back to article Spies do spying, part 97: Shock horror as CIA turn phones, TVs, computers into surveillance bugs

WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops' ability to spy on people. The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, to read messages, listen in via …

Anonymous Coward

Re: If a nation-state agency wants you --

I watch paint drying videos everyday.

Not sure if I'm on their to-watch list or insane list.

0
0
Silver badge

Re: @ Adam1

Sorry. I misread your comment as don't bother with VPN or tor because that makes you interesting

0
0
Anonymous Coward

Re: If a nation-state agency wants you --

"To me, naive fule that I are, it seems that running a write-protected thumb-drive OS configured to use a VPN into TOR -- of course using a no-JavaScript browser, Disconnect or similar plug-in, etc -- might be current best practice for staying unnoticed. (Going from your ISP into a VPN is less attention-getting than going directly to TOR, I believe.)"

Except you forgot about the secrets in your hardware, probably embedded into your Ethernet/WiFi controller chip where you can't avoid it.

3
0
Black Helicopters

Assange to Snowden:

"Ha - in your face. I got more secret CIA documents than you now! Who's the daddy? Who's the daddy??"

Snowdon to Assange

"Whatever, I'm off skiing later. Enjoy your dingy room...."

13
0
Silver badge

No Surprises...

Just confirmation (more or less depending on your view of Wikileaks) of what most of us have suspected for a long time.

Damnitall anyhow!!!!! 1984 was a work of fiction and not a frikkin' instruction manual.

No tinfoil hat here... I'll just go hide out in the bunker with some excellent adult beverages and try to ignore the world for a while.

2
1
Silver badge
Boffin

"massive budgetary spend on duplicating the capacities of a rival agency could be justified"

HAHAHAHAHAHAHA!!!...Ooooh, excuse me (chuckle)...that was a good one.(heh)....Someone clearly doesn't understand how Washington DC works...(hehe)

3
1
Silver badge
Joke

In CIA Russia...

TV watches you!!

5
0
Silver badge

Re: In CIA Russia...

In Soviet Russia, you listen to your TV.

2
0
Anonymous Coward

Re: In CIA Russia...

Smartphone uses you.

oh look a new ads!

0
0
ST
Bronze badge
Angel

what makes WikiLeaks so certain ..

... that these tools were written by CIA?

It's the sharing economy. TLA's can share too.

I am betting that this stuff was written at NSA, not CIA. CIA is just using them.

1
1
Mushroom

None of you...

None of you get it?

Seriously? Everything has a back-door by it's creator??? Rubbish!

An you guys call yourself computer user's? Programmers even?

This is a standards war, the argument here is for encryption & privacy as your civil right!

What Snowden leaked was enlightening to say the least, it concerns Micro kernels and Micro-code not Monolithic Kernels filled with C++ that do things differently, like co-exist as two Operating Systems on your Telephone as L4 from the American National Standards Institute (ANSI).

The US forces companies to comply with the Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton. However they have attacked the security of there own operating system's and have been caught lying about it bare faced repeatedly. The ANSI Standards happens to be a secure standard, they've just been too busy squeezing there own math's department for back-door's to keep all the evil doers away, only to discover the agencies that do the most evil are there own.

As to what it record's... Everything..

So hackers are doing the only thing they can, helping spread the C standard everywhere, liberate your mind, your brain along with the Go code's will follow.

Upgrade cryptography, include Galois Counter mode's with better padding and more Pi-P and S-Boxes and make encryption Ubiquitous!

If a creator makes a back-door that's micro-code in size and hides it in your "compiler" or even on inside embedded chips as proposed by Professor Ken Thompsons paper "Reflections of Trusting Trust" how would you even know the back-door (trap-door) was there?

You might suspect it exists, but finding out about it would prove difficult, but easily detectable if your every single device connection was slowly being sucked into a giant social & advertising network like Google via Google android!

2
8
Silver badge

Re: None of you... Not me. Not me.

I don't get it. Not smart enough by half.

