WikiLeaks Reveals Grasshopper, the CIA's Windows Hacking Tool (thenextweb.com) 87
An anonymous reader quotes a report from The Next Web: In case you haven't had your dose of paranoia fuel today, WikiLeaks released new information concerning a CIA malware program called "Grasshopper," that specifically targets Windows. The Grasshopper framework was (is?) allegedly used by the CIA to make custom malware payloads. According to the user guide: "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems." Grasshopper is designed to detect the OS and protection on any Windows computer on which it's deployed, and it can escape detection by anti-malware software. If that was enough for you to put your computer in stasis, brace yourself for a doozy: Grasshopper reinstalls itself every 22 hours, even if you have Windows Update disabled. As if this wasn't alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.
Windows Update (Score:3, Informative)
dd if=/dev/zero of=/dev/ntfs
Re: Windows Update (Score:1)
I say fsck /dev/ntfs
Re: (Score:2)
Re:Windows Update (Score:5, Funny)
Nope, it got reinstalled from the EFI rootkit.
Re: (Score:3)
Actually quite a good PROTIP there. Many AV vendors offer Linux boot CDs that are more effective at removing viruses than AV software running on Windows. That's because the Linux NTFS driver ignores file/user permissions that prevent Windows software from removing infected files.
At least it's free (Score:4, Informative)
Fortunately, all software authored by the federal government is automatically in the public domain, so perfectly legal to reverse engineer, copy, etc.
Re: (Score:1)
Fortunately, all software authored by the federal government is automatically in the public domain, so perfectly legal to reverse engineer, copy, etc.
Well, other than when it gets classified as a "Munition", in which case it might be illegal to even possess it.
Also, this statement in the summary:
As if this wasn't alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.
No, BeauHD, that's not fucking alarming at all. There's nothing even remotely alarming about that. Big fucking deal, they borrowed some attack code. Quit trying to be edgy, you suck at it.
Re:At least it's free (Score:4, Insightful)
What IS alarming is that instead of helping US infrastructure protect itself from Russian malware, they simply hop on the gravy-train for their own cut of that sweet, sweet US data security.
Remind me, *who* exactly are our enemies, again? Having trouble here detecting significant differences.
Strat
Re:At least it's free (Score:5, Interesting)
there's a limited amount of pain that a foreign entity or a US corp entity could do to me.
otoh, the US gov can do a LOT of damage to its own people.
I worry more about our own spying and malware delivery (btw, what would our founding fathers think about THAT?) than from sources outside the US.
the terrorists to worry the most about: our own government
and not the elected ones. its the ones that we don't elect that are above the law, those are what I would be the most concerned about.
they continue to be untouchable and you can't sue them or stop them.
damn.
Re: (Score:1)
You need to think of it in terms of expected damage, not just possible damage. Yes the CIA/NSA/whoever could theoretically suddenly decide to put you under surveillance, start monitoring all your communications, misinterpret your emails to Mom as coded threats to blow up the White House, then execute you for treason or send you to Gitmo to rot, but the odds of that happening are infinitesimal, and there's no record of it ever happening to any (innocent) American in the 10 years since PRISM started. Foreig
Most of your stuff is American (Score:1)
Most of your email, and online services are provided by the USA so you kid yourself that CIA is more a threat to the US than other countries.
Google? USA, Facebook? USA, Microsoft? USA. Most of your data runs over USA owned fibre on its route, how many of your local apps are actually run on Amazon cloud?
Then there's all of the third country stuff that depends on the US market, and thus complies with US demands. e.g. Samsung?
And USA has essentially been hacked by Russia, it's so blatant, that Trump *informed*
Re: (Score:3)
Easy. Anyone connected to the internet is your enemy. That makes security a lot easier to understand.
Re: (Score:2)
What IS alarming is that instead of helping US infrastructure protect itself from Russian malware,...
Well, since MS is supplying Russia with their OS also, any help they give helps Russia's infrastructure protect itself against US malware.
Re: (Score:2)
Sorry, you need to read the fine print.
While gov't can't CREATE copyright, they most certainly can HOLD it. Materials created by CONTRACTORS and not FEDS can be copyrighted with that copyright held by the gov't.
"einstalls itself every 22 hours" (Score:2, Funny)
Just like Windows updates whether you want them or not.
Re: (Score:1)
That's even more annoying when they push a driver update that keeps your computer from booting. With our Dell Latitude E6440 laptops, we currently have a problem with a driver, and even though we have Enterprise edition and WSUS, somehow that driver keeps sneaking itself in. Just tracking hours logged in support tickets, and we know it's many more since we don't do a good job of tracking, we've already wasted nearly ten man-years on this issue. That's over a million dollars not even counting the opportun
Re: (Score:2)
If you've tried http://winsupersite.com/window... [winsupersite.com] and it didn't work, you're not alone. My guess is MS simply doesn't give a shit and that option never, ever, worked.
Instead, try https://support.microsoft.com/... [microsoft.com] . Scroll down to the download link to get the "troubleshooter" tool which will let you hide/disable specific updates. This will only help you if the updates are coming in via Windows Update and not some Dell utility.
Re: (Score:1)
We spend seven figures per year with Microsoft, and they don't care that even though we hide updates that that doesn't work. They don't care that we have hundreds of computers that are unbootable because of updates.
Re: "einstalls itself every 22 hours" (Score:2, Insightful)
Why should they care, you are still paying? You aren't going anywhere. Windows users will put up with ANYTHING.
Stasis? (Score:2)
It's OK ... (Score:3)
... the CIA got a job to do.
