WikiLeaks Unveils Treasure Trove of CIA Documents

The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.

While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.

Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs,  “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.

It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.

Header image source (CC BY 2.0)

132 thoughts on “WikiLeaks Unveils Treasure Trove of CIA Documents

  1. “Conform with all directives
    Remember obedience pays
    and when you watch that TV Screen
    remembers it works both ways”

    Don’t forget Big Brother is watching you!

    1. Got a smart TV that ONLY gets used as a PC monitor:
      Fixed the first bugs I found: couple moths and a failed voltage divider for the backlight #Enable signal.

      Found no microphones or cameras (they are supposed to be optional extras via USB anyway) But contains a WiFi module (Not sure if the monitor will still power on without said module because: SONY!)

      Got little to hide: Only the eery, creepy feeling of being watched, mainly.

      1. It don’t have to be a human operator watching, Heck an AI watching and making baseless judgements…. Especially when it is a foreign agency (Relative to my home country) whom their Gov’t involves the infamous name like Trump!

          1. That project was started 10 years ago (Bush era). It was continued under the Obama administration, which leads to think that both obey to the very same boss.

        1. Please, PLEASE don’t turn HaD into a reddit circle jerk. This isn’t a place for politics, and so far, the staff has done a good job of seeing it doesn’t become “just another controlled narrative”. I’m here for cool hacks and revelations involving far-reaching surveillance. Thanks.

          1. Correct: The pun came from the story of the first computer bug: A moth in a vacuum tube.

            Extra information relating above posts:
            Also seems that my comment lasted well past when interest dwindled from this blog-post without it being labeled “tin-foil hatter” material.

            Key points:
            State something mildly “technical”,
            Have something of a claim to make,
            Point out a common concern: Discomfort
            Show at least some kind of experience/research/speculation.

            Shortening the comments by bundling the Key Points into single sentences should help the ease of reading and become very difficult to palm off as BS-Theories without the nay-sayer looking completely stupid. (End Of Current Observation)

  2. ‘The purpose of such tools is speculative’
    Not sure, the CIA documents highlighted the desirability of virtually undetectable assassinations.

    I am disappointed in their desire to be a cartoon villain, but sadly not surprised.

    1. “the CIA documents highlighted the desirability of virtually undetectable assassinations”
      where? in the just-released stash of docs? or are you referring to the Church committees?

  3. Not a hack. Er, wait…

    In all seriousness though, i find this to be clickbait by hackaday standards. I was hoping that in reading my 10th Vault 7 article today that HAD would put some novel analysis or extended thought into the news (considering you can download the source material) but this isn’t any different from the other opportunistic news outlets that have reported on the leak.

    Brian i love 95% of what you write but this feels rushed.

    1. I don’t see how this can be called clickbait. The title was clear to me at least. Now it it had read “WikiLeaks Unveils Treasure Trove of CIA Documents, AND WHAT WE FOUND WILL SHOCK YOU!” – then you might have a point. ;)

      1. “By hackaday standards” by which I mean i hold hackaday to higher standards with regard to tech and security topics than, say, buzzfeed.

        The article took today’s big news headline and provided no additonal commentary over that which has already been provided by other decidedly less technical news outlets.

        Inb4 go away and stop commenting: I am only trying to provide constructive criticism. I’m a big fan of hackaday.

    2. Not clickbait.
      Headline: wikileaks has published crapload of CIA documents.
      Article: wikileaks has published crapload of CIA documents.
      The mere fact that this has happened warrants a post here, analysis of content will follow soon. Right Brian?

      1. We discussed how to approach this. It’s clearly important breaking news, and we’d never get an in-depth story written up in any reasonable timeframe. So we went with a quick heads-up piece just to get it out the door.

        So yeah. There’s not much more here than a quickie blog-post pointing the reader to the largest ever leak, ever. If there’s more to say later, and we can add some of the Hackaday standards that you crave, we’ll be on it.

    3. Anybody claiming clickbait needs first sit back and examine why THEY clicked it instead of rushing off elsewhere to find the source material to download the real meat and potatoes and do their own cooking instead of going for the pre-prepared, osterized, sugared up, and prime tasty bits of baby food in the ez-open package for a quick thrill.

