WikiLeaks Releases CIA Documents, Alleging Hacking of Consumer Electronics

[gigastar]

Well, this is Wikileaks editorializing the leaked data.

Ok first up i should state that collected my findings off of Twitter, not from Wikileaks directly.

Yes i know im fucking scum but id rather do gaming and let other people pick through the thousands of documents.

And also listen to Alex Jones on the subject, seriously a conspiracy theorist getting evidence to support his narrative is a fucking comedy goldmine.

I haven't seen any evidence or reports that the data contains actual false flag operations using other hacking groups'/nation-state's malware or attack techniques. Yes, the CIA collects malware and attack methods from other parties in a database. Yes, they use that information and take "code snippets" of existing malware to adapt their own methods and malware. I'm sure every government cyber operation does the same (which, on a side note, is why things like Stuxnet are so dangerous -- because now Iran, Russia and others can use the same code and adapt it for new variants).

Making the leap to say that the CIA is running a false flag operation is extremely irresponsible, especially since 1) there's no documentation in the leaks that shows the CIA took third-party malware and used it for an attack, and 2) the very document that Wikileaks posted states the goal of the Umbrage "Component Library" in black & white:

"The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications."

What's more, you can't engage in an effort to "misdirect attribution" as Wikileaks claims if you're building a custom solutions that only uses "snippets" of code from existing malware types. That's complete and utter nonsense, and no cyber attribution expert in the world would go for that.

Id just like to point out the CIA does have false flag operations in its history. Now granted not its recent history but such things are probably put beyond the reach of the former contractors allegedly responsible for leaking theese files.

And im certainly no expert on the subject of cyber warfare or the tools used to fight it. I prefer to leave theese things to people who do understand them.

Again, this is Wikileaks editorializing and making leaps. The press release states that the CIA was looking to infect vehicle software systems like QNX with malware. "The purpose of such control is not specified, but [strong]it would permit the CIA to engage in nearly undetectable assassinations[/strong]."

First, no, it would permit such things -- at least if we're talking about QNX. As far as I know, QNX doesn't extend to actual vehicle controls for brakes, acceleration, etc. and only apply to feature like telematics, advanced driver assistance, hands-free controls and entertainment systems. So I'm not sure why Wikileaks would claim that CIA hacks could potentially allow the agency to gain control of a vehicle and crash it, though I'm sure Wikileaks would love to spark more conspiracy theories about Michael Hastings' death.

Second, there's nothing in the leaked documents that suggest that the aim of the CIA is to remote control, disable and crash vehicles (even if it were possible with other car OSes). It's highly likely (though obviously unconfirmed) that the hacking efforts in question would designed to leverage the hand-free/entertainment controls to establish a surveillance "listening post," similar to the Samsung smart TV hacks disclosed in the Vault 7 docs.

If youre willing to assume that the prospect of RC assassinations are real for a moment, could you see this being used for self driving or driverless vehicles?

And yes more surveillance does seem more likely today than actually forcing vehicles to crash.

Although i remain skeptical (out of ignorance, i admit) that vehicles driven by electric and dynamic hybrid motors couldnt be hacked and at least forced to stop.

And a document at least proposed the creation of meme task force.

And don't forget the emojis.

Im more interested to find out if they actually tried it, and what memes, if any, they tried to get off the ground.

 

[Exley97_v1legacy]

I haven't seen any evidence or reports that the data contains actual false flag operations using other hacking groups'/nation-state's malware or attack techniques. Yes, the CIA collects malware and attack methods from other parties in a database. Yes, they use that information and take "code snippets" of existing malware to adapt their own methods and malware. I'm sure every government cyber operation does the same (which, on a side note, is why things like Stuxnet are so dangerous -- because now Iran, Russia and others can use the same code and adapt it for new variants).

Making the leap to say that the CIA is running a false flag operation is extremely irresponsible, especially since 1) there's no documentation in the leaks that shows the CIA took third-party malware and used it for an attack, and 2) the very document that Wikileaks posted states the goal of the Umbrage "Component Library" in black & white:

"The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications."

What's more, you can't engage in an effort to "misdirect attribution" as Wikileaks claims if you're building a custom solutions that only uses "snippets" of code from existing malware types. That's complete and utter nonsense, and no cyber attribution expert in the world would go for that.

Id just like to point out the CIA does have false flag operations in its history. Now granted not its recent history but such things are probably put beyond the reach of the former contractors allegedly responsible for leaking theese files.

And im certainly no expert on the subject of cyber warfare or the tools used to fight it. I prefer to leave theese things to people who do understand them.

The CIA has a long and distinguished history of shady, immoral and outright criminal acts. That's not in dispute. I just think we need to be careful before taking what limited information we have from the Vault 7 dump and running crazy with it about false flag ops and remotely crashing cars when there is zero evidence the CIA is actually doing those things.

Again, this is Wikileaks editorializing and making leaps. The press release states that the CIA was looking to infect vehicle software systems like QNX with malware. "The purpose of such control is not specified, but [strong]it would permit the CIA to engage in nearly undetectable assassinations[/strong]."

First, no, it would permit such things -- at least if we're talking about QNX. As far as I know, QNX doesn't extend to actual vehicle controls for brakes, acceleration, etc. and only apply to feature like telematics, advanced driver assistance, hands-free controls and entertainment systems. So I'm not sure why Wikileaks would claim that CIA hacks could potentially allow the agency to gain control of a vehicle and crash it, though I'm sure Wikileaks would love to spark more conspiracy theories about Michael Hastings' death.

Second, there's nothing in the leaked documents that suggest that the aim of the CIA is to remote control, disable and crash vehicles (even if it were possible with other car OSes). It's highly likely (though obviously unconfirmed) that the hacking efforts in question would designed to leverage the hand-free/entertainment controls to establish a surveillance "listening post," similar to the Samsung smart TV hacks disclosed in the Vault 7 docs.

If youre willing to assume that the prospect of RC assassinations are real for a moment, could you see this being used for self driving or driverless vehicles?

And yes more surveillance does seem more likely today than actually forcing vehicles to crash.

Although i remain skeptical (out of ignorance, i admit) that vehicles driven by electric and dynamic hybrid motors couldnt be hacked and at least forced to stop.

To answer your question, yes -- I could see these sorts of hacks being used for driverless cars. The embedded system security of these vehicles will be one of the biggest, if not the biggest, sticking points for widespread adoption. If people suspect that someone can hack into their Google self-driving compact and run it off a bridge, there's little chance they'll take that risk.

 

[TheMysteriousGX]

That's actually in the documents. It turns out, there's a regulation that says nothing classified can be sent over the internet, so to circumvent this, the CIA declassified it's malware programs. That means that people who know where to look can get a hold of them. The CIA's hacking tools are in the hands of criminals all over the country and the world. They could even be in the hands of foreign governments.

I'm fairly certain that if the CIA cyber warfare folks were willing to declassify (some) of their malware programs just to make it easy to download off the Internet, then those malware programs probably don't pack much of a punch at the level the CIA or foreign governments operate at. I give it a 50/50 that this is a (possible I'll-conceived) honeypot trap.

Besides, zero day attacks are mostly a cyber security red herring. Why go through all that effort if you can just hand out USB drives to government officials in goodie bags at a convention or trick some low level schmuck into clinking on an email link?