Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy United States Communications Government Network Networking Security The Internet Technology

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk) 457

Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said.
You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
This discussion has been archived. No new comments can be posted.

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7'

Comments Filter:
  • why no trust-busting. why no common carrier. why no nothing which would prevent "wire-tapping".
  • Surprise! (Score:2, Informative)

    by Anonymous Coward

    There is no surprise...

    • Re:Surprise! (Score:5, Interesting)

      by Anonymous Coward on Tuesday March 07, 2017 @08:11PM (#53996615)

      I am surprised that anyone would continue to risk themselves and leak this kind of information, since we have seen how willing the public is to stand up and defend its whistle-blowers (which is to say, not at all).

    • by thesupraman ( 179040 ) on Tuesday March 07, 2017 @11:58PM (#53997707)

      What is it with the quality of reporting now?

      No, this does NOT make signal, etc completely insecure - this means they need to specifically target one end of the conversation, before
      it happens - why is always likely to be possible.

      What is DOES NOT mean is that they can auto-vacuum up all the conversations for later 'analysis', as they can do with just about every
      other form of internet base communication. THAT is a critical difference. What it means is when you get on the wrong side of an ever
      expanding range of government bureaucrats, they can trawl through less of your life to look for a suitable 'punishment'.

      Of course they would LOVE everyone to think encrypted communication is useless, because they more people wouldn't bother......

      Bears a close resemblance to a false flag reporters.....

      And no, I dont need to post that AC, because being sensible about your personal communications is sensible, not illegal.

  • by Anonymous Coward on Tuesday March 07, 2017 @07:53PM (#53996503)

    When I got my TV I bypassed the Mic and am feeding it "never gonna give you up" in a continuous loop. Glad my effort was not wasted.

  • Hide in your basement, cut the phone, cable and Internet lines and stay there for the rest of your life.
    • by rtb61 ( 674572 )

      Nah, just flood their data bases with computer generated bullshit. Computers are capable or producing volumes of data which they would be forced to sort, categorise and store. Fake coms, fake movements, fake activity, fake searches, fake everything digital. Want to talk to some one, be a human being and go see them and talk to them. Leave the computers to talk empty waffle to each and the agencies can get the erections and play with themselves. Bury them in their own bullshit.

  • by chispito ( 1870390 ) on Tuesday March 07, 2017 @07:59PM (#53996537)

    1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.

    That's part of the spying thing and has been for at least the last 2-3 decades.

    2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.

    Logically follows.

    3) The CIA could use smart TVs to listen in on conversations that happened around them.

    Smart device insecure; news at 11.

    4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."

    Explored and...? That's it? Okay.

    5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.

    Author doesn't know what an 0-day is good for.

    • by ls671 ( 1122017 ) on Tuesday March 07, 2017 @08:09PM (#53996603) Homepage

      My mother tells me that when black and white TV first came out, some people used to dress all nice and clean to watch TV, like if they were going to a wedding or something. Apparently, they weren't sure if the guy in the TV could see them and they wouldn't trust you if you told them he couldn't.

      Man, those people were visionaries!

    • by RazorSharp ( 1418697 ) on Tuesday March 07, 2017 @09:33PM (#53997057)

      The fact of the matter is that the main reason the government is turning into Big Brother is because unlike most of the people on this site, the typical American believes that all of those things are ridiculous conspiracy theories. Hence politicians who find a surveillance state to be reprehensible are few and far between. I can think of Ron Wyden and Rand Paul off the top of my head and they're treated like whackos.

      To flippantly dismiss it at "that's spying and that's how it's been for the last 2-3 decades" is the type of submissive attitude that has allowed this to happen in the first place. The generations of our time exist at a crucial moment in history when the very notion of liberty is in jeopardy. If we allow an Orwellian government to take hold—which all of these actions by the CIA are precursors for—then it may be impossible to reverse.

      I may sound hyperbolic but the extreme nature of the changes our society currently face only sound ridiculous to people because most don't want to believe that horrible things are happening (or at least, they don't want to believe they'll happen in their own lifetime). It's the same with climate change. People just hope that when the shit hits the fan they'll be long dead.

      • by dbreeze ( 228599 )

        SOMEBODY suffered the worst of histories atrocities and disasters, but it won't happen to me.... normalcy bias, societal cycles, yada,...

        Do not despair America, these are the times that produce tomorrow's heroes.