But. I do know that the Intel Management Engine is proprietary code which runs before the BIOS, is always running, and which has unrestricted access to the host. We dunno what's in there. I believe AMD and other chipsters have similar code. From x86 considered harmful:

"There is another problem associated with Intel ME: namely it is just a perfect infrastructure for implanting targeted, extremely hard (or even impossible) to detect rootkits (targeting 'the usual suspects'). This can be done even today, i.e. before the industry moved all the application logic to the ME, as theorized above. It can be done even against users who decided to run open, trustworthy OS on their platforms, an OS and apps that never delegate any tasks to the ME. Even then, all the user data could be trivially stolen by the ME, given its superpowers on the x86 platform."

So yes, there could be a backdoor in every modern PC regardless of OS, regardless of BIOS, regardless of sandboxes and hypervisors.

If that is true, then the CIA and NSA are strewing red herrings all over the place with regard to hacking tools. I am not sure that's the case.

6
1
Devil

Re: None of you... Not me. Not me.

If that is true, then the CIA and NSA are strewing red herrings all over the place with regard to hacking tools.

Ah now you are one of the Enlightened!

Please see "security in Plan 9" an over-view by Russ Cox - it is a highly complex scientific research OS - based on the more Unix than Unix philosophy!

No, it does not intentionally include back-doors and as far as restrictive goes, it gives you "the end user" fine grained access control over your whole filing system, everything is a file.

Networking work's completely differently, no viruses, no firewall and encryption is "supposedly" easy to audit!

0
5

This post has been deleted by its author

Silver badge

@ pccobbler: I think we speak of different things??

Or maybe different aspects of the same thing?

My understanding is that the Intel Management Engine is not an optional download, it is an integral part of modern Intel chipsets. There is an extension -- the Management Engine Bios Extension -- which is open to user configuration. But not the ME itself.

If I understand what I've read, if you run an Intel machine of recent vintage then the ME is running. It runs whether you use Windows, BSD, Minix, Solaris, or anything else -- because it boots first and is necessary to initialize system clocks and hardware. As well as other critical functions.

Igor Skochinsky: "Intel Management Engine ('ME') is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS."

From a page in the Libreboot project:

"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. ... In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware. " (Emphasis in the original.)

I know I'm running on about this, but it's quite interesting to my tiny mind.

It would seem that if NSA / CIA had prevailed upon Intel to put a backdoor in the ME, then many of these leaked hacking tools and techniques are unnecessary. If there were a backdoor, then any Intel machine could be taken over by sending a special instruction to the ME (which has not only its own microcontroller and kernel but its own networking stack, and complete access to the machine's memory and peripherals as well).

So my first guess is that the ME is not thus backdoored. Because I don't think the NSA / CIA are subtle enough to create and then leak 8700 docs with hacking info. Nor are they crazy enough to release info on device hacking and antivirus amelioration, info which may be quite useful to CIA's advarsaries, whether criminal or nation-state actors.

2
1
Anonymous Coward

Re: @ pccobbler: I think we speak of different things??

"So my first guess is that the ME is not thus backdoored. Because I don't think the NSA / CIA are subtle enough to create and then leak 8700 docs with hacking info. Nor are they crazy enough to release info on device hacking and antivirus amelioration, info which may be quite useful to CIA's advarsaries, whether criminal or nation-state actors."

Except, given that both the CIA and Intel are American, who else could exert enough sovereign pressure to make Intel release a signed spy malware complete with encryption keys so nothing leaves the network stack in any obvious way? The Management Engine runs black-boxed like a good crypto-system, after all. How will anyone be able to know where anything is going, especially if like a smart module it piggybacks on existing traffic instead and uses a different kind of system that doesn't rely on specific destination addresses? It's practically perfect plausible deniability, and only an American sovereign authority can put that kind of pressure on an American firm like Intel.

0
0
Silver badge

@ Palpy Re: @ pccobbler: I think we speak of different things??

Thanks for all of the juicy inside intel released in that post of yours, Palpy.

What it reveals to those who would see and foresee the Bigger Pictures in Greater IntelAIgent GamesPlays is more than just extremely helpful whenever able to be enabled and devastatingly subversive.

Intel Management Engineers may be more incandescent with rage and helplessly furious, though, if they be of the opinion that such remote invisible tailored access operations into multiple systems should be only an exclusive elite executive tool rather than readily available feature to deep and dark shadowy web programmers for Base Source Projects.

