit hits the fan they'll be long dead.
Re: (Score:2)
SOMEBODY suffered the worst of histories atrocities and disasters, but it won't happen to me.... normalcy bias, societal cycles, yada,...
Do not despair America, these are the times that produce tomorrow's heroes.
Re: (Score:3)
Re: (Score:2, Informative)
i thought they had a hard time breaking into iPhones before in various forms..? was this a lie ?
That was the FBI not the CIA. It is apparent (or perhaps they just want us muggles to believe) that these agencies do not cooperate at all.
Re: (Score:2, Insightful)
If they have to use malware to get on the phone, they have to get malware _into_ the phone before using it. Being able to tap a phone by installing a specially designed program doesn't necessarily mean they can unlock it while it's locked if such a program isn't already on the phone. They may still be able to do that, but it's a different task.
Betcha Trump is going to mad at Assange again (Score:4, Insightful)
I'll bet serious money this enrages Trump and he threatens to arrest and detain Assange.
Re: (Score:2, Informative)
Trump love Assange.... and vice a versa.
Re: (Score:2)
But he hates not being the center of attention above all. If you want to predict when the next granpa twet storm is going to come, track how much coverage is about him. When it starts to dip... when Sessions gets the spotlight for example, we are in for another crazy rant.
Re:Betcha Trump is going to mad at Assange again (Score:5, Insightful)
The quote is from an alt-right shit site you moron.
Re: (Score:3)
But at least his first reaction wasn't "Can't we just drone this guy?"
People are constantly justifying the inane things Trump says by claiming he was joking, or not being serious, or that he was misinterpreted. Just today, the chairman of the House Intelligence committee said "I think a lot of the things he says, I think you guys sometimes take literally." Maybe you could give Hillary the same artistic license and consider that perhaps she was joking or misinterpreted? Oh, who am I kidding. She's a Democrat, you'll give her no quarter.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
There's even more evidence that you're a pedophile (Score:3)
Do you see now why truth matters?
#3 (Score:5, Insightful)
Re: (Score:2)
its now to the point where any tv that is worth owning is 'smart'. beyond a certain size, (vizio, for sure) its all smart-only.
but - just don't connect a network to it and its not ever going to be 'smart'. no network == dumb tv. no forced firmware upgrades, no wiretapping, no nothing.
I would not worry about so-called smart tv's. disable networking and you're safe.
Smart TV is worrisome (Score:5, Insightful)
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
Re:Smart TV is worrisome (Score:5, Insightful)
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
Then don't put it on the network if you're concerned.
Re:Smart TV is worrisome (Score:4, Insightful)
Then don't put it on the network if you're concerned.
Well that kind of defeats the purpose of buying the TV in the first place, I use it to watch Netflix.
I suppose I can disconnect it from my wifi like you said and then get a Chromecast stick or some such plug-in device. But having the feature built-in was a lot more convenient, no need to boot up a second device or use a second remote controller, etc.
Also if my TV is infected, how do I know if it's really disconnected from wifi? I suppose I would have to get a packet analyzer and record all packets for like a week and see if the TV sent anything over the network.
Re:Smart TV is worrisome (Score:4, Insightful)
wait nevermind, it just occurred to me that i can check the wifi router's DHCP log and see if the smart TV connected.
Re: (Score:2)
Whats the risk that a user is running a network protocol analyzer on their own network? Or finds an outside wifi connection connecting to their smart TV?
A random outside wifi connection or risk entering a users own wired and wireless network that might be logged?
Re: (Score:2)
Re: (Score:2)
When done, disconnect the TV.
No need to have a powered, networked computer with a cam and mic on 24/7 as a "display" when work is been talked about.
Re: (Score:3)
Or you could just use it as a monitor for a PC and watch shows that way (I do that but it is a very cheap TV not a "smart" one), but cabling hassles etc get in the way for most people (plus MS Windows sucks with multiple screens that are not on at all times). What about finding out where the microphone is and just block it's ability to pick anything up?
Why do so many geeks like IoT stuff so much? (Score:2)
Re: (Score:2)
Re: (Score:3)
That lack of control is part of why I still use a home theater PC. I can control what is going on more, and have access to far more entertainment options than any "Smart" TV or even a plug-in like Roku.