      • We flippantly dismiss it, because anyone who has worked in the intel community knows that you either remove batteries from any phones or better remove any phones from the room when discussing sensitive information and that has been the rule for decades. Back in the days of the Nokia candy bar cell phones that was the policy because they could be remotely accessed and used to listen. That the CIA has active research to maintain and even expand these capabilities is not only not news, it is to be expected
  • by rahvin112 ( 446269 ) on Tuesday March 07, 2017 @07:59PM (#53996543)

    I'll bet serious money this enrages Trump and he threatens to arrest and detain Assange.

    • Re: (Score:2, Informative)

      by Camel Pilot ( 78781 )

      Trump love Assange.... and vice a versa.

      • by skids ( 119237 )

        But he hates not being the center of attention above all. If you want to predict when the next granpa twet storm is going to come, track how much coverage is about him. When it starts to dip... when Sessions gets the spotlight for example, we are in for another crazy rant.

  • #3 (Score:5, Insightful)

    by Anonymous Coward on Tuesday March 07, 2017 @07:59PM (#53996545)
    Point 3 is just dropping yet another reason on top of the large pile of reasons why I'll never ever buy a 'Smart TV'.
    • its now to the point where any tv that is worth owning is 'smart'. beyond a certain size, (vizio, for sure) its all smart-only.

      but - just don't connect a network to it and its not ever going to be 'smart'. no network == dumb tv. no forced firmware upgrades, no wiretapping, no nothing.

      I would not worry about so-called smart tv's. disable networking and you're safe.

  • by Spy Handler ( 822350 ) on Tuesday March 07, 2017 @08:00PM (#53996553) Homepage Journal

    3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.

    I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.

    But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.

    • by chispito ( 1870390 ) on Tuesday March 07, 2017 @08:04PM (#53996563)

      But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.

      Then don't put it on the network if you're concerned.

      • by Spy Handler ( 822350 ) on Tuesday March 07, 2017 @08:21PM (#53996671) Homepage Journal

        Then don't put it on the network if you're concerned.

        Well that kind of defeats the purpose of buying the TV in the first place, I use it to watch Netflix.

        I suppose I can disconnect it from my wifi like you said and then get a Chromecast stick or some such plug-in device. But having the feature built-in was a lot more convenient, no need to boot up a second device or use a second remote controller, etc.

        Also if my TV is infected, how do I know if it's really disconnected from wifi? I suppose I would have to get a packet analyzer and record all packets for like a week and see if the TV sent anything over the network.

        • by Spy Handler ( 822350 ) on Tuesday March 07, 2017 @08:26PM (#53996705) Homepage Journal

          wait nevermind, it just occurred to me that i can check the wifi router's DHCP log and see if the smart TV connected.

          • by AHuxley ( 892839 )
            Depends on the network to log. Would a clandestine service use an existing internet connection or wifi in from another wifi network they control in the area?
            Whats the risk that a user is running a network protocol analyzer on their own network? Or finds an outside wifi connection connecting to their smart TV?
            A random outside wifi connection or risk entering a users own wired and wireless network that might be logged?
          • Comment removed based on user account deletion
        • by AHuxley ( 892839 )
          Bring an ethernet computer to your HDMI display and watch protected streaming services on that.
          When done, disconnect the TV.
          No need to have a powered, networked computer with a cam and mic on 24/7 as a "display" when work is been talked about.
        • by dbIII ( 701233 )

          I suppose I can disconnect it from my wifi like you said and then get a Chromecast stick or some such plug-in device

          Or you could just use it as a monitor for a PC and watch shows that way (I do that but it is a very cheap TV not a "smart" one), but cabling hassles etc get in the way for most people (plus MS Windows sucks with multiple screens that are not on at all times). What about finding out where the microphone is and just block it's ability to pick anything up?

      • I plugged a laptop into a DVI port on our TV, got a wireless $10 mini-keyboard with integrated touchpad off of eBay, cranked up the icon and font sizes a bit I plugged a laptop into a DVI port on our TV, got a wireless $10 mini-keyboard with integrated touchpad off of eBay, cranked up the icon and font sizes a bit and it's worked out surprisingly well. It's much quicker to use than the 'smart' Bluray player we were previously using, and it can do a lot more... and it's running Qubes OS. Ain't no drive-by
      • Comment removed based on user account deletion
    • That lack of control is part of why I still use a home theater PC. I can control what is going on more, and have access to far more entertainment options than any "Smart" TV or even a plug-in like Roku.

      I think my latest TV might actually have some "Smart" features, but I don't use them and never connected it to my WiFi network... so even if it had the capacity to be used for monitoring, being off the Internet prevents any such nefarious use.

    • by slew ( 2918 )

      3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.

      I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.

      But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.

      If your "desktop" machine has been owned enough with a boot sector style spyware/malware (like a keylogger), I don't think that there are simple steps you can take to detect them (you pretty much have to move your boot drive to a trusted machine to scan/fix it)... Since Smart TVs get manufacturer OTA updates all the time to update their "apps", I suspect Weeping Angel would want to operate on a level similar to a boot sector style spyware/malware and compromise the device on a low enough level to survive a

    • Linux, as of late.

      http://www.digitaltrends.com/h... [digitaltrends.com]

      "According to an official statement issued by the company today, all Samsung smart TVs will now run on Tizen, an open-source, Linux-based operating system (OS) developed and supported primarily by Samsung and Intel."

  • by rmdingler ( 1955220 ) on Tuesday March 07, 2017 @08:02PM (#53996559) Journal

    The government's been in bed with the entire telecommunications industry since the forties. They've infected everything. They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you. It's a brave new world out there. At least it'd better be.

    As great as the internet's free flow of information has been for the average human, there is another entity that has benefited even more...

  • There are already quite a few tools in computational journalism to automate the early assessment of a large data dump.

    What do Journalists do with Documents? [jonathanstray.com]
    C+J 2016: Documents, Data Mining and Discovery [youtube.com]

    As with all things, I'm sure the 20-80 rule applies.

  • Safe (Score:5, Funny)

    by Anonymous Coward on Tuesday March 07, 2017 @08:09PM (#53996601)

    I'm safe. Turns out buying a Windows Phone was a good choice after all.

  • by LeftCoastThinker ( 4697521 ) on Tuesday March 07, 2017 @08:14PM (#53996633)

    If you didn't know this kind of thing was going on, you weren't paying attention. The job of the intelligence agencies is to... gather intelligence, particularly the kind that people don't want collected and kill foreign enemies covertly. This is why they are not allowed to act inside the US. Every other intelligence agency on the planet does exactly the same thing. If you think otherwise you are living in a fantasy land bubble.

    • This is why they are not allowed to act inside the US.

      Which the CIA neatly sidesteps by having a "domestic agency" attached to an operation.

      By domestic agency they mean one clueless newbie FBI agent tagging along with the tough seasoned elite operators of the "real" intelligence agency.

      • By domestic agency they mean one clueless newbie FBI agent tagging along with the tough seasoned elite operators of the "real" intelligence agency.

        Why, Special Agent Dr. Stanley Goodspeed, is that you!?

        Strat

    • by dbreeze ( 228599 )

      First, if you think this release is relevant only to activities outside the US you are naive, at best. Second, if you DID know this kind of thing was going on, and weren't making all the noise you could to combat this infringement, you deserve the tyranny that rules you, and are also responsible for its power over others.

      America wasn't built with "business as usual/not my problem" attitudes...

      • Of course I knew this was going on. Not only that, I expect and approve that it goes on. I want my country to have the best fucking weapons to use and the best intelligence on other countries. Yes, it's power. But unilateral disarmament just leads to a Russian flag over the capitol.

        Yes, dragnets are bad. But so far these have all been targetted things. I have no illusion that the US government could read my mail, listen to my phone, use a stealthy drone with night vision, or otherwise montior everythi

  • This makes open hardware more imperative. Are the operating system flaws all software, or are they hardware? Or firmware? If the latter two, are they flaws or cooperative effort by the manufacturers?

    I don't have time to read the entire thing, so I'm wondering what part of my Linux installations are being exploited. FOSS and FOSH are the only real digital defenses we have against our governments, as they are our only avenues of control.

  • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Tuesday March 07, 2017 @08:36PM (#53996755) Homepage

    "Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure" is what makes running security-minded programs on non-free, user-subjugating, always-untrustworthy, proprietary OSes a joke. People get a sense that they're safer from malware [gnu.org] then they really are and they think they get to keep their proprietary conveniences as well. Openwashing will not help you.

