Deep Politics Forum

Full Version: CIA Hacking Tools Revealed by Wikileaks - Rivals much NSA can do!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
Vault7: CIA Hacking Tools Revealed

Wikileaks Press Release

Today, Tuesday 7 March 2017, WikiLeaks begins its new series ofleaks on the U.S. Central Intelligence Agency. Code-named "Vault7" by WikiLeaks, it is the largest ever publication ofconfidential documents on the agency.
The first full part of the series, "Year Zero",comprises 8,761 documents and files from an isolated, high-securitynetwork situated inside the CIA's Centerfor Cyber Intelligence in Langley, Virgina. It follows anintroductory disclosure last month of CIAtargeting French political parties and candidates in the lead up tothe 2012 presidential election.
Recently, the CIA lost control of the majority of its hackingarsenal including malware, viruses, trojans, weaponized "zeroday" exploits, malware remote control systems and associateddocumentation. This extraordinary collection, which amounts to morethan several hundred million lines of code, gives itspossessor the entire hacking capacity of the CIA. The archive appearsto have been circulated among former U.S. government hackers andcontractors in an unauthorized manner, one of whom has providedWikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of theCIA's global covert hacking program, its malware arsenal and dozensof "zero day" weaponized exploits against a widerange of U.S. and European company products, include Apple's iPhone,Google's Android and Microsoft's Windows and even Samsung TVs, whichare turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminenceover the U.S. National Security Agency (NSA). The CIA found itselfbuilding not just its now infamous drone fleet, but a very differenttype of covert, globe-spanning force its own substantial fleet ofhackers. The agency's hacking division freed it from having todisclose its often controversial operations to the NSA (its primarybureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formallyfalls under the agency's Centerfor Cyber Intelligence (CCI), had over 5000 registered users andhad produced more than a thousand hacking systems, trojans,viruses, and other "weaponized" malware. Such isthe scale of the CIA's undertaking that by 2016, its hackers hadutilized more code than that used to run Facebook. The CIA hadcreated, in effect, its "own NSA" with even lessaccountability and without publicly answering the question as towhether such a massive budgetary spend on duplicating the capacitiesof a rival agency could be justified.
In a statement to WikiLeaks the source details policy questionsthat they say urgently need to be debated in public, includingwhether the CIA's hacking capabilities exceed its mandated powers andthe problem of public oversight of the agency. The source wishes toinitiate a public debate about the security, creation, use,proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around theworld in seconds, to be used by rival states, cyber mafia and teenagehackers alike.
Julian Assange, WikiLeaks editor stated that "There is anextreme proliferation risk in the development of cyber 'weapons'.Comparisons can be drawn between the uncontrolled proliferation ofsuch 'weapons', which results from the inability to contain themcombined with their high market value, and the global arms trade. Butthe significance of "Year Zero" goes well beyond the choicebetween cyberwar and cyberpeace. The disclosure is also exceptionalfrom a political, legal and forensic perspective."
Wikileaks has carefully reviewed the "Year Zero"disclosure and published substantive CIA documentation whileavoiding the distribution of 'armed' cyberweapons until a consensusemerges on the technical and political nature of the CIA's programand how such 'weapons' should analyzed, disarmed and published.
Wikileaks has also decided to redactand anonymise some identifying information in "Year Zero"for in depth analysis. These redactions include ten ofthousands of CIA targets and attack machines throughout LatinAmerica, Europe and the United States. While we are aware of theimperfect results of any approach chosen, we remain committed to ourpublishing model and note that the quantity of published pages in"Vault 7" part one ("Year Zero") already eclipsesthe total number of pages published over the first three years of theEdward Snowden NSA leaks.

CIA malware targets iPhone, Android, smart TVs

CIA malware and hacking tools are built by EDG (EngineeringDevelopment Group), a software development group within CCI (Centerfor Cyber Intelligence), a department belonging to the CIA's DDI(Directorate for Digital Innovation). The DDI is one of the fivemajor directorates of the CIA (see this organizationalchart of the CIA for more details).
The EDG is responsible for the development, testing andoperational support of all backdoors, exploits, malicious payloads,trojans, viruses and any other kind of malware used by the CIA in itscovert operations world-wide.
The increasing sophistication of surveillance techniques has drawncomparisons with George Orwell's 1984, but "Weeping Angel",developed by the CIA's EmbeddedDevices Branch (EDB), which infests smart TVs, transformingthem into covert microphones, is surely its most emblematicrealization.
The attack against Samsungsmart TVs was developed in cooperation with the United Kingdom'sMI5/BTSS. After infestation, Weeping Angel places the target TVin a 'Fake-Off' mode, so that the owner falsely believes the TV isoff when it is on. In 'Fake-Off' mode the TV operates as a bug,recording conversations in the room and sending them over theInternet to a covert CIA server.
As of October 2014 the CIA was also looking at infectingthe vehicle control systems used by modern cars and trucks. Thepurpose of such control is not specified, but it would permit the CIAto engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerousattacks to remotely hack and control popular smart phones.Infected phones can be instructed to send the CIA the user'sgeolocation, audio and text communications as well as covertlyactivate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phonemarket in 2016, a specialized unit in the CIA's Mobile DevelopmentBranch produces malware to infest, control and exfiltrate data fromiPhonesand other Apple products running iOS, such as iPads. CIA'sarsenal includes numerouslocal and remote "zero days" developed by CIA orobtained from GCHQ, NSA, FBI or purchased from cyber arms contractorssuch as Baitshop. The disproportionate focus on iOS may be explainedby the popularity of the iPhone among social, political, diplomaticand business elites.
A similarunit targets Google's Android which is used to run the majority ofthe world's smart phones (~85%) including Samsung, HTC and Sony.1.15 billion Android powered phones were sold last year. "YearZero" shows that as of 2016 theCIA had 24 "weaponized" Android "zero days"which it has developed itself and obtained from GCHQ, NSA and cyberarms contractors.
These techniques permit the CIA to bypass the encryption ofWhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hackingthe "smart" phones that they run on and collecting audioand message traffic before encryption is applied.

CIA malware targets Windows, OSx, Linux, routers

The CIA also runs a very substantial effort to infect andcontrol MicrosoftWindows users with its malware. This includes multiple local andremote weaponized "zero days", air gap jumping virusessuch as "HammerDrill" which infects software distributed on CD/DVDs,infectorsfor removable media such as USBs, systems to hidedata in images or in covert disk areas ("Brutal Kangaroo") and to keepits malware infestations going.
Many of these infection efforts are pulled together by the CIA'sAutomatedImplant Branch (AIB), which has developed several attack systemsfor automated infestation and control of CIA malware, such as"Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers aredeveloped by the CIA's NetworkDevices Branch (NDB).
The CIA has developed automated multi-platform malwareattack and control systems covering Windows, Mac OS X, Solaris, Linuxand more, such as EDB's "HIVE" and the related "Cutthroat"and "Swindle" tools, which are describedin the examples section below.

CIA 'hoarded' vulnerabilities ("zero days")

In the wake of Edward Snowden's leaks about the NSA, the industry secured a commitment from the Obamaadministration that the executive would disclose on an ongoing basis rather than hoard serious vulnerabilities, exploits, bugs or"zero days" to Apple, Google, Microsoft, and other US-basedmanufacturers.
Serious vulnerabilities not disclosed to the manufacturers placeshuge swathes of the population and critical infrastructure at risk toforeign intelligence or cyber criminals who independently discover orhear rumors of the vulnerability. If the CIA can discover suchvulnerabilities so can others.
The U.S. government's commitment to the VulnerabilitiesEquities Process came after significant lobbying by US technologycompanies, who risk losing their share of the global market over realand perceived hidden vulnerabilities. The government stated that itwould disclose all pervasive vulnerabilities discovered after 2010 onan ongoing basis.
"Year Zero" documents show that the CIA breached theObama administration's commitments. Many of the vulnerabilities usedin the CIA's cyber arsenal are pervasive and some may already havebeen found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "YearZero" is able to penetrate, infest and control both the Androidphone and iPhone software that runs or has run presidential Twitteraccounts. The CIA attacks this software by using undisclosedsecurity vulnerabilities ("zero days") possessed by the CIAbut if the CIA can hack these phones then so can everyone else whohas obtained or discovered the vulnerability. As long as the CIAkeeps these vulnerabilities concealed from Apple and Google (who makethe phones) they will not be fixed, and the phones will remainhackable.
The same vulnerabilities exist for the population at large,including the U.S. Cabinet, Congress, top CEOs, systemadministrators, security officers and engineers. By hiding thesesecurity flaws from manufacturers like Apple and Google the CIAensures that it can hack everyone; at the expense of leaving everyonehackable.

