Jump to content

Search the Community

Showing results for tags 'wikileaks'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 29 results

  1. Obtaining, disclosing "National Defense Information" charges could trigger 1st Amendment battle. Enlarge / Supporters of Julian Assange protest outside the Ecuadorian embassy as the WikiLeaks founder awaits a High Court hearing to determine whether he will be extradited to Sweden on sexual charges. Now, new US charges have been added to a previous indictment: 17 counts of espionage. Amer Ghazzal / Barcroft Media via Getty Images Today, the Department of Justice filed a new indictment of WikiLeaks founder Julian Assange with the US District Court in Alexandria, Virginia—adding 17 more charges atop the original hacking charge used to file for Assange's extradition from the United Kingdom. The new charges are all espionage-focused: conspiracy to receive, obtaining, and disclosure of "national defense information. Each of the 17 counts carries a potential prison sentence of up to 10 years. In a statement announcing the filing, a Justice Department spokesperson said, "The superseding indictment alleges that Assange was complicit with Chelsea Manning, a former intelligence analyst in the US Army, in unlawfully obtaining and disclosing classified documents related to the national defense." The new counts allege, among other things, that Assange conspired with Manning to steal "national defense information," obtained that information from Manning, and "aided and abetted her in obtaining classified information with reason to believe that the information was to be used to the injury of the United States or the advantage of a foreign nation." In a Twitter post, a WikiLeaks spokesperson wrote, "This is madness. It is the end of national security journalism and the First Amendment." The charges will no doubt raise First Amendment arguments, as the laws they are based upon have been largely untested in court in cases against public disclosure. In the indictment delivered by the grand jury—the same grand jury that Chelsea Manning went to jail for refusing to testify before—the Justice Department asserted that "Assange and WikiLeaks have repeatedly sought, obtained, and disseminated information that the United States classified due to the serious risk that unauthorized disclosure could harm the national security of the United States. WikiLeaks' website explicitly solicited censored, otherwise restricted, and until September 2010, 'classified' materials." The indictment calls out Assange's repeated solicitations of specific sensitive data, including both unclassified but non-public sources and explicitly classified data. Assange's "Most Wanted Leaks" were cited, which included: Intellipedia—the intelligence community's shared database of open source intelligence maintained by the CIA Open Source Center; Other "Bulk Databases" of military and intelligence data Classified "Military and Intelligence" documents, including "Iraq and Afghanistan Rules of Engagement 2007-2009 (SECRET);" operating and interrogation procedures at Guantanamo Bay, Cuba; documents relating to Guantanamo detainees; CIA detainee interrogation videos; and Information about certain weapons systems "Assange intended the 'Most Wanted Leaks' list to encourage and cause individuals to illegally obtain and disclose protected information, including classified information, to WikiLeaks contrary to law," the indictment states. The indictment asserts that Assange published classified documents that "contained the unredacted names of human sources who provided information to United States forces in Iraq and Afghanistan and to US State Department diplomats around the world," the Justice Department spokesperson said. "These human sources included local Afghans and Iraqis, journalists, religious leaders, human rights advocates, and political dissidents from repressive regimes." The indictment claims that Assange "created a grave and imminent risk that the innocent people he named would suffer serious physical harm and/or arbitrary detention." The indictment even links WikiLeaks to Osama bin Laden and noted that the Taliban used WikiLeaks documents to hunt down informants working for the US military and Afghan government. When US Navy SEALs raided bin Laden's compound on May 2, 2011, the indictment states: They collected a number of items of digital media, which included the following: (1) a letter from bin Laden to another member of the terrorist organization al-Qaeda in which bin Laden requested that the member gather the DoD material posted to WikiLeaks, (2) a letter from that same member of al-Qaeda to Bin Laden with information from the Afghanistan War Documents provided by Manning to WikiLeaks and released by WikiLeaks, and (3) Department of State information provided by Manning to WikiLeaks and released by WikiLeaks. Assange is currently jailed in London, serving a sentence for breaching his bail while facing extradition to Sweden on sexual assault charges. Swedish authorities have also begun to seek Assange's extradition on some of the rape charges. The new indictment comes before the US has formally filed for Assange's extradition—which the US must do by June 11. Source: New Assange indictment adds 17 espionage charges (Ars Technica)
  2. Late last year, the U.S. government accidentally revealed that a sealed complaint had been filed against Julian Assange, the founder of WikiLeaks. Shortly before this was made public, the FBI reconfirmed its investigation of WikiLeaks was ongoing, and the Wall Street Journal reported that the Department of Justice was optimistic that it would be able to extradite Assange. Soon after, portions of sealed transcripts leaked that implicate WikiLeaks and Assange in directing hackers to target governments and corporations. The charges against Assange have not been officially revealed, though it’s plausible that the offenses are related to Russian hacking and the DNC emails. The alleged offenses in the complaint notwithstanding, the government has an abundance of data to work with: over a dozen WikiLeaks’ computers, hard drives, and email accounts, including those of the organization’s current and former editors-in-chief, along with messages exchanged with alleged Russian hackers about DNC emails. Through a series of search warrants, subpoenas, equipment seizures, and cooperating witnesses, the federal government has collected internal WikiLeaks data covering the majority of the organization’s period of operations, from 2009 at least through 2017. The filing that committed a copy and paste error revealing charges against Assange. In some instances, the seized data has been returned and allegedly destroyed, such as in the case of David House, a technologist and friend of Chelsea Manning when she famously became a source for WikiLeaks. In others, the seized materials include communications between WikiLeaks and their sources. Some of these discussions show WikiLeaks discussing their other sources and specific identifying details about them. A copy of a chat log between Chelsea Manning and a WikiLeaks staff member IDed as Assange by government prosecutors and witnesses. Other seizures gave authorities a deeper view of the internal workings of WikiLeaks, including one of the earliest known seizures of WikiLeaks-related data, executed on December 14, 2010, when the messages and user information of several WikiLeaks-linked Twitter accounts were ordered. This search-and-seizure order included direct messages associated with WikiLeaks and its founder, former Army private first class and WikiLeaks source Chelsea Manning, WikiLeaks editor Rop Gongrijp, former WikiLeaks associate Jacob Appelbaum, and former WikiLeaks associate and Icelandic MP Birgitta Jonsdottir, between November 1, 2009, and the order’s execution. A couet order for information relating to people associated with WikiLeaks. On January 4, 2011, a sealed order filed in the Eastern District of Virginia requested all emails, address book, subscriber information, and other account information associated with Appelbaum’s email address [email protected], and another order would target his internet traffic. Appelbaum was a friend and confidant of Assange as well as a WikiLeaks volunteer. In 2010, Appelbaum was known as “the American WikiLeaks hacker,” and he was, at that time, referred to as WikiLeaks’ only known American member. In a private chat in 2015, WikiLeaks described Appelbaum as being “sort of” part of the group, though following multiple accusations of sexual abuse, the group publicly distanced itself from him. The emails obtained by the government extended from November 2010 at least through January 2011. The timing of the government’s acknowledgment of the order, along with other similar orders, suggest that the monitoring of the account may have continued through late 2014, when it and several orders were made public. A copy of a court order for information relating to Jacob Appelbaum, a hacker who worked with WikiLeaks (now credibly accused of multiple sexual assaults). Publicly released and leaked documents from Assange and his legal team allege that several laptops and hard drives belonging to the organization were intercepted by an intelligence agency during this time period. According to an affidavit from Assange, “three laptops ... assorted electronics [and] additional encrypted hard drives” were