    I know it's a lot of work to learn new things and change your views and your behavior. I understand that software freedom is differently political than what you're encouraged to adopt, and software freedom requires you to consider more than what's listed in virtually every features & money-based ad campaign from monied proprietors. And I get that coming to terms with the consequences of software freedom runs directly contrary to believing that you don't need to think any further than what proprietors and their "open source" friends tell you to think about (because no proprietor frames their offerings in terms of the freedoms to run, inspect, share, and modify the software, hence proprietors are more likely to sanction the open source movement which eschews these values and even celebrates partnering with proprietors like Red Hat's recent uncritical commentary on Microsoft's software and Microsoft's new campaign regarding "Linux"—no mention of GNU which might bring software freedom to mind). But in the real world you need to stop trusting proprietary systems to keep you safe, respect your privacy, or other practical consequences of software freedom. Proprietary software wasn't designed to do that and therefore that software never will do that job. There is no middle ground which allows you to run proprietary software while retaining the benefits of software freedom. It's time to value software freedom for its own sake.

    Even if all published software were free, exploits like these are possible because all complex software has bugs. Perfect security is not the issue. The issue is who gets to control their own computer and how we treat each other. Even after these exploits are published by WikiLeaks and people have had time to consider them and protect against their adverse effects, proprietors will still have power over users who run their proprietary software. Users won't be able to tell what other exploits are out there and therefore it will be harder to protect against them. The difference between proprietary subjugation and software freedom becomes more clear: Free software users will be able to run, inspect, improve, and share improvements with others making that software more able to prevent future attacks. But proprietary software users won't be allowed to do the due diligence they need in order to help themselves no matter how technically skilled they are or how willing to repair things they are. No computer user deserves to be treated that way. It will take a lot of work to get people to understand why they too should care about software freedom even if they're non-technical (like most computer users are). So I urge you to understand software freedom for its own sake and to try to help others understand as well.

    Relatedly, the Free Software Foundation's "Respects Your Freedom [fsf.org]" campaign has some new hardware on the list. I recommend buying some and using it, even if it's not up-to-date with the latest capabilities and seemingly expensive for what's offered. We need more people to invest in free replacements for proprietary, locked-down, user-subjugating systems. We need to make investments in our own collective future by funding the free products available today so we can have modern, highly-capable, and fully user-controllable POWER8, RISC, etc. systems which will respect the owner's control.

    • by AHuxley ( 892839 ) on Tuesday March 07, 2017 @09:13PM (#53996939) Journal
      Decades of thinking have gone into such efforts.
      After the 1950's cryptography was weak and international standards got a lot of free support in the press.
      A company, gov, mil or bank would buy in an approved network or some other nations product that was tested and worked well.
      Governments and mil knew a one time pad was secure but they had so much data to move. So new hardware was imported.
      The crypto on offer would be weak and US/UK would get all messages in real time.
      Once the world moved to more secure crypto, the clandestine services went for the weak hardware/software that was trendy and global.
      The OS and hardware used to read or create a message was junk but the crypto could be examined by all.
      Everyone agreed the crypto was so safe and that it was always going to be tested, studied and kept safe.
      If the academics and brands ever get the hardware, OS side fixed, expect a flood of new junk crypto again.
      With open source at least the OS and hardware has been looked at. The network might not be secure but at least a private message can be created and trade secrets, product designs can be protected until they are ready for sale, publication.
      The only other option is to fly staff around the world, use one time pads.
  • 1. Start reading the tech news and books about past NSA, GCHQ, CIA projects over the decades.
    e.g. CIA Chief: We’ll Spy On You Through Your Dishwasher (03.15.12)
    https://www.wired.com/2012/03/... [wired.com]
    Past project shape new projects in the US gov. Electronic collection is the only growth area so that is what gets funding and political support.
    Collect it all is policy that can be understood by most people.
    2. Work out if the NSA, CIA or any other part of the US gov think your company or work is inter
  • Crashing Cars? (Score:5, Interesting)

    by grimfate ( 3986985 ) on Tuesday March 07, 2017 @09:13PM (#53996937)
    Food for thought: Michael Hastings was apparently investigating the C.I.A. when he died in what sounds like a suspicious car crash. Officially, foul-play was ruled out. Quote from Wikipedia: "Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard A. Clarke said that what is known about the crash is "consistent with a car cyber attack". He was quoted as saying "There is reason to believe that intelligence agencies for major powers — including the United States — know how to remotely seize control of a car. So if there were a cyber attack on [Hastings'] car — and I'm not saying there was, I think whoever did it would probably get away with it."" (This quote is from 2013.) Source: https://en.wikipedia.org/wiki/... [wikipedia.org]
  • Linux malware... (Score:4, Informative)

    by dbreeze ( 228599 ) on Tuesday March 07, 2017 @09:27PM (#53997021)

    https://wikileaks.org/ciav7p1/... [wikileaks.org]

    https://wikileaks.org/ciav7p1/... [wikileaks.org]

    Can someone give us the Cliff Notes on what we need to sudo rm -rf ??? Is it just routers being targeted...?

