WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations (betanews.com) 447
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.
how would we know? (Score:5, Interesting)
How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools? Or that Wikileaks knows they are Russian and is simply lying?
Re: (Score:2, Funny)
Does it matter now the CIA is under Kremlin control?
Re: (Score:3)
How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools?
Visit TFA. Download the torrent. Analyze the data. Make up your own mind. Or, like most of us, wait for some reputable hearties to do it for you.
Re: (Score:2)
Have you been able to download the torrent? I haven't.
Re: (Score:2)
Re: (Score:2)
Well, taking the obvious bait, I'd say this is a stash of co-develop British GCHQ tools and those shared with the Brits. Why? At least two of them are named after Dr. Who characters. CIA/NSA seem to prefer randomly chosen 'ADJECTIVE NOUN' (eg. 'Stinky Bishop') over sci-fi themed nerd-friendly "Sontaran" and "Weeping Angels."
Next up, characters from Lord of the Rings...
Re: (Score:2, Insightful)
Re: (Score:3)
You could have learned in one simple search that your comment is a lie.
https://www.nytimes.com/2017/0... [nytimes.com]
Re: (Score:3)
You're joking right? New York Times? FAKE NEWS!
Why are two cowards the only people who cropped up to say this? I hope one of you is joking.
Re: (Score:3)
"Martin Espinoza" is a real person?
Yes, and there are a number of other real people who will vouch for that fact here on Slashdot. There is even intersections between the sets of those who use their real names here, and those who know me from meatspace.
You're no different than any AC.
I'm demonstrably different from any AC, in that I can be held accountable for the stupid things I say.
Wikileaks is just Assange (Score:2, Interesting)
"upstanding journalistic organizations"
Nah, they're Julian Assange, and he'll leak anything that comes his way that looks juicy. In this case it will be the same source as his DNC leaks, i.e. Russian intelligence using him as an outlet.
The timing is telling, Trump just did a "Obama spied on me to interfere with the elections" thing. Who hacked the elections? Well the US spies say it was Russia, but POTUS says it was Obama. That fell flat on it's face. And now from the same source, a lot of CIA zero day expl
Re: (Score:2, Interesting)
Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.
Did they pay for all the grenade attacks, too? [wikipedia.org] Seriously, is there anything Putin cannot hack?! The DNC, Hillary, the elections of every nation, and, unimaginably, he can even hack the minds of peaceful Somalians in Sweden to turn them into violent savages entirely unlike the Somalians in Somalia. Amazing, this Putin.
Re: (Score:2, Informative)
But nice Putin-defending strawman. Amazing how well people fall in line behind tyrants like sheep.
Re: (Score:2)
Re: (Score:2)
You go in to school with an IQ of 68 (the average IQ in Somalia) and you come out with an IQ of 68.
You must not know how education works. Poor soul.
Re: (Score:2)
Only insults; no arguments. Hmmm.
Re: (Score:2)
Please provide citations that show that immigrants are genetically predisposed to be less intelligent.
Re: (Score:2)
https://duckduckgo.com/?q=aver... [duckduckgo.com]
Pick your source.
Re:Wikileaks is just Assange (Score:5, Insightful)
Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.
This is misinformation at its worst.
The riots in Rinkeby were sparked by a police arrest. [time.com]
Are people really modding up this feces, this worst kind of fake news?
Re:NYT reported it (Score:5, Informative)
"The NY Times reported that wiretaps of people on the Trump team"
TRUMP TEAM. No where in either article mentioned does it say that Trump himself or Trump Tower was wire tapped. It's like you people don't even read...at all. I mean, it's EVEN IN THE HEADLINE TOO.
Another AC spewing pro-Trump, pro-Putin lies. FSB running in over-drive.
Re: (Score:2)
The scrapings at the bottom of that barrel you keep scratching for must be running thin.
Any other delusional conspiracy theories you'd like to share?
Re:NYT reported it (Score:4, Informative)
People keep pointing to this piece of an NY Times story and inserting claims that were not made. It's been known for fucking months that US security services were keeping a damned close eye on Russian communications. If the likes of Sessions and Flynn were so fucking stupid and incautious as to be just chatting up the Russian Ambassador on behalf of their boss, well they deserve what they get. The takeaway here is that Trump and his proxies are fucking morons, regardless of whether they were actually doing anything wrong or not. In politics, the perception of scandal can be as bad as an actual scandal.
