Tag Archives: wikileaks

Infestation: Vault 7 on the CIA cyber weapons

On 7 March 2017, WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency…code-named “Vault 7” by WikiLeaks..

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones….

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA”…

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation)…. Malware called “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), infests smart TVs, transforming them into covert microphones…  The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB). The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.  Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services…

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa….

If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation...

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity…The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.  With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

Excerpts from, Vault 7: CIA Hacking Tools Revealed, Wikileaks Press Release, Mar. 7, 2017

Transparency the Wikileaks Way

wikileaks-logo

WikiLeaks founder Julian Assange first outlined the hypothesis nearly a decade ago: Can total transparency defeat an entrenched group of insiders?“Consider what would happen,” Assange wrote in 2006, if one of America’s two major parties had their emails, faxes, campaign briefings, internal polls and donor data all exposed to public scrutiny.”They would immediately fall into an organizational stupor,” he predicted, “and lose to the other.”

A decade later, various organs of the Democratic Party have been hacked; several staffers have resigned and Democratic presidential candidate Hillary Clinton has seen the inner workings of her campaign exposed to the public, including disclosures calling into question her positions on trade and Wall Street and her relationship with the party’s left . Many of these emails have been released into the public domain by WikiLeaks.

Some see the leaks as a sign that Assange has thrown his lot in with Republican rival Donald Trump or even with Russia. But others who’ve followed Assange over the years say he’s less interested in who wins high office than in exposing — and wearing down — the gears of political power that grind away behind the scenes.  “He tends not to think about people, he thinks about systems,” said Finn Brunton, an assistant professor at New York University who has tracked WikiLeaks for years. “What he wants to do is interfere with the machinery of government regardless of who is in charge.”WikiLeaks’ mission was foreshadowed 10 years ago in “Conspiracy as Governance,” a six-page essay Assange posted to his now-defunct blog.

In the essay, Assange described authoritarian governments, corporations, terrorist organizations and political parties as “conspiracies” — groups that hoard secret information to win a competitive advantage over the general public. Leaks cut these groups open like a double-edged knife, empowering the public with privileged information while spreading confusion among the conspirators themselves, he said. If leaking were made easy, Assange argued, conspiratorial organizations would be gripped by paranoia, leaving transparent groups to flourish…

It’s possible that malicious sources are using WikiLeaks for their own ends, said Lisa Lynch, an associate professor at Drew University who has also followed Assange’s career. But she noted that a lifetime far from public service and an aversion to email make Trump a more difficult target.”If Trump had a political career, he’d be more available for Wikileaking,” she said…

He has targeted Republican politicians in the past; in the run-up to the 2008 election his group published the contents of vice presidential candidate Sarah Palin’s inbox. Her reaction at the time anticipated the Democrats’ outrage today. “What kind of a creep would break into a person’s files, steal them, read them, then give them to the press to broadcast all over the world to influence a presidential campaign?” Palin wrote in her autobiography, “Going Rogue.”

Excerpt fro RAPHAEL SATTER,With email dumps, WikiLeaks tests power of full transparency, Associated Press, Oct. 24, 2016

Resuscitating Democracy: the role of Wikileaks

wikileaks ttip

On August 11, 2015 WikiLeaks has launched a campaign to crowd-source a €100,000 reward for Europe’s most wanted secret: the Transatlantic Trade and Investment Partnership (TTIP).

Starting pledges have already been made by a number of high profile activists and luminaries from Europe and the United States….Since it began to face opposition from BRICS countries at the World Trade Organisation, US policy has been to push through a triad of international “trade agreements” outside of the WTO framework, aimed at radically restructuring the economies of negotiating countries, and cutting out the rising economies of Brazil, Russia, India, China and South Africa (BRICS).