'Cyberwar' programs are a serious proliferationrisk

Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormouscosts and visible infrastructure involved in assembling enoughfissile material to produce a critical nuclear mass, cyber 'weapons',once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can bepirated like any other. Since they are entirely comprised ofinformation they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the samepeople who develop and use them have the skills to exfiltrate copieswithout leaving traces sometimes by using the very same 'weapons'against the organizations that contain them. There aresubstantial price incentives for government hackers and consultantsto obtain copies since there is a global "vulnerability market"that will pay hundreds of thousands to millions of dollars for copiesof such 'weapons'. Similarly, contractors and companies who obtainsuch 'weapons' sometimes use them for their own purposes, obtainingadvantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector,which consists of government agencies such as the CIA and NSA andtheir contractors, such as Booze Allan Hamilton, has been subject tounprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly namedhave been arrested or subject to federal criminal investigations inseparate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand juryindicted Harold T. Martin III with 20 counts of mishandlingclassified information. The Department of Justice alleged that itseized some 50,000 gigabytes ofinformation from Harold T. Martin III that he had obtained fromclassified programs at NSA and CIA, including the source code fornumerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread aroundthe world in seconds, to be used by peer states, cyber mafia andteenage hackers alike.

U.S. Consulate in Frankfurt is a covert CIAhacker base

In addition to its operations in Langley, Virginia the CIAalso uses the U.S. consulate in Frankfurt as a covert base for itshackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) aregiven diplomatic ("black") passports and State Departmentcover. Theinstructions for incoming CIA hackers make Germany'scounter-intelligence efforts appear inconsequential: "Breezethrough German Customs because you have your cover-for-action storydown pat, and all they did was stamp your passport"
Your Cover Story (for this trip)
Q: Why are youhere?
A: Supporting technical consultations at theConsulate.
Two earlier WikiLeaks publications give further detail on CIAapproaches to customsand secondaryscreening procedures.
Once in Frankfurt CIA hackers can travel without further borderchecks to the 25 European countries that are part of the Shengen openborder area including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed forphysical proximity. These attack methods are able to penetrate highsecurity networks that are disconnected from the internet, such aspolice record database. In these cases, a CIA officer, agent orallied intelligence officer acting under instructions, physicallyinfiltrates the targeted workplace. The attacker is providedwith a USB containing malware developed for the CIA for this purpose,which is inserted into the targeted computer. The attacker theninfects and exfiltrates data to removable media. For example, the CIAattack system FineDining, provides 24 decoy applications for CIA spies to use. Towitnesses, the spy appears to be running a program showing videos(e.g VLC), presenting slides (Prezi), playing a computer game(Breakout2, 2048) or even running a fake virus scanner (Kaspersky,McAfee, Sophos). But while the decoy application is on the screen,the underlaying system is automatically infected and ransacked.