taken along with his suitcase in late September 2010. Assange’s legal team produced several additional affidavits and supporting documents detailing the existence and disappearance of the suitcase. The suitcase contained at least five hard drives, all of which were encrypted, according to Assange. However, the government has had eight years to guess or recover the passwords or break the encryption on the hard drives. Several other drives, numerous emails, and at least one cooperating witness may have aided in the process. Affadavit from Julian Assange. In mid-2011, the FBI had developed a major source who would become at least their second information with an eye into WikiLeaks’ operations. Soon after the arrest and cooperation of Hector Xavier Monsegur, a.k.a. Sabu, his hacking group (LulzSec) made contact with WikiLeaks. Sabu and LulzSec would become some of WikiLeaks’ most significant sources. The Syria files and Global Intelligence files LulzSec provided WikiLeaks increased their number of publications tenfold and still account for roughly half of their total number of publications. Communications between Sabu and WikiLeaks were monitored by the FBI. And some of the group’s communications with others were later seized in their arrest or turned over by Sigurdur Thordarson, a WikiLeaks volunteer who became an informant for the FBI that August. A section from the sentencing document for “Sabu.” It was later ID’d by WikiLeaks as about them. In addition to briefing the FBI in a series of meetings, Thordarson reportedly provided them with thousands of pages of WikiLeaks chat logs. Further, in March 2012, Thordarson allegedly provided the FBI with eight WikiLeaks hard drives containing up to 1020GB of data, according to a purported FBI document. Officials have not confirmed the authenticity of the document, though the amount of data provided is corroborated by additional sources. In an interview with Ars Technica, Thordarson claimed that Icelandic authorities had seized an additional 2 TB of WikiLeaks-related data from him, which he assumed was then shared with the U.S. American and Icelandic authorities had previously cooperated on Thordarson’s case and portions of the WikiLeaks investigation. According to leaked letters from WikiLeaks’ legal team, at least some of the hard drives had belonged to Assange. Thordarson’s debriefings and the hard drives of up to 3 TB of data may have contained the decryption keys or passwords needed to decrypt the hard drives Assange alleged had been seized earlier. A receipt given to Sigurdur Thordarson from the FBI for WikiLeaks hard drives. There are several hints as to the contents of these drives. According to the affidavit from Assange, the information on the hard drives included, in addition to the possible staff emails, “chat communications ... copies of passports [and] video footage taken in secret.” Following an Associated Press article based off of a cache of “WikiLeaks emails, chat logs, financial records, secretly recorded footage and other documents” from within the organization, WikiLeaks alleged that the cache was the same that had been provided to the FBI. In October 2011, amidst Thordarson and Sabu’s tenure as cooperating witnesses, American authorities issued a search warrant for the contents of WikiLeaks volunteer Herbert Snorrason’s Gmail account. The warrant requested all of the account’s information, “including stored or preserved copies of e-mails sent to and from the account, draft e-mails, deleted e-mails, emails preserved pursuant to a request made under 18 U.S.C. § 2703(f), the source and destination addresses associated with each e-mail, the date and time at which each e-mail was sent, and the size and length of each e-mail.” The volunteer had helped WikiLeaks with a minor technical issue. After learning that his account’s contents had been seized by the U.S. government, Snorrason told Mother Jones that he thought “pretty much everyone with both a Google account and a WikiLeaks connection will be getting one of those notices eventually.” Snorrason was correct in that other WikiLeaks-associated Google accounts had their information seized by the government. Six months after the order for Snorrason’s emails was issued, a trio of search orders were issued for the email accounts of senior WikiLeaks personnel. On April 5, 2012, sealed warrants were executed for the Google accounts of WikiLeaks editors Sarah Harrison and Joseph Farrell, as well as then-spokesman and future editor-in-chief Kristinn Hrafnsson on suspicion of espionage and violating the Computer Fraud and Abuse Act, as well as conspiracy and theft of government property. The warrants appear to have covered the entirety of the accounts and were disclosed by Google at the close of 2014. A court order for information relating to Kristinn Hrafnsson, current editor in chief of WikiLeaks, on suspicion if charges including but not limited to espionage. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. According to what’s informally known as “the GRU indictment,” WikiLeaks sent Guccifer 2.0 a message on June 22, 2016. The message instructed Guccifer 2.0, a persona the U.S. government believes was used by Russian operatives, to send new material to them so it would “have a much higher impact.” On approximately July 6, the organization sent another message encouraging Guccifer 2.0 to send “anything [H]illary related” in time for the Democratic National Convention, which WikiLeaks thought Clinton would use to solidify support. The quoted portion of the exchange ends with WikiLeaks saying they thought conflict between Sen. Bernie Sanders and Clinton would be “interesting.” These exchanges, about maximizing impact and damage, are relevant to one of the theories of Assange’s potential prosecution outlined by noted national security journalist Marcy Wheeler. An excerpt from a Mueller indictment. If the charges against Assange are related to Russian hacking and the Democratic National Committee email leak, this exchange could be one of the most likely pieces of evidence to be directly relevant to the initial charges against him. However, the entirety of the government’s evidence, including materials seized from alleged Vault 7 leaker Joshua Schulte and the alleged recordings of him transferring additional files to WikiLeaks regarding the organization, may be used to help make the case. Past statements and communications may be used to help establish a modus operandi, a pattern or an intent. As noted by the AP, some of the materials may point to the early beginnings of Assange’s reported relationship with Russia. Leaked copies of sealed files, statements by people familiar with the grand juries, and documents released through FOIA by independent journalist Alexa O’Brien—who also identified a number of sealed search orders—all indicate that the investigations converged and pooled evidence at times. The government’s information could be further augmented by recent surveillance of Assange in the Ecuadorian Embassy, where he has lived under asylum since 2012, the fruits of which may have reportedly been shared with the United States. Regardless of what the charges against Assange are, the government has terabytes of data with which to try to make its case, data that’s come from WikiLeaks supporters, sources, key personnel, and Assange himself. The full depth of the government’s sources, however, have yet to be revealed. Emma Best is a national security reporter and transparency activist. She has published millions of pages of government documents and is a member of the leak collective Distributed Denial of Secrets (DDoSecrets). Source
  3. Julian Assange has stepped aside as editor-in-chief of WikiLeaks, with the group saying his departure was “due to the extraordinary circumstances” of him being unable to communicate with anyone but his lawyers for the last six months. Assange has appointed Kristinn Hrafnsson to replace him. Hrafnsson is an Icelandic journalist who served as WikiLeaks’ spokesperson from 2010 to 2016. Assange has been unable to communicate with the outside world since the end of March, when his internet access was shut off. The WikiLeaks founder has been holed up in the Ecuadorian Embassy in the UK to avoid arrest or extradition, first for questioning around sexual assault allegations and later largely due to the presumption that the US plans to file charges once he leaves. Ecuador granted him asylum in 2012, and he’s been living inside the country’s embassy ever since. He continued to operate WikiLeaks from there, releasing, among other things, stolen emails from Hillary Clinton’s campaign chairman that helped to influence the 2016 presidential election. But in March, Ecuador had apparently had enough. The country said he violated an agreement to, essentially, not piss off other countries, so it cut off his internet access. WikiLeaks says the country installed signal jammers to prevent him from accessing the internet in any way and have prevented him from seeing anyone but his lawyers. Assange will continue to serve as the publisher of WikiLeaks, which is more of an honorary title that implies his stewardship of the site. Hrafnsson, the new editor-in-chief, says he “welcome the responsibility to secure the continuation of the important work based on WikiLeaks ideals.” Source