I would also not disagree with you about the NSA/CIA being like headless chickens in such fields as they are not in anyway suitably equipped to deal with. But then pearls before swine would be considered a gratuitous waste in any time zone or field in space.

The more the Great Game changes IT, the more Sublime InterNetworking Things stay the same with New Players and Novel State and Non State Actors plugging catastrophic vulnerabilities with devastating exploits.

“The only way to get smarter is by playing a smarter opponent” ….. Fundamentals of Chess 1883

0
0
Silver badge

Re: @ pccobbler: I think we speak of different things??

Plenty of people running older Intel (or non intel) hardware though. None of my (home) kit is new enough to have ME! SO other attack methods needed even if ME is fed pwned.

1
0
Silver badge

Re: @ Palpy: I think we speak of different things??

From a page in the Libreboot project:

"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible.

Since you quote Libreboot (as I have myself done in several posts), don't forget that Intel is not alone. AMD is equally evil with its equivalent PSP.

0
0
Silver badge

So if they've redacted the actual exploits

What are they doing with them? I'd love to hear them say "we're sharing them with the OEM so holes still applicable to current versions can be patched, and will make them available later" but since they didn't say that I assume not.

Simply redacting them without comment could mean anything from waiting a few weeks and releasing them on their site causing potential chaos, to selling them on the black market, to Assange using them to hack into Trump's Twitter to make him tweet "I wear pampers under my suit to control my wiki leaks!"

1
0
Silver badge

Re: So if they've redacted the actual exploits

I think they should be giving Google at least 90 days before publishing. Only fair.

1
0
Bronze badge
Big Brother

The continuation of the teardown of US government

"some folks are speculating that the source of the leak could be the Russians, and its true purpose is to derail the CIA for political gain."

"Journalists covering #Vault7: consider this could be as much about Russia as CIA or WikiLeaks, a continuation of teardown of US government"

No, it's yet more evidence it's the CIA that's a threat to US democracy. Notice I said 'US democracy' as the US government supposedly works for the people. and the CIA supposedly works for the US government instead of being part of a shadow government. If the US government is going to collapse it won't be anything the Russians do. It'll be mostly self inflicted. Like those people in the security services who concocted the Trump golden shower dossier.

6
5
Silver badge

Re: The continuation of the teardown of US government

Journalists are starting to confirm a few elements of that dossier, and reportedly US intelligence agencies have confirmed many of the details that put a specific person in a specific place at a specific time or saying a certain thing over the phone, so the more outlandish stuff like the golden showers becomes a bit less outlandish every day.

1
1
Anonymous Coward

Anyone know what channels they need to go through to hack a telly?

0
0

"Anyone know what channels they need to go through to hack a telly?"

Spy-TV of course.

4
0
Devil

@So if they've redacted

It doesn't matter what gets Redacted, the guy's in charge of "SECURITY" are pissed, that they've taken years of security research and completely abused it!

Think....

A Micro-code sized back-door?

Now think about the crap slowly creeping into your iCore and PSP chips!

Much better encryption is coming, the C code is written in plain easy to digest language, it bloody well should be, it was the fore-runner of the Morris worm.

An the last thing you want is a load of guys who understand Unix and telephone switches and I mean really understand Unix, putting it everywhere and on everything because there all Security extremists... Lol

See YouTube and get a 9front!

0
5
Silver badge

Re: @So if they've redacted

Sadly, your credibility is ruined by using the writing style of a l33t h4x0r who's learned a few buzzwords born in, oh, maybe 2003?

6
0
Bronze badge
Pint

Rogue Operative

A good deal of human progress derives from the actions of rogue operatives.

Cheers, mate!

2
0
Anonymous Coward

I feel sorry for thosee hackers .....

They work so hard to keep the upper hand in a "war" to protect their values and way of life.

Yet, to win that war they have to give up their way of life and forgo their values on a daily basis.

1
0
Silver badge

Re: I feel sorry for thosee hackers .....

I feel sorry for thosee hackers .....

They work so hard to keep the upper hand in a "war" to protect their values and way of life.

Yet, to win that war they have to give up their way of life and forgo their values on a daily basis.

Eh? How'd you work that out? is there something in the Constitution that says the US shall not have intelligence agencies or conduct espionage?