      He’s doing exactly what his job calls for. Tasted it and reporting the flavors found so you can determine if it’s your kinda dish to go and cook for yourself. AKA a service to the readers. A synopsis respectfully presented for your consideration in case you are allergic to shrimp or peanuts.

      1. And it is legal, it is in the T&C’s, so is totally Ok.

        The original was term was “Any information collected in this way, for example, your UGM, the content of your voice and text communications, video of your game play, the time and location of your activities, and your name, your PSN Online ID and IP address, may be used by us or our affiliated companies,” the section reads. “This information may be passed to the police or other appropriate authorities. By accepting these Software Usage Terms, you expressly consent to this”

        The wording has changed a bit to make it sound less like big brother, but legally it is unchanged. https://www.playstation.com/en-us/network/legal/terms-of-service/

      1. did you search twitter ? e.g. plug “site:twitter.com SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds” into your search engine of choice, and then look 24 hours earlier ?

  4. Unless I’m missing something, there’s FUD at work here. The link to vehicle control systems goes to what appear to be meeting minutes where they’re discussing what they _might_ work on, one of which is vehicle control systems.

    Just because they say that QNX and VxWorks aren’t being looked at doesn’t mean that everything else is…

  5. Any “exploit” or ‘zero day’ to try and take over a vehicle is very dubious at best. You would need a direct hardwire connection to it’s CAN bus – or – alternatively, I suppose a wifi vector is another possibility. You ain’t making the car steering wheel veer off course (unless it’s electric steering). Worst case (on a vehicle with rack and pinion steering), the only possible attack methodologies would be to mess with the anti-lock brakes, and/or throttle by wire systems – that’s presuming you have access to the car’s systems in the first place (oh, there’s that pesky cable into CAN bus issue – or – being in vicinity for a speculative wifi channel… and that’s assuming the code has been modified to permit access to the CAN bus via wifi – which again, is very iffy).

    With electric steering you could spoof the steering wheel position sensor – again, if you had access to the data bus.

    1. An attack on vehicle stability control systems could cause a car to go off the road. Also electric power steering is becoming common.

      There was an attack described a couple of years ago that used the Onstar system as a bridge to the CAN bus and allowed access to brakes and other systems via a phone call.

      1. Re-read the post.. ABS/TBW were mentioned. Accessing CAN-bus via Onstar to monitor data is one thing. I can’t find the specific vaporware you speak of that “attacks” the ‘brakes and other systems via a phone call’. You would need a command(s) to modulate the ABS BPMV hardware – if I recall that was proprietary to the manufacturer…in any case, this is the FUD factor… an extremely low probability event – but hey someone makes revenue from spreading this type of FUD.

        If you want to clip/whack/cancel someone, just run their ass off the road – a hell of a lot simpler… or I suppose in a deniable plausibility scenario, an “accident” a specific mark experienced leading to their death, that subsequent investigation reveals driver error, could have it’s advantages.

        1. I remember the article that Bill is talking about.. and no it is not vaporware… If I remember correctly they exploited an over the air (onstar) software upgrade feature in the cars entertainment system. Injected their own code and were able to receive and transmit onto the cars Can bus via the cpu in the radio. It took some experimenting and precise timing to inject their commands at the right time, but they were able to affect the steering and breaks while the car was being driven.

          1. Confirmed. I watched the program. The exploit was demonstrated on primetime television to the whole nation with over a full week of commercials trying to get your attention to watch this episode. 18-24 months ago best I recall. Driver was negotiating a roadcourse of cones wherein both braking and steering were hacked to repeatedly and successfully render control from the driver such that the vehicle would leave the course and/or come to a halt. The equipment in use was a laptop with cellular, and all they needed was to dial your vehicle and send the hack.

          2. Allright, so let’s examine this from the perspective of causing this imaginary mayhem for some sinister purpose (related to making an individual – hmm, “go away” – *forever*). Scenario described (onstar), means you need specific intel on the target vehicle. If you already have that, why bother with all this complicated “crypto-nerd” nonsense ?

            Just pay off a gang-banger $100 to ‘take care of business’. Hell, I used to pay-off the “jocks” as ‘collection agents’ on my old college campus when I was the un-official “loan officer”.