  4. After nearly six years, Ecuador may have had it with Julian Assange. CNN reports that while there have been threats to boot the WikiLeaks founder from the Ecuadorian Embassy in London before, his current situation is “unusually bad” and he could be forced out “any day now.” Ecuador’s new president Lenín Moreno is reportedly facing increasing pressure from the U.S. to eject Assange. Spain may have also weighed in after Assange tweeted his support for the separatist movements in Catalonia. The embassy recently cut off Assange’s internet access and blocked him from meeting with anyone but his lawyers. If Assange leaves the embassy he could face charges from three different countries. Though Sweden recently stopped investigating the rape allegation that led to Assange hiding away in the embassy, the probe could be revived if he leaves. Since he refused to surrender for extradition to Sweden, he’s also facing charges for breaching bail in the U.K. While President Trump has publicly declared his love for WikiLeaks, last month there were reports that federal prosecutors are preparing charges against Assange. The Obama administration held off on charging Assange because it was unclear how they could charge him for publishing government secrets but not mainstream news outlets. But they may have found a way around that, since Chelsea Manning admitted that Assange helped her figure out how to anonymously gain access to government systems. (That charge could have consequences for journalists too, but the Trump administration generally seems less concerned about that.) U.S. intelligence agencies also concluded that Russian intelligence used WikiLeaks to publish stolen emails meant to undermine Hillary Clinton’s presidential campaign, and on Thursday the Wall Street Journal reported that former Trump campaign adviser Roger Stone sought access to those emails in September 2016 through an acquaintance who knows Assange. So Assange’s relationship with the U.S. government may be about to get even more complicated. Source
  5. WikiLeaks, a secret sharing organization accused of playing a key role in Russian attempts to influence the 2016 U.S. presidential election, has released documents that it claims offer details of how Moscow uses state surveillance to spy on Internet and mobile users. The release, dubbed “Spy Files Russia,” appears to mark a shift for an organization that has long been accused of a reluctance to publish documents that could be embarrassing for the Russian state. As Edward Snowden, a former National Security Agency whistleblower who now lives in Russia, put it in a tweet: “Plot twist.” However, other experts are less impressed. “I don't think it's a real expose,” said Andrei Soldatov, a Russian investigative journalist and co-author of the “The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries.” “It actually adds a few details to the picture, [but] it's not that much.” The documents released by WikiLeaks on Tuesday appear to show how a St. Petersburg-based technology company called Peter-Service helped state entities gather detailed data on Russian mobile users, part of a national system of online surveillance called System for Operative Investigative Activities (SORM). “This system [SORM] has been known for some time, though the documents seem to provide additional technical specifications,” said Ben Buchanan, a postdoctoral fellow at the Harvard Kennedy School's Belfer Center and author of the book “The Cybersecurity Dilemma.” Buchanan added, however, that he was intrigued that WikiLeaks would release it at all. “I'm curious if there is more to come,” he said. Although WikiLeaks has shared secrets from a variety of other governments, it has been accused of refusing to publish leaks on the Russian government. WikiLeaks also has been publicly critical of the Panama Papers — a leak about offshore banking entities that is believed to have embarrassed Russian President Vladimir Putin. In interviews, WikiLeaks founder Julian Assange has suggested that as his organization lacks Russian speakers, whistleblowers prefer to leak to local media. The latest leak is unlikely to dispel the impression that WikiLeaks turns a blind eye to Moscow's failings, said Andrew Weiss, a vice president for studies at the Carnegie Endowment for International Peace. “It's very hard for WikiLeaks to somehow exonerate itself or remove the very clear pattern of cooperation with Russian authorities,” Weiss said. “This looks like a classic attempt to change the subject,” he added. Perhaps the most intriguing part of the documents is whom they were leaked by — a detail WikiLeaks generally refuses to discuss. Soldatov said that they may well have been leaked by someone who understood the lack of major revelations contained. “I would say it's coming from the company, sent by people who obviously understand it doesn't constitute a state secret, so it's safe,” he said. However, although the release wasn't a bombshell, it could still prove to be a positive force, some observers said. “If it prompts people to talk about SORM, so be it,” Soldatov said. Source
  6. Julian Assange’s data-leaking site defaced via DNS attack, showing humiliating messages for organisation that prides itself on being tech savvy. • The message posted by OurMine to WikiLeaks’ website URL. Photograph: Twitter WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them. But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday morning. Rather than attacking WikiLeaks’ servers directly, they have convinced one or more DNS servers, which are responsible for turning the human-readable “wikileaks.org” web address into a machine-readable string of numbers that tells a computer where to connect, to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine. It is unlikely WikiLeaks own servers were breached. The DNS protocol is a notoriously weak link of the internet due to the ease with which it can be compromised by both malicious individuals and state actors. The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”. It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack – a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees – against the organisation, in December 2015 and July 2016. That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect. It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans in the summer of 2016. Mark Zuckerberg, Dick Costolo, Jack Dorsey and Sundar Pichai were amongst those who had embarrassing messages posted to their feeds. Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works. The group then typically posts a message claiming to be “testing [the victim’s] security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack. OurMine and WikiLeaks have not responded to requests for comment. Source
  7. WikiLeaks has released new documents in their Vault 7 series of leaks exposing the CIA’s hacking tools. The new documents cover tools that the CIA uses to hack the Secure Shell (SSH) cryptographic protocol. SSH allows users to securely access other computers remotely over an unsecured network. Two exploits that allow the CIA to capture and exfiltrate SSH credentials are covered in the new release by WikiLeaks. These SSH exploits target SSH users who are running Windows or Linux operating systems. The two SSH hacks are known as BothanSpy and Gyrfalcon. BothanSpy is used by the CIA to steal the usernames and passwords for all active SSH sessions of Windows users who are using Xshell. It “officially” supports Xshell Version 3, build 0288, Version 4, build 0127, Version 5, build 0497, and Version 5, build 0537. The documentation for BothanSpy states that it is risky to use the implant against certain versions of Xshell, and that it does not conduct a version check. If public key authentication is utilized, BothanSpy will intercept and exfiltrate the filename of the private SSH key and the key password. Xshell is a proprietary SSH and Telnet client, and also functions as a terminal emulator. It is produced by NetSarang Computer, Inc. and was first released in 2002. The BothanSpy implant is installed as an extension for Shellterm 3. The stolen data can be sent to a server that is controlled by the CIA, thereby avoiding saving any data onto the victim’s hard drive. Stolen data can also be stored on a victim’s computer in an encrypted file, and be exfiltrated at a later date by other means. Previously, WikiLeaks published documents which exposed the CIA’s ability to gain remote access to computers running Windows by using the Athena and Hera malware. The CIA had worked with a private corporation known as Siege Technologies to develop the Athena and Hera malware for Windows operating systems. In late June, WikiLeaks published documents on the CIA’s ELSA program. ELSA is malware which impacts Windows users who are using WiFi and enables the CIA to track someone using geo-location by monitoring ESS identifiers, WiFi signal strength, and MAC addresses. Gyrfalcon is an implant that consists of two binaries that allow the CIA to hack OpenSSH on Linux operating systems. It is unclear if Gyrfalcon impacts all Linux operating systems, but the documentation for the implant states that it can target users of Ubuntu, Debian, CentOS, Suse, and Red Hat. It allows the CIA to intercept and exfiltrate usernames and passwords of active SSH sessions. The implant also has the ability to intercept some or all of the traffic from an OpenSSH session. The data that is collected is then compressed and stored in an encrypted