Re: [LINK] Something Else That the CIA Leaks Disclose

[JanW]

At 08:21 AM 9/03/2017, Roger Clarke wrote:

>Or will desktop/laptop OS follow mobile OS, with the effect of denying normal 
>people access to general-purpose computing devices? 

This seems to be the way things are going - even Microsoft is moving to more 
tightly controlled "approved" applications, slowly but surely.

BTW, Roger, does this mean you now have a mobile? ;-)

Jan


I write books. http://janwhitaker.com/?page_id=8

Melbourne, Victoria, Australia
jw...@janwhitaker.com
Twitter: JL_Whitaker
Blog: www.janwhitaker.com 

Some psychopaths become serial killers, and other psychopaths become 
prosecutors. - Bob Ruff, Truth and Justice, June 2016

Sooner or later, I hate to break it to you, you're gonna die, so how do you 
fill in the space between here and there? It's yours. Seize your space. 
~Margaret Atwood, writer 

_ __ _
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

[LINK] Something Else That the CIA Leaks Disclose

[Roger Clarke]

Okay, CIA internal documents claim they've hacked prettymuch everything worth 
attacking:
Tech firms scramble for fixes after CIA hacking dump
https://www.itnews.com.au/news/tech-firms-scramble-for-fixes-after-cia-hacking-dump-454024
>The 8761 leaked documents list a wealth of security attacks on Apple and 
>Google Android smartphones carried by billions of consumers, as well as top 
>computer operating systems - Windows, Linux and Apple Mac - and six of the 
>world's main web browsers.

A related issue arises:
>Sinan Eren, vice president of Czech anti-virus software maker Avast, called on 
>mobile software makers Apple and Google to supply security firms with 
>privileged access to their devices to offer immediate fixes to known bugs.
>"We can prevent attacks in real time if we were given the hooks into the 
>mobile operating system," Eren said.

The related issue is this:

1.  From the very beginning of the 'appliance' market, users have been 
precluded from having mobile general-purpose computing devices - because the 
capabilities are tightly limited by the provider to suit the needs of the 
provider not the customer

2.  Software providers for mobile devices are precluded from accessing the full 
capabilities of the underlying OS - because that would undermine the 
OS-provider's ability to control the market.

When *are* we going to see an open-source mobile-device OS?

Or will desktop/laptop OS follow mobile OS, with the effect of denying normal 
people access to general-purpose computing devices?


-- 
Roger Clarke http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd  78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916http://about.me/roger.clarke
mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/

Visiting Professor in the Faculty of LawUniversity of N.S.W.
Visiting Professor in Computer ScienceAustralian National University
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] WikiLeaks Vault 7: CIA Hacking Tools Revealed

[Stephen Loosley]

Andy writes,

>> Wikileaks has carefully reviewed the "Year Zero" disclosure and published
>> substantive CIA documentation while avoiding the distribution of 'armed'
>> cyberweapons
>
> Yeah, I looked at the "leaks" earlier this morning and pretty much found
> nothing. It was basically saying "with this code we can do this" but no actual
> code. Nothing to see here, move along.


Ref: 
http://www.afr.com/news/policy/defence/wikileaks-documents-describe-cia-spying-through-samsung-phones-and-tv-sets-20170307-gut04y


Yes, to release any of the actual code would appear to verge on criminal. 

"WikiLeaks said it was not releasing the computer code for actual, usable 
cyberweapons "until a consensus emerges on the technical and political nature 
of the CIA's program and how such 'weapons' should be analysed, disarmed and 
published."

Some of the details of the CIA programs might have come from the plot of a spy 
novel.. One, code-named Weeping Angel, uses Samsung televisions as covert 
listening devices. According to the WikiLeaks news release, even when it 
appears to be turned off, the television "operates as a bug, recording 
conversations in the room and sending them over the internet to a covert CIA 
server."

If CIA agents did manage to hack the smart TVs, they would not be the only 
ones. Since their release, internet-connected televisions have been a focus for 
hackers and cybersecurity experts, many of whom see the sets' ability to record 
and transmit conversations as a potentially dangerous vulnerability.

In early 2015, Samsung appeared to acknowledge the televisions posed a risk to 
privacy. The fine print terms of service included with its smart TVs said that 
the television sets could capture background conversations, and that they could 
be passed on to third parties.

