[WIKILEAKS] Release Vault 7 CIA Hacking Tool Repository

1. I kinda figured I was vulnerable to this stuff all along. Though usually I don't let myself worry about it until one of these stories comes along.
2. Since it's going to happen, I'm glad American intelligence agencies have these tools. I'm mad about this news, not because the CIA et al have been doing this stuff, but because it all got compromised by wikileaks. I still don't get why some Americans feel sympathetic to this organization. Rooting out corruption is great, but lets not cut off our nose to spite our face.
3. It does drive home the importance of having good governance around our intelligence operations so that these agencies do not misuse these capabilities.
4. Intelligence agencies should cooperate with tech firms to improve security. Ideally, we'd tell them about the vulnerabilities the Russians and the Chinese, etc have discovered, not the ones we've discovered. Wikileaks disclosing what we've discovered puts us at a competitive disadvantage.
5. Industries outside of tech need to get a lot more serious about security. There is a lot of infrastructure that can be attacked in this way like the electric grid, for example. I know they're working on it, but it probably should be an obsession.

 

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 1450

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 1650

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 1860

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 1914

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 2017

 

Actually there were some that argued that the information released wasn't accurate or heavily edited.

So few answers from the Left? No one has really given answers because it is technology, and there is only so much you can do. If you impeded technology too much and you fall behind.

 

Where have you been?

This is nothing new, the only thing that is different is that the technology has improved. This isn't something that happened overnight. It has been a solid burn for a long time. The Patriot Act certainly didn't help either.

I am not saying to roll over and have no concern, but it shouldn't be surprising to anyone that has paid attention and it is going to be impossible to stop completely.

 

"The days of good guys and bad guys are over folks. It's just guys now." - Some guy 1939

 

It's surprising the tool kit got leaked. Considering CIA's long list of extremely shady activities, I'm not the least bit surprised about their existence

 

It may be possible to examine, analyze, and use the data from WikiLeaks while simultaneously condemning its activities. This isn't a court of law - this is the court of public opinion, and evidence in this court does not require an accompanying warrant.

 

1- you can protect yourself, but you need to invest some energy and time to learn how to
2- don't know how wikiL got this one... would be interesting to know, but probably wouldn't know. Either way, wikiL can play a good role if it actually play a whistle blower for public good. It is not. It's more political and so, yes, it's not good.
3- Yes, with some kind of check... if only our Congress can actually work for the people on things like this and govern
4- probably not a competitive disadvantage given it's likely nothing new. Intel agencies is not in favor of doing that. But US government has and does work with US private sector to improve security (completely separate from intel agencies) - they do this by demanding product they use to be secured. It's more up to the private sector to find these vulnerabilities, contact the vendor to close them and publish those info to elevate everyone security - this is the case today. It's also up to the private sector to innovate and provide better secure hw and sw products - i believe few companies do this well but it's improving and there are some that are very good.
5- infrastructure vulnerabilities probably need government involvement to improve; not just funding or direction, but requirements by law to secure nation interest... again, if government can get their act together and do their job

 

Good OPed piece. Don't be fooled by WikiLeaks. Yet again, they acted like a misinformation campaign.

The Truth About the WikiLeaks C.I.A. Cache

On Tuesday morning, WikiLeaks released an enormous cache of documents that it claimed detailed “C.I.A. hacking tools.” Immediately afterward, it posted two startling tweets asserting that “C.I.A. hacker malware” posed a threat to journalists and others who require secure communication by infecting iPhone and Android devices and “bypassing” encrypted message apps such as Signal and WhatsApp.

This appeared to be a bombshell. Signal is considered the gold standard for secure communication. WhatsApp has a billion users. The C.I.A., it seemed, had the capacity to conduct sweeping surveillance on what we had previously assumed were our safest and most private digital conversations.

In their haste to post articles about the release, almost all the leading news organizations took the WikiLeaks tweets at face value. Their initial accounts mentioned Signal, WhatsApp and other encrypted apps by name, and described them as “bypassed” or otherwise compromised by the C.I.A.’s cyberspying tools.