file on the victim’s computer and exfiltrated at a later time. Gyrfalcon is installed using the CIA’s JQC/KitV rootkit, and effects both 32bit and 64bit versions of Linux. In late June WikiLeaks released documents on the CIA’s OutlawCountry program which targets Linux operating systems. OutlawCountry enables the CIA to redirect the entire outbound traffic of a victim’s computer. It allows the CIA to both exfiltrate and infiltrate data onto a victim’s computer. OutlawCountry uses a kernel module that the CIA can install through shell access on the victim’s computer. The CIA malware then installs a hidden Netfilter table. The hidden Netfilter table allows rules to be made using the iptables command. These rules will supersede any pre existing rules on the victim’s computer and administrator can only discover it if they know the table name. OutlawCountry creates an obscure table name. The CIA relies on other exploits and backdoors to infect victims with OutlawCountry. Version 1.0 of OutlawCountry is limited to infecting only certain Linux kernel modules such as the 64bit versions of CentOS and Red Hat 6. The new documents detailing BothanSpy and Gyrfalcon marks the 15th release in the Vault 7 series of CIA leaks. WikiLeaks began publishing its Vault 7 series of CIA documents in March. They have been regularly releasing new documents every few weeks. More CIA leaks are expected to be published. Article source
  8. WIKILEAKS founder Julian Assange has condemned the CIA as “one of the most useless organisations in the world”. By SIMON OSBORNE 17:04, Tue, May 9, 2017 | UPDATED: 18:54, Tue, May 9, 2017 http://cdn.images.express.co.uk/img/dynamic/1/590x/Julian-Assange-802360.jpg Mr Assange, declared by the Donald Trump administration as US public enemy number one, was speaking ahead of a live Spanish television interview. He told current affairs show When It’s Gone: “The CIA is basically useless. They are extremely incompetent as an organisation. good read continued: http://www.express.co.uk/news/uk/802360/Wikileaks-founder-Julian-Assange-slams-US-intelligence-chiefs-CIA
  9. WikiLeaks dumped today the documentation of a new supposed CIA hacking tool called Archimedes, which the Agency had used to perform Man-in-the-Middle attacks on local networks. According to the nine leaked documents, this tool was previously named Fulcrum but was renamed to Archimedes when it reached v1. Timestamps in the documents reveal the tool was developed and most likely used between 2011 and 2014. The Archimedes manual describes the tool's purpose as follows. As you can see, the tool does not execute the MitM attack itself, but only redirects the target's traffic to another PC on the same network. That second machine will be responsible for breaking down connections, reading the user's traffic, and then relaying the traffic to the LAN's gateway server. Archimedes a repackaged version of Ettercap? The tool itself is very simple, as Jake Williams, founder of Rendition Infosec, writes on Twitter. In fact, according to a quick analysis, the tool isn't even original, appearing to be a repackaged version of Ettercap, an open source toolkit for MitM attacks. The most interesting detail in the entire leak are the MD5 hashes for each of the Archimedes files. Security researchers can now take these hashes and scan artifacts from previous cyber-incidents and see cases where the tool might have been deployed, but they failed to detect it at the time. The Archimedes leak is part of a WikiLeaks series called "Vault 7," during which the non-profit organization has dumped the documentation and user manuals of several hacking tools WikiLeaks claims belong to the CIA. WikiLeaks says it received these tools from hackers and whistleblowers. You can follow our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps: Source
  10. WikiLeaks dumped 27 documents today as part of the "Vault 7" series of leaked documents, which the organization claims to belong to the CIA. Codenamed "Grasshopper," these are 27 manuals describe a CLI-based builder for assembling malware-laced Windows installers. CIA internal wiki pages describing the Grasshopper framework were first leaked at the start of March with the initial Vault 7 announcement. The Grasshopper guides leaked today contain more in-depth information and are training guides for CIA operatives. Grasshopper used to assemble the CIA's malware installers According to the leaked documents, CIA operatives must have some sort of technical information on their targets before using Grasshopper. Based on what operating system the target uses, what antivirus he's employing, and other technical details, the Grasshopper framework automatically puts together several components adequate for the job. To put together these components, operatives used a custom rule-based language to write build configs. In the end, Grasshopper delivers a Windows installer that field operatives can run on a target's machine and install their malware. The usage of a pre-infection form to deliver the most appropriate malware payload has also been seen in Fine Dining, another CIA toolkit that consists of malware-laced portable applications. Grasshopper is very modular, adapts to any operation Below is how the latest Grasshopper manual (v2.0.2) describes Grasshopper's modular architecture: As you can see, the CIA designed Grasshopper to be as malleable as possible, decoupling the installer from the final payload. The Grasshopper builder allows operatives to select the components they need for each operation and deliver a payload of their choice. The leaked documents intimate that Grasshopper installers can deliver payloads in EXE, DLL, SYS, or PIC formats, for x86 and x64 architectures, and payloads for getting persistence. In addition, Grasshopper can produce installers with built-in malicious payloads, or the payloads can be delivered at run-time from other locations. According to the leaked documents, the CIA claims "the installation executable should be loaded into and executed solely within memory," which means it is harder to pick up by traditional signature-based antivirus solutions. In fact, a lot of effort has been put into avoiding security products overall, which is consistent with the main rule of cyber-espionage, the one that says stealth is more important than results. Grasshopper borrowed code from the Carberp rootkit Along with the Grasshopper user guides, WikiLeaks also leaked the manual for Stolen Goods, one of the Grasshopper components used with installers to assure persistence on infected hosts. The document reveals that parts of Stolen Goods, as the name implies, were taken from the Carberp rootkit, used by the eponymous Russian cybercrime gang. Previously, it was discovered that the CIA also borrowed code from other malware families, such as HiKit, Shamoon, UpClicker, and the Nuclear Exploit Kit. Source
  11. WikiLeaks dumped yesterday the source code of a CIA tool called Marble, which according to previously leaked CIA manuals, the Agency classified as a code obfuscation framework. The WikiLeaks dump conveniently came a day after the Senate's open hearing on Russian election interference. Marble is not a tool for planting false flags Many news agencies incorrectly reported that Marble allows CIA's operators to plant false flags inside the malware they create thanks to a feature that inserts code comments written in various languages such as Chinese, Russian, Korean, Arabic, and Farsi. In reality, the Marble framework is a banal code obfuscation utility, like many other tools on the malware market. It's role is to scramble code so human operators can't read it and antivirus engines can't assign it to a known malware family. Nothing more. Marble is a banal code obfuscator "Based on less than 30 minutes of code review, I emphatically disagree with the [WikiLeaks] assertion that Marble is used for false flag ops," wrote on Twitter Rendition Infosec founder Jake Williams. "The [Marble] framework is just a string obfuscation library. It IS interesting, but not in the sense that it would allow for cyber false flag," the expert added. "The Chinese and Russian examples noted by WL only show that the tool was tested for Unicode support, nothing more." In the first batch of leaked CIA files, the ones containing CIA manuals and wiki pages, CIA operatives described Marble as follows: The framework also includes a deobfuscation component for reverting the scrambled code to a readable version when operators need to make changes to the malware's soruce code. According to WikiLeaks, the Marble framework reached v1.0 in 2015, and was used as late as 2016. The Marble source code is available for download from here and the documentation page is here. Source