Re: (Score:2)
Translation: I'm outraged the team I support got caught in bed with the Kremlin! How dare someone catch them?
Your CPU is running a backdoor right now (Score:5, Interesting)
*3 Billion devices run JAVA* because everyone's motherboard is running it.
32c3 Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops [youtube.com]
REcon 2014 - Intel Management Engine Secrets [youtube.com]
Tools to remove Intel backdoor firmware (The backdoor firmware sits outside the BIOS, you need to physically clip onto a 8pin chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner [github.com].
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms [hardenedlinux.org]
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/ [hackaday.com]
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Intel Active Management Technology [wikipedia.org]
Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]
The Management Engine (ME) is an isolated and protected co
Re: (Score:2)
Re: Your CPU is running a backdoor right now (Score:3, Interesting)
Thank you for the information! Does AMD do anything similar that you are aware of?
Re: Your CPU is running a backdoor right now (Score:4, Informative)
Yep it's called PSP instead of IME.
Indeed, how do YOU know? (Score:4, Interesting)
Wikileaks is one of the few remaining upstanding journalistic organizations. .
The fact that you don't like how the US operates does not in and of itself prove that Wikileads is as upstanding as you hope. Take a look at Russia and China. Can you and I at least agree that those countries have their own problems of various kinds? Don't you find it funny that nobody, not one single person, who lives there and has access to their secrets is willing to send them to Wikileaks? Back in the old days of the USSR, the US was able to find Soviet citizens who would risk their lives to pass on information to the US and not for profit. Why is it that today nobody seems willing to leak documentation on Russia and China? It's not difficult to find born and raised in China people who aren't very fond of their government. So I wonder could it possibly be that people actually are submitting leaks from Russia and China and Wikipedia isn't publishing them? I don't know. But I think anybody who blindly supports Wikileaks as the champion of right should wonder why it seems that only leaks from the USA (and apparently Saudi Arabia once) make it there.
Re:Indeed, how do YOU know? (Score:5, Insightful)
Possibly. Also, possibly, nobody gives a shit because every Russian and Chinaman (and everyone else) already knows their governments have bugged their assholes. "The corrupt commie governments are doing corrupt commie shit!" isn't exactly breaking news.
There is zero evidence WikiLeaks is compromised by Putin. There is zero evidence Trump is compromised by Putin. If anything the "Putin is super powerful and can haxx0r the whole planet and everyone's minds!!!" narrative is the Russian propaganda to make Putin seem far, far more powerful than he actually is. In reality, Russia is a paper tiger (bear?) with a GDP smaller than that of Spain. The left needs a boogeyman to distract from their failures and they're happy to buy right into Putin's propaganda and spread it for him.
Re:Indeed, how do YOU know? (Score:4, Insightful)
It doesn't have to be to be very useful to Putin. If he has a third party pass on stuff to Assange, Assange serves as a very useful cutout to avoid tracing the leak back.
False. Trump's team is known to have had contacts with Russian officials. Trump is trying to change US foreign policy to be pro-Russia. We know the Trump empire has had a lot of dealings with Russia. There isn't any strong evidence, which is very likely because Trump and associates are doing their best to avoid handing over any evidence that might bear on this, which is consistent with them being compromised. This would normally call for an investigation, but neither Trump nor congressional Republicans want one.
Putin wields a great deal of power in Russia, and I'd expect Russia to have good hackers. While the Soviet Union was economically and technologically backward compared to the West, it had really, really good mathematicians and theoretical scientists. In the meantime, Russia's economic problems have not stopped Russia from military aggression. Russia is more of a threat than its GDP would suggest.
Re: (Score:2)
Re: (Score:2)
Wikileaks is one of the few remaining upstanding journalistic organizations.
I'm pretty sure you've come up with your own personal definition of the expectations of journalism in your head to fit a predefined position of the things you support that Wikileaks does...
I won't argue that Wikileaks doesn't have a place or a valid idea of ethics. I argue instead that they are by no means more ethical journalists than other reputable sources, and in fact are among the most blatant ethically dubious journalists in some areas.
It's not hard to find common themes among most international jour
Re: (Score:2, Insightful)
Whatever Wikileaks was, what it is now is a combination of the Julian Assange Fan Club and mouthpiece for Russian security services. It doesn't do journalism, it does targeted leaks on behalf of the Russians.
