WikiLeaks Releases CIA Hacking Tools

WikiLeaks just released a cache of 8,761 classified CIA documents from 2012 to 2016, including details of its offensive Internet operations.

I have not read through any of them yet. If you see something interesting, tell us in the comments.

EDITED TO ADD: There’s a lot in here. Many of the hacking tools are redacted, with the tar files and zip archives replaced with messages like:

::: THIS ARCHIVE FILE IS STILL BEING EXAMINED BY WIKILEAKS. :::

::: IT MAY BE RELEASED IN THE NEAR FUTURE. WHAT FOLLOWS IS :::
::: AN AUTOMATICALLY GENERATED LIST OF ITS CONTENTS: :::

Hopefully we’ll get them eventually. The documents say that the CIA—and other intelligence services—can bypass Signal, WhatsApp and Telegram. It seems to be by hacking the end-user devices and grabbing the traffic before and after encryption, not by breaking the encryption.

New York Times article.

EDITED TO ADD: Some details from The Guardian:

According to the documents:

CIA hackers targeted smartphones and computers.
The Center for Cyber Intelligence is based at the CIA headquarters in Virginia but it has a second covert base in the US consulate in Frankfurt which covers Europe, the Middle East and Africa.
A programme called Weeping Angel describes how to attack a Samsung F8000 TV set so that it appears to be off but can still be used for monitoring.

I just noticed this from the WikiLeaks page:

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

So it sounds like this cache of documents wasn’t taken from the CIA and given to WikiLeaks for publication, but has been passed around the community for a while—and incidentally some part of the cache was passed to WikiLeaks. So there are more documents out there, and others may release them in unredacted form.

Wired article. Slashdot thread. Two articles from the Washington Post.

EDITED TO ADD: This document talks about Comodo version 5.X and version 6.X. Version 6 was released in Feb 2013. Version 7 was released in Apr 2014. This gives us a time window of that page, and the cache in general. (WikiLeaks says that the documents cover 2013 to 2016.)

If these tools are a few years out of date, it’s similar to the NSA tools released by the “Shadow Brokers.” Most of us thought the Shadow Brokers were the Russians, specifically releasing older NSA tools that had diminished value as secrets. Could this be the Russians as well?

EDITED TO ADD: Nicholas Weaver comments.

EDITED TO ADD (3/8): These documents are interesting:

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

This is being spun in the press as the CIA is pretending to be Russia. I’m not convinced that the documents support these allegations. Can someone else look at the documents. I don’t like my conclusion that WikiLeaks is using this document dump as a way to push their own bias.

Tags: CIA, cyberwar, hacking, malware, redaction, WikiLeaks, zero-day

Posted on March 7, 2017 at 9:08 AM • 103 Comments

Comments

My Info • March 7, 2017 9:18 AM

What I tell CIA-type people:

“When you are hiding under such a large pile of manure,* get out before all that manure is shoveled away, or you will be found out.”

Manure == shitty coding practices.

My Info • March 7, 2017 9:21 AM

(continued) … that enable security defects and hinder bug-fixing.

me • March 7, 2017 9:32 AM

there are “detailed” info about ios exploit, probably apple will start actively search them and patch.
https://wikileaks.org/ciav7p1/cms/page_13205587.html

for example:
persistence vie symbolic link
size mismatch between user & kernel struct: KASLR defeat

Sebastian B. • March 7, 2017 9:53 AM

“U.S. Consulate in Frankfurt is a covert CIA hacker base”

This made it quite quickly into German News: https://www.tagesschau.de/ausland/wikileaks-113.html

J • March 7, 2017 10:27 AM

I’ve only seen one document and it had 3 people’s first and last names, despite claiming an extensive redaction process.

K.S. • March 7, 2017 11:04 AM

A lot of ISOC teams will have very busy next couple weeks. Followed by sysadmins having to do a lot of patching.

However, at the end of it, we will be more secure. In the all likelihood, CIA wasn’t the only one who found these flaws.

murph • March 7, 2017 11:10 AM

There seems to be two possible interpretations of the last sentence of this post

“It seems to be by hacking the end-user devices and grabbing the traffic before and after encryption, but by breaking the encryption.”

It sounds like they are doing one of these methods, but not the other – it’s just not clear which tactic is being used.

Andrew • March 7, 2017 11:21 AM

@murph
I hope Bruce wont be remembered for that phrase. They retrieve traffic after encryption? Smooth.

At least nytimes its accurate:
government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

Marshall • March 7, 2017 11:30 AM

@murph
I think this was a typo, and he meant to say:

It seems to be by hacking the end-user devices and grabbing the traffic before and after encryption, not by breaking the encryption.

WPLX • March 7, 2017 11:33 AM

The Kremlin chose to leak this now to support their client Trump’s desperate accusations of IC misconduct and misdirect attention to a Snowden-like event and away from Trump collusion with Russia.

It won’t work.

Rhys • March 7, 2017 11:43 AM

You mean “Bulk 7”?

Big context issues are suspicious. CIA is HumInt. Not SigInt. Not CommInt. Not FlowInt.

2nd- this is almost like Breitbart. Innuendos elevated to a “finding”. This should start with “Once Upon a Time” before we begin with “This is no shit”. (Difference between a true story and a fairy tale.)

3rd- how can anyone trust the motivation of the sources (even though the channel is not without its complexities. Maybe Putin/Jinping/Jong-un, or the frustrated British Intelligent agent are not messing with our political neurosis?

Lets investigate first.

ulziibayar • March 7, 2017 11:44 AM

Both IOS and Android hacking sections (which seem to indicate international collaboration between intelligence agencies) show that there are purchases being made with regards to exploits by the US/UK agencies

GregW • March 7, 2017 11:44 AM

I am /so/ not looking forward to all this stuff ending up in my garden-variety malware I have to contend with.

I already have one Windows machine I boot up every 6-12 months hoping I can disinfect it (and can be confident it is disinfected) with the latest variety of tools but I have yet to be confident it’s clean. I reinstalled from the original media and it errored out in the middle (I suspect due to some GPU-based or other persistence mechanism but I really have no way to tell) and despite progressing further, I still can’t get windows update to run on it.

The US government needs to get better at defense of its own information. While the technical information involved here is interesting, and I’m happy for various holes the CIA exploited to get patched, mixed in here there is a variety of information here which just results in US enemies and garden variety criminals getting more savvy and I am sad to see it public. Ugh.

stine • March 7, 2017 11:56 AM

Wow, Affinity Computer Technology (a Sterling, VA computer shop) is a front for the CIA, that’s funny.

Bob Dylan's Rumbling Tummy • March 7, 2017 12:16 PM

The NYT says, It said it was not releasing the computer code for actual, usable cyberweapons “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

but then it also says…

WikiLeaks said the documents, which it called Vault 7, had been “circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

This is irresponsible on everyone’s part.

So (a) the exploits are already out there in the wild but (b) Wikileaks won’t release them because there is no “consensus”. So the government and the bad guys have them but the ordinary person can do nothing. That is wholly irresponsible on Wikileaks part and it’s irresponsible journalism for the NYT to not challenge that analysis by Wikileaks.

R3LLiM • March 7, 2017 12:35 PM

Very interesting read.

So, is SIGNAL safe to use anymore?

Seattle • March 7, 2017 12:37 PM

@GregW

“I reinstalled from the original media and it errored out in the middle (I suspect due to some GPU-based or other persistence mechanism” – It may not be malware. It sounds more like a hardware error: e.g. dust, thermal problems, loose connection or seating, or bad RAM.

“I still can’t get windows update to run” – If it’s Windows 7 it will take 8 hours – 2 days for Windows Update to work the very first time, depending on CPU speed. It sounds like they are using a poorly performing algorithm that sufficed back in the day, but not so much now.

CoIntelPro • March 7, 2017 1:01 PM

Schneier got a shout out in the leaked Network Operations Division Cryptographic Requirements document. Quote:

“Cryptographic jargon is utilized throughout this document. This jargon has precise and
subtle meaning and should not be interpreted without careful understanding of the subject matter. Suggested reading includes Practical Cryptography by Schneier and Ferguson.”

Jon Bailey • March 7, 2017 1:07 PM

@Marshall – seconded on the likely typo.

…grabbing the traffic before and after encryption, not by breaking the encryption.

banal • March 7, 2017 1:11 PM

The “Trump” Effect? Who wants to work for this guy or give him any power? Not to get political, but the motivations often are.

banal • March 7, 2017 1:16 PM

Has the CIA voided my warantees? That’s gonna cost a lot to fix, repair and/or replace

banal • March 7, 2017 1:24 PM

Will Mike Pompeo have to resign?

Bruce Schneier • March 7, 2017 1:26 PM

Typo fixed. Thank you.

Bruce Schneier • March 7, 2017 1:28 PM

“So, is SIGNAL safe to use anymore?”

Signal is as safe as it has always been. One way to bypass all encryption is to hack the endpoint devices, and to grab the plaintext either before it is encrypted or after it is decrypted. There’s no news, here.

Ross Snider • March 7, 2017 1:57 PM

CIA has tools to defeat EFI: https://wikileaks.org/ciav7p1/cms/page_26968082.html

My Info • March 7, 2017 1:59 PM

Interesting how when its “the NSA” or “the CIA,” it makes big international news, but when FSB or Bundespolizei have been doing the same thing all along without the niceties of jurisdiction and warrant, it’s no big deal.

Clickjaw • March 7, 2017 2:06 PM

I’m not saying it wasn’t the Russians that released this info to Wikileaks, it could very well have been, but that explanation doesn’t solely fit the facts.

This info was never classified to begin with (to avoid legal congressional oversight) and subsequently passed around among perhaps hundreds, if not thousands of CIA staff and contractors, as there was no consequence in doing so. Wikileaks may be reckless in releasing this, but the CIA is downright reprehensible for handling these “weapons” with such little regard for public safety. This would be like cops giving their loaded guns to kids to play with.

Ross Snider • March 7, 2017 2:12 PM

Recommendations on securing communications code with encryption suggest almost always turning re-keying off. There are (TOP-SECRET) vulnerabilities in commercially available protocols that utilize re-keying. Similarly, the CIA suggests that TLS/SSL is not enough as it is too easy to MITM. They suggest tools use standard TLS/SSL to avoid suspicion but then use a stronger end-to-end encryption underneath TLS.

Ross Snider • March 7, 2017 2:14 PM

The communications advice strictly advises not to use AES-GCM without 128 bit tag lengths. It also prohibits the use of PKCS#1_1.5 for asymmetric padding.

Ross Snider • March 7, 2017 2:16 PM

“Most of us thought the Equation Group were the Russians”

What?

Most of us thought the Equation Group were NSA. Did you mean “Shadow Brokers”?

Bruce Schneier • March 7, 2017 2:43 PM

“Most of us thought the Equation Group were NSA. Did you mean ‘Shadow Brokers’?”

Yes. Fixed.

==anonymous== • March 7, 2017 3:34 PM

@Clickjaw

the CIA is downright reprehensible for handling these “weapons” with such little regard for public safety.

The CIA’s enemies, your enemies, and my enemies are already using all this technology, all of which has already been discussed in abundant detail on this forum in one form or another. The hacking tools are out there, they are being used by hostile parties, yes, we know it happens, we can acknowledge it now, and it’s time to grow up, be adults, and deal with it.

We have also discussed defenses against hacking tools, such as high assurance, automatically checkable correctness proofs, code auditing, and technologies like SELinux. These are nowhere near to posing a threat to intelligence agencies anytime soon. I am appalled at the pöbel‘s resistance to any and all methodology that would truly enable individuals and businesses to secure their online and digital assets from intrusion and theft.

This would be like cops giving their loaded guns to kids to play with.

This is also unfortunate and has been in the news, too, from time to time.

gordo • March 7, 2017 3:43 PM

Spies do spying, part 97: Shock horror as CIA turn phones, TVs, computers into surveillance bugs
Nothing to fear, citizens. Keep consuming. Keep smiling
John Leyden | The Register | 7 Mar 2017

Meanwhile, tech giants keep putting exploitable microphone-fitted, always-connected devices into people’s homes.

https://www.theregister.co.uk/2017/03/07/wikileaks_cia_cyber_spying_dump/

tfb • March 7, 2017 3:50 PM

I have to agree with another commenter: the timing of this leak is most convenient for at least one person, isn’t it?

Ross Snider • March 7, 2017 3:58 PM

I don’t think the timing on this leak has much of anything to do with the sitting president and conspiracy theories about his being a Manchurian Candidate.

I think that people are now trained to be really paranoid about Wikileaks. I doubt the current administration welcomes these dumps as it will make intelligence work more difficult for them and public scrutiny on the government even more paralyzing. The ongoing investigations into the Trump Administration with regard to a speculated tit-for-tat with intelligence forces in Russia are on track and will not be disturbed by these leaks. There is currently no news items being disturbed by these leaks. The possible deputizing of the investigation of campaign contacts (or the creation of a special prosecutor) are on track and not being disturbed by these leaks.

Basically I think that in this scandal-ridden administration there would be no such time for Wikileaks to publish anything without a knee-jerk reaction. Checking to see if your knee is jerking when there is a Wikileaks publication is an important step to keeping statefullness and in evaluating the contents of the leaks for their own merit. The leaks themselves and their content are the real story here.

Joe Stalin • March 7, 2017 4:18 PM

The code, sez Wikileaks, is not classified or owned, no copywrite, It is valuable, and can be sold or given away by anyone, including Wikileaks or the guy they got it from (Shirtless V.V.Putin, right?) So why would anyone take or want a huge set of valuable FREE code? Surely a real American USA patriot would never profit on the capitalist black market or leak this super secret code, that makes no sense at all. We know Snowden was one of them sleeper KGB agents, he is in Moscow fer cry-eye.

So yeah, “the Russians”, cuz they are too stupid to use this in secret and/or sell this stuff cuz commyism right? Oh yeah, 2012-2016, way out of date, it ain’t worth a dime.

So again the Hilleryite Deadenders blame the Rooski Super Spy hordes with their group of paid off mouthpieces with no proof. Bruce and Nicky Weaver can surely show us all the proof that Rooski KGB did all this and paid the tab for Podesta’s Spirit Brunch too. But that is classified, we can’t see it. I, for one, believe my new or old CIA overlords (and Bruce) that Rooskies are such tough super spies they did a USA regime change and we are helpless before their demonic security superiority. We can’t even kill women and kids in Yemen without getting our ass kicked. It just makes me want to give up right now and tack the commie flag up in the garage, my shame knows no bounds.

Clive Robinson • March 7, 2017 4:31 PM

@ K.S.,

However, at the end of it, we will be more secure

Not realy.

Yes these particular attack vectors will get closed, but in the process some new ones may be opened up.

But the real problem is most code is so buggy that there are probably thousands of potential attack vectors in a body of code the size of a modern Operating System, especially ones with monolithic kernels.

So the chances are these attack vectors were assumed by the attackerd to be at “End Of Life” (EOL) after a year at most of implementation. So they would have had new / replacments attack vectors already in the pipeline. Also if you think about it the market life of a mobile phone is 18-36months so you would need to be getting new attack vectors around every 12months just to “stay in the game”.

As I’ve pointed out fairly regularly for years you neither own nor control your mobile phone, the same with all modern personal computers and likewise many embedded systems which we are seeing a rapid rise in with IoT devices. So you can not realisticaly make them secure for what would be considered normal modes of operation / usage.

Thus to put your privacy / communications security end point in a device you don’t own and control is to be blunt not very bright. Look on it as like shutting your eyes and walking across the road without any checking, sooner or later you are going to be lying down with the road kill, it’s not a question of “if” just “when”.

Untill people get that into their brains in a real concious and actionable way, they are not going to have either communications security or privacy, even from “Hicktown Cops” with a half dozen doughnuts a day habbit who still fail “The VCR Challenge”.

The National SigInt agencies and other IC and more recently various LEAs are perhaps a bit brighter, in that they know “breaking” crypto algorithms is not cost effective for a targeted individual especially if its modern computer crypto algorithms or even some paper and pencil systems. Breaking only very rarely makes sense with industrial processing of “collect it all” where there is a commonality such as the “common prime” problem with Diffie-Hellman[1]. It is if you are not in the “finessing” of Standards and Protocols game much easier to do an “End Run Attack” around the privacy / security end point, especially if it’s on a device you have communications access to… Otherwise you are looking at getting into the key leak / predict / steal game which has been possible with quite a few embedded systems due to lack of entropy in the key generation process.

[1] https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

Clive Robinson • March 7, 2017 4:37 PM

@ GregW,

… despite progressing further, I still can’t get windows update to run on it.

So atleast it’s secure from Micro$haft then 😉

Clive Robinson • March 7, 2017 4:41 PM

@ R3LLim,

So, is SIGNAL safe to use anymore?

It never was “safe” see my comment to S.K. above for the “End Run” explanation.

Clive Robinson • March 7, 2017 5:02 PM

@ MyInfo,

… but when FSB or Bundespolizei have been doing the same thing all along without the niceties of jurisdiction and warrant, it’s no big deal.

This surprises you?

The polite view is the inverse of “distance makes the heart grow fonder” in that, distant peoples and their problems are not seen by the MSM, unless they can find the “tear jerk” angle. It’s why more people know who “Pussy Riot” are than “Boris Nemtsov” was, it’s the percieved “cute chic” -v- “old bloke” bias of their customers.

Further is the “Who cares about the Roskies” attitude of many US citizens. For most of the average US citizens living memory non western super powers and their citizens have been villified for political purposes, oh and quite a few western nations as well if you think back to the precursors to the Iraq invasion (“cheese eating surrender monkeys” ring any bells?).

Now combine that with the fact that by far the majority of US citizens have no clue about computer security, then the maths kind of tells you what you are seeing.

Jonathan Wilson • March 7, 2017 5:10 PM

Hopefully any vendor who has exploits or other things disclosed by these (or other) leaks will do everything they can to stop these exploits and back doors from working (and push patches where possible)

furloin • March 7, 2017 5:17 PM

@Clive

“So atleast it’s secure from Micro$haft then ;-)”
Lol
@all

Their attack requires you not to have a self-signed UEFI key and not be using self signed binaries/bootloaders. Then it needs a evil maid, network delivery mechanism, and or hardware firmware sidechannels(hacked hdd/sdd). These exploits use unencrypted EFI partitions to turn safeboot off and then wreck havok with a hijacked bootloader via EFI driver shim. They have to update the memory offset of where to flip the safe mode flag in memory for each target. No amount of vendor patches is fixing that from what I have read so far.

Let’s pretend your *nix OS and your crypto for the disk were secure, sound, and bug free(lol). You would be safe in this la la land from software attacks. That is when they would start the other hardware side channel attacks(keylogger and or energysec) probably saved for the most juicy targets. This is all assuming that evil maid doesn’t just ‘ask nicely’.

Shawn • March 7, 2017 5:30 PM

did anyone else notice this URL on a few documents https://confluence.devlan.net

Sancho_P • March 7, 2017 5:36 PM

Nicolas Weaver hums the patriotic US song (supremacy is Trump).
However, the idea has two major flaws one should know of:
First, a secret isn’t a secret between 1000+ ears.
Second, one may sell intentionally backdoored F-35 to the Saudis or Putin, but the own warplanes must not have the same vulnerabilities:
Security can’t be divided.

Sure, the Russians.
I suspect the old lady from Volgograd I lived at (yummy pancakes btw.). She didn’t like the USA.
Must be 100+ now.

No, I’m not interested in who, how and why.
I’m interested in what would be the way out of vulnerability.
But I’m not the world.

@GregW, Clive Robinson, furloin

Until “You have to activate Windows today!” ?

X • March 7, 2017 6:31 PM

Fine Dining is a menu driven installer / customizable exploit

here is the list of underlying exploits – the sub pages have details. lots of dll hijacks

https://wikileaks.org/ciav7p1/cms/page_20251107.html

Jxv • March 7, 2017 6:32 PM

comes w risk

Trump-Russia conspirator Alex Oronov dies suspiciously; he lived in Donald Trump’s building making it eight. Previously seven Russian diplomats & operatives surrounding or involved in the DNC hack and the Trump-Russia scandal have died

http://www.news.com.au/world/europe/1990s-manifesto-outlining-russias-plans-is-starting-to-come-true/news-story/343a27c71077b87668f1aa783d03032c

http://www.globalaffairs.ru/number/Istoricheskaya-perspektiva-vneshnei-politiki-Rossii-18019
Историческая перспектива внешней политики России

John Smith • March 7, 2017 7:48 PM

From a Zero Hedge article:

http://www.zerohedge.com/news/2017-03-07/wikileaks-hold-press-conference-vault-7-release-8am-eastern

“Another profound revelation is that the CIA can engage in “false flag” cyberattacks which portray Russia as the assailant.”

Well sir, we’ll just have to blame the Russians, for everything, even more LOUDLY than before. We simply can’t let a good fake news narrative go to waste.

cricket • March 7, 2017 8:03 PM

They lost control … ummm

“The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner”

ok, it does appear to me that nothing is going on here.

Drone • March 7, 2017 8:32 PM

If I am a native-born U.S. Citizen outside of the country, do I now have to surrender my electronic devices and passwords to ICE upon demand and without a warrant if asked at the U.S. border when returning?

Slime Mold with Mustard • March 7, 2017 8:34 PM

@RHYS
“CIA is HUMINT”
Former MI-5 employee Peter Wright recounts in “Spy Catcher” learning in the 1960’s that the CIA had set up a small Signals Intelligence (SIGINT) department. The CIA did not believe that the NSA was sharing everything with them. You may recall from the Snowden documents the term “NOBUS – NOBODY BUT US”. It does not refer to protecting secrets from foreign governments.

Re: Slime Rants On Turf Wars

In 1947, the CIA – the Central Intelligence Agency was established because it was believed that, had the disparate intelligence bureaus spoken to each other (most especially Naval, State, and the FBI), the attack on Pearl Harbor could have been disrupted.

After the attacks of September 11, 2001, the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security (DHS) were formed – over the feeble objections of people who understood the history – and the actual problem. Washington termed it “failure to connect the dots” and it was accepted by most of the American electorate .

I will not be surprised to learn that the National Reconnaissance Office (NRO – The Satellite People) have human assets in Oman. The purpose of any bureaucracy is greater power, as reflected by a larger budget.

END RANT

WhiskerInMenlo • March 7, 2017 9:08 PM

WL has in the past placed large encrypted balls of stuff out there as
a fail safe IIRC.

That same trick can be used to communicate “bug” reports to big vendors.
Sample:
You have bugs. The exploits are in http:someplace.there and are encrypted
with the following key.
e5 98 e3 19 f5 78 25 36 5e a3 04 a3 a0 21 90 2e
e3 62 17 88 f9 d3 5b ae f6 84 4a 00 8b 49 2e 4d
fb 59 be c2 bc 95 85 45 98 ef 12 25 d0 c3 3b 62
c0 f7
Fix them the key will become public in 99 days or when we run
out of beer.

CC: redfruit, bignumber=10^100, FutureVision, MiniSloth, Slamstung, DHS, FBI, Twittr of DJT, Bruce, Bob, Fred, PutIn, KimJI.

J Weaver • March 7, 2017 9:15 PM

The headwind from this WL expose led to the current WH claim of being previously wiretapped, or so a little bird told me.

CarpetCat • March 7, 2017 10:16 PM

@Bruce

Can you rank for me your personal feeling of who is the “worst”?

Trump
The Russians.
C.I.A.

Who are the good guys anymore? Who are the least bad guys?

Now, do the same exercise- but look at it from my perspective:

Who can I trust?

Bruce Schneier
Trump
The democrats
The Russians
The media

You look through your eyes and tell the world on your blog what you see.
I look out, and can’t tell the difference anymore. Is there anyone in your opinion fighting the good fight anymore? Everyone seems to have an agenda, or to be weak in the knees. Where have all the heros gone?

Things are very broken. Where would you begin to fix them? Disband the CIA? Impeach Trump? More rounds of hashes and salts when end-runs rule the day?

Instead, Bruce starts his latest blog post with “I haven’t read any of this”
And ends it with “Maybe its the Russians?”

@Bruce, what are you doing to make a difference in this world? How is the above helpfull?

CarpetCat • March 7, 2017 10:25 PM

@Everyone

How many of you reading here worked on these programs? Used the, even coded them? I know some of you are here.

Did you think nothing was wrong? Did you think Al-Queada and ISIS were buying a lot of Samsung microphone TV’s?

What are you going to do? You are the busy worker bee, flitting to and fro. Just doing the job. But they couldn’t have done it without you. When are you going to do something?

Cowards. Cowards, the lot of you.

Finally! • March 7, 2017 10:55 PM

@==anonymous==

I am appalled at the pöbel’s resistance to any and all methodology that would truly enable individuals and businesses to secure their online and digital assets from intrusion and theft.

THIS! OMG a thousand times this! Finally the voice of reason….

Clive Robinson • March 7, 2017 11:18 PM

@ John Smith,

“Another profound revelation is that the CIA can engage in “false flag” cyberattacks which portray Russia as the assailant.”

Colour me unsirprised…

@ ALL,

I warned against this possibility from day one on this blog and other places, but was told quite forcefully –as usuall when I make such warnings– by some that the self apointed “CyberSecurity” firms FBI etc knew what they were doing when it came to investigating / atribution (something we see all the time that they don’t as they toe the political line)

I just wish people would actually stop and think a little rather than ape the payed for echo chamber. Otherwise we are going to end up in a kinetic situation where our loved ones and hopes for the future get wasted so the MIC can get fat off of the spoils of war.

Clive Robinson • March 7, 2017 11:24 PM

@ SlimeMould…,

The purpose of any bureaucracy is greater power, as reflected by a larger budget.

I guess you are “coloured unsurprised” as well 😉

American Citizen • March 8, 2017 12:02 AM

Can the US intelligence community still keep a secret? For whatever reasons, that too many people have access, that apathy has taken hold, there is one clear message about this appalling disclosure–the system has failed. And that means that the world has become a much more dangerous place.

There is a pattern: OPM, Snowden, Manning, the drone info leaker, Shadow Brokers, and now this. It all adds up to an incredible counter-intelligence and leadership failure. If one looks at the OPM debacle, the only reasonable conclusion is that no one really cared enough to do anything that could have prevented the disaster. It was not their responsibility. This is what America is coming down to. It does not effect my wallet, and so it is of no consequence to me.

For example, in order for Martin to walk out with 50 terabytes of highly classified data, dozens of people must have failed, and one of those is the DNI. Do you think anyone’s pay was docked because of the negligence that must have occurred to allow Martin to pull his tricks? And if you look at Snowden, who is Timothy McVeigh’s twin brother, it is the same story of institutional failure and apathy, and again, someone should take responsibility.

Julian Assange, no angel of light, is about to declare victory against the United States, with nothing between him and Justice except for a wooden door and a few guards. This is another problem which needs resolution. Those of us who enjoy computer technology, and cryptography in particular, can look at this most recent disclosure as something amazing and entertainingly whiz-bang, perhaps mildly beneficial to human rights–but it is nothing of the sort. It is an extremely dangerous loss, a grave threat to the national security of the United States, and something that will give cheer and aid to ISIS, al Qaeda, and North Korea.

President Trump should now clean house, lower budgets, let people go, cut the fat, reduce the number of people with access, intensify defense and counter-intelligence, and get the national intelligence organizations back on track so that they can do their important jobs. In other words, they need a leader and a change of culture. 9-11 inflated the US intell world into a blob that is out of control and just went pop, and all that money and effort which went into tools for national security just resulted in Christmas for professional criminals and cyber terrorists. What a superb job!

AlexT • March 8, 2017 12:06 AM

One things that make me wonder is what is going on between the various government agencies ? Do they collaborate or are they in competition for exploits / etc ? Is there anyone actually organizing the whole thing ?

Clive Robinson • March 8, 2017 12:22 AM

@ CarpetCat,

Who are the good guys anymore? Who are the least bad guys?

In Politics and Government the notion of “good guys” is reserved for “Fairy Tales” for the electorate. Because there are no good guys there and they are all as bad as each other, it’s a primary requirment in the job specification.

As you note,

Everyone seems to have an agenda, or to be weak in the knees. Where have all the heros gone?

Ever hear the expression “Nice guys come last” or “A lie is half way around the world before the truth get’s it’s boots on”? These are “business rules for success” for those networking sociopaths that climb to the top via the ladder of knives they stick in other peoples backs. The mantra is “Do unto others before they do unto you”.

Which brings us around to,

Things are very broken. Where would you begin to fix them? Disband the CIA? Impeach Trump?

You would need a wall longer than the Great Wall of China, and several Hilti-Guns to hang all that need to be out to dry…

As for,

Cowards. Cowards, the lot of you.

Sociopaths care not what you call them, they have no morals. They only worry if other people listen to your cry, then they will use the “Sticks and stones” to hurt you as an example to all.

Finally, you do mention something you can do something about,

More rounds of hashes and salts when end-runs rule the day?

Those reduce attacks on encryption algorithms, and do nothing for End Run attacks.

The majority of end run attacks happen because people chose for convenience to put the communications security / privacy end point on a device the neither own nor control, which the attackers can reach and control by the same communications path.

Thus the solution as I keep saying and have done for a couple of decades, is to move the security end point off of devices that have communications you can not control.

The simple[1] example I usually give is the use of Pencil and Paper and a One Time Pad, along with info on how to avoid the likes of hidden CCTV, microphones or other transducers that might pick up environmental information that could reveal information from the energy of your pencil strokes.

[1] I say simple because the OTP is easy to look up and understand how it works to get communications security. Unfortunatly the OTP has problems[2] to do with Key Managment (KeyMan) with regards Keying Material (KeyMat) Key Generation (KeyGen), transport, use, audit and destruction.

[2] Many of the OTP problems can be effectively resolved by using modern encryption algorithms such as AES in appropriate modes AES-GCM and with certain precautions. The problem is for “ordinary mortals” this requires a computing device and some method of geting ciphertext to/from the communications end point onto it. Traditionaly it would have been by “air-gap” but this is now known to be compleatly insufficient therefore you need to look at “energy-gapping”. However this still leaves the problem of having to have an initial face-to-face meeting to set up a secure side channel to exchange KeyMat.

Clive Robinson • March 8, 2017 12:45 AM

@ American Citizen,

And if you look at Snowden, who is Timothy McVeigh’s twin brother

You just blew your argument out of the water. You have just shown two things,

1, How ill informed you are.
2, Why Goodwin came up with his law.

Further your initial premise of,

And that means that the world has become a much more dangerous place.

American apathy, like American stupidity is an American problem not a world problem. Further American exceptionalism is better described as a petard.

You appear to assume that the American IC cyber-spying activities are exceptional and that their failure is due to American apathy. Thus you preclude in your mind the possability that other countries in the world have as good if not better cyber-espionage abilities.

I would suggest you open your mind to this possability as there is sufficient evidence around to show it’s very likely. Thus you can then go on to consider why the US SigInt agencies are quite deliberately weakening security for the American people more than they are the citizens of other countries?

I would suggest that it is “their treason” to the American people, and it should be that which they should be punished, starting at the top and working down.

Finally! • March 8, 2017 12:59 AM

@Clive Robinson

consider why the US SigInt agencies are quite deliberately weakening security for the American people more than they are the citizens of other countries?

I would suggest that it is “their treason” to the American people, and it should be that which they should be punished, starting at the top and working down.

THIS ^^ It’s so frustrating that most people refuse to see this!

Darknet • March 8, 2017 2:25 AM

sip archives -> zip archives? I guess.

Please • March 8, 2017 2:41 AM

Please forward http://pastebin.com/U1KE5e1C to wikileaks.

John Smith • March 8, 2017 2:42 AM

CarpetCat:

“Where have all the heros [sic] gone?”

They are here. Look around you.

Assange has to be #1. Snowden may be #2. This latest leaker: #3? Greenwald and Poitras would be high on the list. They and others have faced, and stood up to, Mordor on the Potomac. They have stood up for ordinary people. That is heroic. These people have balls of steel.

Chris Abbott • March 8, 2017 2:52 AM

Haven’t posted here in a while.

My fear is that security threats are going to lead to a technological dark age. Will there ever be a point when security threats are so rampant, that it’s not safe to use anything that resembles having Turing-completeness? Or will we have a total blackout of communicating anything to anyone that needs to remain secure?

Obviously, those things won’t happen entirely, I’m being somewhat dramatic, but I do think we’ll start seeing limits on what we say and what we use. I’m a computer tech, but I don’t believe in most IoT devices (TVs, appliances, things with unpatchable firmware).

Ironically, I see a future where the most tech-savvy and those who can’t turn on a computer or a phone will have a lot in common.

notOlderThan2015 • March 8, 2017 3:16 AM

@Bruce “This document talks about Comodo version 5.X and version 6.X. Version 6 was released in Feb 2013. Version 7 was released in Apr 2014. This gives us a time window of that page, and the cache in general. (WikiLeaks says that the documents cover 2013 to 2016.)

https://wikileaks.org/ciav7p1/cms/page_14588809.html discusses about Kaspersky’s https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/ which is dated March 2015. This is newer than 2014.

@Shawn “did anyone else notice this URL on a few documents https://confluence.devlan.net”

Quoting https://wikileaks.org/ciav7p1/ : “[…] the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; […]”

DevLan • March 8, 2017 3:22 AM

@Shawn “did anyone else notice this URL on a few documents https://confluence.devlan.net”

https://www.robtex.com/dns-lookup/mx1.devlan.net shows that the mail server of devlan.net shares the IP with many web domains. Strange.

Who? • March 8, 2017 4:27 AM

@ Ross Snider

Attacks are against Apple’s implementation of UEFI firmware only, known to be a huge can of worms for years. Nothing new here, don’t worry (yet!) but we will see if other projects are discovered and listed on that URL in the future.

Petter • March 8, 2017 5:39 AM

it’s interesting to see how CIA is repurposing old malware and rootkits like Shamoon, Nuclear, HiKit Rootkit for their own usage.

https://wikileaks.org/ciav7p1/cms/page_14587685.html

Dirk Praet • March 8, 2017 5:45 AM

@ Clive

Amen to that. I sometimes wonder who we have the most to fear from: the gullible left-behind who voted a populist serial liar and his club of billionaires into power, or the MIC/MSM-indoctrinated masses who are seeing Russians behind every self-inflicted wound. For the former, the solution seems to be a return by executive order to a pre-1968 isolationist society, for the latter it’s wiping the evil Russian empire off the face of the earth. Essentially, they’re just being played and manipulated in the same way Daesh (IS) leadership is brainwashing its followers into believing the forceful establishment of a world-wide Islamic caliphate is the answer to all problems. Or the “Great American Satan” party line with which the DPRK regime is keeping its population in a constant state of fear and submission.

We can speculate at great lengths who is behind these new leaks and what message it is supposed to send to whom. But in the end, I don’t really care if it’s Russians, Koreans, a disgruntled insider, an IC turf war or whatever else. At first glance, there’s little in here we didn’t already know: spies are spying, they have large facilities at foreign missions, no digital communications or devices are safe from their prying eyes and NOBUS is a myth.

From a practical perspective, I hope Wikileaks has sufficient manpower to deliver the unredacted technical archives to the affected vendors and gives them three months to come up with patches or better solutions. It can only make the average digital citizen a little bit less insecure and a little bit more aware that Orwell’s “1984” or Huxley’s “Brave New World” are less fictitious than they’d care to believe. Assuming they have heard of these works in the first place, of course. And for those who couldn’t care less, there’s always the Kardashians, the Jenners and the Hadids.

Thoth • March 8, 2017 5:55 AM

@all, Bruce Scheier

“Signal is as safe as it has always been. One way to bypass all encryption is to hack the endpoint devices, and to grab the plaintext either before it is encrypted or after it is decrypted.”

Ironically, the TCB of Android or iOS wouldn’t suffice and neither are their hardware. The take away lesson from the opening of another can of malware worms is that it that attacks on endpoints aren’t so hard and the assumption that someonw is safe just because the attack vector is to target the endpoints equates to higher difficulty of attack is a very flawed and dangerous concept to leave defenses on the deliberate low.

Every month, there will be headlines of Android or iOS flaws that are critical and who knows if the patching will introduce more flaws. As per usual, smartphones are a poor medium for security and a separate hardware security module with secure input and display is necessary. The one example I have always recommended is the Ledger Blue and Nano S devices that means the requirements of hardware security, secure input and display and the current attempts to make the Ledger devices as open as possible.

I guess we are repeating the same old topics we have always been talking about and wasting our saliva on. The kernel is problematic, the application codes are developed in sloppy ways, the hardware are problematic …etc… can go on and on and repeat everything but essentially, all that we (myself, Nick P, Clive Robinson, Wael, RobertT et. al.) have mentioned are already a reality and the cost of deploying massive malware exploit distribution and control is getting much more easier every iteration.

I guess we simply doomed ourselves.

JG4 • March 8, 2017 6:10 AM

a convenient common denominator to explain more or less everything on your planet is entropy maximization. it flashed into my mind when I saw the mention of the purpose of bureaucracy is growing the budget. it isn’t so different for individuals, who reproduce in response to food, thus net-net requiring more to feed the additional mouths. can’t recall if anyone, including myself, posted a profound article on living systems being entropy maximizers, but I’ve seen several of them in recent years. consider every game developed in game theory and it will be clear that the winning move almost always is entropy maximization. and so it is that these articles are just entropy maximization in a slightly different guise

http://www.zerohedge.com/news/2017-03-07/wikileaks-exposes-cia-exploit-capable-cyber-false-flag-attack-blame-russia
…
While most coverage thus far has focused on the CIA’s ability to infiltrate and hack smartphones, smart TVs and several encrypted messaging applications, another crucial aspect of this latest leak has been skimmed over – one with potentially far-reaching geopolitical implications.
As Wikileaks notes, the UMBRAGE group and its related projects allow the CIA to misdirect the attribution of cyber attacks by “leaving behind the ‘fingerprints’ of the very groups that the attack techniques were stolen from.”
In other words, the CIA’s sophisticated hacking tools all have a “signature” marking them as originating from the agency. In order to avoid arousing suspicion as to the true extent of its covert cyber operations, the CIA has employed UMBRAGE’s techniques in order to create signatures that allow multiple attacks to be attributed to various entities – instead of the real point of origin at the CIA – while also increasing its total number of attack types.
According to a Wikileaks press release, the 8,761 newly published files came from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia. The release says that the UMBRAGE group, a subdivision of the center’s Remote Development Branch (RDB), has been collecting and maintaining a “substantial library of attack techniques ‘stolen’ from malware produced in other states, including the Russian Federation.”

turn the kaleidoscope a few degrees and suddenly everything becomes clear. all of the institutions are entropy maximizers, and the brainwashing that they dispense is more of it

http://www.zerohedge.com/news/2017-03-07/what-hell-going
…
I’m 53 years old. The older I get the less sure I am about things I was sure about when I was 25 years old. I believed stocks for the long run was an unquestioned truth. I believed our economy was based on free market capitalism. I believed stock prices were based upon profits and cash flows. I believed a home was a place to live – not an investment. I believed the Catholic Church was run by good men doing good things. I believed journalists and the media were watchdogs working on behalf of the public. I believed our military was protecting our interests. I believed politicians legislated on behalf of the people. I believed the main purpose of bankers was to loan money to businesses and consumers in order to support economic growth. Boy, was I dumbass.

ab praeceptis • March 8, 2017 6:25 AM

First: Something kaputt? Or why are there security related discussions here again? Well, I certainly won’t complain.

Bruce Schneiers statement is akin to saying “Without all those poisonous snakes the jungle would be quite secure”, to try an attempt of putting it funnily.
Well, let’s have a look at the major endpoints … windows – rotten, linux – rotten, android – rotten, apple – rotten.

Sorry but the answer to the question “is signal secure – being used between about 99,99% of all endpoints?” can be shortened in logic to “if false then …”.

So I take Bruce Schneiers statement as twofold, namely a) I (B. Schneier) am linked to Signal. Do you seriously expect me to say something bad about it?” and b) – and more importantly – as “we need trustworthy endpoints”.

Which is just another way of saying what quite some of us here, i.a. myself, have preached to exhaustion. It’s good to know that Bruce Schneier agrees.

Let me end with a second attempt at putting something in a funny way: If of all major OS players microsoft is clearly the one doing by far the best efforts in terms of safety then you know two things. a) The situation is desperate and b) all the others are either sleeping or prefer to continue on the C & derivatives clusterfuck route.

r • March 8, 2017 6:34 AM

@CarpetCat,

What, by anyone’s definition is a ‘good’ fight?

Is it a ‘good’ fight to make it into at least round 3?

Is it a ‘good’ fight when you’re backed by the EPA? What about jeering Repugnicans?

Good is slippery by itself,

Is this good? : https://www.nytimes.com/2017/03/06/insider/a-eureka-moment-for-two-times-reporters-north-koreas-missile-launches-were-failing-too-often.html

What kind of pill is that? A red pill?

A blue pill?

A suppository?

To posterity: https://news.ycombinator.com/item?id=13816095

Dan H • March 8, 2017 6:45 AM

Another traitor betraying their country like Snowden, John Anthony Walker Jr., Chi Mak, Robert Hanssen, Aldrich Ames, Bradley Manning.

The CIA, NSA, FBI, NGO, DIA, etc, are working to protect people and keep them free from harm. Unless you’re a terrorist or doing something illegal you don’t have anything to worry about. The TLAs are not worrying about your calls to friends or family in Germany or England. It is abject paranoia. Most of you seem to feel the old KGB of the Soviet Union or North Korea, Iran, or China are utopias. Putin still kills political rivals. Kim just kills anyone. The United States is different and you live in fear.

keiner • March 8, 2017 6:50 AM

Have a look here:

https://wikileaks.org/ciav7p1/cms/page_14587529.html

The Dell Services Tags belong to machine delivered in May 2015

Service Tag-nummer CN81Y32
Model Inspiron 5548
Datum 2015-05-29
Land USA

Service Tag-nummer 7731Y32
Model Inspiron 5548
Datum 2015-05-29
Land USA

Ergo Sum • March 8, 2017 7:03 AM

@Clive Robinson…

Thus you can then go on to consider why the US SigInt agencies are quite deliberately weakening security for the American people more than they are the citizens of other countries?

Disagree with that…

In my view, US SigInt agencies more likely weakening security for people of this world. After all, isn’t the majority of the people in this world use Android, Apple, Google, Microsoft, etc.? Not to mention the fact that the US is not alone in their efforts to destabilize these platforms. China, England, Israel, Russia, etc., contribute to the current mess just as well. Listed names in alphabetical order, no emphasis on their share of destabilizing platforms and apps.

Now combine that with the fact that by far the majority of US citizens have no clue about computer security, then the maths kind of tells you what you are seeing.

While agreed…

Singling out a nation tend to imply that the rest of world has clues about computer security. Say it ain’t so… 🙂

Bruce Schneier • March 8, 2017 7:06 AM

“Another traitor betraying their country like Snowden, John Anthony Walker Jr., Chi Mak, Robert Hanssen, Aldrich Ames, Bradley Manning.”

Why do you think it’s an insider? Right now, my bet is on an outside hacker. I don’t know, but it just doesn’t feel like a whistleblower.

Dan H • March 8, 2017 7:14 AM

@Bruce Schneier

I read an article yesterday that mentioned the documents had been disseminated among CIA employees and the prevailing thought is one of them disclosed the documents.

AmicoPizza • March 8, 2017 7:32 AM

CIA reviews Hacking Team leaked data:
https://wikileaks.org/ciav7p1/cms/page_22642800.html

Phil • March 8, 2017 7:40 AM

“Less-dramatic revelations from the CIA hacking dump. ”
https://xkcd.com/1808/

Dirk Praet • March 8, 2017 8:08 AM

@ Thoth

As per usual, smartphones are a poor medium for security and a separate hardware security module with secure input and display is necessary.

Which has been the general consensus among most of the regulars with a technical background here for as long as I can remember, and particularly post-Snowden. As to our host’s assertion that Signal is as secure as it ever was, a much needed nuance would be that any such COTS stuff rather than secure is in fact just less insecure, and only until such a time that for whatever reason the user becomes a person of interest to a resourceful state actor. And at which point all bets are off. In the case of @Bruce who ha(s)(d) access to Snowden archives, this probably means Signal or whatever else he is using is not secure at all because there’s a more than a reasonable chance pretty much all of his electronic devices were compromised a long time ago, including his air-gapped machine and IoT toilet.

@ JG4

As Wikileaks notes, the UMBRAGE group and its related projects allow the CIA to misdirect the attribution of cyber attacks by “leaving behind the ‘fingerprints’ of the very groups that the attack techniques were stolen from.”

@Clive and others have been suggesting such capabilities – and repeating them ad nauseam – ever since it became politically expedient to accuse either the DPRK or Russia for whatever cyber incident the US establishment needed a culprit to point the finger at. Even our host bought in to it on more than one occasion. And if the CIA can do it, so can other agencies both domestic and foreign.

Boy, was I dumbass.

No, you’re not. You’re just waking up to new realities brought about by unfettered global 21st century capitalism.

@ Dan H

The CIA, NSA, FBI, NGO, DIA, etc, are working to protect people and keep them free from harm.

That’s just a matter of perspective. Nobody outside of the US sees it that way. And neither do many inside.

Most of you seem to feel the old KGB of the Soviet Union or North Korea, Iran, or China are utopias.

No, we don’t. They’re doing the exact same thing as your CIA and NSA. Just for different masters. But for what it’s worth, the Chinese actually don’t have an agency in charge of overthrowing foreign governments.

The United States is different

But of course. The United States only kills the bad guys. And their evil children.

I read an article yesterday that mentioned the documents had been disseminated among CIA employees and the prevailing thought is one of them disclosed the documents.

Sources please. Facebook, RT and Breitbart don’t count. Neither do unknown officials speaking on terms of anonymity.

randomguy • March 8, 2017 10:39 AM

@Dirk Praet

Re: Your last question – The source is the Wikileaks Press Release section of the first Vault 7 release. Horse’s mouth, so to speak

Earl Killian • March 8, 2017 11:06 AM

“That CIA exploit list in full: The good, the bad, and the very ugly
We went through 8,000 documents so you don’t have to”
https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/

Dirk Praet • March 8, 2017 11:17 AM

@ randomguy

The source is the Wikileaks Press Release section of the first Vault 7 release.

I read that too, and it’s exactly what I would say if I wanted to send someone on a wild goose chase.

Clive Robinson • March 8, 2017 12:14 PM

@ Dan H,

Unless you’re a terrorist or doing something illegal you don’t have anything to worry about.

That’s not a very bright thing to say…

Start wirh defining “illegal”… Have a good look at the legislation, you might find that you are committing all sorts of illegal acts every day.

As for “illegal” in the UK a person was accused of putting a tea bag in the wrong waste bin and was told he had to pay a fine. Guess what when challenged there was “no evidence”.

On other occasions those running the “Congestion Charge” in London have been found to have mounted cameras in the wrong place and charged people without cause or subjected them to fines, or going to court.

Illegal is very fluid and thus every one is guilty unless they can prove otherwise, which mostly they can not for various quite innocent reasons.

You might also want to consider the US imprisonment rate and terms of imprisonment, many people say they are the worst in the Western world and not helped by privatized prison companies giving incentives to judges… Not exactly a glowing recomendation of the US Justice system.

Clive Robinson • March 8, 2017 12:23 PM

@ Ergo Sum,

You are right it’s not just American Citizens getting the treatment (and we both could add quite a few more to the list).

The thing is much as I dislike it non Americans are by US legislation “fair game”, but the American people are supposed to be “off limits” to the US IC by other legislation.

However the Executive appear to have chummied up with the IC this century, and the result is that legislation that supposadly protected the American People has had various end runs around it.

Worse as we have seen in recent times the Executive has chummied up to Silicon Valley and mostly the results have been bad news.

Dan H • March 8, 2017 1:01 PM

@Dick Praet

You can search for articles yourself about a possible (probable?) CIA mole, so I’m not going to do a Google search for you.

However, I have family who work in the US Intelligence Community and have met people who work in other agencies. They are normal people who are not out to “get you” for calling a friend who happens to live in England or Germany. Likewise, I believe Westerners are different since we have been born and raised with liberty and freedoms others haven’t tasted since they live in North Korea, Iran, even Russia. Because of those fundamental liberties and freedoms we don’t need to kill political rivals like Putin, who has a perceived or as he sees it, real, need to hack those who would undermine him and wrest control of power.
Does one need to stay vigilant? Certainly. Decent people looked the other way in 1930s Germany and allowed an atrocity to occur. Is the CIA hacking going to lead to the USA becoming a totalitarian government the way Germany became? No.
Do I have concerns? Yes. With every passing day I wonder about the fruit rollup in the White House. I’m beginning to wonder if there will be an impeachment; and maybe that could happen if the wiretapping claim turns out to be a lie. Maybe then Pence should become the next Ford.

But I don’t worry about the CIA, NSA, DIA, NGO, and the other TLAs. They want their families safe too. They are not the shadow under the bed.

Ergo Sum • March 8, 2017 1:01 PM

@Clive Robinson…

Worse as we have seen in recent times the Executive has chummied up to Silicon Valley and mostly the results have been bad news.

Historically speaking, the Executives had chummed up with oil, military, pharmaceutical, Wall Street, and health insurance industries in the US. It’s only fair that Silicon Valley takes its turn at chumming at the troughs…

That’s not a very bright thing to say…

You’re always nice, I don’t know how you do it, but you are… 🙂

Dan H • March 8, 2017 1:05 PM

@Clive Robinson

But if you genuinely don’t know what illegal activities could be frowned upon and get the attention of national security agencies, then you’re not too bright.

And I’ve said for a long time the justice system is a sham.

David Svarrer • March 8, 2017 1:20 PM

Good old security would always win. Everything appears to me as if everybody thinks that if one wants to be secret about something, then you need to have a secret computer :-).

HELL NO.

If you want to be secret about anything, then for Gods sake, the public’s sake, or your own sake – why on EARTH write any of that so so so secret stuff on any computer?

How about a note book (not a software, but a paper with a spiral back) ?

And – if anything is really that secret so that you cannot write it down, then why on earth not make a primitive basic-based software for a non-internet computer, then store these few so so so secret phrases there, in encrypted format, based on for instance the stealth and FIPS-140-II strong encryption algorithm called Shinpi?

Shinpi is lightning fast, harder than any know algorithm, and produces a combination of a stack of algorithms, and passwords.

Now, how on EARTH would anyone, whether NSA or CIA, infect ie. a Commodore 64? A Nascom II ? etc. ?

Come back to reality. If something must be secret it can be kept secret. There is really no problem.

Sincerely
David Svarrer
(The only one, in fact – so now send your cyber-attack weapons my way)

Dirk Praet • March 8, 2017 2:22 PM

@ Dan H

You can search for articles yourself about a possible (probable?) CIA mole

Excuse me for asking you to back up your statement with a source. It’s generally considered to make it more credible and contribute to an informed discussion. And my name is Dirk, by the way.

However, I have family who work in the US Intelligence Community and have met people who work in other agencies.

Unless you work in IC yourself and have a valid clearance – there really is no way they’d tell you anything about what exactly it is they do.

But if you genuinely don’t know what illegal activities could be frowned upon and get the attention of national security agencies, then you’re not too bright.

Do have a look at Harvey Silverglate’s “Three Fellonies a Day: How the Feds Target the Innocent“. And that’s for ordinary law-abiding US citizens only. If for whatever reason you are involved with any form of activism such as OWS, BLM or the Dakota pipeline, chances are you’re already being investigated for domestic terrorism.