            Some of you geeks are pathetic. Can’t see the forest thru the trees. What counts is the end result – not how you achieve it. It’s presumed if you’re gonna fuck with someones car to cause a crash – use the simplest methods available !

            https://xkcd.com/538/

          3. Number two – it’s to Make it look like an accident. Some goon takes out snowdon or Kim Jong-nam, everyone knows who did it even if it can’t be proven. If they crash their cars on an empty road, much less likely to call foul play.

      1. Do you have a financial interest in the “security business” ? Idiot – if this were so common place, where are the actual deliverables that can make it happen ? Oh, that’s right – they don’t exist in a practical/field usable form. Even if they did, it’s worthless to the average fixer. Much easier/simpler ways to ‘take care of business’ when you want to remove a troublemaker from the equation.

    2. “You would need a direct hardwire connection to it’s CAN bus”

      How often does one look at their vehicle’s diagnostic connector to see if something is plugged into it? Opening your car doors to install it is not a problem, especially if your car uses keyless entry as most of them do.

    3. The widely publicized Fiat-Chrysler hack exploited an attack vector on Harmon radios where dbus was left open on the attached LTE modem in the car. The attackers (security researchers) browsed the dbus service directory, also open. Saw a software update service for the micro that white-list firewalls traffic to/from the CAN bus (Renesas RH850) and main infotainment processor. Then they crafted a jump bug in the RH850 firmware to alter it’s behavior while keeping all of the presence patterns in-tact (there is no formal firmware hash – doh!) And that allowed them to send whatever they wanted to the attached CAN buses from potentially half-way around the world.

      Things like this tend to happen when companies outsource 95% of their labor demands to Hyderabad because American teens are too preoccupied with Twitter and Vine to learn technically challenging professions in 2017.

      The CIA leak is a good thing. It should cause every company to take deeper stock of their security apparatus and increase investments.

      1. “Things like this tend to happen when companies outsource 95% of their labor demands to Hyderabad because American teens are too preoccupied with Twitter and Vine to learn technically challenging professions in 2017.”

        Fuck that. Outsourcing is not the fault of the technical employees: the blame lies with management, looking to cut costs in any way possible.

      1. Very good point that I hadn’t thought of before! Plus if the car has traction control, you can control any wheel independently. And even be able to pulse the brakes many times a second… so steering with the brakes without really slowing the vehicle down much

    4. For those who don’t read enough
      https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
      Almost exactly a year ago, Chrysler announced a recall for 1.4 million vehicles after a pair of hackers demonstrated to WIRED that they could remotely hijack a Jeep’s digital systems over the Internet. For Chrysler, the fix was embarrassing and costly. But now those two researchers have returned with work that asks Chrysler and the automotive industry to imagine an alternate reality, one where instead of reporting their research to the automaker so it could be fixed, they had kept working on it in secret—the way malicious hackers would have. In doing so, they’ve developed a new hack that offers a sobering lesson: It could have been—and still could be—much worse.

      At the Black Hat security conference later this week, automotive cybersecurity researchers Charlie Miller and Chris Valasek will present a new arsenal of attacks against the same 2014 Jeep Cherokee they hacked in 2015. Last year, they remotely hacked into the car and paralyzed it on highway I-64—while I was driving in traffic. They could even disable the car’s brakes at low speeds. By sending carefully crafted messages on the vehicle’s internal network known as a CAN bus, they’re now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car’s brakes or turning the vehicle’s steering wheel at any speed. “Imagine last year if instead of cutting the transmission on the highway, we’d turned the wheel 180 degrees,” says Chris Valasek. I can imagine. But he spells it out anyway. “You wouldn’t be on the phone with us. You’d be dead.”
      https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes
      Team of hackers take remote control of Tesla Model S from 12 miles away

      By hijacking the car’s Can bus, the hackers could move the seats back and forth, trigger the indicators, wing mirrors and windscreen wipers, and open the sunroof and boot while the car was driving and in parking mode. More worryingly, the hackers could also control the car’s brakes, which could be dangerous if deployed suddenly while the vehicle was traveling at high speed on a motorway.

      The attack requires the car to be connected to a malicious Wi-Fi hotspot set up by the hacking team, and this can only be triggered when the car’s web browser is used.