Re: (Score:2)
Why in actual fuck would Russia release THEIR OWN HACKING TOOLS?
Cognitive dissonance. Rather than come to grips with the fact they lost the election, or that they're just maybe not on "the right side of history" the left hallucinates vast conspiracy theories in which Putin can hack all of time and space and the very minds of everyone on the planet (except them) in order to control all things. This is an easier mental leap for them than "gee, maybe I'm not as smart, well-informed, and perfectly morally justified in all my actions as I thought I was."
I see no signs of it
Re: (Score:2)
Do you have a similar post about the baseband processors in smartphones?
Does it include targets? (Score:2, Interesting)
The interesting thing would be to see the targets. Given it's the CIA, they are only authorized to surveil targets foreign to the US. The problem with malware and high tech devices is that they cannot always be accurately contained. So how many US citizens and US allies were "inadvertently" tapped? How about political targets?
Re:Does it include targets? (Score:5, Interesting)
The problem with malware and high tech devices is that they cannot always be accurately contained.
Oh, very insightful. What, in reading the story from WikiLeaks, about the leaked trove of CIA hacking tools, led you to believe the hacking tools could not always be contained?
Also, the existence of weapons isn't really a problem. Yes, the government has cyber weapons. They also have nuclear weapons that can annihilate the entire planet. What matters is the manner in which such things are, or are not used. I'm not terrified because the FBI has the ability to kick down my door at any time. Of course they can. Doors have been kickdownable since the invention of doors and kicking. My protection against having my door kicked down is not the removal of boots from the FBI or an unkickdownable door, but a piece of paper that says they can't do it without a warrant from a judge to whom they have demonstrated probable cause that I have committed a crime. So, the CIA's weapons are fine. But is anybody checking to see how they're using them, and who they're using them on? Somehow I doubt it.
WARNING: Intel CPU backdoored (Score:2, Informative)
Your Intel CPU is already backdoored
Forget security, your Intel CPU is already backdoored and it is wide open.
Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.
REcon 2014 - Intel Management Engine Secrets [youtube.com]
32c3 Intel backdoor live hack demonstration, keystrokes logged and downloaded over wire, wireshark can't detect:
Towards (reasonably) trustworthy x86 laptops [youtube.com]
Tools to remove Intel backdoor firmware:
https://github.com/corna/me_cleaner [github.com].
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms [hardenedlinux.org]
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/ [hackaday.com]
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Intel Active Management Technology [wikipedia.org]
Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipsets.[30] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[31]
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system
Re: (Score:2)
Thanks for posting this. The information you provide is fairly accurate, but unfortunately comes across a bit as the rambling of a madman, so you might want to think about revising your communication strategy.
Speaking of revised communications, you have one hell of a way of saying nothing to see here, move along.
There was nothing rambling about the parents post other than the fact that it contains a metric fuckton of actions that should be of considerable concern to the general populous.
The insanity here is watching the masses ignore the shit out of it, while claiming they still care about privacy and security.
Hi CIA (Score:5, Funny)
https://wikileaks.org/ciav7p1/... [wikileaks.org]
Reading list
A list of websites I like to check out to stay up to date and get new ideas:
General
http://reddit.com/r/netsec [reddit.com] along with all the other good subreddits (RE, forensics)
http://thehackernews.com/ [thehackernews.com]
http://slashdot.org
Forensics
http://swiftforensics.com/ [swiftforensics.com]
Ha, ha, hello CIA friends, I hope you've enjoyed all my ENTIRELY SATIRICAL posts over the years that may have appeared to the slow of wit to be critical of the government and the Agency, but were in fact entirely in jest. I'm sure you had a good chuckle all the times I COMPLETELY IRONICALLY referred to you as lying liars who lie about your lies to bring us into war under war false pretenses...over and over again.
Anywho, keep up the good work, friends!
Re:Hi CIA (Score:4, Interesting)
It's likely they're doing more than just reading [imgur.com]. Slashdot visitors have been specifically targeted before, there's no reason to assume that's not ongoing.
Re: (Score:2)
And I for one welcome our new Deep State overlords! I’d like to remind them that as a trusted Slashdot personality, I can be helpful in rounding up others to toil in their underground server farms.
Revolution T- 20 (Score:5, Insightful)
Now we just shrug cry and accept.
Haxx0ring attribution (Score:2, Insightful)
From the press release: [wikileaks.org]
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Uh oh. So combine with:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Doesn't that make attributing the source of a hack based on exploit fingerprinting essentially meaningless? If a motivated hacker had access to this trove, and therefore Umbrage, and say they wanted to hack the email server of a US political party, could they not simply leave behind a Russian fingerprint in order to implicate them?
Always seemed strange to me the DNC hackers used a Russian VPN. Isn't the first rule of haxx0ring to be behind 7 proxies? And the la
Re: (Score:2)
47th dimensional reverse underwater backgammon confirmed.
Turmp complains about wire tapps, just ask the NSA (Score:5, Interesting)
I expect privacy and anonymity, but I know I do not have right.
No indication CIA can break Signal encryption (Score:3)
Wikileaks' press release states that the CIA can root mobile devices, which then allows them to intercept Signal communications *before* encryption is applied.
It's all coming true (Score:5, Funny)
Can I be the first to say:
In CIA America, TV watches YOU!
I feel like I may already be too late though.
Re: (Score:2)
oh you poor sweet summer child.
It's not that they literally can't.
It's that they legally can't.
But that's more of a guideline than a hard-set rule [wikipedia.org].
So, tl;dr (Score:2)
HOW did CIA break these encryptions? Some vulnerabilities, enormous number-crunching farm, a quantum computer, or did they find N=PN solution? Or did they waterboard the makers of the compromised software until they gave them the private keys?
Re: (Score:2)
They are talking about a bypass, not a break. So that's most likely vulnerabilities.
For example : tricking the software into silently switching into a non-secure mode, stealing keys using a trojan, exploiting convenient features such as password recovery, etc...
Re: (Score:2)
Just from the press releases, it sounds like they didn't break encryption but bypass the need to. That's something that exploits allow them to do. Isn't that the basis of Privilege Escalation [wikipedia.org]?
Re: (Score:2)
"CIA has tools to bypass the encryption mechanisms (Score:2)
Not exactly. If the CIA (or anyone) hacks the phone, they can install keyloggers, which can grab data before it gets encrypted. They can also install screen readers that can see incoming messages after they've been decrypted.
In other words, if they can look over your shoulder, you're not secure.
What's their job again? (Score:2, Interesting)
"Well they're the CIA, that's their job right?"
What really bugs me about this sort of thing is that they're charged with keeping America safe. THAT'S their job. And I fully understand that to keep us safe, the state has to make certain other people very much unsafe. In the dead sort of way. Sad but true. And towards that end the CIA has developed weapons to help them with that.
But these are weapons that can be used against us. Zero-day exploits. Unknown vulnerabilities in critical systems that US citizens a
Re: (Score:3)
> "Well they're the CIA, that's their job right?"
Nope. This is a common misconception. Their job is to protect (and enrich) the US Federal government, not the US people. Thats also true of the police. Their job is to enforce the law, which is written to do the same thing. They really aren't (and can't/won't be) there to protect your ass. Thats just one of the reasons why the 2nd amendment is so important.
7z over GPG (Score:2)
As joepie91 states on Twitter:
Joepie91 [twitter.com]
Highly suspect that @wikileaks switched from GPG to 7z for releases, and explicitly says to decrypt using `7z`. Suggests an exploit. #Vault7
If I had a 7z vulnerability and I wanted to target/compromise "techie crowd interested in leaks", this is *precisely* what I'd do. #Vault7
They should have called it NO MORE SECRETS (Score:2)
For obvious reasons.
Re:Zero Chance (Score:5, Insightful)
No need for zero-day exploits when Donnie's using a four-year-old Samsung that's probably got more holes than Jeff Sessions' Congress testimony.
Intel CPU backdoors (Score:4, Insightful)
NSA/CIA/GCHQ Shills kept down voting this from Score 3:
Your Intel CPU is backdoored and it is wide open, right now.
The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology.
Remember *3 Billion devices run JAVA* because everyone's motherboard is running it.
REcon 2014 - Intel Management Engine Secrets [youtube.com]
CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
30C3 To Protect And Infect - The militarization of the Internet [youtube.com]
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software [youtube.com]
Towards (reasonably) trustworthy x86 laptops [youtube.com]
Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner [github.com].
