Wikileaks CIA releases.......



  • I wasn't sure whether to start a new thread or not

    To my untrained eye, this looks extremely significant.

    Overall summary- https://wikileaks.org/ciav7p1/

    • one of many revelations



  • This post is deleted!


  • This post is deleted!


  • OK, I was bored and started reading it.

    NEWSFLASH! Intelligence agency develops tools to gather intelligence! OMG!

    NEWSFLASH! People working for intelligence agencies work from embassies using cover titles, travel on Diplomatic passports and don't tell immigration officers exactly what their job is! OMG!

    Oh well, I found it funny anyway.



  • The important bit, coming out with this timing, was the detailing of how the CIA (apparently) have a tool that lets them hack with the footprint of other foreign agencies. EG the Russians.

    That's why this 100% belongs in bullshit spam conspiracy theories.

    It came out in the midst of a Russia meltdown & gives cover to the idea that anything "on" anyone in the whitehouse had zero to do with the Russians & was planted by the CIA. And that the CIA hacked the DNC and made it look like the Russians. And anything that smells of Russians now is actually the CIA using this tool.

    OR

    It's Wkileaks leaking to help the WH just as they did during the election, at the behest of the Russians & with full collusion between Assange & Bannon.

    Take your pick, both are equally bullshit.



  • a point not mentioned below is that by last year, the CIA's CCI (Centre for Cyber Intelligence) more than rivals the NSA, has minimal accountability, and 5000 registered hackers/users.

    This is a list (which I am posting here from another site, I didn't make it) of the main wikileaks points:
    alt text

    ....goes to unplug his 55 inch Samsung smart TV..... 😉



  • The perils of big data

    alt text



  • This post is deleted!


  • @jegga HAHAHAHA oh that's fucking gold!!



  • I was pretty amused by this:

    mrpippy 1 hour ago [-]
    
    Also: OmniGraffle and Sublime Text license keys (registered to "Affinity Computer Technology")
    
    https://wikileaks.org/ciav7p1/cms/page_25264141.html https://wikileaks.org/ciav7p1/cms/page_9535650.html
    
    reply
    
    mo17i 1 hour ago [-]
    
    I tried Sublime Text license key and it worked!
    
    reply
    


  • 0_1489014054007_upload-3ccd6eb4-c2d6-4c79-8dc9-b513fd0801b8



  • @Frank

    When do they start releases hacks that make the Russians look bad? Oh.. yeah..

    I am amazed how many people think a Russian proxy tossing information out is awesome.



  • @gollum said in Wikileaks CIA releases.......:

    @Frank

    When do they start releases hacks that make the Russians look bad? Oh.. yeah..

    I am amazed how many people think a Russian proxy tossing information out is awesome.

    Its bizarre that people think this weirdos behaviour is somehow constructive and most of the time his "revelations " are a let down or obvious to most people anyway. And like you said its completely one way, if he's as awesome as he thinks he is when it comes to hacking surely he can get past Russias cyber security? It seems more likely they've been drip feeding him stuff for years knowing that the narcissistic douche would happily take credit for it.

    Since the election there's been a weird change in attitudes to Assange and wikileaks , he was a hero to leftards but now rwnjs like Sarah Palin are saying this about him.

    https://www.facebook.com/sarahpalin/posts/10154916952353588:0

    Also he might be banging Pamela Anderson.

    http://www.stuff.co.nz/entertainment/89133564/Pamela-Anderson-may-be-dating-Julian-Assange-because-of-course-its-2017



  • @jegga

    Its not since the election.

    He leaks against the US - as everything he is given comes via the Russians, so whoever is in power hates him, when he leaked attrocities in Iraq the left loved them because it confirmed their ideas & the right hated him, when he leaked against Hillary the left hated him because it helped the GOP & the right came out & praised him, when he leaks against Trump... well, thats never happened so we don't know. But I'm going to guess the right will hate him. Even now the establishment right (McCain etc) fucking hate him with a vengence. Tho' to be fair they've consistently hated him right through.