      ( And it should be noted that the tools mentioned by WIKILEAKS can also hack medical devices. Probably the reason Cheney disabled the wireless in his pacemaker in 2013)

  6. I truly do not understand why everyone is so shocked when accusations like this are brought to the public eye. Ive lived my life always under the impression that if someone wanted into my personal life in such ways, it could easily be done. I feel that everyone that comes to this site should know how easy such a task could be, not saying we are elite due to knowledge, but many here work with and know enough about the internal workings of gadgets and software to see how easy it is for such devices to be used against us, and we have incorporated this stuff into our lives. I am truly shocked when I hear people talk about ways to disable their smart TVs, or the extent to which they go through with their computers, phones and vehicles. Sheeples! If you do not trust it, why let in your life to begin with! No one needs a smart phone! Or smart TV! I actually know someone who brags about the great price he paid for a smart TV, but actually will go outside (with his cell phone clipped to his side) to talk personal matters because the TV or Xbox might hear. The one thing these devices do, without ever being hacked, is collect personal information about you, every app you install, every drive you make, every show you watch, every song you play, some piece of data is collected. That is called profiling, and from that, patterns emerge. This information is sold, for pennies, to anyone and everyone. it has always been and always will be my belief that governments are the biggest customer to these companies for this data. It’s a fucked up combo of Santa clause “he knows when you’ve been sleeping” and stings “I’ll be watching you”. Why hack when you can go to the sources and buy everything you need, very very cheap, with the tax money of the people whom you want the data? Take all that info, all of it, push that shit into a super computer or database, a handful of algorithms, you got yourself a very nice picture of the everyday lives of everyone, literally, at your fingertips. Anything unusual? Then break out these tools they have.
    Welcome to the 21rst century bitches!!!!!!!

    1. most people, including me don’t care. Some neckbeards make noise now and again, but then it goes away. I’ve assumed all my electronic data were accessible by the spooks and whomever for about 15 years. ISn’t that when we found out the NSA had closets in all the telco hubs and were like the largest customer of seagate by a huge margin??

      1. I feel like this apathy is a major problem. Even if you have nothing to hide, who is to say that in the future our great government won’t decide that hardware hackers are a threat? If that happens, they have a 20 year backlog to go and find something wrong to lock you up for.
        That being said, you at least know the level of technology being levied against you when you dismiss it. I feel like most non-tech savvy people don’t even understand the vast spectrum of digital weapons being brought to bear on their personal information and just hand-wave it away in dismissal. Reminds me of an interview in which people were told the NSA was spying on them, and no one could care. The interveiwer then asked if they were fine with the NSA accessing any nude pics they may have sent and they were suddenly up in arms, lol

    2. “if someone wanted into my personal life in such ways, it could easily be done”

      Exactly, even without giving away everything voluntarily via use of social media concerns like Facebook. These days, the 1984 “Telescreens” are paid for and installed by the potential targets themselves.

    3. People want entertainment, regular TV is a poor provider so people use netflix and amazon and hulu and all that, that means you need to connect to the internet, and that is why people allow TV’s onto the internet. So the word ‘need’ is a bit vague in the way you throw it around.

      1. Oh. My. God.
        It has been decades since I read that book, and I really, honestly forgot. But you have just summarized a large part of today’s society.

        War is Peace: As long as the industry roars, there will be jobs and wellbeing. And war destroys goods which have to be replaced and gives an excuse to strike down any movements that might endanger the public order. Check.
        Freedom is Slavery: Being free implies to be responsible for your decisions, and, of course, to make those decisions beforehand. This actually is hard work and is unpleasant at times. Check.
        Ignorance is Strength: The less I know the less I am susceptible to arguments. Either your point of view is identical to mine or I just can’t understand what you say and I can ignore you completely. I will never have to doubt anything, while you will never be completely sure. Check.

        Who says that oppression needs brutal force, there are people who just need someone to show them a way…

        Excuse me, while I will cringe a bit…

  7. Why such leaks comes only from CIA, NSA (USA agencies) likes if other countries doesn’t do it?
    Russia, China, UK, name it, they all spy. Is wikileaks biased?

      1. “Maybe the amount of leaks are proportional to the extent of the surveillance?”

        Exactly what I was thinking – proportional to the size of the effort and, therefore, the number of people involved. In anything other than a total dystopian police state, TRUST in those with clearances is a huge part of the security equation. The more people involved, the more likely someone is going to violate that trust.

      2. Also, it maybe have something to do with a culture of free thinking, dignity and responsibility among the people. I hate to say it but I think U.S citizens better us europeans in that regard.

    1. Mike Pence used an AOL email account while he was the governor for Indiana and it was hacked. Where are those emails? Yes, Wikileaks is biased and not necessarily on our side. Despite the apparent value of knowing what the CIA can do with these hacking tools.

    2. Yes, they have a definite preference for targeting the US government; they haven’t published anything like a treasure trove of Russian intel documents or the source code for the Great Firewall of China. I think it’s most likely bias, although people leaking US documents may be less afraid of ending up buried in an unmarked grave.

    3. It’s all about budget and intent, the US is driven to spend trillions on spying, many other countries are less concerned with what normal people do and more interested in hacking into lucrative and militarily beneficial stuff of a few select organisations. They want plans to the newest missiles not to hear your inane discussions in front of your TV, only the US want to invade every damn normal person on the world’s privacy and has the budget to do so in a massive scale and store it all.

      It’s the same with the military, all countries have armies, the US though has a budget for their armed services equaling all the other ‘big’ players combined.. times 10.

      As RT recently said for example: Trump want to increase the US army’s budget with an amount greater than the entire budget of Russia’s armed services.

  8. I’m pissed VLC player was compromised. That and Notepad ++.
    I have rumors that one may build some of the tools using the outlines/guides within the documents.
    Oh and the fact that essentially everything in the toolkit and knowledge base has been released into the wild via private contractors and others is very scary.

    1. Allegedly the tools themselves will be released once they are able to neuter them or have given software companies enough time to patch the vulnerabilities. Kali is going to get some great new additions!!!

  9. Good job CIA, good job. Now everyone, including China, Russia, UK, and even your neighborhood script kiddie can spy on everyone else.

    To fix this, I propose 3 things.

    1. Use their own weapon to dig up and publish as much dirt as possible on existing politicians, “intel” (spy) community, etc. Maybe this will wake them up to ban such practices – because now their own ass is on the line as well. Maybe following laws is a good thing, eh?

    2. Create as much fake/misleading data as possible. For example, even if you are janitor living in Sweden, create multiple profiles portraying you as PhD living in China, pornstar in Italy, yak herder in Mongolia, etc. Rubbish data is useless and can confuse even humans.

    3. Steganography. https://en.wikipedia.org/wiki/Steganography

    Trump was right, as always. He only found the news out few days earlier than news outlets, as usual. They are spying on everyone, all the time.

    1. Always perfectly possible even before it was apparently revealed in this batch of materials (which I have not looked at except in the summary) is that it is possible to frame an entire country using their own hacking tools and/or by compromising and using the tools and network assets of a highly competent civilian hacker team within another country… like the “only the stupid would fall for it” script kiddie level phishing attack against the Dem Podesta that compromised his email account and the attacks against the DNC which were riddled with clues left behind allowing them to be traced back to Eastern Europe. The tools used were apparently freely available in the hacker community and since civilian hacker groups don’t care about leaving source clues in their malware, there were source tells in the malware. Any competent STATE SPONSORED group would not leave behind such evidence. And yet, it was “the Russians.”

      Ask yourself what country absolutely loves Trump, but would want to discredit Russia due to their alliance with Syria and Iran, and has a very capable state sponsored cyber warfare team. There is only one and they were apparently the most significant partner in Stuxnet’s creation. Also, if they were involved, we in the US would NEVER be told they were. Instead, their framed target would be blamed.

      1. Yeah exactly, the ‘evidence; was not consistent with what a ‘state player’ would do.
        There is though the sudden arrest of that top guy in Russia for working for the US money, which makes it possible that that was because Putin realized they are actually bugging Putin’s phone/computer/house/TV/etcetera and that he realized it because they knew too much which they could only know if he was bugged?
        It’s a complex world of FUD and counter-FUD and impossible for us to be sure what’s going on, except that we know we aren’t safe – and that we know they lie, they all lie.

  10. There are .doc files in here, .pdf, etc. I am curious if there is any metadata or creator info etc. stored within, that might reveal identities of CIA agents.

    I did spot that WL missed a redaction. Wonder who JimJ is.

  11. “There are .doc files in here, .pdf, etc. I am curious if there is any metadata or creator info etc. stored within, that might reveal identities of CIA agents.”
    http://www.zerohedge.com/news/2017-03-07/wikileaks-hold-press-conference-vault-7-release-8am-eastern
    “Redactions

    Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.

    Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
    Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
    Archive attachments (zip, tar.gz, …) are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
    Attachments with other binary content are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
    The tens of thousands of routable IP addresses references (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
    Binary files of non-public origin are only available as dumps to prevent accidental invocation of CIA malware infected binaries.

    Worth reading the entire article and comments.
    Some more take aways
    “Among the more notable disclosures which, if confirmed, “would rock the technology world”, the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

    Another profound revelation is that the CIA can engage in “false flag” cyberattacks which portray Russia as the assailant. Discussing the CIA’s Remote Devices Branch’s UMBRAGE group, Wikileaks’ source notes that it “collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. ”
    “CIA targets iPhones, Androids, smart TVs:

    CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details).
    The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.

    Also cars, suggesting that the CIA may have a role in the death of Michael Hastings:

    As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks.
    The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

    And computers:

    The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

    Hoarding of Zero Day exploits:

    In the wake of Edward Snowden’s leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or “zero days” to Apple, Google, Microsoft, and other US-based manufacturers.
    Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

    Proliferation of leaked/hacked Cyberwar programs:

    While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber ‘weapons’, once developed, are very hard to retain. Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
    Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
    Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

    The U.S. Consulate in Frankfurt is a covert CIA hacker base

    In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa. CIA hackers operating out of the Frankfurt consulate ( “Center for Cyber Intelligence Europe” or CCIE) are given diplomatic (“black”) passports and State Department cover.
    The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: “Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport”

    Examples of CIA projects

    The CIA’s Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by “Year Zero”) each with their own sub-projects, malware and hacker tools. The majority of these projects relate to tools that are used for penetration, infestation (“implanting”), control, and exfiltration.
    Umbrage: The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
    Fine Dining: Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals.
    ‘Improvise’; a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor).
    HIVE: HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants. The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

    And some key sections from the FAQ:

    What time period is covered? The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first). WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.
    What is “Vault 7” “Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks.
    What is the total size of “Vault 7”? The series is the largest intelligence publication in history.
    When was each part of “Vault 7” obtained?: Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
    Is each part of “Vault 7” from a different source? Details on the other parts will be available at the time of publication.
    How did WikiLeaks obtain each part of “Vault 7″? Sources trust WikiLeaks to not reveal information that might help identify them.
    Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series? No. That would be certainly counter-productive.”

    Topic headers
    CIA malware targets iPhone, Android, smart TVs
    CIA malware targets Windows, OSx, Linux, routers
    CIA ‘hoarded’ vulnerabilities (“zero days”)
    ‘Cyberwar’ programs are a serious proliferation risk
    U.S. Consulate in Frankfurt is a covert CIA hacker base
    How the CIA dramatically increased proliferation risks
    Evading forensics and anti-virus

    REDDIT has some discussion under THE DONALD but I can’t find the link now.

    1. Thanks for copy-pasting the main article page *eyeroll*

      Wikileaks does love to be dramatic, though…

      What is the total size of “Vault 7”?
      The series is the largest intelligence publication in history.

      Has WikiLeaks already ‘mined’ all the best stories?
      No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

      Won’t other journalists find all the best stories before me?
      Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.

      1. “Thanks for copy-pasting the main article page *eyeroll*”
        Most people are either too lazy or lack inquisitiveness to actually follow a link and read the article.
        Did you?
        I’m old enough to remember when we called “copy and paste” citing or quoting a source.
        I rattle my penis sheath in your direction for the snowflake eyeroll cliche.

          1. For the less worldly
            https://en.wikipedia.org/wiki/Koteka
            “The koteka, horim, or penis gourd is a penis sheath traditionally worn by native male inhabitants of some (mainly highland) ethnic groups in New Guinea to cover their genitals. They are normally made from a dried-out gourd, Lagenaria siceraria, although other species, such as Nepenthes mirabilis, are also used. They are held in place by a small loop of fiber attached to the base of the koteka and placed around the scrotum. There is a secondary loop placed around the chest or abdomen and attached to the main body of the koteka. Men choose kotekas similar to ones worn by other men in their cultural group. For example, Yali men favour a long, thin koteka, which helps hold up the multiple rattan hoops worn around their waist. Men from Tiom wear a double gourd, held up with a strip of cloth, and use the space between the two gourds for carrying small items such as money and tobacco.

      2. “Won’t other journalists find all the best stories before me?
        Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them”

        Actually that isn’t true. There is much more media of various sorts today. There are many more academics today than in previous generations.
        The issue is, as always, mainstream bias. I will not copy and paste all the various “Conspiracy theories” which have been proven true. I will say that a very large number of people who were once ostracized for mentioning those theories are now vindicated.
        The real question is who wants to rock the boat and get their funding cut or job terminated?
        Where was the outrage when the Democratic party was proven to have colluded with the media? Or when the Democratic party was proven to have conspired against Bernie Sanders and his supporters, thereby literally negating ones right to vote for their candidate of choice.How many people were pissed when Snowden revealed the NSA spied on literally everyone both foreign and domestic despite the questionable legality of such activities.
        Factually ask the average man on the street about the various Wikileaks revelations from the past few years and they will barely know.
        You seem to be in the same ho hum category instead of the outraged and fearful one.
        Once these powers exist they will never be curtailed they will simply become more refined and invasive.

        1. What I already noticed is that the mainstream media now reports it as ‘stuff Wikileaks stole’, whereas we all know Wikileaks is only the conduit, but to fit in with their previous ‘Russia hacked the brains of all Americans’ story where Wikileaks was the ‘commie-controlled hacker’ they continue this nonsense where Assange is personally hacking the noble and good people of the CIA, the heroes you know.

  12. Interesting thing I saw on an Aussie tv show, a politician removed the battery from his phone and put the phone and laptop in his fridge.
    Also worth it to watch the Aussie show THE CODE and the Danish FOLLOW THE MONEY. Both give insight into pretty murky areas of both surveillance and corruption.

    1. After Snowden many governments and companies have meetings now where phones aren’t allowed in the room. And rightly so, even if you aren’t worried about spooks there is always the competition to worry about.

    1. BrendaEM

      Someone somewhere mentioned that the light sensor on a tv is essentially a camera.
      Wanna bet that those sensors and cameras can read your lips? Well run them through an algorithm to create a rough, or maybe not so rough, recreation of conversations.

      1. In some of them it is. Others, more or less just a single photoresistor, because that’s all that’s needed and has very little additional hardware or firmware to use in comparison to a camera.

        1. Kind of related
          https://www.google.com/patents/US3192321
          ” In summary, the operation of the invention, as generally shown in FIG. 1, for example, is as follows: a light source is directed at the speakers mouth and the amount reflected is detected by a suitable photo-resistor as a function of its resistance. Thus, changes’in the reflectingsurface. are detected. When the speaker lips are closed,

          .the reflecting surface will be the skin surface reflecting a maximum amount of light. When the lips are open and the teeth are closed, the teeth surfaces will be the directed. Hence, it is apparent that these three radically different reflecting surfaces will produce three radically different optical inputs at the photoresistor and accordingly three radically dilferent electrical outputs at the detector, which may be displayed as an indication of mouth attitude in a speech recognition system. “

      2. They can just turn on any or all phone mics so it’s rare that they would need a TV to do it. maybe in baghdadi’s bunker or some such it might come in handy though.
        Incidentally, even the public already noticed that you can switch any headphone over to become a mic in modern audio codecs, so there is that alternative too. That probably won’t work for amplified speakers though unless specifically provisioned for it .

  13. The most insecure component of any security infrastructure is the users themselves. Yet for some reason security IT professionals are more concerned with firewall rules and ACL lists than psych evaluations and employee feedback.

      1. Yeah but there is also nothing new in these “leaks” correct? I’m not interesting in what a less competent idiots refuse to believe.