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms [hardenedlinux.org]
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/ [hackaday.com]
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Re:Intel CPU backdoors (Score:5, Interesting)
Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it)
Not actually true. You can politely ask the ME to overwrite itself with the FPT.exe or FPTw.exe (dos/windows version). There is also a uEFI and Linux version available, but they're much harder to source.
The SPI ROM of the system contains 4 regions (normally):
* BIOS (just what it says)
* ME (the manageability engine, required to have a min set of features present to boot newer platforms)
* GbE (your MAC address and the magic numbers for configuring the PHY/MAC are here)
* OEM (Things like OEM product keys, service tags, etc.
Now, that min sku that is required to boot the platform in the ME region contains:
CPU uCode patch
Power config profiles
(I really don't remember what else, but it is quite benign)
What the min sku doesn't contain:
AMT (advanced management technology: The remote power on/off setting sleep states etc.)
SOL/IDER (Serial Over LAN / IDE Redirection: essentially the ability to load a local (to you) HDD image to the remote machine and boot to it over lan, rather than the remote machine's local HDD)
KVM (just what you would think)
So, in a nutshell, if you're afraid of the big bad ME, then buy min sku'd parts. Avoid Q series (as those have everything enabled).
The ARC processor is gone BTW, replaced with Tiny IA. Licencing on the ARC and the fact that Intel was shipping an ARM CPU with every board... yeah, not popular internally. The signed Java operations is dead. AFAIK it never shipped live, though there was a hell of a push for it. Customers (Dell, HP, Lenovo) liked it but didn't want to deal with what was involved and most importantly wanted it for free...
Out of band ethernet for ME was killed off in the transition from ARC to TinyIA.
And finally, it's not all horrible:
This feature was designed for corporate users, basically putting a RILO card embedded into every corp desktop. From that perspective it's actually a really cool feature. Now, that it was so tightly integrated was Intel's way of making sure the OEMs bought it. Security was taken *VERY* seriously about this entire environment. Intel knows that if this was breached in a big bad way it would be devastating for it's customers, and thus for it as well.
Any other questions?
Re:Intel CPU backdoors (Score:5, Informative)
LOL, I don't know why you idiots kept saying it's for "Corporate" chip only when the thing is in all chips marketed under different "features"
As I had noted, the min Sku is required, but doesn't contain the "bad stuff"TM, it only has CPU uCode patch and Power config profiles, it shuts down the system for several reasons, the most notable is that Intel doesn't want unpatched uCode CPUs out there. The other notable reason is so that they could tell a particular customer (NDA'd) that they *had* to have it to boot, so why not just use the whole thing? That was a total marketing ploy, but ended up being nice for engineering, because we only had to support *one* FW kernel that way. There is a TON of overhead supporting multiple FW kernels, making it only one allowed us to move many people onto more useful projects, rather than parallel teams doing the same basic thing.
Show me the source code of the so called "FPT.exe" "FPTw.exe", what it actually does, do you have a before and after ROM comparison?
I'd love to, *but* I'd have to violate an NDA I signed when I left
Stop parroting Intel sales and look at the problem.
Hahahahahaha, I'm not parroting sales. I'm speaking from my having spent 6 years working on that project, from Version 3.2 through Version 11, at which point I left the company.
Re: (Score:2)
This looks like the kind of thing I would rather not know about cause I want to sleep at night and already have a shit-ton of other things that I keep in mind.
Re: (Score:2)
No need for zero-day exploits when Donnie's using a four-year-old Samsung that's probably got more holes than Jeff Sessions' Congress testimony.
Now, now. Jeff was "honest and correct as he understood it at the time."
( I can't wait to use that excuse myself sometime, 'cause, if it was good enough for the Attorney General of the US (under oath) and The Congress doesn't care, I don't see why I should be held to a higher standard. )
Re:Zero Chance (Score:4, Funny)
The President doesn't need the spooks' technological spying techniques. That's what he's got Breitbart and Fox for!
Re:Zero Chance (Score:5, Insightful)
Mod me flamebait if you will, but that's how Trump got to "I was wiretapped!" Via a conspiracy theory from a right wing radio host that Breitbarts picked up and Fox ran with. We have a man at the top of the one of the most powerful espionage machines the world has ever known, and he gets "intel" from right wing commentators. Can't you see this for what it is, a massive vulnerability at the very top of the US Government? A foreign power could game the system by selectively feeding the likes of Levin and Breitbart stories of this kind, and because Trump clearly has no trust of his own departments, and spends far too much time watching television, he would be supremely vulnerable to such manipulation.
Re: (Score:2)
Do you think Levin has any actual evidence for his claims?
Re: (Score:2, Insightful)
No. But isn't that the point. When you have marginally real 'news' organizations like Breitbart, and partially real ones like Fox laundering the fake news rantings of a circus clown like Levin into 'real' news, we have a problem.
In the past, The National Enquirer could blissfully print their space alien abduction stories, and nobody even considered that they were real. Facebook trolling fake news click-bait stories are probably not intended to be believed literally either - though they're harder to detec
Re: (Score:2)
Re: (Score:3, Interesting)
Legality is EXTREMELY questionable. (ianal)
Obviously. That you think the government, any government, should be prohibited from using tools to monitor/spy/whatever on others would defeat the whole purpose of intelligence gathering. They have to use these means to find out what they don't know. It's their job.
Do you think Russia isn't doing the same thing? Are you going to whine about them doing this? How about Israel? What excuse will you use to justify them doing this but not the U.S.? How about we go
Re: (Score:2)
Israel has tools that make these look like 2nd grade science fair projects.
Re:Interesting timing re Trump's claims (Score:4, Insightful)
They're not using it on russia though.
They're using it against american journalists, american dissenters, american citizens, and even american polticians whose policies aren't tyrannical enough for their own tastes.
They're *SUPPOSED* to gather and use information to keep america safe, but it turns out they're the enemy we need to be protected from.
Re: (Score:3)
So many strawmen in just one comment... here are your "rebuttals" to things he didn't say:
"you think the government, any government, should be prohibited from using tools to monitor/spy/whatever on others"
"Do you think Russia isn't doing the same thing?" (technically this one is a question but it's totally irrelevant to his point)
" What excuse will you use to justify them doing this but not the U.S.?"
Re:Interesting timing re Trump's claims (Score:5, Insightful)
The question isn't about the spy capabilities. It's about whether these tools are used without logging and review by elected officials from the Congressional security committees.
If they can be, then they will be by this or that faction spying not on the bad guys but their own political opponents. This is the reason for the 4th Amendment, to stop the king from filching through opponents' papers at will looking for stuff to tag them with.
They should have an automated and non-disablable logging system that stuff things into some MD5 file that is copied offsite to multiple places, to prevent editing of it. I'm pretty sure they have little more than a piece of paper with a checkbox "You did bother to get a warrant. Or at least a national security letter, right?" before all activity is not logged anyway.
Re:Interesting timing re Trump's claims (Score:5, Interesting)
On the March 6, 2017 Tucker Carlson show, Congressman Jim Hines admitted Congress (and his committee) is not conducting any meaningful oversight of the spy agencies.
Re: (Score:3)
The question isn't about the spy capabilities. It's about whether these tools are used without logging and review by elected officials from the Congressional security committees.
That might be one of the questions for Americans, but the vast majority of the world and of CIA's victims isn't American. Wikileaks isn't American either. This information matters much more for the rest of the world than it does to the American democracy. We can count in one hand the number of Americans drone murdered. Compare that to Pakistanis.
Most of the American public doesn't care about mass murder outside of America and think all this capabilities and uses are fine as long as it's legal and there is c
Re: (Score:2, Interesting)
The man on your telescreen is unquestionable and no one should suspect that they only do good things and never abuse their powers
Re: (Score:2, Interesting)
Re:Interesting timing re Trump's claims (Score:5, Informative)
As far as I'm aware, nobody has denied that Trumps (not the US president at the time) phones were tapped as part of an investigation into his shady links with Russia.
James Clapper did. [bbc.com]
FTA:
The director of national intelligence at the time of the US election has denied there was any wire-tapping of Donald Trump or his campaign.
James Clapper also told NBC that he knew of no court order to allow monitoring of Trump Tower in New York.
Re:Interesting timing re Trump's claims (Score:5, Insightful)
Re:Interesting timing re Trump's claims (Score:5, Insightful)
Clapper isn't trustworthy, but then again, neither is Trump, who clearly just picked up on a bunch of garbage coming from Levin and Breitbarts, more conspiracy theory nonsense, and running with it. It's pretty clear that no one else in the White House even saw this coming, which is why they really had no way of countering it other than "The President has ways of knowing things!" Considering we can trace the wiretap claim right back to Levin, who was exaggerating the already well known fact that Russian communications were being monitored during and after the election (because concocting anti-Obama conspiracy theories is what right wing radio shock jocks have been doing for eight fucking long years), so we know Trump didn't likely get any of this information from the FBI or any other government intelligence services.
