Wikileaks has released much information that was apparently stolen from the CIA’s Center for Cyber Intelligence (CCI) internal classified network. The information appears valid. Reuters is reporting from their sources that the information is valid. My take?
I have not found anything especially revealing about the assumed capabilities of the CIA CCI in the trove of documents so far. We Americans assume our intelligence agencies are constantly developing hacking tools to spy on non-Americans as much as they can. The outrage of the Summer of Snowden was that the intelligence agencies had turned those “cyber weapons” on Americans in an indiscriminate manner, sucking up all of our data. What we now call t he bulk gathering or mass surveillance of Americans. Moreover, I have every reason to believe they are still doing it.
Wikileaks Vault 7 CIA Hacking Tools appears to be a list of ways the CIA is hacking into smart TVs specifically the Samsung, Android and Apple phones, and anything connected to the Internet. It appears to be some internal “wiki” that the CIA was running to allow its internal cyber workers to share ideas and tools.
Vault 7 does reveal means and methods which are somewhat interesting. For example, the CIA seems to like to, get a person to stick a thumb drive into your computer or in other ways get you to click on a link. For example, they have a process where an internal person working for them will pretend they are watching a video on your computer and all the while they have inserted a USB drive in your computer and the CIA hackware is taking over the computer. Also just like everyone else, many of their hacking require “elevated privileges” or to run as Administrator on your computer or root on your Android smartphone. Thus basic security helps.
They even appear to attack the infrastructure everything rides on. For example here is the CIA show how to attack a Cisco switch. This is also not new. Again it is interesting how much time they spend trying to fool anti-virus tools which suggest these tools are somewhat useful. You can find the CIA CCI guys bemoaning the fact that people continuously update their computers creating a “moving target.” They also bemoan good anti-virus, anti-spyware, for example Comodo free anti virus.
The New York Times made a mistake. Again. They suggest the Vault 7 Year Zero archives prove that the CIA can hack applications we all depend upon for security such as Signal. After reviewing the Wikileaks archive, it does not demonstrate any means of hacking privacy tools such as Signal itself, but in hacking the phone, it is on. It appears the CIA desire is to get control of your phone before your voice is sent encrypted. Attacks against the computer operating system itself have been a common theme in the surveillance state war on privacy. That often attack the platform (your phone, computer, and Internet-connected home devices), not the application themselves. That is why we strongly recommend using TAILS.
Comodo is a giant PITA. It can and will catch and show your entire chain of execution and a great deal of your file I/O. If you drop and run, it will show where you drop, what you run, and what you run runs. Yeah, its that bad.
There is a magical place that for some reason Comodo likes to ignore. The Recycle Bin. You know, that folder of stuff users have deleted? Stuff that probably has no business executing at all, let along dropping and running other code? Yeah – they like to ignore initial execution out of that bad boy.
I could not find anything about Silent Circle or Blackphone specifically in the archive. I did find many things about the CIA attacking Google Android as we have warned for years. That is why it is so suspect that Blackphone based its “secure” solution on Android. I believe using Signal on an Apple phone is adequate for the vast majority of patriots wanting to avoid bulk surveillance.
The CIA appears to lurk message boards and listen to valid system administrators trying to secure different tools and use the weaknesses they find to build bugs. The CIA even appears to purchase Day Zero attacks from others. BTW, Day Zero in information technology terms means a weakness in a system that is “unknown” by most people. Say only you know how to get in and out of your favorite theme park after it is officially closed and locked at night. This is a Day Zero. No one knows about it. On Day 1, other people know about it, and start to go around fixing the fence. The CIA was finding, developing and buying Day Zero attacks against popular manufactures of computers and hoarding them so they can use them to take over computers. This suggests that quickly finding weaknesses and fixing them makes the bad guys work harder. On your computer, you should be regularly patching your computers and phones.
Another thing on the Day Zero front is that there appears to be significant evidence that Obama’s CIA has broken an “agreement” it had with Congress. After Snowden, the government agreed to let American manufactures about weakness in their products. It was a clear “agreement.” The CIA, of course, lied (again) to Congress. What will happen, most likely nothing, but for the rest of us, we have more reasons not to trust the Deep State in the form of the CIA.
The things I did find interesting is this trove essentially proves the CIA has electronic false flag capabilities. Again, we assumed this, but it is fairly interesting that it is proven. This raises more questions about things like “the CIA has evidence that the Russians have hacked the DNC to benefit President Trump.” Well, does it really, or is it simply a conspiracy theory called the “false flag.”
There was no new information of wide spread mass surveillance like the Summer of Snowden revealed. The tools revealed in the Wikileaks Vault 7 CIA Hacking Tools all appear to be more targeted. For example here (TOR Browser strongly recommended) the CIA is showing how to hack an Android phones, and it is primary “attack through browsers.” Basically “click on a link.” For example I have received a text from an unknown phone number. The text says “Hey get on this so we can chat marcopolo15.me/i/alex-b-PJQxC” I am like, this looks very suspensions.
Although the archive did suggest the CIA is running its Bot net or “automated network” of computers it can pull data from, and attack other computers. This trove again shows the CIA monitoring public channels and discussing how to learn from them. Again, this is all something we would assume the CIA should be doing.
I found nothing in this trove of documents to suggest that our recommended Patriot Darknet tools, TAILS and TOR for Internet communications, and Signal or Silent Circle on a fully patched iPhone are broken. Yes, if they find out who you are, they will try and get your iPhone either by getting you to click on a link or somehow busting up your specific iPhone. We still recommend that you do not trust any electronic device for really sensitive conversations. The only way to speak now-a-days privately is to get face-to-face without any electronic devices anywhere near you. If General Flynn had listen to this advice he would still be working in the White House.
To me so far this trove has confirmed what many of us have assumed for a long time. The CIA tries to maintain the ability to hack all types of electronics. They try to maintain the ability to blame it on other people. They lie to Congress and the American people. The news, we have confirmation this is what they are doing, and a more detailed look at how they are doing it. Go dark to remain free.