0
1
Bronze badge
Big Brother

We Forget

Your mobile phone is a radio operating within a narrow band set by the government.

Never send an email you don't mind being read by someone else. There are so many intercept points between the sender and receiver that by the very architecture of the internet security can be breached by multiple hackers.

The government spies because being untrustworthy they suspect everyone else of being untrustworthy.

1
0
Anonymous Coward

Re: We Forget

Even if it's encrypted in flight? How would they break it without tipping their own hand and opening the door to getting their own stuff decrypted?

0
0
Silver badge

Over here, over here!

Pay no attention to the thing over there!

1
0
Silver badge

I smell a snowjob

One of the oldest and most basic rules of intel is to pretend that your organisation and powers are much, much greater than they really are. Thus intimidating and discouraging the enemy, maybe preventing them from using effective countermeasures, and increasing the likelihood that they'll choose to co-operate with you.

Riddle me this: if the spooks can listen in on all of us with such ease, then why are they so fixated on requiring new backdoors in equipment and protocols? Why did the FBI have such a hard time unlocking that iPhone last year?

Assume that whatever Wikileaks publishes, the CIA wants you to see it. Countermeasures don't have to be perfect: the goal isn't "total invulnerability", it's just "don't be the low-hanging fruit".

1
0
Silver badge

Re: I smell a snowjob

Riddle me this: if the spooks can listen in on all of us with such ease, then why are they so fixated on requiring new backdoors in equipment and protocols? Why did the FBI have such a hard time unlocking that iPhone last year?

1) Because the people with the access to break it are the NSA/GCHQ.

2) The above obsessively avoid handing out any information about their operations and capabilities, to the point they won't use intercept transcripts in court, and in cases where they know that weapons etc are being smuggled around they'll phone up the police and tell them to do a "random safety check" on $vehicle and then tell the police to lie about having had a tipoff. (as covered by el reg)

3) Bearing in mind 1 & 2, what are the chances of these people unlocking the iPhone for use in court for the FBI?

2
0

Re: I smell a snowjob

That was one of my first thoughts, that the CIA intentionally leaked this to play up their capabilities. However, this leak paints a picture of a typical bureaucratic organization struggling to keep up with trendy technology. It makes them look second-rate.

The real culprit here isn't even the CIA, it's the smart-ass developers (in Silicon Valley and the open-source community) flooding the world with shiny, complicated, insecure devices & software. They're making it too easy for the CIA and anyone else to do mass hacking.

0
0
Anonymous Coward

Re: I smell a snowjob

Unless it's a false flag operation made to make them LOOK second-rate while in truth they have a working quantum computer in Utah running away decrypting their historical data.

Falsely stating your capabilities can work BOTH ways. If you claim to be better than you are, you can cow some enemies, while if you claim to be worse, you can lull others into a false sense of security and catch them in their hubris.

0
0
Anonymous Coward

Mikrotik should be proud

The professional network equipment maker based in NATO member Latvia apparently had a whole section of the CIA's lab devoted to cracking its router and switch products. Since the Snowden leaks showed industry leader Cisco's products have been pwned by the NSA, it's only natural that Langley would go after upstart Mikrotik. A close look at the docs show a good portion of the equipment are older models that apparently can't be updated to the latest firmware. That seemed odd, until it occurred to me that those new model "cloud routers" are pretty expensive and might have been swapped out for the older kit by the CIA's less idealistic contractors. I mean, if they were willing to steal top secret weaponized government software why would they leave behind a perfectly good advanced Internet router? Recalls the PR bump Lincoln Motors got back in the 80's when crime reports showed their luxury limosines were the top pick of the nation's auto thieves.

0
0

This post has been deleted by its author

Silver badge

No One Cares

Because there's a stupid, stupid rhetoric banded about: "If you have nothing to hide then you have nothing to fear". The general idea that as you know you're not a terrorist you don't mind the state checking everything you do to prove that.

So all that will happen today is a load of "experts" saying "X government could listen in on your converstations through your smart TV, Amazon Fire Stick, your mobile phone etc", and Joe Public will hear that and first think "Well I don't mind I've nothing to hide" followed by "Well there's billions of people in the world they couldn't possibly be snooping on me" ended by "I don't understand any of this and I don't care enough about it to learn".

The rest of us who are savvy enough in IT know the risks, the dangers, and the way society is headed. In the UK especially we have lost too much liberty now for it to be stopped. It is, sadly, inevitable that the state spies on us to the point they want to know everything we do. Our political views, and any skeletons in the closet that we'd rather have no one no about just so that if we were become a potent threat the establishment we can be shut up fairly quickly with dirt they've found. And no one is squeaky clean.

3
0

sigh

Looks like the only way I can write a document in privacy is to get my Amiga 500 out of the attic and fire up workbench.

That should keep the cylons out.

The older something is, the more secure it is.

2
0
Bronze badge
Big Brother

Orwell

"The instrument (the telescreen, it was called) could be dimmed, but there was no way of shutting it off completely."

"The telescreen received and transmitted simultaneously."

1
0

I can't wait...

... for Wikileaks to publish the same information regarding the FSB or the SVR.

Strangely, Wikileaks seems to target some more than others.

0
0
FAIL

Re: I can't wait...

«Strangely, Wikileaks seems to target some more than others.» So, Potemkine, because WikiLeaks doesn't have access to FSB or SVR documents, the work that it does in publishing documents related to the CIA or NSA is suspect ? I appreciate your logic there, but perhaps the quandary could be resolved if you were to contribute a part of your own personal stash of FSB and SVR material to WikiLeaks ?...

Henri

2
0
Big Brother

Nailed it !

«Meanwhile, some folks are speculating that the source of the leak could be the Russians, and its true purpose is to derail the CIA for political gain.» How dare those tools of the dastardly Russians (and/or Chinese, depending upon how the political winds blow in Washington and vassal capitals) besmirch that valiant defender of our civil liberties - not least the 4th Amendment to the US Constitution, the CIA ?!! That is indeed carrying freedom of expression too far !...

Henri

0
0
Silver badge

Re: Nailed it ! @Henri .... Vive la revolution/l'évolution

..., which will be remotely controlled and televisualised

How intelligent does one have to be in order to work for secretive intelligence services servering to Grand Worshipful Masters of the Expanding and Exploitable Zeroday today? Or are all the really virtually smart folk that future secret intelligence servers need for tomorrow freelancing under the cover of renegade rogue state and non-state actor bodies .... and much more sensibly into the flash crashing of sensitive corrupted perverse systems of SCADA administration, as opposed to aiding and abetting them and thus allowing continuance of the great sub-prime charades that are daily media presented austere reality shows?

Such is surely the folly of fools thinking themselves smart tools.

0
0
Silver badge

Nope

Agents are therefore forced to carry out targeted snooping on individuals' devices, rather than carry out mass blanket surveillance.

The NSA does SIGINT. Makes sense for them to trawl as much raw comms data as possible for interesting stuff.

The CIA does HUMINT. By definition, their targets are individual people.

As Robert "ErrataSec" Graham pointed out, the NSA and CIA have different missions, and use different tools to accomplish them.

http://blog.erratasec.com/2017/03/some-comments-on-wikileaks-ciavault7.html

1
0
Silver badge

Derpgasm

You can always rely on this sort of story to bring the loud-mouth know-nothing types out of the woodwork to explain it all to us. The about of bollocks on Twitter attached to the #vault7 tag... /o\

0
0
Big Brother

What has been seen....

Cannot be unseen....

Therefore I would like to take this opportunity to extend my apologies to the CIA agents who had the misfortune to hack my smart TV and watch what I do in the comfort of my own home.......

0
0
Angel

Re: What has been seen....

Lol, they publish, the hackers - read all - see all an know all and suddenly Hotmail is inaccessible to Millions of user's.. Alien invasion or just co-incidence and today in the budget report, the low hanging fruit called Chancellor of the exchequer says he wants to invest, in disruptive technologies including bio-hacking!

Read between the line's, "if we invest heavily in disruption say to the tune of 100 million" we can just carry on trying to bull-shit people about no trap-door hidden inside there boxes and blame it all on kids!

The bit that makes you laugh... They understand enough about the technology to use Linux all over there CIA machines, but little enough to realize that back-door software can be reverse engineered and then don't blame your TV manufacturer if what your looking at on the box isn't quite what you expected!

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017