And now we see as Trump's mouthpieces basically dilute the entire wiretap claim to the point where it was "something", that they're trying to make the entire "wiretapping of Trump Tower" conspiracy theory go away, because what Trump really did was empower and invite Congressional oversight to begin looking even closer at the nonsense going on between Trump's proxies and the Russians during and after the election.
Re:Interesting timing re Trump's claims (Score:5, Funny)
To be fair: If James Clapper says they didn't, then they did. Not with the white house's knowledge, mind, but that guy's credibility is right down there with POTUS45 himself.
This leaves us with a time-destroying paradox: Clapper says they didn't, but Trump says that they did. Therefore they absolutely did so, and absolutely cannot have done so. Both possibilities both did and could not have occurred, and our primitive technology does not yet allow us to see the havoc we have wreaked upon our poor continuum.
Re:Interesting timing re Trump's claims (Score:5, Insightful)
No, what he said was "I can deny it". Which isn't actually a denial is it. Its a statement, but a meaningless. I can say the "sky is red," its easy to do, but it does not make for a red sky. Clapper is a SOB that has been caught lying before under oath. He escapes prosecution I think because many politicians are afraid of the deep state.
They told us our phone records were private too unless and until someone got a warrant, turned out that was not exactly the case. We have a secret court FISA, a FUCKING SECRET COURT, for which even after investigation are closed and intelligence actions are completed the records from which remain under seal often for decades! Any truly reasonable interpretation of the Bill of Rights, part of Constitution the highest law of land does not all that shit. The leaks pretty much show the spooks are running basically wild. Its time to go after the three letters and the government can't do because they are scared of their own shadows. Unfortunately that leaves the likes of people who are probably not exactly of great character like Assange to do it.
So here we are with a CIA run by people Trump was insulting thorough his campaign. They participated in the attribution of the compromise of the DNC and foreign political propaganda (Note not election hacking or stealing because lets face it note vote total tampering has been alleged). Now we find them with a whole suite of tools for performing attacks and making it look like a foreign country, like Russia, did it. Can't get your flunky elected because she is to much a scandal ridden bitch half the country hates, do the next best thing undermine the credibility of the guy who does get elected so nobody will work with him, so he can't implement any reforms, and carry on business as usual. Right?
Trump might not have any real credibility but even if that is true he has a much as James Clapper, 0, and as much as any of the other three letters. As big a set back as it would be to our overall preparedness, I really believe nothing sort of a near complete housecleaning can fix this. Like literally dissolve the CIA, and NSA, and stand up a new organization with entirely new people former CIA/NSA workers need not apply and put the whole thing back under the control of the Pentagon inside the primary chain of command where it can be properly administrated and observed.
Re:Interesting timing re Trump's claims (Score:5, Insightful)
I'll concede that James Clapper's credibility isn't stellar, but it still contradicts GP's assertion that "nobody has denied." Would Obama [foxnews.com] be any more credible?
FTA:
“Neither President Obama nor any White House official ever ordered surveillance on any U.S. citizen. Any suggestion otherwise is simply false," said Kevin Lewis, a spokesman for the former president.
Also, James Comey asked the DOJ to deny the assertions, but that stops just short of being an actual denial.
Trump might not have any real credibility but...as much as any of the other three letters.
Are you really saying that information coming to us from DJT is as trustworthy as information being published by the FBI/NSA/CIA?
Re: (Score:3)
Since the allegation was literally, "President Obama was tapping my phones," and Obama's spokesperson said, "Neither President Obama nor any White House official ever ordered surveillance on any U.S. citizen," it does sound to me like Obama is denying the allegation.
Which I feel brings us to the point that it would actually be kind of staggering if Trump weren't subject to one or more federal wiretaps, given his and his pals' repeated interaction with many and varied Russians who are persons of interest to the US government for a variety of reasons.