I'd feel better about them if they could keep a secret, but let me restate CaptainDork's corollary:
For every motherfucker out there with a computer, there's another motherfucker out there with a computer. ~ © 2017 CaptainDork
Re: (Score:3, Interesting)
For any serious computer geek, they often have more than one. I am up to four, generally buying a replacement when ever one breaks whilst also repairing that broken one to become a spare. I just can't bring myself to sell the old ones, so many fond memories. Only two have been hacked, the oldest one on purpose to see how difficult is was to clean up, interesting exercise and good practice (I just installed an app from an expected criminal web site to see what would happen, what changes, what extra installed
Re: (Score:2, Interesting)
I have 8 desktop computers and two portables.
4 desktops are Windows XP PRO with registry hack to make them appear to be embedded [pcworld.com], like an ATM or something, so they continue to get security updates.
They are in service on the local WiFi only for closed security camera duty.
One desktop is Windows 7 and because it has a touch screen, can't be upgraded to Windows 10. Another is Windows 8, updated to Windows 10, the other is Windows 8.1, updated to 10, and my primary is Windows 10 Home Edition.
I got hit with faux
Re: (Score:2)
Bullshit.
It's TL;DR and starts off with buzzwords to make you feel good about yourself.
You got no cred.
You are dismissed.
CIA dating service (Score:1)
Ok so if the CIA knows everything about me, including what kind of porn I like, can the CIA help me to find a date?
No?
Well now I'm outraged.
Re: (Score:2)
Yes, they can.
The CIA has the capability to spy on you, find what you like, and match it with someone who can win your affection, and appear to return affection as well. In fact, that capability is entirely within their mandate as an espionage and intelligence organization, as you might be a foreign agent on whom a honey trap [wikipedia.org] may work well.
However, unless they have a good reason to interfere with your romantic escapades, they won't do anything. Mostly, they won't because you're not important enough to justi
As usual no linux version... (Score:1)
you see this is why linux sucks.
staged (Score:1)
Re: (Score:2)
Note the code litter is again made to look like another nation.
Software freedom: best defense against malware (Score:5, Interesting)
The GNU Project told us about Microsoft malware [gnu.org] long ago, including what is accurately listed "Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users [informationweek.com]" pointing to a mainstream media news reference from 2007 and another link indicating when this was used, and a pointer to a Condé Nast article talking about the (apparently ongoing) forced Windows Updates. Microsoft is also the first PRISM partner [washingtonpost.com] with the NSA joining on September 11, 2007, according to an internal NSA document [washingtonpost.com] so they have quite a long history of being untrustworthy but the underlying power they're leveraging comes from proprietary software.
Other proprietors are no more trustworthy. Apple didn't fix an intentional back door for 4 years [wordpress.com], Apple didn't fix an iTunes backdoor [telegraph.co.uk] through which others could have gained control of systems running the software. Apple joined PRISM in October 2012. Other proprietors with names you know (Yahoo, Facebook, Google, YouTube, etc.) joined in between the Microsoft and Apple partnerships.
The theme remains the same: it doesn't matter who the proprietor is (Microsoft in this case), proprietary software is always untrustworthy and this doesn't change even after applying lots of updates from the proprietor. Just because a new version is out, or a patch released does not mean the back door is shut or that you can verify their work (or even get someone more technically skilled to verify it on your behalf).
Now we have more confirmation of how the threats come from other directions, not just the proprietor, and that the threat is more organized than we commonly knew. Evidence like this immediately advances the discussion beyond the distraction of calling someone a 'tinfoil hat wearer' or other such nonsense, as did the Snowden documents. And WikiLeaks maintains their perfect record for authenticity in their publications—as far as we can tell these documents are what WikiLeaks claims they are. Proprietary software is always a threat. Software freedom [gnu.org] is no guarantee of safety, but you're better off having software you can inspect, run, share, and modify (AKA control) than not. You simply can't trust proprietors to do right by you and all computer users deserve software freedom.
Re:Software freedom: best defense against malware (Score:5, Interesting)
Except this doesn't sound like a backdoor in Windows. The article is short on details, but if it uses a "custom installer", this sounds more like a trojan. Once the software is installed, your machine is compromised but that's pretty much true for every consumer OS. As it is a customized trojan, its signature won't show up in anti-virus databases. Once it is installed, it can co-op the target system, ensuring it can't be easily detected or removed. Its a bit trickier to write this sort of spyware these days, but in no way impossible even for run-of-the-mill criminals, much less an organization with the resources and talent of the CIA
How they get the target to install the trojan is probably different in each instance, and possibly requires the assistance of software vendors (Microsoft, McAfee, whatever) or the target's ISP so that when the already-running and legitimate software is served the trojan when it checks for an update (alternately, they might just sneak an agent with a USB drive into the target's home and install the trojan when the target is out to lunch or something).
It's like really nasty spyware customized for a very specific user.
In fact, that the CIA is forced to use these sorts of tactics speaks against the idea of there being a universal backdoor in Windows (beyond, you know, the usual and sadly universal backdoor of insecure coding and bad security practices on the part of the user).
Re: (Score:2)
But it gets past so many vendors, how good was behavioral detection at the time?
Re: (Score:2)
When done, collect the data in person and remove all traces. Or have the network send out trusted data from within.
Thats why the network vs needs physical access is
Re: (Score:3)
Your argument stops with heartbleed.
Which was found and fixed. It took a long time, but it still happened because people can look at the source. What unknown critical Windows vulnerabilities are being exploited right now? We can't find out.
Internal Rot (Score:2)
No Trump piss video? (Score:1)
I figured Putin would be releasing that today
You might be a developer if... (Score:4, Funny)
Spyware link to spyware article (Score:1)
Why is this link being routed through a twitter account and then going to thenextweb.com, rather than just going to wikileaks. This is the link without the spyware tracking and the pointless intermediate article:
https://wikileaks.org/vault7/#... [wikileaks.org]