Page 1 of 2 1 2 LastLast
Results 1 to 30 of 43

Thread: wikileaks year zero vault 7 - CIA hacking files

  1. #1
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)

    wikileaks year zero vault 7 - CIA hacking files

    So "Year Zero" per Wikileaks is the CIA using cyber weapons.

    "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
    Origin of the term = HERE.

  2. #2
    Join Date
    Dec 2011
    Location
    US of A
    Posts
    2,105
    Mentioned
    48 Post(s)
    Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?

  3. #3
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    Quote Originally Posted by allegro View Post
    So "Year Zero" per Wikileaks is the CIA using cyber weapons.



    Origin of the term = HERE.
    If you are going to read anything about the dump today, read the direct wikileaks press release that allegro linked to. The press is primarily rehashing the release and shitting all over themselves with stupidly wrong things like "Signal is broken!"


    standout items getting press: Has spy tools for every smartphone and major computer OS, even the mics on your smart TVs.

    standout items NOT getting press: CIA has been secretly paying to keep public insecure. They were working to infect car control systems (assassinations?). CIA has a large library of weapons that leave the "fingerprints" of other groups, including.... yes... Russia.

  4. #4
    Join Date
    May 2012
    Location
    WA
    Posts
    542
    Mentioned
    43 Post(s)
    Quote Originally Posted by theimage13 View Post
    Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?
    This whole year is doing that to everyone.

  5. #5
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by theimage13 View Post
    Does it make me sound like a crazy conspiracy theorist to wonder if WL didn't time this to help turn public opinion against the intelligence committee and thus make people think that anything damning they say about 45 and Russia is either false, politically motivated, or both?
    Or, that Obama didn't need to order any "wiretaps" as the CIA has been spying on American citizens since shortly after 9/11.

  6. #6
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by allegate View Post
    This whole year is doing that to everyone.
    new term just learning about the deep state http://www.alternet.org/trump-vs-deep-state

  7. #7
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    ^^^ speaking of Deep State....


    it's worth pointing out the decryption passphrase on the wikileaks dump (SplinterItIntoAThousandPiecesAndScatterItIntoTheW inds) is a reference to a quote by JFK about the CIA a month before his assassination.




  8. #8
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)

  9. #9
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    ^^^ speaking of Deep State....


    it's worth pointing out the decryption passphrase on the wikileaks dump (SplinterItIntoAThousandPiecesAndScatterItIntoTheW inds) is a reference to a quote by JFK about the CIA a month before his assassination.



    Whoa! Wtf.

  10. #10
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    Quote Originally Posted by allegro View Post
    It goes way beyond that. Read the "How the CIA dramatically increased proliferation risks" portion of the wikileaks release.

    They lay out an interesting legal dilemma, which I don't know if its true or not. But basically the way the CIA created & used the tools on the internet would have violated classification rules... IF the tools were classified. So they didn't classify the tools. So that means anyone can use those tools and even the US Gov can't claim ownership/copyright.

  11. #11
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Maybe they're trying to tell 45 that they're all hacking his Android phone

  12. #12
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    Quote Originally Posted by allegro View Post
    Whoa! Wtf.
    yea, it may just be a little flourish from Assange wanting to stick it to the CIA. Or it could be more... like a hint that Assange thinks the CIA is doing dirty high stakes political stuff again... or... or...

    I wouldn't be surprised if the CIA were involved pretty heavily in Hillary losing the election, or with trying to fuck Trump over right now, or really anything.

    To loop it back to this thread, Trump does have power to start going after the CIA. With all his talk about them, lets see if this dump gives him any motivation. It'll probably be just more bullshit comments pointing at some media coverage and saying "see, they are dirty! can't be trusted"

  13. #13
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    It goes way beyond that. Read the "How the CIA dramatically increased proliferation risks" portion of the wikileaks release.

    They lay out an interesting legal dilemma, which I don't know if its true or not. But basically the way the CIA created & used the tools on the internet would have violated classification rules... IF the tools were classified. So they didn't classify the tools. So that means anyone can use those tools and even the US Gov can't claim ownership/copyright.
    you would be surprised at the amount of NDA's and legal document's security research teams and pen-testers have to sign to even look at a system or face prosecution there are also disclosure agreements, that also state all findings must be disclosed to affected parties or face prosecution
    -louie

  14. #14
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)

    Trump 2017: Year Zero

    Quote Originally Posted by Louie_Cypher View Post
    you would be surprised at the amount of NDA's and legal document's security research teams and pen-testers have to sign to even look at a system or face prosecution there are also disclosure agreements, that also state all findings must be disclosed to affected parties or face prosecution
    -louie
    Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

    CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.

  15. #15
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

    CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.
    i would agree i would like to know more about importantly, they are categorizing all these tools as "weapons"i can still download free versions of Kali, burp suite, wire shark and python IDE, are these "weapons"?
    just curious
    -Louie

  16. #16
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    So, on that car control system infection capability... Remember when Michael Hastings died in a high speed car crash just before he was about to break a big story on the CIA?

    https://en.wikipedia.org/wiki/Michae...ay_controversy

  17. #17
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    you should read up on the church committee if you really want to go down the rabbit holeand that was in the '70's
    -louie

  18. #18
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    So, on that car control system infection capability... Remember when Michael Hastings died in a high speed car crash just before he was about to break a big story on the CIA?

    https://en.wikipedia.org/wiki/Michae...ay_controversy
    what i was trying to say a lot of the "weapons" stated in the wiki-leaks, were pre-existing tools for security researchers. pen-testers, and no more a weapon then a pipe wrench, but then again i would not want to be smacked up-side my noggin with a pipe wrench
    -Louie

  19. #19
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    Here is a short, easy to understand, but most importantly a SKEPTICAL counterbalance to the press coverage.