    • Re:Linux malware... (Score:5, Informative)

      by dbreeze ( 228599 ) on Tuesday March 07, 2017 @09:43PM (#53997075)

      Here's a few excerpts...

      V2.5.1
      11/29/2012
      Modifies all mikrotik, linux, and solaris code so any successful beacon or trigger will also create a /var/.config timer file if it does not already exists. Note that the trigger listening function will automatically self delete the executable if it discovers that the /var/.config file does not exists. If a self delete occurs, the normally empty /var/.config will contain a time stamp when the actual self delete occurred using a yymmddHHMMSS format. Previous versions would allow the
      executable to stay on the box but would stop the process whenever the /var/.config file was removed. Version 2.4's Caution for Solaris shells still applies. A new
      Hive updating script called hiveReset_v1_0.py was added which also resets the self-delete timer for all linux, Mikrotik, and Solaris devices.

      (S) Below is the list of files included in this release, along with their size and MD5 hashes.
      Filename File Size(bytes) MD5 Hash
      CCS.xml 490235 1dd06dd5b74ceb7cab9b599a22f99975
      cutthroat 1095780 caba38dc033c86f5f9daa837dfe4c2fa
      hive670859 216f0da2dca51fb33044e5b525db45a3
      hive-patcher 1368840 dee62bac8aa66f6a309c2bb1c675c3e0
      hiveReset_v1_0.py 60292 d3153e378e24f4bed0ceddfcab599fb8
      honeycomb.py 15500 5ef80df352e52e191556663c0bcc3059
      swindle.cfg 680 3b9185be038c826c39734f1be273b37f
      Unpatched Binaries
      hived-linux-i386-unpatched 165280 a7729c8b0c5f1b0f3bc1888a43be3525
      hived-mikrotik-i386-unpatched 163426 7905ecba0e020fe8883099fb45ff2e50
      hived-mikrotik-mipsbe-unpatched 234944 e74ad934ff90aa2354d3874009563343
      hived-mikrotik-mipsle-unpatched 235307 4f2d7d2e817684a21f2de8315c2d9eb3
      hived-mikrotik-ppc-unpatched 175812 0806e6641cafe014266d30ee1d4b37ef
      hived-solaris-i386-unpatched 174764 3adb8dfaf459948a0eea6a9439396059
      hived-solaris-sparc-unpatched 207720 aa853024ec50b914c3cb3717b36d7e5c

  • by PopeRatzo ( 965947 ) on Tuesday March 07, 2017 @09:57PM (#53997141) Journal

    I've been going over this most all day (I'm retired, so I got fuck-all else to do on a rainy day).

    From what I can tell, the biggest takeaway is that a hacked phone is not secure. Encryption is still OK, and Signal and WhatsApp are still secure as far as we can tell. Everything else has already been known. Also, it's a good idea when vendors patch vulnerabilities, apparently. Who knew?

    EFF has written some interesting stuff about Vault7 today, on their webpage and Twitter account.

    https://www.eff.org/deeplinks/... [eff.org]

  • "The CIA could use smart TVs to listen in on conversations that happened around them."

    And that's just one reason I'll never own a "smart" TV.

    I remember people laughing at the idea that anyone could or would covertly turn on the mic in your TV, but who's laughing now?

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Tuesday March 07, 2017 @10:56PM (#53997411)
    Comment removed based on user account deletion
  • Has anyone been able to download the torrent? I tried and it hasn't been working.

  • our spy masters are evil, pure evil, and there's no way we can know who they turn they evilness to. US, 'them', or combo of both.

    I wish all the spy agencies were disbanded. no one should have this kind of power, no one! prisoner experiment (stanford) demonstrates that no human should have that kind of unchecked power.

    who watches the watchers?