The three treaties, the “Three Big T’s”, aim to create a new international legal regime that will allow transnational corporations to bypass domestic courts, evade environmental protections, police the internet on behalf of the content industry, limit the availability of affordable generic medicines, and drastically curtail each country’s legislative sovereignty.  Two of these super-secret trade deals have already been published in large part by WikiLeaks – the Transpacific Partnership Agreement (TPP) and the Trade in Services Agreement (TISA) – defeating unprecedented efforts by negotiating governments to keep them under wraps.

But for Europeans the most significant of these agreements remains shrouded in almost complete secrecy. The Transatlantic Trade and Investment Partnership (TTIP), which is currently under negotiation between the US and the European Union, remains closely guarded by negotiators and big corporations have been given privileged access. The public cannot read it.

Today WikiLeaks is taking steps to ensure that Europeans can finally read the monster trade deal, which has been dubbed an “economic NATO” by former US Secretary of State Hillary Clinton.  Using the new WikiLeaks pledge system everyone can help raise the bounty for Europe’s most wanted leak. The system was deployed in June to raise a $100,000 bounty for the TTIP’s sister-treaty for the Pacific Rim, the TPP.

The pledge system has been hailed by the New York Times as “a great disrupter”, which gives “millions of citizens… the ability to debate a major piece of public policy,” and which “may be the best shot we have at transforming the [treaty negotiation] process from a back-room deal to an open debate.”

WikiLeaks founder Julian Assange said,

“The secrecy of the TTIP casts a shadow on the future of European democracy. Under this cover, special interests are running wild, much as we saw with the recent financial siege against the people of Greece. The TTIP affects the life of every European and draws Europe into long term conflict with Asia. The time for its secrecy to end is now.”

Excerpts from WikiLeaks goes after hyper-secret Euro-American trade pact

Greek Debt Unsustainable: the Wikileaks Cables

Greek protests in front of Greek parliament

2011 Euro-crisis, Wikileaks Cables

Discussing the Greek financial crisis with her personal assistant on 11 October, German Chancellor Angela Merkel professed to be at a loss as to which option–another haircut or a transfer union–would be best for addressing the situation. (The term “haircut” refers to the losses that private investors would incur on the current net value of their Greek bond holdings.) Merkel’s fear was that Athens would be unable to overcome its problems even with an additional haircut, since it would not be able to handle the remaining debt. Furthermore, she doubted that sending financial experts to Greece would be of much help in bringing the financial system there under control. Within the German cabinet, Finance Minister Wolfgang Schnaeuble alone continued to strongly back another haircut, despite Merkel’s efforts to rein him in, while France and European Commission President Jose Manuel Barroso were seen to be in favor of a gentler approach. European Central Bank President Jean-Claude Trichet was solidly opposed, with IMF Managing Director Christine Lagarde described as undecided on the issue. Finally, Merkel believed that action must be taken to enact a Financial Transaction Tax (FTT); doing so next year, she assessed, would be a major step toward achieving some balance in relief for banks. In that regard, the Germans thought that pressure could be brought to bear on the U.S. and British governments to help bring about an FTT.

Euro-crisis Wikileaks Cables: EU Summit: Germans Prepared to Oppose Special Solutions for Greek Financial Crisis

…German Chancellery Director-General for EU Affairs Nikolaus Meyer-Landrut provided on 14 October, 2011 an overview of what Berlin planned to ask for and would be prepared to support. First, the German government wanted solutions that work within the context of current European legislation; accordingly, it would not agree to giving the European Financial Stability Facility (EFSF) a banking license, establishing a joint EFSF-European Central Bank Special Purpose Vehicle, or any other measures that would require legislative changes among the member states. On the other hand, the Germans would support a special IMF fund into which the BRICS (Brazil, Russia, India, China, and South Africa) nations would pool funds for the purpose of bolstering eurozone bailout activities. Meyer-Landrut also believed that a resolution of the Greek crisis will require greater private-sector involvement than was first thought, and that the eurozone must look beyond the technical aspects of a deal and focus instead on the actual progress that Greece will have to make, as regards both legislation and implementation. It was his further opinion that a full-term team will have to be ensconced in Athens for the purpose of monitoring the situation.