  • @gollum
    99% still to be released. Very interesting times. Popcorn at the ready.



  • @Frank

    Did you understand or find this useful -

    Omnigraffle License Keys

    FBBS-VPBC-BKZK-ACIN-DQHB-NDX (User #?)
    IEGR-ORUJ-BDVV-CSIN-DQHB-NDX (User #77146)
    HEOI-YOEE-JYYT-FFIN-DQHB-NDX (v5) (User #77147.)
    LAEM-IDBD-GWAO-HFIN-DQHB-NDX (v5) (User #15728648.(User #71317) ) 
    HUXL-TPCG-HWMS-IKHQ-OUJJ-GEL (v5) (User #77148.)
    

    ?

    If not, the other 99% is not going to be that popcorn friendly. There were thousands of files leaked during the election & the one with most traction was interpreted (wrongly) that a pizza restaurant was a peedo site. Almost everything leaked will not be remotely understood by anyone & in trying to they'll get it wrong or rely on idiots to interpret it for them (who get it wrong). The odd software key is actually the only stuff that most people will find useful, and 99% of people will try & use it to activate MS Word.



  • @Frank if the first 1% can be thought of as a trailer to promote the full release then it will be up for a Razzie.

    What has been released is designed to grab headlines and excite the public. It is nothing new and is not exclusive to the CIA (as is being made out)

    None of this is 'Eye in the Sky' security fantasies or tinfoil hat material. It is commonsense security stuff.

    I don't see how it's big news about the Samsung TVs. Basically just work on the premise that anyone that wants to access anything electronic can do so whether it is a games console, a webcam, a smart tv, a cable strung from your house to a junction etc etc.
    There's a reason why sensitive information is handled only on secure systems electronically and physically it is handled within secure environments and skifs.
    Want to know where classified material is handled? Look for the metallic mesh curtains, to stop anything electronic being accessed simply from long range.
    It's a known game. It is as funny as hell in areas like Canberra where embassies are grouped together within line of sight. You can sit in the tea room of the NZ High Comm and talk shit in full knowledge that the Chinese across the road probably have a listening device tuned right at you from across the road. The Aussies even have a spurious DFAT 'training centre' on the hill above the Chinese (and PNG/Canada/NZ/UK)

    I think it's hilarious how many people think these releases are shocking as they are probably reading all about them on a Huawei device.



  • Thanks for cluing me in guys. I'm just a beginner, not an expert.
    I'll post anything I find interesting on this thread.
    Probably you will be are right and there will be nothing really newsworthy.
    Then again.....................😀



  • A lot of whats front page news on this came out at least 2 or 3 years ago. EG your TV might listern to you, CNET flagged that over 2 years ago (link)

    https://www.cnet.com/uk/news/samsungs-warning-our-smart-tvs-record-your-living-room-chatter/

    and - even better, its in the fricking Samsung agreement you get with your TV -

    "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

    The Guardian highlighted in 4 years ago -

    https://www.theguardian.com/technology/2013/nov/21/information-commissioner-investigates-lg-snooping-smart-tv-data-collection

    It (LG) conceded that the system also collected filenames of attached USB disks, which it said was "part of a new feature being readied to search for data from the internet (metadata) relating to the program being watched".



  • @gollum
    seems different:

    your link detailed information leaking out of the software feature Voice Recognition, which can be turned on and off...
    Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

    and here is the CIA hacking malware:
    https://www.forbes.com/sites/thomasbrewster/2017/03/07/cia-wikileaks-samsung-smart-tv-hack-security/#40c877a64bcd
    Weeping Angel runs just like a normal TV app, not unlike YouTube, but in the background, capturing audio but not video. It can, however, also recover the Wi-Fi keys the TV uses to later hack the target's Wi-Fi network, and access any usernames and passwords stored on the TV browser, explained Matthew Hickey, a security researcher and co-founder of Hacker House, a project to encourage youngsters to get into cybersecurity. There was also a feature dubbed "Fake Off" where the TV would continue recording even when shut down.