How the CIA dramatically increased proliferationrisks

In what is surely one of the most astounding intelligence owngoals in living memory, the CIA structured its classification regimesuch that for the most market valuable part of "Vault 7" the CIA's weaponized malware (implants + zero days), Listening Posts(LP), and Command and Control (C2) systems the agency has littlelegal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyberarsenal unclassified revealshow concepts developed for military use do not easily crossover tothe 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implantscommunicate with their control programs over the internet. IfCIA implants, Command & Control and Listening Post software wereclassified, then CIA officers could be prosecuted or dismissed forviolating rules that prohibit placing classified information onto theInternet. Consequently the CIA has secretly made most of its cyberspying/war code unclassified. The U.S. government is not ableto assert copyright either, due to restrictions in the U.S.Constitution. This means that cyber 'arms' manufactures and computerhackers can freely "pirate" these 'weapons' if they areobtained. The CIA has primarily had to rely on obfuscation to protectits malware secrets.
Conventional weapons such as missiles may be fired at the enemy(i.e into an unsecured area). Proximity to or impact with the targetdetonates the ordnance including its classified parts. Hence militarypersonnel do not violate classification rules by firing ordnance withclassified parts. Ordnance will likely explode. If it does not, thatis not the operator's intent.
Over the last decade U.S. hacking operations have beenincreasingly dressed up in military jargon to tap into Department ofDefense funding streams. For instance, attempted "malwareinjections" (commercial jargon) or "implant drops"(NSA jargon) are being called "fires" as if a weapon wasbeing fired. However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware isdesigned to live for days or even years after it has reached its'target'. CIA malware does not "explode on impact"but rather permanently infests its target. In order to infecttarget's device, copies of the malware must be placed on the target'sdevices, giving physical possession of the malware to the target. Toexfiltrate data back to the CIA or to await further instructions themalware must communicate with CIA Command & Control (C2) systemsplaced on internet connected servers. But such servers are typicallynot approved to hold classified information, so CIA command andcontrol systems are also made unclassified.
A successful 'attack' on a target's computer system is more like aseries of complex stock maneuvers in a hostile take-over bid or thecareful planting of rumors in order to gain control over anorganization's leadership rather than the firing of a weapons system.If there is a military analogy to be made, the infestation of atarget is perhaps akin to the execution of a whole series of militarymaneuvers against the target's territory including observation,infiltration, occupation and exploitation.
Evading forensics and anti-virus

A series of standards lay out CIA malware infestation patternswhich are likely to assist forensic crime scene investigators as wellas Apple, Microsoft, Google, Samsung, Nokia, Blackberry, Siemens andanti-virus companies attribute and defend against attacks.
"TradecraftDO's and DON'Ts" contains CIA rules on how its malwareshould be written to avoid fingerprints implicating the "CIA, USgovernment, or its witting partner companies" in "forensicreview". Similar secret standards cover the useof encryption to hide CIA hacker and malware communication (pdf),describingtargets & exfiltrated data (pdf) as well as executingpayloads (pdf) and persisting(pdf) in the target's machines over time.
CIA hackers developed successful attacks against most well knownanti-virus programs. These are documented in AVdefeats, PersonalSecurity Products, Detectingand defeating PSPs and PSP/Debugger/REAvoidance. For example, Comodo was defeated by CIAmalware placing itself in the Window's "Recycle Bin".While Comodo 6.x has a "GapingHole of DOOM".
CIA hackers discussed what the NSA's "Equation Group"hackers did wrong and howthe CIA's malware makers could avoid similar exposure.


The CIA's Engineering Development Group (EDG) management systemcontains around 500 different projects (only some of which aredocumented by "Year Zero") each with their ownsub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used forpenetration, infestation ("implanting"), control, andexfiltration.
Another branch of development focuses on the development andoperation of Listening Posts (LP) and Command and Control (C2)systems used to communicate with and control CIA implants; specialprojects are used to target specific hardware from routers to smartTVs.
Some example projects are described below, but see thetable of contents for the full list of projects described byWikiLeaks' "Year Zero".

The CIA's hand crafted hacking techniques pose a problem for theagency. Each technique it has created forms a "fingerprint"that can be used by forensic investigators to attribute multipledifferent attacks to the same entity.
This is analogous to finding the same distinctive knife wound onmultiple separate murder victims. The unique wounding style createssuspicion that a single murderer is responsible. As soon one murderin the set is solved then the other murders also find likelyattribution.
The CIA's RemoteDevices Branch's UMBRAGEgroup collects and maintains asubstantial library of attack techniques 'stolen' from malwareproduced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase itstotal number of attack types but also misdirect attribution byleaving behind the "fingerprints" of the groups that theattack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection,webcam capture, data destruction, persistence, privilege escalation,stealth, anti-virus (PSP) avoidance and survey techniques.
Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu thatCIA case officers fill out. The questionnaire is used by the agency'sOSB (OperationalSupport Branch) to transform the requests of case officers intotechnical requirements for hacking attacks (typically "exfiltrating"information from computer systems) for specific operations. Thequestionnaire allows the OSB to identify how to adapt existing toolsfor the operation, and communicate this to CIA malware configurationstaff. The OSB functions as the interface between CIA operationalstaff and the relevant technical support staff.
Among the list of possible targets of the collection are 'Asset','Liason Asset', 'System Administrator', 'Foreign InformationOperations', 'Foreign Intelligence Agencies' and 'Foreign GovernmentEntities'. Notably absent is any reference to extremists ortransnational criminals. The 'Case Officer' is also asked tospecify the environment of the target like the type of computer,operating system used, Internet connectivity and installed anti-virusutilities (PSPs) as well as a list of file types to be exfiltratedlike Office documents, audio, video, images or custom file types. The'menu' also asks for information if recurring access to the target ispossible and how long unobserved access to the computer can bemaintained. This information is used by the CIA's 'JQJIMPROVISE'software (see below) to configure a set of CIA malware suited to thespecific needs of an operation.

'Improvise' is a toolset for configuration, post-processing,payload setup and execution vector selection for survey/exfiltrationtools supporting all major operating systems like Windows(Bartender), MacOS (JukeBox) and Linux (DanceFloor). Itsconfiguration utilities like Margarita allows the NOC (NetworkOperation Center) to customize tools based on requirements from 'FineDining' questionairies.

HIVE is a multi-platform CIA malware suite and itsassociated control software. The project provides customizableimplants for Windows, Solaris, MikroTik (used in internet routers)and Linux platforms and a Listening Post (LP)/Command and Control(C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with thewebserver of a cover domain; each operation utilizing these implantshas a separate cover domain and the infrastructure can handle anynumber of cover domains.
Each cover domain resolves to an IP address that is located at acommercial VPS (Virtual Private Server) provider. The public-facingserver forwards all incoming traffic via a VPN to a 'Blot' serverthat handles actual connection requests from clients. It issetup for optional SSL client authentication: if a client sends avalid client certificate (only implants can do that), the connectionis forwarded to the 'Honeycomb' toolserver that communicates with theimplant; if a valid certificate is missing (which is the case ifsomeone tries to open the cover domain website by accident), thetraffic is forwarded to a cover server that delivers an unsuspiciouslooking website.
The Honeycomb toolserver receives exfiltrated information from theimplant; an operator can also task the implant to execute jobs on thetarget computer, so the toolserver acts as a C2 (command and control)server for the implant.
Similar functionality (though limited to Windows) is provided bythe RickBobby project.
See the classified userand developerguides for HIVE.
A CIA spokesperson has just refused to comment on the release by Wikileaks, also noting that the CIA neither claims nor denies that anything in the release is true as it might pertain to CIA. :Ninja:

I'd be interested to hear Snowden's take on this release!

One thing is for sure, if the Snowden/NSA leak was not enough to convince all, all should now assume that NO MATTER what your device or operating system, even some 'air gaped' devices are now vulnerable to multiple malware 'implants' funded by US and other tax dollars to spy on everything you do, record, say, spend, see, watch, go to, meet with, and more. There are implants that can sit on your device/computer for its lifetime and send all to NSA or CIA or others - or delete everything in memory - even selectively change things in memory.

Right out of James Bond is the proof [already known to some; e.g. Michael Hastings death by out-of-control car] that hacking into smart car computer systems [in many cars post 2000-2010 or so] can be used to make the car crash when desired and thus produce a 'deniable' assassination of all in the car! Now you have another reason to drive an older car!...and maybe not be addicted to your smartphone and giant home entertainment system.

Apparently, Wikileaks has lots [several hundred million lines of code] of the actual code of some of these CIA exploits. They are not releasing them at this time to not allow them to proliferate and be used by others for negative purposes. They did indicate that at some time soon, as appropriate, they may release some so that white-hat hackers can build defeats for them. One thing is for sure, the governments are at war with the citizens of the World.....but nothing new in that. :Read:

1984!!!!! Have a nice day :Blink:
[Image: attachment.php?attachmentid=9008&stc=1]
Edward Snowden, the world's most famous whistleblower, thinks of the information held inside. Posting on Twitter Tuesday morning, Snowden said that the leak "looks authentic" and is "generally a big deal." He went on to elaborate why he believed the information which centred around allegations that the CIA's covert program allowed it to crack into iPhones, Androids and even Samsung TVs was credible. Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic. — Edward Snowden (@Snowden) March 7, 2017 What makes this look real? Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them. Edward Snowden (@Snowden) March 7, 2017 Snowden also addressed how the government might be making software vulnerable on purpose, by "developing vulnerabilities in US products then intentionally keeping the holes open." He slammed that alleged practise as "reckless beyond words." The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open.
This was on CNN yesterday. This post is incredibly important Deep Politics wise. People have become dulled to Intel intrigue because of the sheer volume of it but this Wikileak shows the true extent of CIA invasion of privacy and hostile subterfuge.

The report had Anderson Cooper (CIA trained) and two CIA agents on CNN discussing this. The only thing discussed was how the Wikileak threatened National Security by alerting America's enemies to its methods. The question that this article begs is how does this effect regular citizens, their freedom and rights? That question was never asked on the all-CIA panel on CNN.

The reason the question about American's rights was never asked is obviously because this new norm assumes those rights no longer exist and are therefore no longer an issue worth addressing. CIA is sitting right where it wants to be and the media doesn't even ask the question any more.
Samsung has just announced that their IT specialists are frantically 'looking into' the 'reports' that their TVs are susceptible to hacking by the CIA. I guess they sort of had too, as sales of them will surely plummet to all but those who's mantra is 'I have nothing to hide'. However, this is not new or news really. I've posted articles here on toasters and refrigerators that can act as microphones and feed back everything said to whomever is in control of them [and that won't be you, Mr./Ms. owner of said product]. We had long known that computers and smart phones could seem to be 'off', yet be 'on' enough to send back voice and even sometimes video. Snowden made that clear, but it was out of the bag before he proved it. Now, we have an equally revolting revelation that the CIA [not to be outdone by the NSA or Russian Intelligence] have created their own set of programs/implants/trojans/worms/infections/hacks that can be placed in a smartphone, computer with any operating system and even your car [to kill you more likely than listen to what you say in the car]. What I'd like to know is what are People going to DO about these endless intrusions into our lives!!!! [and done with our tax money to boot!]

In fact any of these exploits can quite easily and quickly be defeated if the code is known or the means of attack is generally known; however, the NSA/CIA/others can just as quickly and easily adapt their dirty tricks to the newly modified code in the device. I'm not a programmer nor security expert, but to me it seems obvious that the only reasonably safe device would be one that regularly changed its basic parameters, both hardware and software - the first being horribly expensive and the second being a hell of a lot of trouble for the manufacturer and the user - both. Encryption may be the answer, but not the kind being used now. We are almost to the point as in 1984 where everything Winston did was seen and heard by associates of Big Brother. The capacity to do this is now available, they only haven't yet bothered to put it in every room and every device - just in many rooms and outdoor places and many devices. The NSA boasts to recording all conversations and internet actions of everyone in the developed World and much of the developing World. And, oh, by the way the 'not-yet-finished' Utah MEGA-STORAGE facility of the NSA has long been finished and in operation. The 'not finished' line was another of the Big Lies. So, they never had to get a FISA Court to approve bugging of Trump [all FISA requests are granted anyway], as the NSA only had to go to Utah and pull the calls/internet interactions of Trump or ANYONE else [even YOU!] they want when they is all stored there and kept in storage, to be used at the discretion of unknown persons against all of us!
We know that governments are always in peril from the intelligence community and have been for a long time. The use of blackmail garnered from the Five Eyes technology along with willing servants in the media who are able to float a ruinous story as required, means accountability remains a very long way off. I suppose the first step is to neuter the mainstream media.

Meanwhile, on a personal level you take what steps you can. You can blind the camera on your laptop/computer and turn the internal microphone to zero - all recommended actions to hopefully defeat intrusions - and in my case I have an iPhone version3, a very old one that is less easy to manipulate and I don't plan to upgrade it at all. I remember that John McAfee uses an old flip top cell phone because it can't be hacked and recommends everyone uses similar technology. Maybe people should revert to that sort of thing, but they won't, will they. But all these are just temporary patches. The entire electrical circuit in your house can be used as a remote microphone.

