[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4643



File: 1488950932544.png (35.86 KB, 300x195, vault.jpg)

No.4643

the last one got locked,and this is something we should be talking about....

so far the cybersec implications are that the cia has tools to compromise windows, ios and linux, and some computer programs

  No.4645

File: 1488969557153.png (36.9 KB, 200x199, cia_raptor.jpg)

>>4643
I'm just waiting what will Trump bring up today (if anything), he's in really sketchy situtation rn.

Anyway, the tinfoil anons were right, we are getting fuarrrked up by surveillance everywhere/anytime ... They also have soykaf to screw you over and make you guilty with no effort... Don't know about you but this is getting scary....like 1984 scary....

If anyone discovers any interesting files, bring it up, i was checking this Philosoraptor thing, anyone got any insights what it could be?

https://wikileaks.org/ciav7p1/cms/space_15204353.html

  No.4649

>>4645
There was never any "tinfoil", Snowden leaked documents about this years ago, we just now have more concrete proof

  No.4650

>>4649
The Snowden leaks were NSA focused though, CIA is departmentally seperate. Also the implications that this was being shared around fairly carelessly, and as a result leaked is concerning and frankly embarrasing for the CIA.

Wikileaks claim that this is less than 1% of the total size of the Vault7 archive they have, so there is much more to come. What do lains think about the tools themselves being released? Reckless and dangerous, or a requirement for security?
I'd prefer these tools were published and patched - it would improve security ultiately, and also cripple the CIA's ops teams for a while.

  No.4651

>>4650
Wikileaks should release ALL files they have, so no one could accuse them of being one-sided.

Ofcourse that means soykafstorm for all security engineers and other people dealing with that things but fuarrrk it, we need to know what vulnerabilities are out there and who is exploiting them ... and yea that will also bring many famous intelligence agencies to their knees (will it ?), and may also result in war or some greater incident.

  No.4653

>>4650
The wikileaks could release first to the targets and after 15~30 for everyone.

>>4645
>he's in really sketchy situation
Probably he will "support" the wikileaks but behind the scenes will try buy CIA support for the long term.

  No.4654

File: 1488990666918.png (9.75 KB, 200x43, logo.png)

https://wikileaks.org/ciav7p1/cms/page_36405256.html

Anyone who's been working on meshnet projects (Hyperboria) or CJDNS should probably find it worrisome that these projects were being monitored by the CIA for "a foundation for an operational CCI tool."

It's important to remember that the intelligence agencies are watching very closely the development of anonymizing tools, and we need to be aware of whether they're interfering with their design.

  No.4655

>>4653
He will definitely support wikileaks, but why would he need the support of the CIA if they spied on him almost 24/7 during his campaign ? Don't you think it would be better idea just to purge that mess and set up his own people ?

Also Tesla is kill.

  No.4657

>>4655
>Don't you think it would be better idea just to purge that mess and set up his own people ?

tbh I think the military beaurocrats have more power than the president when it comes to their job security.

  No.4659

>>4655
He's expressed hate for Snowden before. He doesn't give a soykaf if we're being spied on.

  No.4660

>>4643
When people talk about the leaks they should be more specific. "exploits for iOS, Linux, and Windows" doesn't really mean anything. Specifically we're looking at privilege escalation in consumer machines, mostly exploiting vulnerabilities in UEFI, some Windows registry hacks, and Linux kernel exploits.

Of course it's hard to even talk about this because Wikileaks has their own agenda and isn't releasing this all at once.

What we have seen so far is scary because of how much they've been able to break basic computer security, but it's honestly not as worrying as the NSA leaks. These are all targeted attacks we've seen, where the CIA would need to identify you personally as a threat actor, and honestly if the CIA already had identified you you're fuarrrked, regardless of if they can get into your computer. The NSA soykaf, the dragnet surveillance, is still more terrifying (to me at least). That's the soykaf where you'll get pulled into court on being at a protest and they'll bring up phone records of yours from 2 years ago. That's much more likely to happen to someone on this website, and it's a better tool for controlling a populace.

Although who knows, maybe there's more dragnet style soykaf coming in the leaks, which we don't fuarrrking know because Wikileaks is so fuarrrking attached to Trump's dick it's like a vestigial limb at this point

  No.4661

Tor is faster now. Thanks Wikileaks

  No.4662

>>4655
>Tesla is kill
meaning the remote car hacking thing, or is there something specific to Tesla?

  No.4669

>>4662
NASA founded him right before he went full bankrupt, also those "accidents" of some CIA officials and enemies of obama in Tesla cars are suspicious AF ... Imho Tesla is CIA agent doing with his cars what he's told to...

  No.4670

>>4669
before he almost went bankrupt*

  No.4672

All the 'hacks' have been available on github for years. Convince me why this isn't skid level and why I should worry if I have a modicum of intelligence and knowledge in infosec.

  No.4673

>>4672
>All the 'hacks' have been available on github for years. Convince me why this isn't skid level and why I should worry if I have a modicum of intelligence and knowledge in infosec.

Because as I see it it's just another leak to spread FUD among conspiritards who have no idea how any of this soykaf works, or just found a passing interest because Assange said it was a big deal.

  No.4691

File: 1489067932195.png (447.84 KB, 16x200, 3E72SWSEOJEESYT6T5OPG6PZJ7F7FMVDICM73BCPKQ44UT32B5XVFSKM6LW5HVAL7T6S75Z67IQ7WBCA3G4LOLFHVYQWJS5734OJCKY=.gif)

>>4660
I agree, mass surveillaince by "design" is what should really worry people. This is nothing compared to PRISM, XKeyScore and Tempora.

  No.4703

>>4672
>All the 'hacks' have been available on github for years.

sauce?

  No.4705

>>4703

check the other thread lainon, i already posted a few.

  No.4714

>>4705
did not find any github links in the previous thread.

  No.4715


  No.4716

https://www.youtube.com/watch?v=qEdI3pgOkdQ

Pence against the Wikileaks...this is getting funny.

  No.4717

https://www.theregister.co.uk/2017/03/10/wikileaks_to_pass_cia_hack_code_vendor_patching/
They're going to release the tools/exploits to vendors so that they can be patched.

Former USAF officer Jason Healey says:
>Disclosure of ‪#Vault7‬ 0days should come from USG, not Wikileaks
Because they've been doing that so well up until now...

  No.4721

>>4717

so i don't get that because assuming they have windows 0days microsoft will either directly announce them during patch tuesday and well know w/some confidence it was from vault leak or theyll patch it silent and nerds like me will view the binary diffs and know w/some confidence it came from the vault leak.

  No.4722

>will view the binary diffs and know w/some confidence it came from the vault leak.
My bets on this seeing as from history, MS barely have had a spine when it comes to the agencies.

  No.4730

Political discussion trumping security discussion is what had the last thread locked.

Any further overtly political discussion in this thread will be deleted. Please use /q/ if you have any complaints regarding this.

  No.4733

A couple days after the initial soykafshow, it honestly doesn't seem like this is that bad.

Summarizing these leaks, exploits for old Android phones (nothing above Android 4.1), exploits in UEFI that require physical access, kernel exploits in Linux/OSX that have or are in the process of being patched out, exploited IoT devices and smart TVs (which you should never ever buy even if your dumb twitter fridge gets security updates)...

CIA is a piece of soykaf org that is trying to undermine democracy, but these specific exploits seem to be targeted at very specific people (and if the CIA is going after you specifically there aint soykaf you can do) or outdated opsec.

The NSA contained more widespread and arguably more dangerous tools. If nothing else this maybe will increase people's awareness? But this isn't some massive bombshell people here and Wikileaks made it out to be on initial release.

In summary, don't install shady soykaf, make sure every device is as up to date as possible, avoid proprietary and close source software whenever possible, don't use phones that are behind on security updates (old phones are fine if you're still receiving security patches, but if your device has reached EOL, or, if god forbid, you're still on Android Kit Kat, you need to upgrade.

Oh and don't ever ever use windows. Or buy a pressure cooker with an internet connection. In fact, reduce the number of things in your life that have internet connections at all. Your TV doesn't need internet, your car doesn't need internet, your fridge/music player/whatever doesn't need internet.