I think my latest TV might actually have some "Smart" features, but I don't use them and never connected it to my WiFi network... so even if it had the capacity to be used for monitoring, being off the Internet prevents any such nefarious use.
Re: (Score:2)
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
If your "desktop" machine has been owned enough with a boot sector style spyware/malware (like a keylogger), I don't think that there are simple steps you can take to detect them (you pretty much have to move your boot drive to a trusted machine to scan/fix it)... Since Smart TVs get manufacturer OTA updates all the time to update their "apps", I suspect Weeping Angel would want to operate on a level similar to a boot sector style spyware/malware and compromise the device on a low enough level to survive a
Re: (Score:2)
Re: (Score:2)
Linux, as of late.
http://www.digitaltrends.com/h... [digitaltrends.com]
"According to an official statement issued by the company today, all Samsung smart TVs will now run on Tizen, an open-source, Linux-based operating system (OS) developed and supported primarily by Samsung and Intel."
The World According to Garp, er, Brill: (Score:4, Insightful)
The government's been in bed with the entire telecommunications industry since the forties. They've infected everything. They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you. It's a brave new world out there. At least it'd better be.
As great as the internet's free flow of information has been for the average human, there is another entity that has benefited even more...
second cold press (Score:2)
There are already quite a few tools in computational journalism to automate the early assessment of a large data dump.
What do Journalists do with Documents? [jonathanstray.com]
C+J 2016: Documents, Data Mining and Discovery [youtube.com]
As with all things, I'm sure the 20-80 rule applies.
Safe (Score:5, Funny)
I'm safe. Turns out buying a Windows Phone was a good choice after all.
Re: (Score:3)
Same here! practically 100% theft-proof!
What is the surprise exactly? (Score:3)
If you didn't know this kind of thing was going on, you weren't paying attention. The job of the intelligence agencies is to... gather intelligence, particularly the kind that people don't want collected and kill foreign enemies covertly. This is why they are not allowed to act inside the US. Every other intelligence agency on the planet does exactly the same thing. If you think otherwise you are living in a fantasy land bubble.
Re: (Score:2)
This is why they are not allowed to act inside the US.
Which the CIA neatly sidesteps by having a "domestic agency" attached to an operation.
By domestic agency they mean one clueless newbie FBI agent tagging along with the tough seasoned elite operators of the "real" intelligence agency.
Re: (Score:2)
By domestic agency they mean one clueless newbie FBI agent tagging along with the tough seasoned elite operators of the "real" intelligence agency.
Why, Special Agent Dr. Stanley Goodspeed, is that you!?
Strat
Re: (Score:2)
First, if you think this release is relevant only to activities outside the US you are naive, at best. Second, if you DID know this kind of thing was going on, and weren't making all the noise you could to combat this infringement, you deserve the tyranny that rules you, and are also responsible for its power over others.
America wasn't built with "business as usual/not my problem" attitudes...
Re: (Score:3)
Of course I knew this was going on. Not only that, I expect and approve that it goes on. I want my country to have the best fucking weapons to use and the best intelligence on other countries. Yes, it's power. But unilateral disarmament just leads to a Russian flag over the capitol.
Yes, dragnets are bad. But so far these have all been targetted things. I have no illusion that the US government could read my mail, listen to my phone, use a stealthy drone with night vision, or otherwise montior everythi
Re:What is the surprise exactly? (Score:5, Insightful)
So they've scared you that bad, huh? Ready to sacrifice all so long as they keep you safe from the boogeyman.
Re: (Score:2)
No, I'm not worried about a boogeyman. I am worried about my country being at a disadvantage in a war. Cause, you know, they happen.
Open Hardware (Score:2)
This makes open hardware more imperative. Are the operating system flaws all software, or are they hardware? Or firmware? If the latter two, are they flaws or cooperative effort by the manufacturers?
I don't have time to read the entire thing, so I'm wondering what part of my Linux installations are being exploited. FOSS and FOSH are the only real digital defenses we have against our governments, as they are our only avenues of control.
Re: (Score:2)
Start hunting through these...
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
Cliff notes version: You're screwed.