        Has anyone found anything that can’t actually be linked back to an already openly discussed theoretical vulnerability? It is like the Snowden dump, which was 100% old and obvious hacks. It is the lack of novelty in these leaks that has me suspicious. I am not judging there authenticity, just pointing out an anomaly and the fact that if they are all known hacks then we should be assuming every single goverment and interested organisation in the world is potentially doing the same. This is in fact what I have always assumed and I know I am not alone in this.

  14. CIA has shtlod of taxpayer money available, so they are always (and will be) at least 2 steps ahead of the state-of-the-art computer security.

    But the funny thing is, even if they spend 10x more money, they will be unable to stop most new attacks. Because the new attacks are mostly “lone wolf” type, where the gunman does not communicate with anyone before the murders begin.

  15. Counterintelligence people. If Wikileaks got it and the CIA didn’t want them to have it, would Assange be alive right now?

    There’s probably claims inside the remainder of the documents about UFO and alien contact and perpetual energy….

    What I thought was a hoot was Snowden acting like he’s still relevant saying “this looks legit.” Sorry traitor, nobody cares what you think. There’s a large difference between the trending of data and spying…but then you had to go and tip off the world. Why? Do you truly think you changed anything.

    Take whatever WikiLeaks sends out with a pound of salt. They have some agenda, and it appears to be focused on our country rather than any other.

    1. We all know that Russia and China are “bad”, because Western propaganda (sorry, media) has been telling us that for decades. “Now” we know that USA is also bad. So: no moral authority remaining.

      1. Bad depends on your point of view. I’ve been to Russia, not to China. The people who live in Russia are no different from the people in the US. They only want to live their lives in peace and have their children do better than they did. What’s bad is the agencies within each government that push policies that benefit those within that country that are in and wish to remain in power. As a side effect the populace is kept in a somewhat protected state.

        And I challenge your “no moral authority remaining” statement. The United States has done plenty for the world in the past 100 years. Plenty of humanitarian missions occur funded by the taxpayer and provided by the government of this country. No, it’s not perfect, and gasp….our Central Intelligence Agency spies on people. Whole lot of no kidding going on there. You think the other powerful nations of the world DON’T spy on people? What separates us from Russia and China is that we try to do good things…we fail on occasion, but imagine what would be if we became an isolated country and didn’t help via humanitarian and military operations. Might want to bone up on your Russian and Mandarin.

        1. Heh. Count the number of foreign civilians killed by USA, China, and USSR/Russia in the last 80 years. USA wins hands down. From napalm in Japan, Korea and Vietnam, to firebombing the German cities, to weddings in Afghanistan. And many, many other countries. USA wins hands down in butchery. And no, killing of civilians cannot be justified.

  16. “But the funny thing is, even if they spend 10x more money, they will be unable to stop most new attacks. Because the new attacks are mostly “lone wolf” type, where the gunman does not communicate with anyone before the murders begin”

    Pretty much untrue.
    Initial reports of most attacks include witness statements of multiple gunmen.
    Then boom descriptions change and facts get altered so that it seems like the lone nut theory is true. Much more palatable and less scary.
    On the other hand we have the FBI actually creating environments where they plant terror attack ideas and offer the weapons/explosives to their marks.
    Truth is we don’t know how many false flags exist and which intelligence agencies or non state actors actually enact anything. Except for drunk drivers plowing into crowds.

    1. I respectfully disagree. Single killer working alone will almost always pass. Terrorists have already adjusted their tactics accordingly. Of the last 10 or so shootings/mass murders, most were committed by single guys. There is almost no defense against that, since everyone can grab a knife and go to a shopping mall. All CIAs, FBIs, and polices of the world will not help.

  17. My discoveries predate this by several weeks, had some interest from TLA’s as they weren’t even aware of the zeroday in question until I posted it on “El Reg”.
    Seems that many phones with FM radios “chirp” even if the power is off and can be made to do so using a malformed SMS, tested on Nokia 110 among others. No wonder the battery kept running down!

  18. Try this experiment.
    1. You and your friend connect to the same wifi.
    2. Pull out your phone and put the ok Google search bar on your scree. Withouth activating it,
    3. Have your friend come up with a random topic and tell you out loud.
    4. Type in said topic and count the letters you had to type before Google suggested your topic.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s