  12. New Vault 7 leaks show CIA can install persistent malware on OS X and iOS devices A new trove of documents belonging to Wikileak’s Vault 7 leaks, dubbed “Dark Matter” reveal that Apple devices including Macs and iPhones have been compromised by the CIA. They are affected by firmware malware meaning that even a re-installation of the operating system will not fix the device. The CIA’s Embedded Development Branch (EDB) have created several tools for exploiting Apple devices, these include: Sonic Screwdriver – allows an attacker to boot its malware from peripheral devices such as a USB stick. DarkSeaSkies – is an “implant” that persists in the EFI firmware of MacBook Air computers. It consists of “DarkMatter”, “SeaPea” and “NightSkies” which affect EFI, kernel-space, and user-space respectively. Triton – macOS malware. Dark Mallet – Triton infector. DerStake – EFI-persistent version of Triton. The documents show that DerStake was at version 1.4 as of 2013, but other documents show that as of 2016, the CIA was working on DerStake 2.0. According to Wikileaks, NightSkies can infect Apple iPhones, the organisation said what’s noteworthy is that NightSkies has been able to infect iPhones since 2008. The CIA documents say NightSkies is a “beacon/loader/implant tool”. It is “expressly designed” to be physically installed onto factory fresh iPhones meaning the CIA has been intercepting the iPhone supply chain of its targets since at least 2008. "Dark Matter" is just the latest release of documents from the wider Vault 7 leaks, more CIA documents are expected in the future. Main Source: Wikileaks Source
  13. Apple dismisses new WikiLeaks revelations Apple says those exploits the CIA used to hack into iPhones and Macs were fixed years ago. Following the new release of CIA classified documents by the WikiLeaks, Apple adopted the same stance it did after the first round of revelations, saying that it had already fixed the bugs mentioned there. The documents, which WikiLeaks say come from the CIA, detail a number of methods for compromising and breaking into Apple devices if an agent can get his or her hands on the device. "We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013," Apple said on the matter. The Wikileaks poke The company also took the time to poke WikiLeaks a bit. Although it admits they have not negotiated any deals for information via WikiLeaks, Apple does say it has given them instructions to submit any information they wish via their normal process under standard terms. So far, no details were shared with them. This comes after Julian Assange said WikiLeaks would cooperate with tech companies to fix any security problems mentioned by the files, imposing a few conditions, however, like the companies having to release a patch within 90 days. Companies have been somewhat reluctant to make deals with WikiLeaks, especially since there are concerns regarding the source of the CIA files and whether writing patches based on them is a good idea under the circumstances. That being said, it's not exactly a surprise that the CIA has developed various techniques to get into people's phones. The Wiki files today discuss methods that require agents having physical access to the device. With enough time on one's hands, getting into a locked device, even an iPhone isn't impossible, although it's extremely difficult. If you'll remember, the CIA had a row with Apple last year over the decryption of the iPhone of the San Bernardino's shooter. Apple said it couldn't open the phone even if it wanted to, and the CIA eventually found another way in, a technique they are refusing to share with the public despite being sued over it. Their answer was, in short, that they're still using it and they can't share their secret cracking ways. Source
  14. Cisco discovers the CIA has a way to exploit its switches Bad news coming from Cisco Systems. The company admitted that 318 models of switches it sells come with a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code with the purpose of taking full control of the devices. If this wasn't bad enough, the company says there's no fix for the problem. The discovery was made after the company analyzed a set of documents published by WikiLeaks two weeks ago in its massive Vault 7 reveal. The files are believed to come from the CIA, but there are concerns regarding the source of the leak. The flaw, it seems, can be found in 318 switches, residing in the Cisco Cluster Management Protocol (CMP). Remote attackers, such as the CIA, can execute code that runs with elevated privileges. The CMP uses the telnet protocol to deliver signals and commands on Internet networks. "An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a telnet session with an affected Cisco device configured to accept telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device," reads the advisory. The company further warns that vulnerable switches will process CMP-specific telnet options by default, even if there are no cluster configuration commands present on the device configuration. A fix is coming Cisco lists Catalyst switches as being affected the most by the problem, but also Industrial Ethernet switches and embedded services. The company is working on a fix, but there's no timeline for when it is going to land. It should be noted, however, that according to Cisco, the vulnerability is only active when the affected devices are configured to accept incoming telnet connections. By changing this configuration, you can lower the risk of exploits until a fix is released for the problem. Source
  15. WikiLeaks and tech companies don't trust each other It's been quite a few days since WikiLeaks promised it would work with tech companies to patch the security exploits featured in the CIA leak, but no steps have been taken thus far. Following the reveal of the Vault 7 files from WikiLeaks, multiple files indicated the CIA used zero-day exploits to get into people's systems, including Android and iOS devices, Windows PCs, Macs and Linux PCs. After exposing all these files for the world to see, a lot of pressure was put on WikiLeaks because they did not go to the tech companies beforehand, helping them patch up their systems. In response, WikiLeaks said they would work with tech companies to secure everything. Motherboard writes, however, that WikiLeaks made demands on the companies before it would hand over the details needed to patch the vulnerabilities, including a requirement to issue security patches within 90 days. Depending on the size of the bug, this may or may not be possible. There's also the fact that companies may not want to sign up to anything without knowing what the flaws are. Wiki has a side of its own The same sources say, however, that companies are somewhat reluctant to write patches based on WikiLeaks' information because there are concerns about the origins of the leak. The CIA could not confirm they are original because intelligence agencies never can. That makes everyone worry that Russia may have been responsible for forwarding the info to WikiLeaks and, in the process, may have tweaked the information, which could make companies open up their systems instead of making them safer. WikiLeaks has a different take on the story and says that companies such as Google are taking their time because they are, in fact, working with the US government and their relationship prevents them from fixing these kinds of flaws. It looks like everyone is suspicious of the other and, given the circumstances, some have more rights to be wary than the others. Source
  16. I am just copying the important chunks from this article The recent leaks reveal how, for years, CIA was busy hacking into many consumer electronics devices, including Wi-Fi routers, Samsung Smart TVs, iPhones and Android-powered devices. According to the documents, the agency employed specialized tools to exploit the security vulnerabilities in these devices and recorded videos, audio conversations, text messages, or anything that could help them keep tabs on the owners of those devices. According to WikiLeaks, many malwares and hacking tools were developed by EDG (Engineering Development Group), one of CIA’s own software development group, while some tools and applications were acquired from other government agencies or third-party dealers. The CIA dubbed these third-parties as their partners, and used codenames like SurfsUp, Peppermint, Anglerfish and Fangtooth. Forbes reported that these vulnerabilities are worth a lot in the market, i.e., over $1 million for every bug. Severity of the leaks: The malware created by CIA for hacking into users’ personal gadgets are so effective that they can safely bypass even the most popular security programs. Amongst Different OSs, Android Attracted the Most Exploits The popular Smartphone Operating System, Android, enjoys a major market share in the Smartphone industry. Perhaps, that’s what makes it one of the important targets for the Central Intelligence Agency. Amongst the many exploits reported by WikiLeaks, a good chunk of those exploits were especially developed to break into Android devices and applications. Chronos, purchased from Anglerish, exploits the security weaknesses of Android devices that are running on 4.0 Dugrito, another tool by Anglerfish, is a remote access exploit that hits devices running 4.0 – 4.1.2 Flamekimmer, a tool by SurfsUp, hits devices that use Broadcom Wi-fi chipsets, running OS 4.4.4 RCE bugs, by Anglerfish, Fangtooth, NSA and GCHQ, are remote access exploits that can be used for hacking into any device from anywhere Dragonfly, currently no information available except that it is a RCE bug for Android security exploits Sulfur, by Fangtooth, one of the most critical exploits that hits the kernel files of Android, leaking information remotely RoidRage, another tool that allows hackers to have remote access of the hacked device At first, WikiLeaks provided detailed information on these Android exploits by CIA but it later redacted the pages to prevent the actual codes from getting into the wrong hands.
  17. Windows 10 is safe from the CIA Microsoft has finally issued a statement regarding the WikiLeaks Vault 7 leak of CIA documents regarding the agency's hacking powers, saying that computers running Windows 10 software should be safe. According to Microsoft's statement, the vulnerabilities mentioned in the CIA files were dated and appeared to target older systems. "We take security issues very seriously and are continuing a deeper analysis to determine if additional steps are necessary to further protect our customers," the company said. Should any additional threats be discovered, Microsoft promises to inform customers. There is no mention whether people using previous Windows version are safe from CIA attacks or not. Apple, Google, Linux claim users are safe Microsoft's statement falls in line with what we've been hearing from all over the tech community. Apple and Google have said that customers running their latest software appear to be safe from vulnerabilities and that most of the issues mentioned in the WikiLeaks files have already been fixed. It's unclear what vulnerabilities are yet to be patched or whether there really are any. The Linux Foundation has also addressed the issue with a rather relaxed statement. They said that given the open-source nature of the operating system, with security updates being released every few days, there are little chances for users to be in danger from the CIA as any vulnerabilities they might have been able to exploit have long since been fixed. The major problem exposed by the CIA files WikiLeaks dumped the other day is the fact that the agency expressed a desire to stockpile zero-day vulnerabilities and find ways to exploit them. If its hackers didn't find the security holes, the CIA bought it off the Internet. Such vulnerabilities in iOS and Android were used by the CIA to create malware which got them full access to a target's phone, bypassing even encryption layers set down by apps such as WhatsApp, Signal or Telegram. This, of course, is the exact type of thing any serious malware can do. By refusing to disclose these zero-days to the affected companies, however, the CIA put billions of users at risk. After all, if the CIA found the vulnerability, who's to say other didn't too? Samsung and LG are still looking into the situation and are expected to release statements on the matter too. Source
  18. Most Major Antivirus Programs Bypassed By The CIA, Shows WikiLeaks Document WikiLeaks recently published thousands of documents that the organization said belongs to the CIA. Among them, there was a document that showed a list of antivirus and other security products that have been exploited and bypassed by the CIA. The list included the following software products: Comodo Avast F-Secure Zemana Antilogger Zone Alarm Trend Micro Symantec Rising Panda Security Norton Malwarebytes Anti-Malware EMET (Enhanced Mitigation Experience Toolkit) Microsoft Security Essentials McAfee Kaspersky GDATA ESET ClamAV Bitdefender Avira AVG You probably recognize most, if not all, of the products on that list. The list includes Microsoft’s “Security Essentials” antivirus program, which was later converted into the built-in “Windows Defender” program in Windows 8 and later, as well as EMET, Microsoft’s anti-exploit security tool (mainly for enterprise users). EMET was recently deprecated by Microsoft, because the company said that many of EMET’s anti-exploit features such as DEP, ASLR, Control Flow Guard (CFG), as well as other mitigations to bypass the User Account Control (UAC), were already built into Windows 10. Microsoft said that because the security features are built-in, they should offer better security than the ad-hoc security that EMET tried to provide. The CIA documents released by WikiLeaks date from 2014, before Windows 10 came out. Therefore, we don't know what new capabilities the CIA may have obtained since then, and whether or not the new Windows 10 security features were also bypassed. Bypassing Antivirus Programs The leaked documents pertaining to the list of antivirus programs that have been exploited by the CIA seem to have been redacted, likely by WikiLeaks. The organization said that it made over 70,000 redactions in total, mainly to remove harmful code (WikiLeaks has been accused in the past of “hosting malware” because the emails it released contained malware targeted at the recipients of the leaked emails), as well as personal details and IP addresses. However, it’s not clear why the organization removed the technical information about how most of the antivirus programs in the list were exploited. COMODO The CIA appears to give mixed praise to the anti-virus solution by Comodo, the self-described “global leader in cyber security solutions.” One post by an apparent CIA hacker published by WikiLeaks said Comodo is “a colossal pain in the posterior. It literally catches everything until you tell it not to.” Just don’t upgrade to Comodo 6. That version “doesn’t catch nearly as much stuff,” the hacker appears to say, describing a particularly glaring vulnerability as a “Gaping Hole of DOOM.” Melih Abdulhayoglu, Comodo’s chief executive, emphasized the first part of the post, saying that being called a pain by the CIA was “a badge of honor we will wear proudly.” In a statement, he said that the vulnerability described by the CIA was obsolete. Comodo 6 was released in 2013; Comodo 10 was released in January. KASPERSKY LAB This is one of the world’s leading providers of security protection. But it may not keep you safe from the CIA. A flaw in the code “enables us to bypass Kaspersky’s protections,” according to another post . Founder Eugene Kaspersky dismissed the comment, saying in a Twitter message that the flaw identified in the CIA leak was fixed “years ago.” A statement from his company said a second flaw apparently identified by the agency was fixed in December 2015. AVIRA A CIA hacker appears to say that this German-engineered anti-virus product is “typically easy to evade.” The firm said in a statement that it had fixed what it described as “a minor vulnerability” within a few hours of the WikiLeaks release. It added that it had no evidence that any of its users had been affected by the bug. AVG The CIA apparently had a trick to defeat AVG that was “totally sweet.” Ondrej Vlcek, the chief technology officer for AVG’s owner, Netherlands-based Avast, said that the CIA appeared to be discussing a “theoretical bypass” of AVG’s scanning engine which would have required additional work to successfully deploy as malicious software. “We would not consider it critical,” he said of the issue. Speaking via email, he added that it seemed the post was written “some time” ago. “This is in fact not an issue today given the current operation of the AVG products,” he said. F-SECURE One CIA hacker appeared to be particularly scathing about this Finnish firm’s security software. It’s a “lower tier product that causes us minimal difficulty,” one apparent hacker said . F-Secure noted that the company was described elsewhere , along with Avira, as an “annoying troublemaker.” It said there was a broader point to be made about the CIA’s apparent decision not to warn anti-virus companies about the flaws in their products. The agency “considered it more important to keep everybody unsecure … and maybe use the vulnerability for its own purposes or counter terrorism purposes,” F-Secure’s chief research officer Mikko Hypponen said in a statement. BITDEFENDER The posts aren’t complete enough to say for sure, but Bitdefender, a Romanian anti-virus product, seemed to cause CIA hackers a lot of trouble. One post appears to suggest that Bitdefender could be defeated by a bit of tinkering. Or maybe not. “Alas, we’ve just tried this,” a response to the post said. “Bitdefender is still mad.” Bitdefender representative Marius Buterchi said the only conclusion to draw was that “we are detecting the CIA tools.” Tomshardware cbslocal
  19. Julian Assange said WikiLeaks will work with tech companies to resolve the CIA's exploits. Julian Assange, the founder of WikiLeaks, wants big players like Apple and Samsung to disarm the CIA's exploits before he releases them to the world. WikiLeaks wants to join forces with tech giants against the CIA. The leak-focused site on Tuesday released thousands of alleged CIA documents, accusing the intelligence agency of amassing tools that can break into iPhones, Android devices, smart TVs and cars. WikiLeaks' "Vault 7" release also indicated that the CIA hoarded vulnerabilities in iOS and Android and kept them secret so it could continue using them to gain access to devices. CNET is unable to verify whether the documents are real or have been altered. On Thursday, WikiLeaks founder Julian Assange said that his organization will work with tech giants like Apple, Google and Samsung to plug those holes before it releases more details on the CIA's hacking program. "We have quite a lot of exploits ... that we want to disarm before we think about publishing it," Assange said at a press conference streamed on Periscope. "We're going to work with some of these manufacturers to try and get these antidotes out there." His press conference was the latest turn in a drama that has potentially blown open how the CIA could use our own devices to spy on us. The documents show how the agency has allegedly been able to break into even encrypted devices such as phones and computers by taking control of their operating systems. Assange said he's been keeping WikiLeaks' findings under wraps while the CIA's exploits can still be used because he doesn't want them falling into the wrong hands. He said the CIA has already "lost control of its entire cyberweapons arsenal," which he criticized for being poorly secured. He said WikiLeaks has much more information on the CIA's cyberweapons program that it's waiting to reveal. "This is an historic act of devastating incompetence," Assange said, "to have created such an arsenal and stored it all in one place and not secured it." The CIA has not confirmed or denied the authenticity of WikiLeaks' release but did say that it is the CIA's job to "be innovative" and "cutting edge" with its technology. The intelligence agency said it will continue to spy on foreign countries to "protect America from terrorists, hostile nation states and other adversaries." The agency also sought to cast suspicion on the messenger. "As we've said previously, Julian Assange is not exactly a bastion of truth and integrity," CIA spokesman Jonathan Liu said Thursday in a statement. Challenges for Android and others For some of the smaller exploits, it will take companies two or three days to patch up the vulnerabilities, Assange said. For exploits on so-called internet of things devices like smart baby monitors or refrigerators, it could take much longer. Samsung said it is "urgently looking" into the CIA's alleged exploits after WikiLeaks named a program that could secretly turn its TVs into listening devices. Apple said it had already patched up most of the vunerabilities with its latest version of iOS. Microsoft said that it's aware of the CIA's alleged tools and that it's "looking into it." Google said in a statement that it had already patched up most of the holes. However, the various makers of Android devices add their own custom software, which may still be vulnerable. Android users will also have the most difficulty in getting fixes for some of the CIA's exploits because the operating system is used by multiple manufacturers with different rollout schedules for updates. "For some systems, like Android with many manufacturers, there is no automatic update to the system. That means that only people who are aware of it can fix it," Assange said. "Android is significantly more insecure than iOS, but both of them have significant problems." WikiLeaks is still sorting through thousands of documents for future releases. The organization redacted more than 78,000 IP addresses, more than a quarter of which came from the US. The CIA said it does not spy on US citizens, but WikiLeaks is still investigating how many of the 22,000 IP addresses in the US are from the CIA's hacking unit and how many are malware victims. Assange said the CIA's hacking programs cannot be properly regulated by its design. "The technology is designed to be unaccountable. It's designed to be untraceable," he said. Source
  20. Phragmeister

    Vault 7 - WikiLeaks

    Last month Wikileaks tweeted a bunch of pics with the words - what, where, when and why regarding something called Vault 7. One could only speculate what was going on, it all seemed a bit bizarre. Anyway, a few hours ago they tweeted this. A torrent file labelled 'WikiLeaks-Year-Zero-2017-v1.7z' - They plan to release the passphrase to unlock the file today at 9am ET.
  21. Google's already fixed some of those WikiLeaks exposed vulnerabilities Google claims that it has already fixed many of the vulnerabilities discussed in the WikiLeaks Vault 7 revelations regarding the extensive hacking capabilities of the CIA. According to the huge file dump from WikiLeaks, in which alleged CIA documents containing lists of vulnerabilities in popular tech products, including Google's Android and Apple's iOS, CIA's hackers discovered zero-day vulnerabilities, exploited them, and managed to get into targeted phones, bypassing encryption settings set into various messaging apps and so on. "As we've reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing, and we will implement any further necessary protections. We've always made security a top priority, and we continue to invest in our defenses," came Google's statement via Heather Adkins, director of information security and privacy. Given Google's statement, we can assume that some of the bugs the CIA is exploiting haven't been fixed or Google has no idea what they are, and that's normal. In fact, it's because of instances such as this one that Google and other companies have demanded that the intelligence agencies of the United States immediately report zero-day vulnerabilities they discover. Keeping them locked up and exploiting them for their own game puts millions upon millions of people at risk. After all, if one hacker managed to find the security hole, others may as well, others that have even more nefarious purposes. The worst part - exploiting zero-day vulnerabilities The tech industry as a whole reacted to the file dump, expressing concern over CIA's tendency to stockpile vulnerabilities instead of sharing information with the affected services. "The CIA seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance o fix it and protect users. [...] We hope this raises awareness to the severity of these issues and the urgency of collaborating on reforms," said Mozilla's chief legal and business officer Denelle Dixon to the New York Times. Files exposed by WikiLeaks in its Vault 7 release indicate the CIA has many ways to control the most popular gadgets and always looks into finding new ways to break into them. Malware, viruses and other types of exploits are something the CIA works on regularly. Source
  22. Linux users should be safe thanks to frequent updates The Linux Foundation has come out to speak about the Vault 7 revelations via WikiLeaks regarding CIA's hacking powers which extend to Linux devices, claiming that thanks to the open-source nature of Linux, the operating system is constantly updated with new security fixes, likely covering all those vulnerabilities the CIA may have discovered and exploited. "Linux is a very widely used operating system, with a huge installed base all around the world, so it is not surprising that state agencies from many countries would target Linux along with the many closed source platforms that they have sought to compromise," Nicko van Someren, CTO at the Linux Foundation told the Inquirer. "Linux is an incredibly active open source project. Thousands of professional developers and volunteers - including many of the most talented in the world - are constantly contributing improvements and fixes to the project. This allows the kernel team to release updates every few days - one of the fastest release cycles in the industry. Rapid release cycles enable the open source community to fix vulnerabilities and release those fixes to users fasters," he added. Apple has likely fixed everything too Linux isn't the only company to come up with a response to the WikiLeaks trove of documents regarding the CIA's hacking tools. Apple has also come forward saying that it has fixes many of the vulnerabilities referenced in the Wiki files. Apple's spokesperson expresses the company's commitment to safeguarding their customers' privacy and security. "While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates," the company said. Apple added that about 80% of users are running the latest version of iOS, so they should be quite protected. Unless, of course, CIA found another zero-day vulnerability in there too, or one that was left unpatched because Apple didn't know about. That, however, is the problem with just about any type of software. The documents exposed by WikiLeaks include charts detailing iOS exploits that would allow the CIA to turn iPhones into spying gear, and, in some cases, to even control the devices. According to the same files, the CIA developed some of the exploits, while others were purchased or copied. The same was done in regards to Android vulnerabilities, which Google addressed already. With opening Vault 7, WikiLeaks tried to shock the world with what the CIA can do and how extensive its operations are. However, that's the CIA's job so it shouldn't really surprise anyone that it has developed malware and viruses and exploits based on zero-day vulnerabilities to get the job done. What should upset everyone, however, is that they've taken advantage of these zero-day vulnerabilities instead of informing tech companies about them in order to protect billions of users, something they've been asked repeatedly. After all, if the CIA hackers could find the bug, others could too and those individuals may not be after tapping the phone of a few select targets. Source