Endorse the ethics of software freedom (Score:5, Insightful)
"Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure" is what makes running security-minded programs on non-free, user-subjugating, always-untrustworthy, proprietary OSes a joke. People get a sense that they're safer from malware [gnu.org] then they really are and they think they get to keep their proprietary conveniences as well. Openwashing will not help you.
I know it's a lot of work to learn new things and change your views and your behavior. I understand that software freedom is differently political than what you're encouraged to adopt, and software freedom requires you to consider more than what's listed in virtually every features & money-based ad campaign from monied proprietors. And I get that coming to terms with the consequences of software freedom runs directly contrary to believing that you don't need to think any further than what proprietors and their "open source" friends tell you to think about (because no proprietor frames their offerings in terms of the freedoms to run, inspect, share, and modify the software, hence proprietors are more likely to sanction the open source movement which eschews these values and even celebrates partnering with proprietors like Red Hat's recent uncritical commentary on Microsoft's software and Microsoft's new campaign regarding "Linux"—no mention of GNU which might bring software freedom to mind). But in the real world you need to stop trusting proprietary systems to keep you safe, respect your privacy, or other practical consequences of software freedom. Proprietary software wasn't designed to do that and therefore that software never will do that job. There is no middle ground which allows you to run proprietary software while retaining the benefits of software freedom. It's time to value software freedom for its own sake.
Even if all published software were free, exploits like these are possible because all complex software has bugs. Perfect security is not the issue. The issue is who gets to control their own computer and how we treat each other. Even after these exploits are published by WikiLeaks and people have had time to consider them and protect against their adverse effects, proprietors will still have power over users who run their proprietary software. Users won't be able to tell what other exploits are out there and therefore it will be harder to protect against them. The difference between proprietary subjugation and software freedom becomes more clear: Free software users will be able to run, inspect, improve, and share improvements with others making that software more able to prevent future attacks. But proprietary software users won't be allowed to do the due diligence they need in order to help themselves no matter how technically skilled they are or how willing to repair things they are. No computer user deserves to be treated that way. It will take a lot of work to get people to understand why they too should care about software freedom even if they're non-technical (like most computer users are). So I urge you to understand software freedom for its own sake and to try to help others understand as well.
Relatedly, the Free Software Foundation's "Respects Your Freedom [fsf.org]" campaign has some new hardware on the list. I recommend buying some and using it, even if it's not up-to-date with the latest capabilities and seemingly expensive for what's offered. We need more people to invest in free replacements for proprietary, locked-down, user-subjugating systems. We need to make investments in our own collective future by funding the free products available today so we can have modern, highly-capable, and fully user-controllable POWER8, RISC, etc. systems which will respect the owner's control.
Re:Endorse the ethics of software freedom (Score:4, Insightful)
After the 1950's cryptography was weak and international standards got a lot of free support in the press.
A company, gov, mil or bank would buy in an approved network or some other nations product that was tested and worked well.
Governments and mil knew a one time pad was secure but they had so much data to move. So new hardware was imported.
The crypto on offer would be weak and US/UK would get all messages in real time.
Once the world moved to more secure crypto, the clandestine services went for the weak hardware/software that was trendy and global.
The OS and hardware used to read or create a message was junk but the crypto could be examined by all.
Everyone agreed the crypto was so safe and that it was always going to be tested, studied and kept safe.
If the academics and brands ever get the hardware, OS side fixed, expect a flood of new junk crypto again.
With open source at least the OS and hardware has been looked at. The network might not be secure but at least a private message can be created and trade secrets, product designs can be protected until they are ready for sale, publication.
The only other option is to fly staff around the world, use one time pads.
What to do (Score:2)
e.g. CIA Chief: We’ll Spy On You Through Your Dishwasher (03.15.12)
https://www.wired.com/2012/03/... [wired.com]
Past project shape new projects in the US gov. Electronic collection is the only growth area so that is what gets funding and political support.
Collect it all is policy that can be understood by most people.
2. Work out if the NSA, CIA or any other part of the US gov think your company or work is inter
Crashing Cars? (Score:5, Interesting)
Linux malware... (Score:4, Informative)
https://wikileaks.org/ciav7p1/... [wikileaks.org]
https://wikileaks.org/ciav7p1/... [wikileaks.org]
Can someone give us the Cliff Notes on what we need to sudo rm -rf ??? Is it just routers being targeted...?
Re:Linux malware... (Score:5, Informative)
Here's a few excerpts...
V2.5.1 /var/.config timer file if it does not already exists. Note that the trigger listening function will automatically self delete the executable if it discovers that the /var/.config file does not exists. If a self delete occurs, the normally empty /var/.config will contain a time stamp when the actual self delete occurred using a yymmddHHMMSS format. Previous versions would allow the /var/.config file was removed. Version 2.4's Caution for Solaris shells still applies. A new
11/29/2012
Modifies all mikrotik, linux, and solaris code so any successful beacon or trigger will also create a
executable to stay on the box but would stop the process whenever the
Hive updating script called hiveReset_v1_0.py was added which also resets the self-delete timer for all linux, Mikrotik, and Solaris devices.
(S) Below is the list of files included in this release, along with their size and MD5 hashes.
Filename File Size(bytes) MD5 Hash
CCS.xml 490235 1dd06dd5b74ceb7cab9b599a22f99975
cutthroat 1095780 caba38dc033c86f5f9daa837dfe4c2fa
hive670859 216f0da2dca51fb33044e5b525db45a3
hive-patcher 1368840 dee62bac8aa66f6a309c2bb1c675c3e0
hiveReset_v1_0.py 60292 d3153e378e24f4bed0ceddfcab599fb8
honeycomb.py 15500 5ef80df352e52e191556663c0bcc3059
swindle.cfg 680 3b9185be038c826c39734f1be273b37f
Unpatched Binaries
hived-linux-i386-unpatched 165280 a7729c8b0c5f1b0f3bc1888a43be3525
hived-mikrotik-i386-unpatched 163426 7905ecba0e020fe8883099fb45ff2e50
hived-mikrotik-mipsbe-unpatched 234944 e74ad934ff90aa2354d3874009563343
hived-mikrotik-mipsle-unpatched 235307 4f2d7d2e817684a21f2de8315c2d9eb3
hived-mikrotik-ppc-unpatched 175812 0806e6641cafe014266d30ee1d4b37ef
hived-solaris-i386-unpatched 174764 3adb8dfaf459948a0eea6a9439396059
hived-solaris-sparc-unpatched 207720 aa853024ec50b914c3cb3717b36d7e5c
Hacked phones are hacked phones (Score:3)
I've been going over this most all day (I'm retired, so I got fuck-all else to do on a rainy day).
From what I can tell, the biggest takeaway is that a hacked phone is not secure. Encryption is still OK, and Signal and WhatsApp are still secure as far as we can tell. Everything else has already been known. Also, it's a good idea when vendors patch vulnerabilities, apparently. Who knew?
EFF has written some interesting stuff about Vault7 today, on their webpage and Twitter account.
https://www.eff.org/deeplinks/... [eff.org]
And that's why... (Score:2)
"The CIA could use smart TVs to listen in on conversations that happened around them."
And that's just one reason I'll never own a "smart" TV.
I remember people laughing at the idea that anyone could or would covertly turn on the mic in your TV, but who's laughing now?
Comment removed (Score:5, Interesting)
Re:There is no going back now. (Score:4, Interesting)
I'm not from Germany, so I don't know all that first hand, but was really STASI control a major factor in uprisings? I was under impression it was mostly about ruling party, possibility of rigged elections, economic reasons, split of Germany and following a chance given by USSR turmoil/opening at the time. I have no doubts that hate of STASI was some factor in why people hated the system/government, but you have phrased your story so it looks like people of East Germany made a revolution again STASI itself rather than against communist state.
Coming back to case of USA and CIA - I can see some kind of revolution happening there because people getting angry about corporation lobbying/control, taxes, elections, some unneeded war etc. Do you really think that people would go out to the streets and try to topple the government because CIA would get too powerful? Wasn't CIA quite powerful in 50ties and nobody really complained?
Working Torrent (Score:2)
Has anyone been able to download the torrent? I tried and it hasn't been working.
that settles it (Score:2)
our spy masters are evil, pure evil, and there's no way we can know who they turn they evilness to. US, 'them', or combo of both.
