WikiLeaks: Apple, Google, others will get CIA hacks first

[CrAKeN]

 

Julian Assange said WikiLeaks will work with tech companies to resolve the CIA's exploits.

 

Julian Assange, the founder of WikiLeaks, wants big players like Apple and Samsung to disarm the CIA's exploits before he releases them to the world.

 

WikiLeaks wants to join forces with tech giants against the CIA.

 

The leak-focused site on Tuesday released thousands of alleged CIA documents, accusing the intelligence agency of amassing tools that can break into iPhones, Android devices, smart TVs and cars. WikiLeaks' "Vault 7" release also indicated that the CIA hoarded vulnerabilities in iOS and Android and kept them secret so it could continue using them to gain access to devices. CNET is unable to verify whether the documents are real or have been altered.

 

On Thursday, WikiLeaks founder Julian Assange said that his organization will work with tech giants like Apple, Google and Samsung to plug those holes before it releases more details on the CIA's hacking program.

 

"We have quite a lot of exploits ... that we want to disarm before we think about publishing it," Assange said at a press conference streamed on Periscope. "We're going to work with some of these manufacturers to try and get these antidotes out there."

 

His press conference was the latest turn in a drama that has potentially blown open how the CIA could use our own devices to spy on us. The documents show how the agency has allegedly been able to break into even encrypted devices such as phones and computers by taking control of their operating systems.

 

Assange said he's been keeping WikiLeaks' findings under wraps while the CIA's exploits can still be used because he doesn't want them falling into the wrong hands. He said the CIA has already "lost control of its entire cyberweapons arsenal," which he criticized for being poorly secured.

 

He said WikiLeaks has much more information on the CIA's cyberweapons program that it's waiting to reveal.

"This is an historic act of devastating incompetence," Assange said, "to have created such an arsenal and stored it all in one place and not secured it."

 

The CIA has not confirmed or denied the authenticity of WikiLeaks' release but did say that it is the CIA's job to "be innovative" and "cutting edge" with its technology. The intelligence agency said it will continue to spy on foreign countries to "protect America from terrorists, hostile nation states and other adversaries."

 

The agency also sought to cast suspicion on the messenger.

 

"As we've said previously, Julian Assange is not exactly a bastion of truth and integrity," CIA spokesman Jonathan Liu said Thursday in a statement.

 

Challenges for Android and others

 

For some of the smaller exploits, it will take companies two or three days to patch up the vulnerabilities, Assange said. For exploits on so-called internet of things devices like smart baby monitors or refrigerators, it could take much longer.

 

Samsung said it is "urgently looking" into the CIA's alleged exploits after WikiLeaks named a program that could secretly turn its TVs into listening devices. Apple said it had already patched up most of the vunerabilities with its latest version of iOS. Microsoft said that it's aware of the CIA's alleged tools and that it's "looking into it."

 

Google said in a statement that it had already patched up most of the holes. However, the various makers of Android devices add their own custom software, which may still be vulnerable.

 

Android users will also have the most difficulty in getting fixes for some of the CIA's exploits because the operating system is used by multiple manufacturers with different rollout schedules for updates.

 

"For some systems, like Android with many manufacturers, there is no automatic update to the system. That means that only people who are aware of it can fix it," Assange said. "Android is significantly more insecure than iOS, but both of them have significant problems."

 

WikiLeaks is still sorting through thousands of documents for future releases. The organization redacted more than 78,000 IP addresses, more than a quarter of which came from the US. The CIA said it does not spy on US citizens, but WikiLeaks is still investigating how many of the 22,000 IP addresses in the US are from the CIA's hacking unit and how many are malware victims.

 

Assange said the CIA's hacking programs cannot be properly regulated by its design.

 

"The technology is designed to be unaccountable. It's designed to be untraceable," he said.

 

Source

[steven36]

Quote

 

javelinRL

 

That would be great but there's a reason these are redacted: they could be the IPs of legitimate terrorist cells, people involved in child trafficking, potential corrupt politics, etc. WikiLeaks most likely has no way of knowing what these numbers are, in builk and they cannot (and should not) publicize that if there is no obvious reason or benefit in doing so.

22k might sound like a lot but it is like a 0.00007% chance of you being one of those IPs - or something like one person in 15 thousand. And that's considering 1 IP per person which is a very rough estimate - anyway, the chance is very unlikely and even if you tried to sue them, they more likely than not could fabricate some sort of justification to be keeping an eye on you - meaning, at the least, that the case wouldn't be easy to win and you'd need a pretty good lawyer against the CIA, who has expert lawyers on every corner of every floor of every building they own in US soil. They have a legal and legitimate right, you know, to keep an eye on some people - that's their job and reason to exist!

Assange and the WL team walk a very thin line. Anything they do, they will get labeled as terrorists and betrayers for disclosing confidential information - as they are accused of in any debate where the opposition participates in (the same for Snowden). The NSA leaks ignited a huge global discussion and resulted in similar exposures worldwide. This is pretty much the same thing. Now, if they start disclosing possibly identifiable details like these, they open themselves to a whole new category of legal attacks (companies owning these IPs might take litigation against them) or - even worse, they might lose the moral high ground that got them this far. People could start asking why they are releasing information that isn't necessarily valuable and that will actively disrupt ongoing intelligence investigations in the US, with little to no chance of doing any good. They need to choose their battles - there's a reason why they worked to hide those and now you just want them to show it?

WikiLeaks has much bigger fish to fry than this detail you decided to fixate upon. They have future Vault 7 releases to make, other leaks to confirm, work to do with journalists, etc. I'm pretty sure much better damning evidence will come up than this and a much stronger class action.