    Hickey, who reviewed the CIA notes on the project, said it appeared the malware would infiltrate the TV via a USB key, as the notes on Wikileaks indicated USB install methods were disabled in a specific firmware. He said, however, that there's still a chance the CIA has remote infection techniques.

    He noted that the attacks would likely be limited, in that the CIA would have to be nearby to harvest the stolen data. "Effectively they install an application onto your TV through USB, they go away on their spying business and come back with a Wi-Fi hotspot later on. When the TV sees the CIA Wi-Fi, it uploads all of the captured audio it has recorded of people around the TV, even when they thought it was off."



  • @Wairau

    How is that not literally this -

    "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

    Included in the full Samsung agreement given to everyone who buys their TV. Don't even need a spook to sneak into your house & stick a USB in & upload the software, Samsung - openly, built it in. And then told you they built it in. And then told you they might give it to 3rd parties

    The example you've quoted is actually nowhere near as easy as the reality of what has been on smart TV (openly) for 2-3 years.



  • @gollum said in Wikileaks CIA releases.......:

    How is that not literally this -

    because it's different. More spy like. I'll leave it to you to figure out.



  • alt text



  • Anything on the internet can be hacked. I went to a presentation from the head of security of a large corporation and it's pretty scary stuff TBH.

    Target got hacked via their Air Con units a while back, compromising basically all of their customer data nearly sinking the company for good.

    Another example is a company (barbie?) thought it would be cool to put cameras in their dolls so parents could record their kids. Next thing weirdos have hacked them and are watching their kids.

    Companies are producing smart TVs, smart fridges, smart anything really. And in the rush to get these to the market secuirty is very much an afterthought. Just because you can put something on the internet, doesn't mean you should.

    As to countries hacking each other, there is literally a fucking massive cyber war going on every second of every day that nobody really knows or cares about. I've seen a global map that showed hacking attempts and it was ridiculous, with the States leading the way, but basically every single country was trying to hack the shit out of each other.



  • I worked as an anti hacking developer for credit card companies and banks in London.
    So much ignorance and disinformation around this Wikileaks stuff.
    Bottom line is that hacking sucks donkey balls. But is harder than most people realise. If they want to hack you as a citizen, they will. But it has be worth thier while. Unless you make it easy for them.

    P. S Assange is a dishonest twunt. Loathe him with a passion. He is just a pawn.



  • @gollum Samsung hasn't put software in their TV to implement a fake off mode, which is one of the exploits revealed.

    This is worth a read; https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/?page=1

    GIves a summary of the exploits (some are a few years old, but real). In short, if you have an Andriod phone it's pretty easy to spy on you.

    Snowden thinks the info is real, for what that's worth.



  • @Baron-Silas-Greenback said in Wikileaks CIA releases.......:

    I worked as an anti hacking developer for credit card companies and banks in London.
    So much ignorance and disinformation around this Wikileaks stuff.
    Bottom line is that hacking sucks donkey balls. But is harder than most people realise. If they want to hack you as a citizen, they will. But it has be worth thier while. Unless you make it easy for them.

    P. S Assange is a dishonest twunt. Loathe him with a passion. He is just a pawn.

    Yeah, something like 80% of hacking occurs due to human error - E.G. people clicking on a dodgy link, putting a dodgy USB drive into their PC. It's pretty difficult to hack without some form of user interaction. The Target hack was due to a person being duped into plugging in a device, otherwise the hackers had nothing. The biggest threat to corporations is its own users.

    And as you say, there's a very low probability that a single person is being hacked unless they are a person of interest. Hackers doing it to make money target corporations. Government agencies target people believed to be a threat. Joe Public is not worth the effort for anyone.

    The headline that the CIA could watch you through your new smart TV generates some good clicks but is not what is happening in reality.



  • I went to a presentation recently, where a company had been hacked and the people that hacked them offered to unlock it for $800NZD (they had a call centre you call to arrange)

    They contacted their Insurer, who spent about $15k unlocking their servers and 'blocking the hole'

    Your credit card data can be sold for $50USD...

    Hackers will often target smaller organisations that can give them a backdoor into a large one.

    While there are revenge attacks, most are driven by greed.



  • @taniwharugby yeah the Target hack was done by hacking the air conditioning vendor, who then planted the malware on Targets network. Crazy stuff.

    There's hacking software you can purchase that gives a gauranteed return on investment. It's big business nowadays.

    I never allow companies to save my credit card details for that reason.



  • the value for a lot of information is dropping, so hackers are stealing more data or finding other information to sell.!

    We have been seeing a lot of info around Cyber Risk
    alt text

    0_1489098844722_Capture.PNG



  • @Kirwan said in Wikileaks CIA releases.......:

    Snowden thinks the info is real, for what that's worth.

    Snowden is horribly over hyped, he was a very low level, not very competent no-one who exploited appalling security. He's now painting himself as an expert - and compared to most he certainly is. But he was not some high level in the know US intelligence genius. I quite like the stuff he does on the Intercept, but its not like he was priviy to top level - or even mid level meetings.

    The big issue I have with all of the "The CIA are tracking you!" stuff is as @dogmeat says, most of the time its not Tom Cruise floating down past lasers & putting in a USB stick that self destructs, its someone opening spam, or getting an email that says "Hi! its Microsoft we need to direct access your PC!" & being too stupid to realise. Or even in Snowdens case where he literally just said to guys with security clearance "can I have your password". And they let him.

    While in day to day life Facebook listens to us (and tells us it is doing so) via our phones, as does Google (which again, tells us), Amazons Fire TV boxes don't have an off switch, and so on & so on. People willingly, enthusiastically give away far more information to google, garmin, fitbit, amazon, apple etc every day than any spy agency could ever wish for. Juat the other day people had to be told to maybe not stick their boarding passes on fricking instagram -

    https://blog.kaspersky.com/dont-post-boarding-pass-online/10495/

    The panic over the deep state tracking us amazes me, the deep state is not tracking you, everyone you digitally wank into (FB, Snap, Google etc) IS tracking you & 100% already has enough information to destroy your life, info you freely - gleefullyy, gave them. They aren't going to. But you have given them everything they need to do so. And for at least 50% of the population all it would take to get you to hand all of that to a 16 year old "hacker" would be a mocked up email from Facebook_Important@hotmail.com



  • The boarding pass thing is funny. I can't believe how many people I see telling all and sundry they are away from their house for a while etc

    The other good one is the use of your normal email address as your apple or google id. All someone has to do is use the email address you freely hand out and crack your probably weak password and they can track your whereabouts because you probably also have location tracking on.
    All those people concerned about their samsung tv are carrying and allowing a personal tracking device on their person.



  • @Crucial

    Yeah, the huge celebrity photo leak (The Fappening) wasn't amazing hacking, it was a guy digitally watching celebs till he could guess their email address & then just trying out obvious passwords till he got it right. That was all it took. Read Scarlett Johansens tweets for a week, see she bleats on about her dog "Scruffy", login to her icloud using a password of scruffy, Ilovescruffy, scruffy123 till you are in.

    And then for good measure try her Amazon, iTunes, Facebook & Instagram accounts too because they are probably all the same fricking password



  • @gollum said in Wikileaks CIA releases.......:

    @Crucial

    Yeah, the huge celebrity photo leak (The Fappening) wasn't amazing hacking, it was a guy digitally watching celebs till he could guess their email address & then just trying out obvious passwords till he got it right. That was all it took. Read Scarlett Johansens tweets for a week, see she bleats on about her dog "Scruffy", login to her icloud using a password of scruffy, Ilovescruffy, scruffy123 till you are in.

    And then for good measure try her Amazon, iTunes, Facebook & Instagram accounts too because they are probably all the same fricking password

    We all do owe the man a debt of gratitude as well. Guessing that Kate Upton's password was 'spoodgeonmyback' was genius.



  • https://www.theguardian.com/media/2017/mar/10/wikileaks-julian-assange-silicon-valley-response-cia-russia?CMP=twt_gu

    But members of the security community have dismissed Assange’s hyperbole around the CIA files – collectively nicknamed “Vault 7” – which he described as “exceptional from a political, legal and forensic perspective”. Ryan Kalember, SVP of Cybersecurity Strategy at Proofpoint, disagreed. “There’s nothing earth-shattering,” he said, pointing out that many of the operating systems mentioned in the documents are quite old and have already been updated.

    “It seems like the CIA was doing the same stuff cybersecurity researchers do, which is compile lists of vulnerabilities and try to figure out which ones are being exploited in the wild and which ones could be.” It’s not clear at this point how many, if any, of the vulnerabilities are genuine “zero-days” – those not yet known to vendors, named after the number of days they have to fix them.

    Kalember said that the so-called Weeping Angel hack, which uses malware to spy on Samsung smart TVs, has been shown at security conferences for a couple of years and requires physical access to the device.

    “The CIA should be embarrassed that they lost control of this cache, but they should also be embarrassed if this is their level of technical sophistication,” said another another security researcher, who did not want to be named. “What they have is pretty unimpressive.” Both said that the vulnerabilities detailed in the documents are likely to have already been patched by the companies. Apple and Google have both publicly stated this is the case.

    There could be more to come, however: Assange has emphasized that the data trove released on Tuesday is only a portion of the total leaked information WikiLeaks holds. “The fact that Julian Assange is offering to selectively disclose vulnerability information to affected companies is better than revealing it to all and sundry, but it depends on the veracity, accuracy and currency of that information,” said BullGuard CEO Paul Lipman.

    “I don’t think WikiLeaks is the first stop for tech companies looking to solve vulnerabilities,” he added. How do the CIA files compare to the revelations contained in the NSA leaks from whistleblower Edward Snowden? “It’s apples and oranges,” said Kalember. “The Snowden leaks were not only technically interesting but contained a lot of novel stuff that was not known at all.”

    He said that with Vault 7, he and other members of the cybersecurity community have spent a lot of time “laughing about funny things on the CIA’s intranet” (like this collection of emoticons) rather than “debating anything interesting from a tech perspective”.

    Some researchers were skeptical of WikiLeaks’ motives, pointing to apparent ties between the whistleblowing organization and Russia – despite Assange’s denial. “Everything they have done over the last few months suggests they are operating as a front for a different leaker [Russia],” said Kalember. He said that the possible Russian ties as well as WikiLeaks’ track record of publishing identifying information about people (known as ‘doxxing’ ) – including millions of women in Turkey – and threats to make an online database of all verified users on Twitter – has diminished confidence in the organization.

    “No-one in the information security community really trusts him and his motives,” he said. At the press conference, Assange attempted to counter accusations that he or WikiLeaks had ties to Russian intelligence agencies, describing his operation as “a neutral, digital Switzerland”. The WikiLeaks’ promotion of the CIA files has placed emphasis on a group at the agency called Umbrage, which collects a library of attack techniques produced in other states including, the press release stated, the Russian Federation.

    “With Ubrage and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” WikiLeaks said. This could be interpreted as an attempt by WikiLeaks to undermine the attribution of the DNC hack to the Russians – something that the international security community almost unanimously agrees on.

    “They place a lot of emphasis on the fact that the CIA could be using malware to achieve its ends and leave trails that point to people in different directions. Everybody does this, but it’s not going to genuinely undermine proper attribution,” he said. That hasn’t stopped conservative media figures from embracing the conspiracy theory, amplified by a flood of Twitter bots spouting memes and a similar narrative.

    “I think at this point Assange is effectively acting in the service of the Russian government, whether intentionally or not,” said Kalember.



  • The biggest disappointment I have with Assange is that he has totally destoyed any shred of belief I had in the Hollywood version of the USA govt machine. He should been assassinated years ago..



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!



Log in to reply