    It's focused on the tech and doesn't touch much on anything else, but if you only read one article right now, this is the one to read.


    http://blog.erratasec.com/2017/03/so...ault7.html?m=1

  20. #20
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

    CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.
    But, cyber is a (potential) weapon. It's the modern way to destroy. Look what we (shhhhh) did to Iran's nuclear power plants, repeatedly. Look what China did with our OPM database. Look what could happen if our grid was hit, or if bank networks were hit (taking out all our access to our money in a cashless society). This is espionage (it IS the CIA, not the FBI) but cyber weapons have the intent not only to obtain intel but also the desire to neutralize a threat. I'm not sure everybody follows rules. All of this, of course, is dependent on vulnerability (computer or human).



    Can they really remotely hack an iPhone? Or only if they get us to install an app that allows them access?
    Last edited by allegro; 03-08-2017 at 07:24 AM.

  21. #21
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    So, on that car control system infection capability... Remember when Michael Hastings died in a high speed car crash just before he was about to break a big story on the CIA?

    https://en.wikipedia.org/wiki/Michae...ay_controversy
    Whoa!!!! Holy shit.

    Like, this makes hacking into Cheney's pacemaker lightweight.

  22. #22
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Here is a short, easy to understand, but most importantly a SKEPTICAL counterbalance to the press coverage.

    It's focused on the tech and doesn't touch much on anything else, but if you only read one article right now, this is the one to read.


    http://blog.erratasec.com/2017/03/so...ault7.html?m=1
    very good non-parania enduing balance, non-bs and non-cyber kabuki
    -louie
    thanks for posting this DC!

  23. #23
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Here is a short, easy to understand, but most importantly a SKEPTICAL counterbalance to the press coverage.

    It's focused on the tech and doesn't touch much on anything else, but if you only read one article right now, this is the one to read.


    http://blog.erratasec.com/2017/03/so...ault7.html?m=1
    Good shit, thanks

  24. #24
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    thanks again dc. bookmarked, big help phone has been blowing up all day, no sir the CIA can't suddenly tap your phone, i don't think they really care, and please don't call me with every piece of crap you happen to read on the internet.
    -louie

  25. #25
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    I like this part:

    There's no overlap or turf war with the NSA. The NSA does "signals intelligence", so they hack radios and remotely across the Internet. The CIA does "humans intelligence", so they hack locally, with a human. The sort of thing they do is bribe, blackmail, or bedazzle some human "asset" (like a technician in a nuclear plant) to stick a USB drive into a slot. All the various military, law enforcement, and intelligence agencies have hacking groups to help them do their own missions.

  26. #26
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    Quote Originally Posted by allegro View Post
    I like this part:
    about two years ago there was something that was in fashion called "social" engineering", which was (touted, as human hacking, so instead of using a computer and an Algorithm, to crack a password, you would talk to a person a find out there dogs name and use that, there were competitions were you would get points, for types of info you got, from talking to a receptionist on the phone for 5 minutes, i found it all very compelling if you find it interesting like me look here http://www.social-engineer.org/
    -louie v.

  27. #27
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    two years ago? Man, social engineering has been a thing for decades. I feel like Mitnick going to jail in the mid 90's is what pushed it into the mainstream. It's still one of the more common ways people get access to your stuff, if you are targeted.


    Fun fact about the SE competitions: Women tend to absolutely dominate them, even complete novices. Also, women tend to be the most resistant to social engineering attacks.
    I love throwing this factoid out when doing talks. It encourages people to experiment who may be novices, and it messes with poor that have poor understandings of gender equality :P


    Anyway, I have taken to showing people this as an intro video to what Social Engineering is. It was shot at the 2015 SE competition area at DEFCON.
    And I have absolutely used my own kids even worse shit, especially in person... (im an asshole, i know)

  28. #28
    Join Date
    Dec 2011
    Posts
    4,954
    Mentioned
    156 Post(s)
    Quote Originally Posted by allegro View Post
    I like this part:
    Rob (the author) has been hammering on the fact that the bulk of the attacks specifically require someone to plug a USB drive into your device.

    He also loves to troll (he does it obviously, and isnt trolling in this case) and generally play the skeptic. It's great. But the reason I am saying all of this is to preface this magically little thing that unfolded yesterday:


  29. #29
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    823
    Mentioned
    30 Post(s)
    cool stuff if you go to 25 this year let me know i would be happy to buy you a beer
    -louie

  30. #30
    Join Date
    Nov 2011
    Posts
    9,095
    Mentioned
    717 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Rob (the author) has been hammering on the fact that the bulk of the attacks specifically require someone to plug a USB drive into your device.

    He also loves to troll (he does it obviously, and isnt trolling in this case) and generally play the skeptic. It's great. But the reason I am saying all of this is to preface this magically little thing that unfolded yesterday:

    That is in his article, speaks to subjective "worry." Like, just because you aren't paranoid doesn't mean people aren't to get you ... har har har. The conspiracy theorists think the NSA is living in our Amazon Echo all day, so now they will think that a CIA agent is in the baby monitor, Nest thermostat and the remote-read RF water meter and is watching you on your home security system.

    (But I still won't get an Echo. I also have electrical tape on the cams on my laptop and iMac. I'm not a drug dealer or a terrorist but I don't want people seeing me walk around naked. If the CIA or NSA has it, so do bad guys - that's my motto.)

    You can't plug a USB into an iPhone.
    Last edited by allegro; 03-08-2017 at 06:19 PM.

Posting Permissions