The Equinet: decentralization v. enclosure of internet

Internet, image from wikipedia

“The Internet governance should be multilateral, transparent, democratic,and representative, with the participation of governments, private sector, civil society, and international organizations, in their respective roles. This should be one of the foundational principles of Internet governance,” the external affairs ministry says in its initial submission to the April 23-24 Global Multistakeholder Meeting on the Future of Internet Governance, also referred as NETmundial, in Sao Paulo, Brazil.  The proposal for a decentralised Internet is significant in view of Edward Snowden’s Wikileaks revelations of mass surveillance in recent months.

“The structures that manage and regulate the core Internet resources need to be internationalized, and made representative and democratic. The governance of the Internet should also be sensitive to the cultures and national interests of all nations.”The mechanism for governance of the Internet should therefore be transparent and should address all related issues. The Internet must be owned by the global community for mutual benefit and be rendered impervious to possible manipulation or misuse by any particular stake holder, whether state or non-state,” the ministry note says.  NETmundial will see representatives from nearly 180 countries participating to debate the future of Internet…

The US announced last month of its intent to relinquish control of a vital part of Internet Corporation for Assigned Names and Numbers (ICANN) – the Internet Assigned Numbers Authority (IANA).  “Many nations still think that a multilateral role might be more suitable than a multistakeholder approach and two years back India had proposed a 50-nation ‘Committee of Internet Related Policies’ (CIRP) for global internet governance,” Bhattacharjee added.

The concept of Equinet was first floated by Communications Minister Kapil Sibal in 2012 at the Internet Governance Forum in Baku, Azerbaijan.  Dr. Govind, chief executive officer, National Internet Exchange of India, is hopeful that Equinet is achievable. “Equinet is a concept of the Internet as a powerful medium benefiting people across the spectrum. It is all the more significant for India as we have 220 million Internet users, standing third globally after China and the US.”  “Moreover, by the year-end India’s number of Internet users are expected to surpass that of the US. The word Equinet means an equitable Internet which plays the role of an equaliser in the society and not limited only to the privileged people.”

He said the role of government in Internet management is important as far as policy, security and privacy of the cyber space is concerned, but the roles of the private sector, civil society and other stakeholders are no less. “Internet needs to be managed in a more collaborative, cooperative, consultative and consensual manner.”  Talking about the global strategy of renaming Internet as Equinet, he said: “Globally the US has the largest control over the management of the Internet, which is understandable since everything about Internet started there. Developing countries have still not much say over the global management of the Internet. But it is important that the Internet management be more decentralised and globalised so that the developing countries have more participation, have a say in the management where their consent be taken as well.”  The ministry note said: “A mechanism for accountability should be put in place in respect of crimes committed in cyberspace, such that the Internet is a free and secure space for universal benefaction. A ‘new cyber jurisprudence’ needs to be evolved to deal with cyber crime, without being limited by political boundaries and cyber-justice can be delivered in near real time.”

But other experts doubt the possibility of an Equinet or equalising the Internet globally.  Sivasubramanian Muthusamy, president, Internet Society India, Chennai, who is also a participant in the NETmundial, told IANS that the idea of Equinet is not achievable.  “Totally wrong idea. Internet provides a level playing field already. It is designed and operated to be universally accessible, free and open. Internet as it is operated today offers the greatest hope for developing countries to access global markets and prosper.”  “The idea of proposing to rename the Internet as Equinet has a political motive, that would pave way for telecom companies to have a bigger role to bring in harmful commercial models that would destabilize the open architecture of the Internet. If India is considering such a proposal, it would be severely criticized. The proposal does not make any sense. It is wrong advice or misplaced input that must have prompted the government of India to think of such a strange idea,” he said.

Excerpt from India wants Internet to become Equinet, Business Standard, Apr. 20, 2014

How to Get Rid of Hacktivists: the approach of the United States

operation payback tweet

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd