Results 1 to 30 of 31

Thread: wikileaks year zero vault 7 - CIA hacking files

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 03-07-2017, 02:25 PM #1
    allegro's Avatar
    allegro
    allegro is offline Bite me
    Join Date
    Nov 2011
    Location
    Highland Park, IL
    Posts
    14,384
    Mentioned
    994 Post(s)
    Oh and this:

    https://twitter.com/Snowden/status/839172609484914688
    Reply With Quote Reply With Quote
  2. 03-07-2017, 03:10 PM #2
    Louie_Cypher
    Louie_Cypher is offline Active Member
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    1,378
    Mentioned
    41 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    It goes way beyond that. Read the "How the CIA dramatically increased proliferation risks" portion of the wikileaks release.

    They lay out an interesting legal dilemma, which I don't know if its true or not. But basically the way the CIA created & used the tools on the internet would have violated classification rules... IF the tools were classified. So they didn't classify the tools. So that means anyone can use those tools and even the US Gov can't claim ownership/copyright.
    you would be surprised at the amount of NDA's and legal document's security research teams and pen-testers have to sign to even look at a system or face prosecution there are also disclosure agreements, that also state all findings must be disclosed to affected parties or face prosecution
    -louie
    Reply With Quote Reply With Quote
  3. 03-07-2017, 03:49 PM #3
    Louie_Cypher
    Louie_Cypher is offline Active Member
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    1,378
    Mentioned
    41 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

    CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.
    i would agree i would like to know more about importantly, they are categorizing all these tools as "weapons"i can still download free versions of Kali, burp suite, wire shark and python IDE, are these "weapons"?
    just curious
    -Louie
    Reply With Quote Reply With Quote
  4. 03-07-2017, 07:39 PM #4
    allegro's Avatar
    allegro
    allegro is offline Bite me
    Join Date
    Nov 2011
    Location
    Highland Park, IL
    Posts
    14,384
    Mentioned
    994 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Very aware. Pentest scoping and legal engagement rules are a pain. But that has little to do with the CIA.

    CIA has tools that don't fit classification models easily. More importantly, they are categorizing all these tools as "weapons" which makes little sense when shoved into existing arms rules.
    But, cyber is a (potential) weapon. It's the modern way to destroy. Look what we (shhhhh) did to Iran's nuclear power plants, repeatedly. Look what China did with our OPM database. Look what could happen if our grid was hit, or if bank networks were hit (taking out all our access to our money in a cashless society). This is espionage (it IS the CIA, not the FBI) but cyber weapons have the intent not only to obtain intel but also the desire to neutralize a threat. I'm not sure everybody follows rules. All of this, of course, is dependent on vulnerability (computer or human).



    Can they really remotely hack an iPhone? Or only if they get us to install an app that allows them access?
    Last edited by allegro; 03-08-2017 at 06:24 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions