WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com) 102
An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
Re: (Score:2, Funny)
Curious how the summary doesn't include the part about the CIA having tools to impersonate Kaspersky Labs. Would that conflict with the narrative too much?
I knew it!! The CIA is in cahoots with Kaspersjy who is in cahoots with the Russian government!
Get this, the Russian government has been infiltrated by a small group of Cardinals from the Catholic Church - who are really Muslims working for the Saudi Royal Family.
What the Saudi Royal Family doesn't know is that it has been infiltrated by the Massad of Israel. But the Massad of Israel is taking orders from a small Orthodox Jewish Sect in the Cayman Islands. And you guessed it, they are really Soto Buddhis
Re: Kaspersky (Score:2, Interesting)
No one said that. Do you understand how an argument works?
Someone criticizes the CIA
You start talking about the FSB
If someone asks you what time it is, do you tell them the weather?
Re: (Score:1)
Re: (Score:1)
Re: Kaspersky (Score:1)
KGB is also evil.
Why do you people not understand that saying the CIA is bad does not mean the KGB is good?
They are both bad. Lying, cheating and murdering is what governments do.
Re: (Score:3)
B-b-but Russia! (Score:2)
Re: (Score:2)
Hasn't anyone told you that people are tired of the russia defense? Someone meeds to update your script.
I thought we had progressed to the "well it's not as bad as North Korea" defence?
The Real Hero Spies: Snowden, Binney, Drake, etc. (Score:1)
There are a handful of real heroes from the intelligence community.
Edward Snowden
Bill Binney
Thomas Drake
Robert David Steele
Ray McGovern
And all the rest who have stood up to protect us from Big Brother.
Re: (Score:1)
Of course that will get ignored, didnt you know Wikileaks is just another arm of the KGB?
I thought *everyone* knew that! It is your duty as a citizen to know that!
I think you had better report yourself immediately for re-education.
Was the whole Kaspersky thing not completely transparent enough to make it clear that they are being punished for not playing 'the game'?
Re: (Score:2)
Re: (Score:1)
Please.
You have to give out your name first citizen. How else are they going to find you?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm a dual national, so I am willing and quite able to call this disgraceful, ... traitor
Ah, so you are a dual national, and by the transitive property of citizenship, that makes Assange an American sworn to the flag?
Please renounce your Australian citizenship and help raise our average IQ.
Anyway, I think you will find that the USA was founded by traitors, by definition, as they waged war against their king. So it should not be the insult you imagine.
Re: (Score:3, Insightful)
You do have to wonder why Wikileaks and Assange are so eager to target everything U.S. - the intelligence agencies, political fuck-ups, armed forces fuck-ups...
Sure the U.S. isn't perfect and you will always find something to criticize, but there are much worse countries in the world, actively fighting against liberties, free press, human rights, etc. the most prominent and important being China and Russia. How come there are never any leaks from these autocratic countries?
By always putting the spotlight on
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re:Somebody shoot this treasonous cunt (Score:5, Informative)
How come there are ***never*** any leaks from these autocratic countries?
Never??? You can go to Wikileak and use the function 'search'. In case of it takes you too much time, here is a story published on Slashdot:
Wikileaks Releases Documents It Claims Detail Russia Mass Surveillance Apparatus [slashdot.org]
Keep in mind that Wikileaks is a tool to publish anonymous documents, you can't ask Wikileaks to publish what they don't have.
By the way, when you are SO angry that Assange 'seems to support repressive regimes', and DEMAND Wikileaks 'to do somethings' with these governments, I don't know where you were at those topic:
YouTube Suspends Account of Popular Chinese Dissident [slashdot.org]
Apple Pulls Anti-Censorship Apps from China's App Store [slashdot.org]
Bonus, don't blame Wikileaks and Assange for his 'so-called-anti-USA':
Cisco Leak: 'Great Firewall' of China Was a Chance to Sell More Routers [wired.com]
Thank you (Score:2)
Re:Somebody shoot this treasonous cunt (Score:4, Insightful)
This is about spying. Snowden showed that the US is #1!!!
I'm sure Russia has a good spy program, as well as England, Israel, and China. Probably some European countries as well (maybe South Korea, but aimed at the North). Australia is in there as well, which is surprising to me.
And the US's spending on military is unmatched (but probably envied). We spend about as much as the next top 10 countries combined, those other countries represent well over 2 billion people (China and India are in there):
https://en.wikipedia.org/wiki/... [wikipedia.org]
Same goes for spending on nuclear weapons:
http://www.icanw.org/the-facts... [icanw.org]
Why is the US a primary target of things such as Wikileaks? Because everyone else in the world is a target of ours. And our own citizens are as well. Sad, as someone currently in power would say.
Re: (Score:3, Interesting)
Russia, or China are mostly quiet, doing stuff in their own countries for the most part ( that YOU might consider as anti whatever, but locals not so much ).
The US on the other hand is a loud mouth cowboy who pretends he's all just and moral while bombing the crap out of everything, rigging elections, installing puppet presidents, doing ass
Re: (Score:1)
autocratic
What does this word mean to you? You're using it as newspeak. It's objective definition, never mind several subjective ones that might be commonly used, in this context is "sovereign country".
You seem to adopt the kit worldview that nobody has the right to run their country any other way than the way the US does.
What civil liberties do you think we have when our population is meticulously brainwashed to only accept the official point of view? The Bank rules the media (and everything else really), the media
Re: (Score:1)
It is just utterly bizarre to hear this, "Yeah, well if you don't like it, go to Russia!" line of thought from Leftists. WTF? You spend 50 years telling us this was bullshit. "I only criticize you America not because it harms you, but I know how much better you could be" is the line I always got.
When did you become such Sinophobic/Russophobic bigoted jingoists? How many countries has China bombed? How can anyone say they would make a worse world leader than America? Americans are the least educated
Re: (Score:2)
How come there are never any leaks from these autocratic countries?
Because of observer bias. Specifically your bias. Your bias that you don't actually look on Wikileaks, your bias that you read US news that is all too eager to point out US issues.
Also there's population bias. If someone leaks to you hundreds of gigabytes of USA criticisms, do you say: "Well I'd like to share it, but really I can only share 1GB because I only have 1GB from Russia and 1GB from China, and god forbid my site starts looking biased* in the information I release"
*I'm being facetious. Not releasin
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
What about someone who wraps their evil in the flag, purporting to fight for rights while working to destroy them. Deep rooted authoritarian fascism under the guise of 'I'm the good guy, and the government is standing up for freedom' with the hidden agenda of obliterating what remains of our civil liberties, to give American intelligence and law enforcement carte blanche to intrude as much as they desire in their own citizens lives, free from due process and accountability.
I'd say so
Hive impersonates Kapersky certs and netwrok traff (Score:2)
CIA's Hive can also hide it's outbound network traffic from compromised devices to look like traffic going to Kapersky. That's also in the leak posted by Wikileaks.
Re: (Score:2)
What better way out of a network than a firewall set to trust an AV product?
Its just the AV updating...
If anyone looks, its all the work of other "nations". The interesting part is how dependant and fixated the West is on the talking points and the need to use trusted products to hide their collect it all data flow.
First, do no harm (Score:1, Insightful)
Zero-days and malware are just a part of the operation.
Any attack also requires an infrastructure to send the phishing emails, host fake login pages, make bogus links look trustworthy, and mask the origin of attacks. Often, setting up that infrastructure is the most time-consuming and expensive part of an attack, so it's often reused for several attacks. That is one of the most reliable mechanisms for identifying the source of an attack, by identifying the infrastructure networks used, and associating group
Re: (Score:2)
Re:First, do no harm (Score:4, Insightful)
Alternatively, WikiLeaks could have consulted a few trusted security researchers to get any insight from the code, and released that insight with limited snippets of code. While that would likely aid attackers in making a similar infrastructure, they'd have to invent their own boilerplate, likely allowing the different reimplementations to be identifiable. The insight from the experts would also contribute more to coherent and realistic discussions on the actual capabilities of the tool, rather than encouraging more "the CIA is hacking everyone!" panic.
Even if the toolset had been sold to one "highest bidder", that would only be one other attackerto identify. The shared infrastructure would be a little confusing for researchers at first, but continued attacks would show distinct operation patterns as a signal rising above the noise. Yes, that does actually strike me as being more secure than opening the tools up to everyone at once, since it's now so much easier to hide any given attack in the higher amount of noise.
Re:First, do no harm (Score:5, Insightful)
We have safely assume that Wikileaks aren't the only ones who have these tools. They have likely already been stolen by others, just like the NSA exploits before them.
Plus for most of us the CIA is just another adversary we want to defend against, no different than any other malicious actor out there.
I much prefer to know about these tools and vulnerabilities so I can defend against them. Patches will come quickly to quality software.
Re: (Score:1)
Patches will come quickly to quality software.
That's a problem. Most software is not of good quality, especially the most commonly used.
Yes, even in the professional markets. ESPECIALLY in the professional markets, actually. I've used some right shitheaps in my time.
Do no harm? (Score:2)
Umm... why are you expecting "journalists" to abide by the Hippocratic Oath? Their entire existence is based around exposing those with harmful behaviors. Given the CIAs track record, I'm not surprised they are considered harmful.
Also, exposing the zero-days will ensure that software is fixed and malware signatures will be added antivirus databases.
Now, thanks to WikiLeaks, any attacker can start to build their own infrastructure from source, that looks just like the CIA. This in turn opens the door to more successful untraceable attacks and false-flag operations. By raising the banner of "journalism", WikiLeaks has yet again contributed to more damaging attacks and escalating conflicts.
That sure sounds like they have created an incentive for government agencies to focus on defending systems rather than exploiting systems.
The lesson to be lear
Re: (Score:2)
The US and UK have a set of tools. What was once CIA, NSA, GCHQ, Royal Ulster Constabulary Special Branch only is now floating around other nations and staff.
Hardware and software to rent, for a shared faith, domestic politics, to buy.
The US and UK shared methods with trusted experts in NATO. To impress new friends in NATO, EU bureaucracy? To get staff in the
Re: (Score:2)
So you are saying, other people can imitate the US government security apparatus by pretending to be other people, pretending to be other people (not an error). Do you not see the ludicrousness of your proposition. You can pretend to look like the CIA pretending to look like Kaspersky in order to attack any Russian business for simply being Russian or just hacking Russian security software in order to hack Russian corporations using it.
The US is breaking computer crimes across the globe to chiefly blackmai
Re: (Score:1)
Yeah let's let the shadow government keep raping anyone they feel like. Great idea.
The solution to the problem isn't painless. We let this cancer get into the heart of our supposed democracy.
Re: (Score:1)
Since when is Wikileaks a journalist? They haven't ever been caught faking anything, or bending the facts to fit a pre-existing political bias. How's that journalism?
Once upon a time, the term "journalist" carried a social expectation of trying to present the truth without harm.
LOL that time is long past. Journalists spread fake news all the time, whenever it satisfies their emotional needs and validates their pre-existing political biases. It's very menacing if journalists with the loudest claim t