Wikileaks Releases Alleged CIA Hacking Documents
The documents allege the CIA took malware from other countries to hide its own fingerprints.
Wikileaks has published almost 9,000 documents from the CIA about the agency’s own malware used to hack into anyone’s electronics and spy on them. Most concerning? The CIA has malware from Russia, and other countries, so it looks like an attack came from that country:
The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Wikileaks compares this style to that of finding the same “knife wound on multiple separate murder victims.” This evidence leads investigators to believe the same person committed each murder so when they apprehend the killer then they can solve the other murders.
CIA spokesman Dean Boyd said the agency does “not comment on the authenticity or content of purported intelligence documents.”
But The New York Times reported that a former intelligence officer reviewed the documents this morning. He “said some of the code names for C.I.A. programs, an organization chart and the description of a C.I.A. hacking base appeared to be genuine.”
Here is the organizational chart:
CIA organizational chart partly re-constructed by @WikiLeaks #Vault7 https://t.co/4R2Dh4ZzGN pic.twitter.com/HvTnUAaIff
— WikiLeaks (@wikileaks) March 7, 2017
After Edward Snowden leaked NSA material, the Obama administration told the technology world that it “would disclose on an ongoing basis – rather than hoard – serious vulnerabilities, exploits, bugs or ‘zero days’ to Apple, Google, Microsoft, and other US-based manufacturers.” But these documents now show that the CIA did not uphold that commitment:
As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.
The CIA malware allows the hackers to attack iPhones, Androids, and smart TVs. The Embedded Devices Branch (EDB) developed “Weeping Angel” specifically for the smart TVs by “transforming them into covert microphones.” The malware will turn the TV into “Fake-Off” mode so the agents can keep recording the person.
In February 2015, Samsung released a warning about its smart TVs voice recognition feature:
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition,” Samsung posted in its SmartTV privacy policy.
WikiLeaks' #Vault7 reveals CIA 'zero day' attacks against iPhones, iPads (iOS) https://t.co/UEWWAWWV6K pic.twitter.com/GmpMcmGLPC
— WikiLeaks (@wikileaks) March 7, 2017
The agency also formed a special unit specifically to target Apple products that run iOS, including the iPhone and iPad even though it only makes up 14.5% of the market:
CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
WikiLeaks' #Vault7 reveals numerous CIA 'zero day' vulnerabilities in Android phones https://t.co/yHg7AtX5gg pic.twitter.com/g6xpPYly9T
— WikiLeaks (@wikileaks) March 7, 2017
The Android, which maintains 85% of the market, has its own target group within the CIA. Documents have shown “that as of 2016 the CIA had 24 ‘weaponized’ Android ‘zero days’ which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.”
These groups use techniques that allows the hackers “to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman.” The agents can then hack into the phons and collect “audio and message traffic before encryption is applied.”
#BREAKING: Source to @shaneharris: "Wikileaks info authentic; Leak potentially more significant than Snowden leaks" https://t.co/hEnbPdK0Ks
— Amichai Stein (@AmichaiStein1) March 7, 2017
From The Wall Street Journal:
WikiLeaks said in its statement that it was not publishing such information as computer source code that could be used to replicate the tools it claims to have exposed. But the group left open the possibility of publishing those crucial details if “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [sic] analyzed, disarmed and published.”
Mr. Snowden said in a tweet Tuesday, “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”
WikiLeaks said the CIA recently “lost control” of the majority of its hacking arsenal. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” the site said in a statement. “The archive appears to have been circulating among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
Donations tax deductible
to the full extent allowed by law.
Comments
This certainly adds an interesting twist to the “IT WERE THE RUSSIANS, ‘CAUSE THEIR MEANS AND METHODS FINGER-PRINTS ARE ALL OVER IT!…PINKY SWEAR!!” meme, now don’t it?
You are right… remember that “subtle” fingerprints of Cyrillic words left “mistakenly” in the hack of Hillary’s server? Now that was hacking HRC… so now everyone was hacking everything…
The CIA leaks show that the CIA has the power to remotely sabotage both cars and airplanes.
Vladimir Putin’s own car driven by his personal driver wrecked in a suspicious speeding accident. Michael Hastings was killed when his new Mercedes accelerated out of control into a tree (&a right before he was set to do an article on the CIA’s Brennan).
The Obama administration looks very corrupt right now.
good memory of the MB crash of Hastings….
Things that make you go hmmmmmmm…… Such as all the oh so many convenient and timely deaths that benefit only the Leftists and their Democrat Party…..hmmmmmmmm…….
“It was revealed today by the WikiLeaks’ Vault 7 leak that the Central Intelligence Agency may have car hacking capabilities, leading online conspiracists to further the claims that journalist Michael Hastings was murdered by the CIA.
Hastings died on June 18, 2013, in a fiery high-speed automobile crash in his Mercedes C250 Coupé following the publication of “Why Democrats Love to Spy On Americans” on BuzzFeed. Hastings had been a vocal critic of the Obama administration.
http://heavy.com/news/2017/03/wikileaks-vault-7-remote-car-hack-assassination-michael-hastings-conspiracy/
On the strange death of Michael Hastings: Was the reporter car-hacked or bombed?
“In the early hours of June 18, Michael Hastings was found dead in the flaming wreckage of his car. The 33-year-old journalist was, perhaps, best known for the 2010 Rolling Stone cover story that ended the career of Army General Stanley McChystal.
According to initial press reports, Hastings was driving south on Los Angeles’ North Highland Avenue when he “apparently lost control of [his car] near Melrose Avenue and crashed into palm trees in the median about 4:20 a.m.”
The Los Angeles Police Department (LAPD) was unusually eager to announce that there had been no evidence of “foul play” surrounding the reporter’s death. Typically, police departments withhold such judgments until after there has been an investigation — including a coroner’s report and toxicology tests, which can take days, if not weeks.
Those who knew and worked with Michael Hastings are questioning the “official story.”
https://www.sott.net/article/264860-On-the-strange-death-of-Michael-Hastings-Was-the-reporter-car-hacked-or-bombed
Vladimir Putin Presidential Chauffeur Kiled In Crash.You can see exactly how the “accident” occurred
https://www.youtube.com/watch?v=FIyN4QS6NQ8
If anyone is surprised by these ‘revelations’, that’s because they don’t know much about the topic.
The Biggest Revelation – ‘The Cloud’ is really an NSA data center in Provo Utah.
My husband used to think I was paranoid for putting electrical tape over the camera on my laptops. He grumbled when I insisted we use blackberry phones for our business. I love new technology but honestly, I see no reason for my refrigerator to connect to wifi. Any device that can access the internet can be corrupted.
It’s funny you mentioned that; I have a piece of duct tape over my laptop’s camera right now. I’m also in the habit of not only turning my phone off for various reasons, such as to save on battery life if I’m not going to use the phone for a couple of hours. But then I’ll also take the battery out. It’s an old habit. I used to be a Naval Intelligence officer and when whe’d go into a SCIF we had to do the same and leave it in the foyer. It’s old technology to remotely turn it on in a way that it looks like it’s off but now it’s a bug. If somebody wants to track you they can’t if the phone is off and the battery is out.
I’m with you about the “smart home” concept. It’s a horrible idea. If I can remotely control my security system, my lights, my climate control system, or can use my cell phone to turn on a camera in my “smart” fridge so I can see what’s in there, so can other people.
I may start a business refurbishing this stuff because I have a feeling in a few short years you won’t even be able to buy a blender that isn’t capable of spying on you.
So that’s why Barrack Obama refused to give up his personal Blackberry cell phone upon becoming president.
Obama refused to use the FBI approved and secured cell phones……..
Blackberry doesn’t need to be hacked becaues it shares info with governments without the need for hacking.
Some things to think about. I read a report that 80% of cell phone owners keep the phone within arms reach 24 x 7. Better rethink taking that baby in your bedroom.
If we find out that the CIA is linked to Ramsonware, they are really hosed.
Next we will hear that they use spammer telemarketers to collect information too.
This stuff is better than any action movie. Tomorrow is going to be fun. Do you think we would be having this much fun if Hillary was in office. Ha.
It would be great if they could like Joe Wilson and Valerie Plame to this mess too.