I wish all the spy agencies were disbanded. no one should have this kind of power, no one! prisoner experiment (stanford) demonstrates that no human should have that kind of unchecked power.
who watches the watchers?
NO ONE.
or, no one we can trust.
man, this is sick shit. a US agency that spends its time trying to create malware and thrust it upon - ALL OF US.
now, even this NEWS
Why no dumps of fancy bear cybertools? (Score:2)
Ok, let's go at this piece by piece... (Score:4, Insightful)
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
It's basically, if it's Internet connected, it's probably vulnerable to some degree. But I wanna see the CIA remotely invading my unconnected Windows 7 PC used for maintenance purposes. Unless they get a warrant and physically get to my computer, they can't.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
Wrong. Encryption is used on these device to protect messages DURING transit and it's not only from the CIA or for criminal purposes. So yeah, it's still secure if you are not being actively targeted by the CIA, and if you keep your devices outside the reach of malicious actors.
3) The CIA could use smart TVs to listen in on conversations that happened around them.
This just adds up to not buying smart TVs at all, or at least don't connect them to the Internet. Several big brands like Samsung, LG, Vizio among others have been caught red handed harvesting information using smart TV functions for all sorts of purposes, so this recommendation came before the CIA papers leak.
It might not have shown up in papers just yet, but this also applies to your IoT devices and whatnot. Do NOT get a Google Home, Alexa or whatever always listening device you can avoid it. Your privacy will be put at risk as potentially your security also will.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
Hackers are also into this, and it'll remain an issue as long as car manufacturers continue to ignore major security flaws in their systems. Just so people know, most cars these days are wholly insecure. Hacking could come with something hard to accomplish like connecting a device into the electronic diagnostic systems on you car, needing physical access, to shoving malware on your Android based car system and taking control remotely from there. Unfortunately, it's one of those cases where a fatality will need to happen for car manufacturers to be blasted for malpractice and change their ways.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
This, along with several other cases like the iPhone thing and the more recent of a pedophile being released because a government agency didn't want to release the tools used for his arrest to the public just shows how governmental agencies are not focused on security and worries on the public, they are focused on power. This is the core issue with NSA, CIA, FBI and other public agencies promoting erosion or privacy: they want the power to spy on everyone and anyone, which gives them control to do anything.
All of the revelations and the spying programs governmental agencies have reveals one big problem in itself: the US will soon become a country where something like Watergate, or something more recent like the Snowden leaks, could never happen. How long do people think that an empowered state that is able to spy on everyone including journalists (which btw, the current government sees as "the enemy") will use these tools to actively persecute, blackmail and shut up anyone who has something negative to say about the administration? You are basically diving into a well disguised totalitarian regime. And with morons currently running the country it's going to be very hard to convince them that these powers have nothing to do with making police work easier, or going after terrorists, and all to do with these agencies having enough power to do just about everything they want.
There already have been plenty of reports on police mishandling public cameras and using tools for stuff like stalking people, going after ex-girlfriends and stuff like that. Going from there to actively blackmailing people, using the information collected for their own profit, all the way into covering scandals and shutting off corruption case investigations is not a joke. Yes, no one is interested in your boring life and your boring messages or e-mails, but there is a reason why privacy is the cornerstone of democracies. If you don't fight for it and lose, the consequences will come crashing down soon enough, and then there's nothing you can do anymore.
Flawed tactic? (Score:3)
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
Does that not display a high degree of hubris? I'd say that if a government agency discovers a security flaw in something then they have to immediately assume that "hackers from other countries or governments" either already have it or will independently discover it soon. I really don't think it's something for which you have a big window of exclusive use.
Given today's politics (Score:3)
...I think the revelation that they've appropriated other security services hacking tools so they can attack a system and leave false footprints would be a bit of a bombshell.
What about Michael Hastings??? (Score:4, Interesting)
Interestingly, Michael Hastings died when his car suddenly accelerated out of control and crashed, killing him instantly. He was currently investigating the director of the CIA, John Brennan!
Coincidence???????
???
??
?
Re: (Score:2)
Haven't you noticed how Donald is not locking her up anymore? No-one who is part of the machinery of state ever sees the inside of a court, that's just not how it works.
Don't go pretending Donald is any different to Hilary, none of them are on your side.