Technology isn't going to go backwards, so it's going to take a real battle to put the spooks back in their box, and I don;t see anyone with the will to do that that. Sadly.
David Guyatt Wrote:We know that governments are always in peril from the intelligence community and have been for a long time. The use of blackmail garnered from the Five Eyes technology along with willing servants in the media who are able to float a ruinous story as required, means accountability remains a very long way off. I suppose the first step is to neuter the mainstream media.

Meanwhile, on a personal level you take what steps you can. You can blind the camera on your laptop/computer and turn the internal microphone to zero - all recommended actions to hopefully defeat intrusions - and in my case I have an iPhone version3, a very old one that is less easy to manipulate and I don't plan to upgrade it at all. I remember that John McAfee uses an old flip top cell phone because it can't be hacked and recommends everyone uses similar technology. Maybe people should revert to that sort of thing, but they won't, will they. But all these are just temporary patches. The entire electrical circuit in your house can be used as a remote microphone.

Technology isn't going to go backwards, so it's going to take a real battle to put the spooks back in their box, and I don;t see anyone with the will to do that that. Sadly.

The electronics most now have make it all too easy for the BEAST [whatever/whoever they are]. Even if you had NO phone at all, all they have to do is record the vibration of the glass on your windows to hear what is being said in the apartment or house. This is done now with a laser [invisible wavelength]...but it is a lot of trouble to set up and is only done on high-value targets. With everyone with a smartphone [but NOT me!] they know where you are, who your with, what you said, your every email and internet search and action, etc.

Yes, there are steps each can take to minimize the possible encroachment on privacy - but truthfully they amount to little compared to what the other side has at hand. Even most bank cards now have RFID chips in them and when you are near [about 10m] a special device it can read who you are, your bank account number, your pin code, and where you are walking in a shop, how long you stop before item X and then item Y, what you buy, etc. It can even be used sometimes to track you walking or driving in a city. And there are other techniques. Someone would make a small [and honest] fortune if the set up a high-tech company to build devices that can't be hacked...but they'd be infiltrated and the higher ups perhaps 'whacked' if successful. It is sad that no one is even trying. Google is part of CIA; the phone companies are either complicit or don't care enough. Ditto software developers. I use Linux and am shocked that Linux has yet to comment on the Vault7 info that even Linux is vulnerable was long thought it was not without very special precision attacks....not so any more.

Its a Brave New 1984 and I don't like it one flying ****!::prison::
It is a bit odd, come to think of it, that Trumpf has yet to tweet or peep about the Wikileaks/CIA bit.... perhaps because it would cause even the most neutral of press to mention about how he praised Wikileaks for releasing the DNC emails. His press sec. made a statement against Assange and Wikileaks, but Trumpf is staying very quiet indeed......
Use an aniti-virus or anti-malware program? Well listed in the Wikileaked CIA Vault7 document are successful hacking of [or more usually around] the following: Comodo, Avast, F-Secure, Zemana Antilogger, Zone Alarm, Trend Micro, Symantec, Rising, Panda Security, Norton, Malwarebytes Anti-Malware, EMET (Enhanced Mitigation Experience Toolkit), Microsoft Security Essentials, McAfee, Kaspersky, GDATA, ESET, ClamAV, Bitdefenderm Avira and AVG. That covers about 96+% of the market on even though they will try to 'fix' things, even with the knowledge that CIA can bypass or render them harmless for CIA purposes, they can not win - the whole concept of such programs is all but useless. Yes, it will stop the annoying 'amateur' threats, but not the BIG BOYS....even know that the proof of their hacking is known. I really don't know how to even begin to suggest making a computer safe and private anymore. I suggest going back to a typewriter or pen and paper with calculator and slide-rule. :Depressed:

Quote:Avast Vice President Sinan Eren asked the makers of the Android and iOS platfroms, Google and Apple respectively, to give internet security firms better access to the systems so they can respond faster, according to news agency Reuters.

"We can prevent attacks in real time if we are given the hooks into the mobile operating system. If we can drive a paradigm shift where mobile platforms don't shut off access, we'll be better able to detect when hackers are hiding in a mobile (phone)," he told Reuters from his office in Avast's branch in California. [wishful thinking - the CIA will always be a step ahead or at least a few days behind any new fix]

Apple told Reuters that many of the issues had already been patched, while Google declined to comment. The CIA also declined comment.
Pages: 1 2 3