Yet on closer inspection, this turned out to be misleading. Neither Signal nor WhatsApp, for example, appears by name in any of the alleged C.I.A. files in the cache. (Using automated tools to search the whole database, as security researchers subsequently did, turned up no hits.) More important, the hacking methods described in the documents do not, in fact, include the ability to bypass such encrypted apps — at least not in the sense of “bypass” that had seemed so alarming. Indeed, if anything, the C.I.A. documents in the cache confirm the strength of encryption technologies.

What had gone wrong? There were two culprits: an honest (if careless) misunderstanding about technology on the part of the press; and yet another shrewd misinformation campaign orchestrated by WikiLeaks.

Let’s start with the technology. In the aftermath of Edward J. Snowden’s revelations about potential mass surveillance, there has been a sharp increase in the use of these “end to end” encryption apps, which render even the company that owns the app or phone essentially unable to read or hear the communications between the two “end” users.

Given that entities like Signal and WhatsApp cannot get access to the content of these conversations, even in response to a warrant — WhatsApp keeps logs of who talked to whom, Signal doesn’t do even that — intelligence agencies have been looking to develop techniques for hacking into individual phones. That way, they could see the encrypted communications just as individual users of the apps would.

These techniques are what the leaked cache revealed. Security experts I spoke with, however, stressed that these techniques appear to be mostly known methods — some of them learned from academic and other open conferences — and that there were no big surprises or unexpected wizardry.

In other words, the cache reminds us that if your phone is hacked, the Signal or WhatsApp messages on it are not secure. This should not come as a surprise. If an intelligence agency, or a nosy sibling, can get you to install, say, a “key logger” on your phone, either one can bypass the encrypted communication app. But so can someone looking over your shoulder while you use your phone. That is about the vulnerability of your device. It has nothing to do with the security of the apps.

If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be. Since it doesn’t have a means of easy mass surveillance of such apps, the C.I.A. seems to have had to turn its attention to the harder and often high-risk task of breaking into individual devices one by one.

Which brings us to WikiLeaks’ misinformation campaign. An accurate tweet accompanying the cache would have said something like, “If the C.I.A. goes after your specific phone and hacks it, the agency can look at its content.” But that, of course, wouldn’t have caused alarm and defeatism about the prospects of secure conversations.

We’ve seen WikiLeaks do this before. Last July, right after the attempted coup in Turkey, WikiLeaks promised, with much fanfare, to release emails belonging to Turkey’s ruling Justice and Development Party. What WikiLeaks ultimately released, however, was nothing but mundane mailing lists of tens of thousands of ordinary people who discussed politics online. Back then, too, the ruse worked: Many Western journalists had hyped these non-leaks.

WikiLeaks seems to have a playbook for its disinformation campaigns. The first step is to dump many documents at once — rather than allowing journalists to scrutinize them and absorb their significance before publication. The second step is to sensationalize the material with misleading news releases and tweets. The third step is to sit back and watch as the news media unwittingly promotes the WikiLeaks agenda under the auspices of independent reporting.

The media, to its credit, eventually sorts things out — as it has belatedly started to do with the supposed C.I.A. cache. But by then, the initial burst of misinformation has spread. On social media in particular, the spin and distortion continues unabated. This time around, for example, there are widespread claims on social media that these leaked documents show that it was the C.I.A. that hacked the Democratic National Committee, and that it framed Russia for the hack. (The documents in the cache reveal nothing of the sort.)

As with most misinformation campaigns, the dust that is kicked up obscures concerns over a real issue. Device and information insecurity, overzealous surveillance by governments — these are real concerns that call for real attention. Yes, we need to have extensive and thoughtful discussion of these topics. But that’s not what the WikiLeaks misinformation campaign has given us.

 

That's a solid article. Thanks for posting that.

 

Sad day when our own President is working with Russia to destroy the CIA.

 

I get what you're saying, but did anyone assume anyone's gender here? No? So, what's there to be outraged about?

Spoiler