    NO ONE.

    or, no one we can trust.

    man, this is sick shit. a US agency that spends its time trying to create malware and thrust it upon - ALL OF US.

    now, even this NEWS

  • It makes me wonder why the recent revelations have been about US cyber espionage efforts. Nothing about Uncle Vlad's hacker groups, fancy bear / cozy bear / funny hair bear / gay bear boys in flaming bondage bear, although that last one may have been a group I heard at SxSW. In any case, maybe the US isn't so hot at vetting it's people, or Kislyak knows how to turn people. Maybe the US can't get the goods on other cyber espionage groups. Or maybe they have and they ain't sayin nothin.
  • by XSportSeeker ( 4641865 ) on Wednesday March 08, 2017 @12:34AM (#53997871)

    1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
    It's basically, if it's Internet connected, it's probably vulnerable to some degree. But I wanna see the CIA remotely invading my unconnected Windows 7 PC used for maintenance purposes. Unless they get a warrant and physically get to my computer, they can't.

    2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
    Wrong. Encryption is used on these device to protect messages DURING transit and it's not only from the CIA or for criminal purposes. So yeah, it's still secure if you are not being actively targeted by the CIA, and if you keep your devices outside the reach of malicious actors.

    3) The CIA could use smart TVs to listen in on conversations that happened around them.
    This just adds up to not buying smart TVs at all, or at least don't connect them to the Internet. Several big brands like Samsung, LG, Vizio among others have been caught red handed harvesting information using smart TV functions for all sorts of purposes, so this recommendation came before the CIA papers leak.
    It might not have shown up in papers just yet, but this also applies to your IoT devices and whatnot. Do NOT get a Google Home, Alexa or whatever always listening device you can avoid it. Your privacy will be put at risk as potentially your security also will.

    4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
    Hackers are also into this, and it'll remain an issue as long as car manufacturers continue to ignore major security flaws in their systems. Just so people know, most cars these days are wholly insecure. Hacking could come with something hard to accomplish like connecting a device into the electronic diagnostic systems on you car, needing physical access, to shoving malware on your Android based car system and taking control remotely from there. Unfortunately, it's one of those cases where a fatality will need to happen for car manufacturers to be blasted for malpractice and change their ways.

    5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
    This, along with several other cases like the iPhone thing and the more recent of a pedophile being released because a government agency didn't want to release the tools used for his arrest to the public just shows how governmental agencies are not focused on security and worries on the public, they are focused on power. This is the core issue with NSA, CIA, FBI and other public agencies promoting erosion or privacy: they want the power to spy on everyone and anyone, which gives them control to do anything.

    All of the revelations and the spying programs governmental agencies have reveals one big problem in itself: the US will soon become a country where something like Watergate, or something more recent like the Snowden leaks, could never happen. How long do people think that an empowered state that is able to spy on everyone including journalists (which btw, the current government sees as "the enemy") will use these tools to actively persecute, blackmail and shut up anyone who has something negative to say about the administration? You are basically diving into a well disguised totalitarian regime. And with morons currently running the country it's going to be very hard to convince them that these powers have nothing to do with making police work easier, or going after terrorists, and all to do with these agencies having enough power to do just about everything they want.

    There already have been plenty of reports on police mishandling public cameras and using tools for stuff like stalking people, going after ex-girlfriends and stuff like that. Going from there to actively blackmailing people, using the information collected for their own profit, all the way into covering scandals and shutting off corruption case investigations is not a joke. Yes, no one is interested in your boring life and your boring messages or e-mails, but there is a reason why privacy is the cornerstone of democracies. If you don't fight for it and lose, the consequences will come crashing down soon enough, and then there's nothing you can do anymore.

  • by Coisiche ( 2000870 ) on Wednesday March 08, 2017 @05:14AM (#53998529)

    5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.

    Does that not display a high degree of hubris? I'd say that if a government agency discovers a security flaw in something then they have to immediately assume that "hackers from other countries or governments" either already have it or will independently discover it soon. I really don't think it's something for which you have a big window of exclusive use.

  • by argStyopa ( 232550 ) on Wednesday March 08, 2017 @07:58AM (#53998975) Journal

    ...I think the revelation that they've appropriated other security services hacking tools so they can attack a system and leave false footprints would be a bit of a bombshell.

  • by pastafazou ( 648001 ) on Wednesday March 08, 2017 @09:24AM (#53999309)
    I think the biggest revelation is the fact that the CIA can, indeed, hack a car and potentially assassinate the driver: http://yournewswire.com/wikile... [yournewswire.com]
    Interestingly, Michael Hastings died when his car suddenly accelerated out of control and crashed, killing him instantly. He was currently investigating the director of the CIA, John Brennan!
    Coincidence???????
    ???
    ??
    ?

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...