Re: Not surprise in the least... (Score:5, Interesting)
locking up(or shooting) CIA operatives who interfered with democracy, however, would be great for democracy.
Re: (Score:2)
"Politicians should be exempt from the laws, and this is good for democracy." - Lehk228
Re: Not surprise in the least... (Score:5, Insightful)
Not locking her up is really bad for the concept of Rule of Law.
Not investigating and then, if necessary, pressing charges and letting a court decide is really bad for the concept of Rule of Law.
She was investigated, and the conclusion was that 'No reasonable prosecutor would take the case.' Hillary Clinton is, contrary to popular opinion, innocent in the eyes of the Law.
Forgetting about the presumption of innocence is really bad for the concept of Rule of Law.
Fucking selectively moral hypocrites who have already decided not to accept what their own fucking law enforcement agencies have investigated and declined to prosecute is bad for the concept of the Rule of Law. You can complain about political factors weighing on the decision; you can complain about ineptitude and willful blindness. You can complain about any fucking thing you fucking want. But you cannot dispense with essential components of the legal/judicial system whenever its suits you.
You can't claim she's guilty in the absence of a trial and still pretend to uphold the rule of law. So either shut up about the rule of law, or stop claiming she should be locked up, because you can't do both at once.
Re: (Score:2)
That conspiracy theory no longer works because now Hillary is not in power. You need a new one.
Re: (Score:2)
Everyone was pretty damn sure that was going to happen.
Re: (Score:2)
Re: (Score:2)
The chance to jail a hated political rival who is likely to cause trouble in the future? Of course it's in their best interest and if they actually had a case they would jump at the chance.
That's why the conspiracy theory is so fucking dumb.
Re: Not surprise in the least... (Score:5, Insightful)
... and the conclusion was that 'No reasonable prosecutor would take the case.'
You're assuming that the only reason no reasonable prosecutor would take the case is her innocence.
No, for fuck sakes, I'm saying that you can't defend the rule of law, and then jump straight to a guilty verdict without passing through these interim steps.
My entire point is that it's perfectly fair to complain about the lack of consistency in prosecutorial decision-making. It's perfectly fair to question the FBI's investigative techniques. It's perfectly fair to discuss at length and in detail all of the countless deficiencies that exist in the American criminal justice system. People spend lifetimes doing just that.
But you do NOT get to say, 'That bitch is guilty' when she's never even gone to trial. Not if you stand for the rule of law.
Say, she should be prosecuted, she should be re-investigated, say that what she's doing is dodgy as fuck. I'm right beside you there. Say that she and her husband are conscience-free, calculating sociopaths. Say that she's insincere. Say whatever the fuck you want. But you still don't get to say she's guilty until she's convicted. Not if, as the poster did, you claim to support the rule of law.
Too many people think presumption of innocence is a trivial thing, that it only applies when trials run right. That's not true. Presumption of innocence is essential to a society run by laws, and it says, if you didn't get convicted by a court, you're innocent of the crime. There's not one iota of ambiguity there.
This matters to me because, as a journalist, I regularly see people accused of horrible crimes, and I see the human toll of people who are put through the ringer of social opprobrium. I've seen what happens when vigilante justice prevails, and trust me, you don't ever want to see it happen.
We have the rule of law because we as a society agree to play by the rules. That means that you stop making exceptions when someone that you don't like benefits from those rules. It sucks sometimes, but there it is.
Re: (Score:3)
Presumption of innocence is essential to a society run by laws, and it says, if you didn't get convicted by a court, you're innocent of the crime. There's not one iota of ambiguity there.
I've been following, and mostly agreeing with, your marvelous string of rant(s) on this topic, but here I must pick a very important epistemological nit.
When I drove to work today, I exceeded the legal speed limit, as I do every day. I am therefore in reality guilty of violating the laws restricting the speed I am permitted to drive my car. This guilt persists whether or not I am stopped, observed, ticketed, taken to court. It persists whether or not I am stopped, go to court, and pay a lawyer a large su
Re: Not surprise in the least... (Score:5, Informative)
... innocence is not a legal concept.
Presumption of Innocence is a formal concept in Common Law.
Re: (Score:3)
There is no innocent in the rule of law, as you like to pretend to understand it. If this is too difficult for you to understand, realize that a court verdict is guilty or not guilty, it is never a finding of innocent.