  23. Well-known iPhone hacker says nothing in CIA dump threatens up-to-date iPhones Of all the mobile devices featured in the alleged CIA documentation dump released by Wikileaks earlier this week, the iPhone is mentioned the most. Pages upon pages of research and exploits related to Apple’s smartphone are now in the hands of anyone with an internet connection. It might seem like a reason to panic, and plenty of people are already doing just that, but according to one of the most well-respected iPhone hackers on the planet, nothing in the collection of information should pose any threat to an up-to-date iPhone. Will Strafach is the CEO of Verify.ly, a software security firm specializing in mobile devices. He also used to be one of the most famous iOS jailbreakers around, and his opinion on mobile security exploits is one of the very few that you should actually care about. He’s taken a look at the CIA documents related to the iPhone, and doesn’t see anything to worry about — assuming you’re running the latest firmware. I have found nothing in the dump which an attacker could use to hack an iOS device on latest firmware (and older firmwares have public JBs) https://t.co/gnWDRX8tOz — Will Strafach (@chronic) March 8, 2017 “The one thing I was at least able to definitively clear up is this: the leak contains nothing which an attacker could download and use to hack an up-to-date mobile phone (iOS),” Strafach told us. “Android experts have said the same regarding android devices on the latest firmware as well, which is interesting as it demonstrates that Android (again, on latest firmware) can be decently secure just like iOS.” So what about the people claiming the information included in the leak is of dire security concern to everyone with an iOS device? “The best you can do is to ask anyone who claims danger within this leak to go ahead and prove it,” Strafach says. “I guarantee you that if you ask someone to download this leak and try to use the information in it to hack your phone, they would fail.” The seasoned security expert also wants to clear up some misconceptions about the government potentially keeping vulnerabilities secret rather than reporting them. “Some imply keeping a vulnerability private will make users unsafe,” Strafach explains. “This is an ethical debate rather than a technical one and is up to opinion, but what I can at least say is that the practice is also prevalent among experienced security researchers who need to maintain access to future revisions of an OS in order to continued their research to find new vulnerabilities, which they may either disclose or submit to a bug bounty, or create a jailbreak tool for, etc.” “While I agree that it can be healthy sometimes to question government and call out actual abuse, in this situation, it is more about having a level playing field and I do not believe there is an ethical issue here,” Strafach says. [Enjoy your iPhone! ]
  24. Encrypted messaging apps are safe, as long as the CIA doesn't target you There seems to be a bit of an uproar online as people are urging each other to dump the messaging apps they've been using because the CIA can render useless the encryption safeties they set in place. The problem, however, is with the operating systems of the phones, not the apps themselves, Following the Vault 7 revelations from WikiLeaks, many people worry that their privacy is at risk due to the newly exposed capacities of the CIA. Of course, so far, there's been no indication that the CIA is doing anything illegal with its powers, aside from the fact that it really should be sharing the zero-day vulnerabilities it finds with the companies they affect so they can fix them and protect millions of users. Then, there's the fact that, according to the files, the CIA has developed malware that can bypass the encryption layers used by apps such as WhatsApp, Signal, Telegram and so on. This isn't the fault of the apps, however, since the CIA based its malware on vulnerabilities it discovered in iOS and Android, zero-day bugs it chose to keep secret rather than share with Apple and Google, respectively. There's nothing the app can do if the OS is compromised Basically, when the operating system is attacked in such a way, there's very little an app can do to protect the user further. The app itself is made to fit with the operating system; it depends on it to work properly. Once you receive a message, the app will do what it was built to do - decrypt the message. If the operating system has been compromised by malware such as the one built by the CIA, the data is no longer protected. Even regular hackers can compromise your device without that much trouble as bypassing app encryption settings. If, for instance, you tap a link you shouldn't, download a malicious file which then triggers a malware to be downloaded to your device, you can be just as vulnerable. One method many hackers use to get their hands on your data is to take a screenshot every half second, or every second. That alone would expose whatever you are typing, protected by end-to-end encryption or not. The CIA's job Once more, we should point out that there is no indication that CIA is using these tools on the masses. They could very well simply use them on their criminal targets. Of course, given our history with the NSA leaks a few years back, the CIA may very well have overreached too, although mass-spying is less likely with the CIA than the NSA. "The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty. So far, we don't have any evidence that these capacities were used unlawfully, for example, to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections," High-Tech Bridge CEO Ilia Kolochenko told Softpedia. At this point, the worst we can accuse the CIA of is collecting zero-day vulnerabilities and exploiting them instead of sharing the data with the companies that could protect millions of users by patching up their systems. Source
  25. WikiLeaks founder Julian Assange vowed Tuesday that the online publishing organization would publish "significant" secret information related to the United States presidential election and that it would do so before Nov. 8. Assange made the comments via video link from London to Berlin as part of a news conference to mark WikiLeaks' 10th anniversary. He said WikiLeaks intends to start "publishing every week for the next 10 weeks" material on weapons, war, Google, the election and other topics, but did not otherwise elaborate on the timing or the subject matter of the documents. Ahead of the news conference there was intense speculation that WikiLeaks would release documents Tuesday connected to Democratic candidate Hillary Clinton, but that did not happen. Assange did not say whether any of the releases would be about Republican candidate Donald Trump. "We are going to need an army to defend us from the pressure that is already starting to arise," Assange, 45, said via video link. He has been in the Ecuadorian Embassy in London since 2012 to avoid extradition to Sweden. There, he faces a rape allegation and the prospect of extradition to the U.S. where investigators want to question him about espionage charges. Source
  • Create New...