WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk) 77
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
There is no surprise...
I am surprised that anyone would continue to risk themselves and leak this kind of information, since we have seen how willing the public is to stand up and defend its whistle-blowers (which is to say, not at all).
When I got my TV I bypassed the Mic and am feeding it "never gonna give you up" in a continuous loop. Glad my effort was not wasted.
Haven't you noticed how Donald is not locking her up anymore? No-one who is part of the machinery of state ever sees the inside of a court, that's just not how it works.
Don't go pretending Donald is any different to Hilary, none of them are on your side.
locking up(or shooting) CIA operatives who interfered with democracy, however, would be great for democracy.
Not locking her up is really bad for the concept of Rule of Law.
Not investigating and then, if necessary, pressing charges and letting a court decide is really bad for the concept of Rule of Law.
She was investigated, and the conclusion was that 'No reasonable prosecutor would take the case.' Hillary Clinton is, contrary to popular opinion, innocent in the eyes of the Law.
Forgetting about the presumption of innocence is really bad for the concept of Rule of Law.
Fucking selectively moral hypocrites who have already decided not to accept what their own fucking law enforcem
Is any of this new? (Score:4, Interesting)
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers.
That's part of the spying thing and has been for at least the last 2-3 decades.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure.
Logically follows.
3) The CIA could use smart TVs to listen in on conversations that happened around them.
Smart device insecure; news at 11.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations."
Explored and...? That's it? Okay.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments.
Author doesn't know what an 0-day is good for.
My mother tells me that when black and white TV first came out, some people used to dress all nice and clean to watch TV, like if they were going to a wedding or something. Apparently, they weren't sure if the guy in the TV could see them and they wouldn't trust you if you told them he couldn't.
Man, those people were visionaries!
i thought they had a hard time breaking into iPhones before in various forms..? was this a lie ?
That was the FBI not the CIA. It is apparent (or perhaps they just want us muggles to believe) that these agencies do not cooperate at all.
Betcha Trump is going to mad at Assange again (Score:3)
I'll bet serious money this enrages Trump and he threatens to arrest and detain Assange.
I'll bet serious money this enrages Trump and he threatens to arrest and detain Assange.
Maybe. But at least his first reaction wasn't "Can't we just drone this guy?" *
*by drone she meant killing Assange with a Hellfire air-to-ground missile fired from a Reaper drone. Not referring to a consumer quadcopter drone like the DJI phantom. Quote is by Secretary of State Clinton
Trump love Assange.... and vice a versa.
#3 (Score:3, Insightful)
A little, but maybe it has been kept extra vulnerable intentionally?
There has to be some actual reason why we're still using C for internet facing code two decades after we know it's dumb as fuck to do so. It's so much more comforting to think that it's because of a conspiracy and influence peddling by three letter agencies pulling strings than to assume we collectively are utter incompetent fucking morons.
Smart TV is worrisome (Score:4, Insightful)
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
Re:Smart TV is worrisome (Score:5, Insightful)
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
Then don't put it on the network if you're concerned.
Of course it may try to connect to open WiFi, I suggest taking a look at the inards.
Then don't put it on the network if you're concerned.
Well that kind of defeats the purpose of buying the TV in the first place, I use it to watch Netflix.
I suppose I can disconnect it from my wifi like you said and then get a Chromecast stick or some such plug-in device. But having the feature built-in was a lot more convenient, no need to boot up a second device or use a second remote controller, etc.
Also if my TV is infected, how do I know if it's really disconnected from wifi? I suppose I would have to get a packet analyzer and record all packets for like
wait nevermind, it just occurred to me that i can check the wifi router's DHCP log and see if the smart TV connected.
That lack of control is part of why I still use a home theater PC. I can control what is going on more, and have access to far more entertainment options than any "Smart" TV or even a plug-in like Roku.
I think my latest TV might actually have some "Smart" features, but I don't use them and never connected it to my WiFi network... so even if it had the capacity to be used for monitoring, being off the Internet prevents any such nefarious use.
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
I'm pretty good with Windows and Linux desktops... there are steps I can take to check for spyware/malware and deal with them if found.
But my Samsung TV, I haven't the foggiest idea. I don't know how to type commands into it or even what kind of an OS it runs.
If your "desktop" machine has been owned enough with a boot sector style spyware/malware (like a keylogger), I don't think that there are simple steps you can take to detect them (you pretty much have to move your boot drive to a trusted machine to scan/fix it)... Since Smart TVs get manufacturer OTA updates all the time to update their "apps", I suspect Weeping Angel would want to operate on a level similar to a boot sector style spyware/malware and compromise the device on a low enough level to survive a
The World According to Garp, er, Brill: (Score:3)
The government's been in bed with the entire telecommunications industry since the forties. They've infected everything. They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you. It's a brave new world out there. At least it'd better be.
As great as the internet's free flow of information has been for the average human, there is another entity that has benefited even more...
There are already quite a few tools in computational journalism to automate the early assessment of a large data dump.
What do Journalists do with Documents? [jonathanstray.com]
C+J 2016: Documents, Data Mining and Discovery [youtube.com]
As with all things, I'm sure the 20-80 rule applies.
I'm safe. Turns out buying a Windows Phone was a good choice after all.
If you didn't know this kind of thing was going on, you weren't paying attention. The job of the intelligence agencies is to... gather intelligence, particularly the kind that people don't want collected and kill foreign enemies covertly. This is why they are not allowed to act inside the US. Every other intelligence agency on the planet does exactly the same thing. If you think otherwise you are living in a fantasy land bubble.
This is why they are not allowed to act inside the US.
Which the CIA neatly sidesteps by having a "domestic agency" attached to an operation.
By domestic agency they mean one clueless newbie FBI agent tagging along with the tough seasoned elite operators of the "real" intelligence agency.
This makes open hardware more imperative. Are the operating system flaws all software, or are they hardware? Or firmware? If the latter two, are they flaws or cooperative effort by the manufacturers?
I don't have time to read the entire thing, so I'm wondering what part of my Linux installations are being exploited. FOSS and FOSH are the only real digital defenses we have against our governments, as they are our only avenues of control.
Sure his tweets about having been spied upon by Obama on Saturday (?) sounded like the usual tinfoil hattery, but now I am starting to think that there may be a grain of truth in it.
As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master.
Commissioner Pravin Lal, "U.N. Declaration
"Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure" is what makes running security-minded programs on non-free, user-subjugating, always-untrustworthy, proprietary OSes a joke. People get a sense that they're safer from malware [gnu.org] then they really are and they think they get to keep their proprietary conveniences as well. Openwashing will not help you.
I know it's a lot of work to learn new things and change your views and your behavior. I understand that software freedom is differently political than what you're encouraged to adopt, and software freedom requires you to consider more than what's listed in virtually every features & money-based ad campaign from monied proprietors. And I get that coming to terms with the consequences of software freedom runs directly contrary to believing that you don't need to think any further than what proprietors and their "open source" friends tell you to think about (because no proprietor frames their offerings in terms of the freedoms to run, inspect, share, and modify the software, hence proprietors are more likely to sanction the open source movement which eschews these values and even celebrates partnering with proprietors like Red Hat's recent uncritical commentary on Microsoft's software and Microsoft's new campaign regarding "Linux"—no mention of GNU which might bring software freedom to mind). But in the real world you need to stop trusting proprietary systems to keep you safe, respect your privacy, or other practical consequences of software freedom. Proprietary software wasn't designed to do that and therefore that software never will do that job. There is no middle ground which allows you to run proprietary software while retaining the benefits of software freedom. It's time to value software freedom for its own sake.
Even if all published software were free, exploits like these are possible because all complex software has bugs. Perfect security is not the issue. The issue is who gets to control their own computer and how we treat each other. Even after these exploits are published by WikiLeaks and people have had time to consider them and protect against their adverse effects, proprietors will still have power over users who run their proprietary software. Users won't be able to tell what other exploits are out there and therefore it will be harder to protect against them. The difference between proprietary subjugation and software freedom becomes more clear: Free software users will be able to run, inspect, improve, and share improvements with others making that software more able to prevent future attacks. But proprietary software users won't be allowed to do the due diligence they need in order to help themselves no matter how technically skilled they are or how willing to repair things they are. No computer user deserves to be treated that way. It will take a lot of work to get people to understand why they too should care about software freedom even if they're non-technical (like most computer users are). So I urge you to understand software freedom for its own sake and to try to help others understand as well.
Relatedly, the Free Software Foundation's "Respects Your Freedom [fsf.org]" campaign has some new hardware on the list. I recommend buying some and using it, even if it's not up-to-date with the latest capabilities and seemingly expensive for what's offered. We need more people to invest in free replacements for proprietary, locked-down, user-subjugating systems. We need to make investments in our own collective future by funding the free products available today so we can have modern, highly-capable, and fully user-controllable POWER8, RISC, etc. systems which will respect the owner's control.
e.g. CIA Chief: We’ll Spy On You Through Your Dishwasher (03.15.12)
https://www.wired.com/2012/03/... [wired.com]
Past project shape new projects in the US gov. Electronic collection is the only growth area so that is what gets funding and political support.
Collect it all is policy that can be understood by most people.