Particularly patronising tone you've managed there.
innocent
adjective: innocent
1. not guilty of a crime or offence.
Turns out the definition of 'innocent' contains the words 'not guilty'. If you'd been less of a dick about it, you wouldn't look quite so stupid now. Oh well.
Re: Not surprise in the least... (Score:5, Insightful)
Again, you are presuming, based on your limited information, that she's guilty.
The reason we have trials, rather than relying on the snap judgement of people like you, is that *all* the evidence is brought out, explored, and argued over. Until that is done, you cannot rightly presume anything other than innocence.
The Feds did their investigation, came up with more evidence and counter-evidence than you will ever know about, and judged that in total, it wasn't enough to even make a reasonable case. You can claim to disagree with the Feds' judgement all you like, if you think someone will listen; you can demand the investigation be re-opened, or insist that she go straight to trial, but you *still* need a trial and court decision, because you don't have all the facts.
Of course, requiring political opponents to be re-investigated until something turns up is a practice normally associated with oppressive regimes, and opens your own preferred politicians to the same treatment, so maybe be careful what you wish for.
Re: (Score:3)
I am saying the public needs answers
They got an answer, from the feds. It's not definitive, but it's indicative at least, and far more informed than public speculation.
I am saying major crimes were committed
This is exactly my point. Major crimes are alleged. The difference is crucial. Someone could indeed be charged and get their day in court, but whether major crimes were actually committed is still not proved, let alone who by.
I am not disagreeing with the feds judgement
It does kinda sound like you are (which is fine). And I'm right with you on the whole "too powerful for the law to apply" thing - politicians more than an
Re: Not surprise in the least... (Score:5, Informative)
That is nonsense. The IT guy that wiped her server, after the investigation began, posted on this very site asking for advice on how to destroy the evidence.
He posted on Reddit, not here, and his inquiry didn't read to me like an attempt to destroy evidence. He was trying to figure out how to redact email addresses from a large corpus of archived messages. This is standard practice during electronic discovery and document production, and isn't a sign of anything nefarious.
Jeb Bush performed the same scrubs [archive.org] on his email archives, after first releasing them unredacted and causing an uproar because they were full of constituents' personal data [theverge.com].
The source of Tyranny (Score:3)
It's found in the court of public opinion. That's why we have courts that are abstracted from populist views and are compelled to examine the evidence in a case tried by peers. The court of public opinion has been responsible for many massacres.
Rule of law is western society's greatest achievement.
Re: (Score:2, Insightful)
*wanking motion*
Re: (Score:3, Informative)
Apparently, a first grader has a better understanding of "Context" than you do. Frankin's question was specific to Trump surrogates communicating with Russian officials. Here is a working analogy for the genuinely handicapped who can't understand the context.
Senator Al Frankin: We have reports that people like you were firing guns into a crowd, and that you were near the crowd.
Jeff Sessions: Senator Frankin, I was there but never fired a gun.
Buffoons : We have reports that while hunting in the woods
Re: Not surprise in the least... (Score:5, Insightful)
I did, have you? Cause Al Franken didn't even ask the question but Sessions said point blank he had no contact with the Russians. It was an unforced error since that wasn't what Franken was asking as Franken was just trying to find out what Sessions would do with any evidence he might find.
Re: (Score:3, Funny)
I'm gonna invest in popcorn futures...
Re: (Score:2)
A little, but maybe it has been kept extra vulnerable intentionally?
There has to be some actual reason why we're still using C for internet facing code two decades after we know it's dumb as fuck to do so. It's so much more comforting to think that it's because of a conspiracy and influence peddling by three letter agencies pulling strings than to assume we collectively are utter incompetent fucking morons.
Re: (Score:2)
Agreed. Upgrading or rewriting all of the old code into something more modern would take, using all available programmers, several years and would consume the US's economy's output twice over.
Or something to that effect the last time the question was raised.
Re: (Score:2)
Re: (Score:2)
Before you read this article, What did you think an intelligence agency do ?
Follow the rule of laws and regulations setforth is what most people expect intelligence agencies to do. However in many countries intelligence agencies have gotten so large they see themselves apart from the government.