 

 

My take on this we dont even know if these IPs were really people from the USA  Anyone can use a paid or free vpn  to obtain a usa ip. Also really 22,000 American IP addresses is nothing comparied to over a million the FBI spied on  during a investigation  the FBI  can spy anywhere in the world with one court order regardless of you're ip . A Ip is not a person and it dont even prove were you're from anymore. Next thing you know Google , Apple and many others will be suing them if there not careful about what they disclose because these are all USA businesses already there upset saying they patched this and that .

[steven36]

Snowden may be on to something did the CIA tip these big businesses off to patch these exploits ahead of time? The CIA know they lost control of these hacks a year ago .

 

Quote

 

Edward Snowden‏

 

One question matters: @CIA realized they lost control of their hacks last year. Did they immediately warn US manufacturers to fix the vulns?

 

https://twitter.com/Snowden/status/839901656254918658

 

Quote

@Snowden Sometimes if something looks too good to be true, it can be. @CIA could have targeted #Assange & @wikileaks for eradication & won.

LOL The CIA could of done this just too mess up Wikileaks up

[steven36]

 

 

More stuff reveled  from the NY Times  some of  the stuff Wikileaks said  found to not be true from a article by  Zeynep Tufekci

 

Quote

 

sfam

So it looks like the sensational wikileaks CIA leak was a big fat nothing burger. This is yet another case of WikiLeaks false advertising - fake facts if you will. They regularly over-promise and under-deliver. Nothing really new was provided, other than that they are stockpiling potential security flaws. WhatsApp and Signal were not in any way compromised. If you compromise the phone itself, then all data transfers the phone has are compromised.

Zeynep Tufekci has a great Op-Ed on this. She's a very well respected internet researcher.

Some excerpts:
 

Quote

Yet on closer inspection, this turned out to be misleading. Neither Signal nor WhatsApp, for example, appears by name in any of the alleged C.I.A. files in the cache. (Using automated tools to search the whole database, as security researchers subsequently did, turned up no hits.) More important, the hacking methods described in the documents do not, in fact, include the ability to bypass such encrypted apps — at least not in the sense of “bypass” that had seemed so alarming. Indeed, if anything, the C.I.A. documents in the cache confirm the strength of encryption technologies.

 

Quote

 

What had gone wrong? There were two culprits: an honest (if careless) misunderstanding about technology on the part of the press; and yet another shrewd misinformation campaign orchestrated by WikiLeaks.

 

 

Quote

 

the cache reminds us that if your phone is hacked, the Signal or WhatsApp messages on it are not secure. This should not come as a surprise. If an intelligence agency, or a nosy sibling, can get you to install, say, a “key logger” on your phone, either one can bypass the encrypted communication app. But so can someone looking over your shoulder while you use your phone. That is about the vulnerability of your device. It has nothing to do with the security of the apps.

 

 

Quote

If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be. Since it doesn’t have a means of easy mass surveillance of such apps, the C.I.A. seems to have had to turn its attention to the harder and often high-risk task of breaking into individual devices one by one.

 

 

 

Quote

We’ve seen WikiLeaks do this before. Last July, right after the attempted coup in Turkey, WikiLeaks promised, with much fanfare, to release emails belonging to Turkey’s ruling Justice and Development Party. What WikiLeaks ultimately released, however, was nothing but mundane mailing lists of tens of thousands of ordinary people who discussed politics online. Back then, too, the ruse worked: Many Western journalists had hyped these non-leaks.

 

Quote

WikiLeaks seems to have a playbook for its disinformation campaigns. The first step is to dump many documents at once — rather than allowing journalists to scrutinize them and absorb their significance before publication. The second step is to sensationalize the material with misleading news releases and tweets. The third step is to sit back and watch as the news media unwittingly promotes the WikiLeaks agenda under the auspices of independent reporting

 

 

The CIA hasn't lost control of its tools. It certainly has lost control of its clearance procedures and contractor facility security procedures, which is sort of crazy after the Snowden thing. This is yet another contractor releasing stuff for personal reasons. They shouldn't have had the capability to do that. Solid facility procedures like tracking and securing classified hard drives stored at night and should stop that. The fact they haven't shows systemic problems.

 

She slammed dunked Wkileaks  by  catching them in lies about encrypted apps   and calling them out on it .  That's what the fear spreaders get this proves how valuable  they are on a clean device . And if shes right nothing will be valuable  info if the past repeats its self. 

[straycat19]

Though WikiLeaks has offered the tools to large companies, the companies are not taking them up on their offer for one very big reason.  The tools/info that was supposedly hacked and was classified is still classified and having it in your possession could lead to prosecution.  Companies that require security clearances to do government contracts could lose those clearances and their contracts.  Likewise any individual in possession of those files could lose their security clearance.  Sean Spicer ,in a recent press conference, reminded companies/people that this data was not being declassified and having it in your possession could result in punishment.  As a private citizen, having this information in your possession could add decades to any criminal sentence you might be facing or be used as a bargaining chip to coerce data from a defendant concerning another investigation.  Computer criminals are known for throwing their fellow crims under the bus when they are caught.  Sabu of LulzSec is a prime example but there are many more that have not been publicly exposed like that one was, which was used as a warning to others not to trust your internet friends.  

[KRS]

With respect to mobiles and that. It does not matter if we navigate and we take care of places where we visit for a certain time, there is no more vulnerability because we open the doors to viruses, nowadays many have persecuted us or sought as a needle, we hope that remedy will succeed in working with Time or we do not have to be totally unsafe. P.S. Over time and if we are concerned about safety we have to acquire modified products.