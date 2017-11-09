WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com) 58
An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
Curious how the summary doesn't include the part about the CIA having tools to impersonate Kaspersky Labs. Would that conflict with the narrative too much?
I knew it!! The CIA is in cahoots with Kaspersjy who is in cahoots with the Russian government!
Get this, the Russian government has been infiltrated by a small group of Cardinals from the Catholic Church - who are really Muslims working for the Saudi Royal Family.
What the Saudi Royal Family doesn't know is that it has been infiltrated by the Massad of Israel. But the Massad of Israel is taking orders from a small Orthodox Jewish Sect in the Cayman Islands. And you guessed it, they are really Soto Buddhis
God DAMNIT you neckbeards are so full of shit.
I'd waste my time trying to spell out the fact that the CIA are a thin blue line against the dictators and terrorists of the world; but no, you'd just stick your fingers in your stupid, clueless years, and then beg Putin for a reacharound.
Fucking neckbeards, and "techno-libertarian" Putin-loving tech bros disgust me.
Of course that will get ignored, didnt you know Wikileaks is just another arm of the KGB?
I thought *everyone* knew that! It is your duty as a citizen to know that!
I think you had better report yourself immediately for re-education.
Was the whole Kaspersky thing not completely transparent enough to make it clear that they are being punished for not playing 'the game'?
Olgino is the tip of a gigantic, lavishly-funded iceberg. Think of it, not as a troll farm, but an entire archipelago of vory, guns for hire, spooks and misfits being paid lavishly to undermine the West. This programme is extremely well funded -- about a billion $US a year at least. This is fascist Russia's great big moonshot to destroy the West before we choke them out by cutting off their oil money.
Please.
You have to give out your name first citizen. How else are they going to find you?
Eat a dick, Ivan.
You "nationalists" have been rumbled. We will _get_ you, and smash your drunken, Chekist-infested shithole country down, the way we SHOULD have in 1991.
I'm a dual national, so I am willing and quite able to call this disgraceful, evil Quisling cunt the traitor that he is.
He's a fucking traitor, and he's going to burn in hell.
You do have to wonder why Wikileaks and Assange are so eager to target everything U.S. - the intelligence agencies, political fuck-ups, armed forces fuck-ups...
Sure the U.S. isn't perfect and you will always find something to criticize, but there are much worse countries in the world, actively fighting against liberties, free press, human rights, etc. the most prominent and important being China and Russia. How come there are never any leaks from these autocratic countries?
By always putting the spotlight on
If that shithead had half a brain, he'd surrender to the Americans, rather than risk getting served polonium tea by the Russians.
But then Mr Rapey has always been a criminally-insane lunatic narciccissist with authority issues. God-willing, Russia will poison his rapey arse and he'll get to be the example to all over criminal narciccists after him, who thinks that defecting to the enemy is a good idea.
How come there are ***never*** any leaks from these autocratic countries?
Never??? You can go to Wikileak and use the function 'search'. In case of it takes you too much time, here is a story published on Slashdot:
Wikileaks Releases Documents It Claims Detail Russia Mass Surveillance Apparatus [slashdot.org]
Keep in mind that Wikileaks is a tool to publish anonymous documents, you can't ask Wikileaks to publish what they don't have.
By the way, when you are SO angry that Assange 'seems to support repressive regimes', and DEMAND Wikileaks 'to do somethings' with these governments, I don't kno
This is about spying. Snowden showed that the US is #1!!!
I'm sure Russia has a good spy program, as well as England, Israel, and China. Probably some European countries as well (maybe South Korea, but aimed at the North). Australia is in there as well, which is surprising to me.
And the US's spending on military is unmatched (but probably envied). We spend about as much as the next top 10 countries combined, those other countries represent well over 2 billion people (China and India are in there):
https:/ [wikipedia.org]
With Russia's thumb on the scale.
Trump is not legitimate.
Shut up, moskal.
Actually, quite a few of us DO understand, that the CIA, the NSA and the FBI are the silent guardians who stand between a world of rules and order -- and a world run by Chekist-mafia scum like Vladimir Putin.
Western intelligence may not always get it right, but I trust them VASTLY more than the mafia-Chekist nightmare that is Russia and it's thralls/vassals.
Hive impersonates Kapersky certs and netwrok traff (Score:2)
CIA's Hive can also hide it's outbound network traffic from compromised devices to look like traffic going to Kapersky. That's also in the leak posted by Wikileaks.
What better way out of a network than a firewall set to trust an AV product?
Its just the AV updating...
If anyone looks, its all the work of other "nations". The interesting part is how dependant and fixated the West is on the talking points and the need to use trusted products to hide their collect it all data flow.
First, do no harm (Score:5, Insightful)
Zero-days and malware are just a part of the operation.
Any attack also requires an infrastructure to send the phishing emails, host fake login pages, make bogus links look trustworthy, and mask the origin of attacks. Often, setting up that infrastructure is the most time-consuming and expensive part of an attack, so it's often reused for several attacks. That is one of the most reliable mechanisms for identifying the source of an attack, by identifying the infrastructure networks used, and associating groups of attacks together, then connecting specific attacks with specific political actions.
Now, thanks to WikiLeaks, any attacker can start to build their own infrastructure from source, that looks just like the CIA. This in turn opens the door to more successful untraceable attacks and false-flag operations. By raising the banner of "journalism", WikiLeaks has yet again contributed to more damaging attacks and escalating conflicts.
Once upon a time, the term "journalist" carried a social expectation of trying to present the truth without harm. Dumping unfiltered source code doesn't offer any new insight except to a few good researchers, but it does enable significant harm and neuters those same researchers' usual techniques.
I'm unimpressed.
Alternatively, WikiLeaks could have consulted a few trusted security researchers to get any insight from the code, and released that insight with limited snippets of code. While that would likely aid attackers in making a similar infrastructure, they'd have to invent their own boilerplate, likely allowing the different reimplementations to be identifiable. The insight from the experts would also contribute more to coherent and realistic discussions on the actual capabilities of the tool, rather than encoura
Re:First, do no harm (Score:4, Insightful)
We have safely assume that Wikileaks aren't the only ones who have these tools. They have likely already been stolen by others, just like the NSA exploits before them.
Plus for most of us the CIA is just another adversary we want to defend against, no different than any other malicious actor out there.
I much prefer to know about these tools and vulnerabilities so I can defend against them. Patches will come quickly to quality software.
Do no harm? (Score:2)
Umm... why are you expecting "journalists" to abide by the Hippocratic Oath? Their entire existence is based around exposing those with harmful behaviors. Given the CIAs track record, I'm not surprised they are considered harmful.
Also, exposing the zero-days will ensure that software is fixed and malware signatures will be added antivirus databases.
Now, thanks to WikiLeaks, any attacker can start to build their own infrastructure from source, that looks just like the CIA. This in turn opens the door to more successful untraceable attacks and false-flag operations. By raising the banner of "journalism", WikiLeaks has yet again contributed to more damaging attacks and escalating conflicts.
That sure sounds like they have created an incentive for government agencies to focus on defending systems rather than exploiting systems.
The lesson to be lear
The US and UK have a set of tools. What was once CIA, NSA, GCHQ, Royal Ulster Constabulary Special Branch only is now floating around other nations and staff.
Hardware and software to rent, for a shared faith, domestic politics, to buy.
The US and UK shared methods with trusted experts in NATO. To impress new friends in NATO, EU bureaucracy? To get staff in the
So you are saying, other people can imitate the US government security apparatus by pretending to be other people, pretending to be other people (not an error). Do you not see the ludicrousness of your proposition. You can pretend to look like the CIA pretending to look like Kaspersky in order to attack any Russian business for simply being Russian or just hacking Russian security software in order to hack Russian corporations using it.
The US is breaking computer crimes across the globe to chiefly blackmai