Re:Interesting timing re Trump's claims (Score:5, Interesting)
Just as plausibly, Flynn, Sessions and heaven knows who else simply got caught up in the US government's already well known spying on the Russian ambassador and other Russian officials in the US. In other words, there was no need to directly target Trump and his proxies at all. They literally walked into the existing monitoring that was going on. And really, at that point, if you have some US citizens chatting up Putin's representatives, how is that not justification for seeking FISA warrants to take a closer look at those proxies?
This is the part that amazes me. Even if I'm willing to accept that Sessions, Flynn, Kushner and whomever else was getting cozy with the Russians weren't committing any crimes, how could these people have gone around imagining that their activities wouldn't be noted by US security agencies? Sessions and Flynn have been around a long goddamned time and certainly must be at least vaguely aware of what the FBI, NSA, CIA and Secret Service are capable of. This either betrays a kind of supreme arrogance, or a level of base stupidity, and in either case doesn't exactly recommend these men to any kind of high office or position of trust. That Flynn and Sessions felt compelled to lie about it makes it all the more curious.
Here's my opinion, for the little bit it's worth. I don't think even they thought Trump would win. I think both Congressional Republicans and Trump's own team had no real expectation up until the last week or so before the election that they would ever have to be in a position to explain themselves. When he won, and suddenly they had to answer to somebody about their activities (Flynn to Pence and Sessions to the Senate confirmation committee) they suddenly had to answer questions they never imagined would be posed to them. If Trump had lost, nobody would given a flying fuck about Trump's chief advisers and supporters. There might still have been a peak into Trump-Russia leaks, but it wouldn't have been the kind of microscope that's being employed now. And the funniest part is that Trump's propagating the whole wiretapping claim has literally invited both the House and Senate Intelligence Committees to probe even deeper.
Re: (Score:2)
As far as I'm aware, nobody has denied that Trumps (not the US president at the time) phones were tapped as part of an investigation into his shady links with Russia.
James Clapper did. [bbc.com]
FTA:
The director of national intelligence at the time of the US election has denied there was any wire-tapping of Donald Trump or his campaign.
James Clapper also told NBC that he knew of no court order to allow monitoring of Trump Tower in New York.
James Clapper? Really?
Oh, wait, you were sarcastic. Right?
Re: (Score:3)
I was presenting Clapper as an alternative to "nobody." And, as I mention above somewhere, Obama has denied it too [foxnews.com]. So, which president do you think is telling the truth? It's not both.
Re: (Score:2)
Wait, what's the difference?
You start off with "yes there's wiretaps," then Trump says "can you believe these wiretaps!" and then you say "how dare he claim there's wiretaps, what bullshit!" What's your point?
Re: (Score:2)
Ever heard of the phrase "An angry man is an enemy, and a satisfied man is an ally"?
Re: Interesting timing re Trump's claims (Score:5, Funny)
Ever heard of the phrase "An angry man is an enemy, and a satisfied man is an ally"?
Ya. Worst pick-up line - ever.
Re: (Score:2)
that made me actually lol
Yah. Wanted to up-mod him but he already at 5.
Re: (Score:2)
The enemy of my enemy is my enemy's enemy. No more. No less.
- Maxim 29:, The Seventy Maxims of Maximally Effective Mercenaries
Re: (Score:2)
it so happens that breaking trust between players in the western world *at the moment* currently aligns with modus operandi of Russian psychops. Therefore, when Russia is attacking the west, he will aid them.
Or is it the other way round?
Re: (Score:2)
The Americans make plenty of people disappear both foreign and domestic. You could've claimed the same during the Cold War, where are the Russian missiles and subs - turns out they never had quite as much as they claimed. North Korea can't even put a rocket together, something American engineers do for fun and games in their back yard.
Re: (Score:2)
Er, drone strikes, renditions, black sites, Guantanamo, waterboarding, parallel construction....
Re:Obamacare repeal finally imminent. (Score:5, Insightful)
Re: (Score:2)
Your points sound good on a quick read AC. Maybe if you broke up your thoughts into paragraphs and developed them with a little more verbosity you wouldn't get ranked into oblivion. Your prose is more complex than average so to the casual observer it reads like a wall of obtuseness, which it isn't. So +1 "Insightful" from me if I had mod points to give.
Re:Obamacare repeal finally imminent. (Score:4, Informative)
Don't we already have that in place? Don't families already have to stage car-washes and Fund-me campaigns to help pay for medical care?
Re: (Score:2)
Republican propaganda machine
You mean...enacting the agenda on which the President ran, and for which his voters cast their ballots?