Anura • March 8, 2017 3:32 PM

@Dan H

But I don’t worry about the CIA, NSA, DIA, NGO, and the other TLAs. They want their families safe too. They are not the shadow under the bed.

The problem is that few evil people believe they are evil, so they justify their own evil actions as being for the greater good no matter what that action is. Whether they truly believe their own justification is irrelevant, as long as they can convince themselves they believe it.

Take someone the generic Rich Christian Capitalist as an extreme example: In theory, they should be struggling with their wealth and status in life while people are suffering – if the Bible is to be believe, they should give everything they own to the poor. So why don’t they? Well, they created a narrative about how the world works which states that your status in life is dependent on hard work and intelligence, and thus they must be one of the most hard-working, intelligent people in the world, while all the poor people must be stupid and lazy. On top of that, they convinced themselves welfare actually encourages poor people to be lazier, and if we just get rid of all of the safety nets that cost the Rich Christian Capitalist money, poor people would be forced to work hard and the economy would grow. So yes, while millions might die, even people they knew, in the end the world will be better off.

Dirk Praet • March 8, 2017 3:59 PM

@ Nem

DanH, your IC family are criminals and cowards. Are they torturers? Murderers?

As much as I have similar issues with the US IC, can we pretty please maintain a little bit of civility and decorum here? You have as much idea what @Dan H’s IC relatives and acquaintances are doing as he does, so leave the blind accusations.

Moderator • March 8, 2017 4:10 PM

@Nem, your post addressed @DanH is out of line and has been removed. Please stick to discussing security matters and refrain from personal attacks.

Clive Robinson • March 9, 2017 12:49 AM

@ Dan H,

But if you genuinely don’t know what illegal activities could be frowned upon and get the attention of national security agencies, then you’re not too bright.

Again you are not thinking things through to their more logical conclusions…

We have good reason to believe that the “collect it all” policy has been in place for some time, and that it’s scope broadens with technological advance. Which roughly means that their capabilities double up every 18-36 months.

There is also some evidence that the US is starting to follow the UK lead on making “collect it all” more “cost effective” by disseminating the archive contents more widely. That is it is nolonger just the “national security agencies” that have access to the data be it indirectly or directly.

Now consider what is more “efficient”… Cops siting in black-n-whites hardening their arteries on doughnuts and coffee waiting for a crime to happen somewhere. Or a cop sitting at a terminal runing a “big data analysis” finding crime from collected communications information thus having bright alert strike team out of sight at the time and place a crime is to be committed?

Then follow the logic downwards, currently it is assumed that in the US the only way that collect it all big data set gets used to fight crime is via “parallel construction”. If that is true, how long before it becomes SOP and not require the cover of “parallel construction” any longer? At which point the types of crime to be searched for get’s ever broader. Then remember the “We kill people with metadata” argument and think how that would work out for the police as “We arrest people with metadata”. Because there is a high probability that that is the way things are going.

TM • March 9, 2017 3:06 AM

Dirk Praet March 8, 2017 5:45 AM. “For the former, the solution seems to be a return by executive order to a pre-1968 isolationist society, for the latter it’s wiping the evil Russian empire off the face of the earth.”

Might that be a little bit of a false dichotomoy? :rolleyes:

TM • March 9, 2017 3:15 AM

… or rather false binary.

Dirk Praet • March 9, 2017 4:27 AM

@ TM

Might that be a little bit of a false dichotomoy?

These positions are indeed hardly mutually exclusive. His not buying into the current anti-Russia hysteria is about the only thing I give Trump credit for, regardless of whether he’s on Putin’s pay role or simply understanding his way of thinking. Personally, I believe Trump sees in Putin a fellow authoritarian ruling his country and defending its foreign interests in the same way he’d like to do it himself.

Bob • March 9, 2017 11:28 PM

@ Bruce Schneier said, “Why do you think it’s an insider? Right now, my bet is on an outside hacker. I don’t know, but it just doesn’t feel like a whistleblower.”

I think it’s just another disgruntled employee who was disappointed by a latest election result. Reason being Snowden had a similar ideology problem.

sudo • September 3, 2017 2:17 PM

Who the heck is devlan.net?

Looks like some Nicolas Sadier in France, operates that site says my crystal ball

40sm • September 3, 2017 2:22 PM

https://jira.atlassian.com/secure/BrowseProjects.jspa

interesting link, as atlassian is mentioned several other places and

” There are three major networks in AED that will concern you to start.
DEVLAN – Top Secret network, dirty environment where we do 90% of our work. If you are reading this, you are on DEVLAN.
FIN – Unclassified SC0 (CIA attributable) network. This is for your general use (Google, Stackoverflow, etc).
4STAR – Unclassified SC1 (US Government attributable) network. Much slower network than FIN, but our MSDN accounts are tied to it. This will be used mostly for MSDN downloads.
A few other networks you may hear about.
OSN – COG’s operational support network.
ICON – COG’s operations network.
Falcon – High-speed link between us and the NSA.
As stated above, DEVLAN is the network you will care about most and the one that this module focuses on. You are the owner of your box, and should be admin on it (if you aren’t tell us and we’ll fix it). Feel free to set up the box as you see fit, or keep it as it is now. You’ll need a couple of minimum items to work with us but there is also some further recommended software.

Required Software:
Windows 7 or Windows 8
VMware (\fs-01\Share\Windows Applications\VMWare)
Visual Studio (At least 2010) (\fs-01\Share\Windows Software Development Resources\Visual Studio 2013)
Git (See next section for instructions on how-to setup)
EDG Project Wizard (\fs-01\Share\EDG Project Wizard – Don’t install before Git is installed)
Google Test Runner for Visual Studio (\fs-01\Share\Windows Software Development Resources\Visual Studio Plugins\GoogleTestRunner.vsix)
Recommended Software:
Visual Studio 2013 (\fs-01\Share\Windows Software Development Resources\Visual Studio 2013)
Winhex or 010 editor (\fs-01\Share\Windows Applications\WinHex) (\fs-01\Share\Windows Applications\010 Editor)
SourceTree (See next section for instructions on how-to setup)
XChat or similar IRC client (Internet Relay Chat (IRC) )
Microsoft Office (\fs-01\Share\Windows Applications\MS Office 2013)
Notepad++ (\fs-01\Share\Windows Applications\Notepad++)
Sysinternals (\fs-01\Share\Windows Applications\Sysinternals)
Firefox or Chrome (\fs-01\Share\Windows Applications\Browsers)
Visual Assist (\fs-01\Share\Windows Software Development Resources\Visual Assist)
MSDN (
[BLOGPOST] content-title=”Offline MSDN for Visual Studio 2013.” posting-day=”2014/07/28″ space-key=”~User #1179751″
)
The locations of the software can be found with a little bit of searching in the following locations (appologies in advance, fs-01 is a small disaster in regards to organization):

\fs-01\share – This is where most software can be found
\fs-01\share\OS DVD ISOs – Location of a lot of OS DVDs
\fs-01\share\Windows Applications – Location of a lot of basic Windows applications
\fs-01\share\Windows Software Development Resources – Visual Studio and similar applications
\fs-01\home – location of everyone’s home directories.
\fs-01\home\ – Lets make this now, it will be your place to store extra data you want backed up.
We’ll end with a few websites on DEVLAN that you should bookmark or remember:

https://stash.devlan.net – Our hosted Git repositories.
https://confluence.devlan.net – You’re here now, take a look around.
https://jira.devlan.net – Our project management web page.
“

Schneier on Security

WikiLeaks Releases CIA Hacking Tools

Comments

Leave a comment Cancel reply