Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Government Privacy Security

WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations ( 447

Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.
This discussion has been archived. No new comments can be posted.

WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations

Comments Filter:
  • how would we know? (Score:5, Interesting)

    by gtall ( 79522 ) on Tuesday March 07, 2017 @10:52AM (#53992211)

    How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools? Or that Wikileaks knows they are Russian and is simply lying?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Does it matter now the CIA is under Kremlin control?

    • How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools?

      Visit TFA. Download the torrent. Analyze the data. Make up your own mind. Or, like most of us, wait for some reputable hearties to do it for you.

    • Like in the past, we will know that from the outrage they create within the US government and from an overall assessment of the tools.
    • Well, taking the obvious bait, I'd say this is a stash of co-develop British GCHQ tools and those shared with the Brits. Why? At least two of them are named after Dr. Who characters. CIA/NSA seem to prefer randomly chosen 'ADJECTIVE NOUN' (eg. 'Stinky Bishop') over sci-fi themed nerd-friendly "Sontaran" and "Weeping Angels."

      Next up, characters from Lord of the Rings...

  • The interesting thing would be to see the targets. Given it's the CIA, they are only authorized to surveil targets foreign to the US. The problem with malware and high tech devices is that they cannot always be accurately contained. So how many US citizens and US allies were "inadvertently" tapped? How about political targets?

    • by meta-monkey ( 321000 ) on Tuesday March 07, 2017 @01:05PM (#53993229) Journal

      The problem with malware and high tech devices is that they cannot always be accurately contained.

      Oh, very insightful. What, in reading the story from WikiLeaks, about the leaked trove of CIA hacking tools, led you to believe the hacking tools could not always be contained?

      Also, the existence of weapons isn't really a problem. Yes, the government has cyber weapons. They also have nuclear weapons that can annihilate the entire planet. What matters is the manner in which such things are, or are not used. I'm not terrified because the FBI has the ability to kick down my door at any time. Of course they can. Doors have been kickdownable since the invention of doors and kicking. My protection against having my door kicked down is not the removal of boots from the FBI or an unkickdownable door, but a piece of paper that says they can't do it without a warrant from a judge to whom they have demonstrated probable cause that I have committed a crime. So, the CIA's weapons are fine. But is anybody checking to see how they're using them, and who they're using them on? Somehow I doubt it.

  • by Anonymous Coward

    Your Intel CPU is already backdoored

    Forget security, your Intel CPU is already backdoored and it is wide open.

    Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.

    REcon 2014 - Intel Management Engine Secrets []

    32c3 Intel backdoor live hack demonstration, keystrokes logged and downloaded over wire, wireshark can't detect:
    Towards (reasonably) trustworthy x86 laptops []

    Tools to remove Intel backdoor firmware: [].

    Neutralize your Intel backdoor:

    Neutralize ME firmware on SandyBridge and IvyBridge platforms []

    First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

    The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

    The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored. []

    Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.

    Intel Active Management Technology []

    Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]

    The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipsets.[30] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[31]

    The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system

  • Hi CIA (Score:5, Funny)

    by meta-monkey ( 321000 ) on Tuesday March 07, 2017 @11:11AM (#53992363) Journal []

    Reading list

    A list of websites I like to check out to stay up to date and get new ideas:

           [] along with all the other good subreddits (RE, forensics)

    Ha, ha, hello CIA friends, I hope you've enjoyed all my ENTIRELY SATIRICAL posts over the years that may have appeared to the slow of wit to be critical of the government and the Agency, but were in fact entirely in jest. I'm sure you had a good chuckle all the times I COMPLETELY IRONICALLY referred to you as lying liars who lie about your lies to bring us into war under war false pretenses...over and over again.

    Anywho, keep up the good work, friends!

  • Revolution T- 20 (Score:5, Insightful)

    by Deliveranc3 ( 629997 ) <deliverance@leve[ ]org ['l4.' in gap]> on Tuesday March 07, 2017 @11:15AM (#53992389) Journal
    20 years ago there would have been hearings and elections and all sorts of excitement about this.

    Now we just shrug cry and accept.
  • From the press release: []


    The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

    This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

    The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

    With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

    UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

    Uh oh. So combine with:

    Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

    Doesn't that make attributing the source of a hack based on exploit fingerprinting essentially meaningless? If a motivated hacker had access to this trove, and therefore Umbrage, and say they wanted to hack the email server of a US political party, could they not simply leave behind a Russian fingerprint in order to implicate them?

    Always seemed strange to me the DNC hackers used a Russian VPN. Isn't the first rule of haxx0ring to be behind 7 proxies? And the la

  • by SysEngineer ( 4726931 ) on Tuesday March 07, 2017 @11:25AM (#53992451)
    The NSA records every phone call, every email, every SMS and most web access, especially foreign people. Obama did not have to order a special wire tapp (Trump's spelling), it is done routinely. Trump may have shot himself in the foot by making surveillance an issue. Everybody does not like being under surveillance so I will throw the canned response back at this administration, "If you have nothing to hide, why complain about surveillance?"
    I expect privacy and anonymity, but I know I do not have right.
  • by WML MUNSON ( 895262 ) on Tuesday March 07, 2017 @11:42AM (#53992565)
    The article summary is a bit misleading. There is no indication that the CIA can break Signal's encryption or intercept its communications in-transit.

    Wikileaks' press release states that the CIA can root mobile devices, which then allows them to intercept Signal communications *before* encryption is applied.
  • by neurovish ( 315867 ) on Tuesday March 07, 2017 @11:55AM (#53992675)

    Can I be the first to say:
    In CIA America, TV watches YOU!

    I feel like I may already be too late though.

  • HOW did CIA break these encryptions? Some vulnerabilities, enormous number-crunching farm, a quantum computer, or did they find N=PN solution? Or did they waterboard the makers of the compromised software until they gave them the private keys?

    • by GuB-42 ( 2483988 )

      They are talking about a bypass, not a break. So that's most likely vulnerabilities.
      For example : tricking the software into silently switching into a non-secure mode, stealing keys using a trojan, exploiting convenient features such as password recovery, etc...

    • Just from the press releases, it sounds like they didn't break encryption but bypass the need to. That's something that exploits allow them to do. Isn't that the basis of Privilege Escalation []?

    • My best guess is implementation flaws as that is the most common. Even with a quantum computer you are still looking at ocean boiling levels of energy with the most efficient current computers. Even on an ideal quantum computer you would need a sizeable fraction of the total US annual energy consumption (I believe it is about 10%).
  • Not exactly. If the CIA (or anyone) hacks the phone, they can install keyloggers, which can grab data before it gets encrypted. They can also install screen readers that can see incoming messages after they've been decrypted.

    In other words, if they can look over your shoulder, you're not secure.

  • "Well they're the CIA, that's their job right?"

    What really bugs me about this sort of thing is that they're charged with keeping America safe. THAT'S their job. And I fully understand that to keep us safe, the state has to make certain other people very much unsafe. In the dead sort of way. Sad but true. And towards that end the CIA has developed weapons to help them with that.

    But these are weapons that can be used against us. Zero-day exploits. Unknown vulnerabilities in critical systems that US citizens a

    • by JustNiz ( 692889 )

      > "Well they're the CIA, that's their job right?"

      Nope. This is a common misconception. Their job is to protect (and enrich) the US Federal government, not the US people. Thats also true of the police. Their job is to enforce the law, which is written to do the same thing. They really aren't (and can't/won't be) there to protect your ass. Thats just one of the reasons why the 2nd amendment is so important.

  • As joepie91 states on Twitter:
    Joepie91 []

    Highly suspect that @wikileaks switched from GPG to 7z for releases, and explicitly says to decrypt using `7z`. Suggests an exploit. #Vault7

    If I had a 7z vulnerability and I wanted to target/compromise "techie crowd interested in leaks", this is *precisely* what I'd do. #Vault7

I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes. -- Dennie van Tassel