The company also provided a remarkably blunt warning: "Please be aware that if 
your spoken words include personal or other sensitive information, that 
information will be among the data captured and transmitted to a third party 
through your use of Voice Recognition."

Cheers,
Stephen

___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] WikiLeaks Vault 7: CIA Hacking Tools Revealed

[Andy Farkas]

On 08/03/2017 21:01, Stephen Loosley wrote:


Wikileaks has carefully reviewed the "Year Zero" disclosure and published 
substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons


Yeah, I looked at the "leaks" earlier this morning and pretty much found 
nothing.


It was basically saying "with this code we can do this" but no actual code.

Nothing to see here, move along.

-andyf

___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

[LINK] WikiLeaks Vault 7: CIA Hacking Tools Revealed

[Stephen Loosley]

Vault 7: CIA Hacking Tools Revealed

WikiLeaks Press Release
https://wikileaks.org/ciav7p1/


Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the 
U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the 
largest ever publication of confidential documents on the agency.

The first full part of the series, "Year Zero", comprises 8,761 documents and 
files from an isolated, high-security network situated inside the CIA's Center 
for Cyber Intelligence in Langley, Virgina

Recently, the CIA lost control of the majority of its hacking arsenal including 
malware, viruses, trojans, weaponized "zero day" exploits, malware remote 
control systems and associated documentation. This extraordinary collection, 
which amounts to more than several hundred million lines of code, gives its 
possessor the entire hacking capacity of the CIA.

The archive appears to have been circulated among former U.S. government 
hackers and contractors in an unauthorized manner, one of whom has provided 
WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert 
hacking program, its malware arsenal and dozens of "zero day" weaponized 
exploits against a wide range of U.S. and European company products, include 
Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, 
which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. 
National Security Agency (NSA). The CIA found itself building not just its now 
infamous drone fleet, but a very different type of covert, globe-spanning force 
— its own substantial fleet of hackers. The agency's hacking division freed it 
from having to disclose its often controversial operations to the NSA (its 
primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

By the end of 2016, the CIA's hacking division, which formally falls under the 
agency's Center for Cyber Intelligence (CCI), had over 5000 registered users 
and had produced more than a thousand hacking systems, trojans, viruses, and 
other "weaponized" malware. Such is the scale of the CIA's undertaking that by 
2016, its hackers had utilized more code than that used to run Facebook. The 
CIA had created, in effect, its "own NSA" with even less accountability and 
without publicly answering the question as to whether such a massive budgetary 
spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say 
urgently need to be debated in public, including whether the CIA's hacking 
capabilities exceed its mandated powers and the problem of public oversight of 
the agency. The source wishes to initiate a public debate about the security, 
creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber 'weapon' is 'loose' it can spread around the world in 
seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation 
risk in the development of cyber 'weapons'. Comparisons can be drawn between 
the uncontrolled proliferation of such 'weapons', which results from the 
inability to contain them combined with their high market value, and the global 
arms trade. But the significance of "Year Zero" goes well beyond the choice 
between cyberwar and cyberpeace. The disclosure is also exceptional from a 
political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published 
substantive CIA documentation while avoiding the distribution of 'armed' 
cyberweapons until a consensus emerges on the technical and political nature of 
the CIA's program and how such 'weapons' should analyzed, disarmed and 
published.

Wikileaks has also decided to redact and anonymise some identifying information 
in "Year Zero" for in depth analysis. These redactions include ten of thousands 
of CIA targets and attack machines throughout Latin America, Europe and the 
United States. While we are aware of the imperfect results of any approach 
chosen, we remain committed to our publishing model and note that the quantity 
of published pages in "Vault 7" part one (“Year Zero”) already eclipses the 
total number of pages published over the first three years of the Edward 
Snowden NSA leaks.

(Press Release Headings …)
CIA malware targets iPhone, Android, smart TVs
CIA malware targets Windows, OSx, Linux, routers
CIA 'hoarded' vulnerabilities
'Cyberwar' programs are a serious proliferation risk
U.S. Consulate in Frankfurt is a covert CIA hacker base
How the CIA dramatically increased proliferation risks
How the CIA dramatically increased proliferation risks




___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link