  No.4734

>>4733
Really, your game system probably doesn't need internet. Or should at least be disconnected from the internet whenever possible.

Don't buy any device with an always on microphone. The Xbox one and Alexa seem to have been specifically targeted.

  No.4735

File: 1489179749777.png (47.17 KB, 200x120, fatmen.png)

>>4727
>Things like VM Detection, MITM at the ISP, and separate binaries for each infection. Add to that the abilities outlined in UMBRAGE and HIVE, and you have a serious political implications.

You're paying attention. The V7 leak appears outdated and non-critical. It's barely grazing the surface. Consider what you don't know, and why.

  No.4736

>>4733


>>exploits for old Android phones (nothing above Android 4.1),


These documents do not come with time stamps. That particular document is likely several years old, even though the release for this is dated in 2016. Further, while Android 4.x does have unpatched remote code execution vulnerabilities, that does not mean that the vunerabilities that were listed in what has been released so far have been patched. We have not seen any code related to the exploits, only the version for which it was written and what category it falls under. (As well as where it was aquired from, but lets not stray into the political.) It also does not indicate that the CIA does not have other, unlisted vulnerabilities. Further, 4.1 is not the only version listed. There are references to 4.4.4. Not every exploit has a version tag. Many are hardware specific attacks, and could theoretically still be vulnerable even after an OS update. Ref: https://wikileaks.org/ciav7p1/cms/page_11629096.html

Further, at the time, all requests they had were for android 4 devices. Ref: https://wikileaks.org/ciav7p1/cms/page_34832386.html Note the date for this document is November 2015. Fully a year after Lolipop went live. At the time, the only burner phones you could pick up were old devices.

>>exploits in UEFI that require physical access,


Vulnerabilities that require physical access should not be excluded. There is plenty of evidence that government agencies have intercepted devices in route and planted malware.


>>kernel exploits in Linux/OSX that have or are in the process of being patched out,


Again, many of the documents that have been released so far are older than what one would expect. While some of the documents are more recent, many of them are years old. Also, "in the process of being patched out" means they are still vulnerable.

>>exploited IoT devices and smart TVs


This is the one everyone latches on to. While sure, you have not been singled out for surveillance (probably), if this vector has been automated, and based on the info we have on HIVE and FINEDINING it likely is, it's possible ALL Samsung TVs are compromised and ALL audio is being transcribed and stored.


>>The NSA contained more widespread and arguably more dangerous tools.


The NSA cast a wider net, but there were no 0day exploits or other tools explicitly disclosed. They attacked via ISP at the transport layer, in a passive manner. What the CIA is doing is active penetration. Further, the CIA compromised national security by allowing these tools to fall into unknown and/or irresponsible hands, which could, by conjecture, fall into the wrong hands. That is the biggest, most important take away from this. The most dangerous government agency in the world lost control of the most dangerous arsenal in the world, and didn't do anything to resolve that dilemma, lest they loose a few cool toys they have grown fond of.

Another important takeaway that I'm not seeing be discussed is UMBRAGE, providing agents to frame other hackers for their actions. This is exactly why it's so hard not to talk about the politics surrounding this, as politics are intertwined with the focus and capabilities of these tools.

  No.4737

>>4736
You can't claim that it's all old tools and therefore we can't pay attention to these specific tools, we have to think about what the CIA is "probably doing" because it means who gives a soykaf about the leaks? We figured the CIA was "probably" up to soykaf even before the Snowden leaks, much less this.

"Devices could have been intercepted in transit and compromised, insecure 'smart' devices like TVs have vulnerabilities and are probably listening, and people are taking advantage of kernel exploits before they get patched"

That's honestly a pretty boring sentiment, and would not be out of place a week ago. Hell, if I posted that verbatim here months ago nobody would have batted an eye, much less the general public. In fact I've said this verbatim to people IRL, and have been saying so for years.

And still, that doesn't change my conclusion. Don't use old versions of software without security patches, don't buy smart TVs and other appliances (cars esp), push for and emphasize open-source, audited solutions. That goal is noble and necessary, it was in 2014, it was in 2008, honestly it was since the dawn of the public internet.

There are always those trying to gain access to your machines, and as the years progress state actors with wide ranges and resources are going to be doing it more and more. Vote against those people, spread the word amongst your friends and family as much as possible, Stallman Was Right ™. I stood by all that prior to these leaks, and I'll stand by them going forward.

  No.4738

File: 1489198721514.png (393.67 KB, 200x113, revolutionary-ethics.jpg)

>>4737
>That's honestly a pretty boring sentiment, and would not be out of place a week ago. Hell, if I posted that verbatim here months ago nobody would have batted an eye, much less the general public. In fact I've said this verbatim to people IRL, and have been saying so for years.

That's the point actually. People who knew anything about how this technology works knew it would be exploited this way, so it really doesn't seem that surprising to those of us who were just waiting for this to happen. It's despite the obvious contraventions to the whole "rule of law" idea, wealthy elites are still centralizing control.

What comes next is most interesting. That critical point where the authoritarian elites responsible for deploying these tools amass so much compromising information on everyone that they have no choice but to go full on "mass enforcement".

We might live to see the day.

  No.4740

File: 1489202238712.png (64.44 KB, 200x142, every_type_of_cancer.jpg)

brought up the leaks at work to a software developer. his verbatum response: "I dont care I have nothings to hide". I went full retard and started ranting about the post 9/11 generation. it was the most angry Ive been in a long time.

  No.4742

>>4740
hey, I'm a post 9/11 generation and the surveillance state has made me even more paranoid

  No.4743

>>4740
I used to shun people who unironically used the word "normal person" but then someone told me "I don't care that the NSA knows what porn I look at, I actually have a life and have better things to do than masturbate." This... killed a lot of my faith in humanity. I found myself even fighting to not use the word "normal person".

  No.4744

>>4740
Perfect example as to why the world deserves a lovemachine, a variant of nitro zeus striking home or the danes unleashing the troll to wake these drones the fuarrrk up and finally put a nail in the coffin of "you have nothing to hide".

  No.4745

You guys are lucky. I know people who knowingly hide their ignorance by saying technology was a mistake and go meta on me and then also lose that argument because I go meta everytime I feel like one of my beliefs is false.

  No.4761

>>4650
Wiki leeks should treat like any other 0 day - release info to software vendors first so they can patch - then go public in full 30 days (possibly longer if some issues are huge or very complex to patch).
Will kill a lot of agency's power while simultaneously making computing more secure.

  No.4779

>>4761

If you were actually following the Vault 7 news, then you'd know that THIS IS EXACTLY WHAT WIKILEAKS IS DOING. The documents that have been publicly released don't contain code or specific technical details on the exploits in question. They're just documents about HOW the CIA uses the exploits.

In his thursday press conference, Assange specifically said that Wikileaks is privately reaching out to tech companies to provide details to help said tech companies patch the exploits. What Wikileaks is doing right now with Vault 7 is no different than what any other white-hat security researcher would do. They're following proper responsible-disclosure practices.

  No.4782

Did someone get his hands on some of the tools?

  No.4792

>>4782
No they purposefully didn't release tools, however there were some binaries and example code for well known exploits.

I stumbled upon this linked in an El Reg article this morning: http://marcmaiffret.com/vault7/
This describes how one of the tools not fully released might work.

  No.4793

How can the exploits be trusted to exist if they aren't released?

  No.4803

>>4793
because they're all feasible and many bugs have been found in software that match the types of exploits that are in the docs.

  No.4909

File: 1490276543477.png (131.46 KB, 200x123, cia-wikileaks.jpg)

New vault7 "Dark Matter" release shows how CIA compromised Apple devices by using EFI and firmware malware
https://wikileaks.org/vault7/darkmatter/

  No.4991

Another release, this time it's about the "Marble Framework", used to obfuscate malware so that it can't be tied back to the CIA and to insert text in other languanges to spoof the origin. The source code shows that it had text examples for Chinese, Russian, Korean, Arabic and Farsi.