back to article That CIA exploit list in full: The good, the bad, and the very ugly

We're still going through the 8,761 CIA documents published on Tuesday by WikiLeaks for political mischief, although here are some of the highlights. First, though, a few general points: one, there's very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people. Two, unlike …

  1. Anonymous Coward
    Anonymous Coward

    Signal / WhatsApp "good news"

    The fact that they rely on compromising the phone to get at Signal / WhatsApp should not be read to imply those are secure. More that compromising the phone is so easy with the menu of exploits at their disposal that give them access more than just Signal / WhatsApp that there's no point in compromising just one app at a time even if they can.

    Also, the NSA are the codebreakers that would attack those apps via a weakness in their protocol, not the CIA. If the NSA found such a weakness, they'd use it to hoover up communication from many users, not just a few targeted ones. And they likely wouldn't tell the CIA they had such a capability, the intelligence world is rife with turf wars, despite the attempt via the creation of the department of homeland security to get them all playing nice with each other.

    1. Anonymous Blowhard

      Re: Signal / WhatsApp "good news"

      "despite the attempt via the creation of the department of homeland security to get them all playing nice with each other."

      I thought they created the DHS as a way of creating even more "Security Theatre" and duplicating FBI efforts...

    2. Anonymous Coward
      Anonymous Coward

      Re: Signal / WhatsApp "good news"

      > The fact that they rely on compromising the phone to get at Signal / WhatsApp should not be read to imply those are secure.

      Whatsapp is owned by socialist/globalist/leftie Mark Z. He provides the data openly to the US Gov. Why would they need to crack the software?

      1. This post has been deleted by its author

      2. MyffyW Silver badge

        Re: Signal / WhatsApp "good news"

        Is it just me or has all this political labelling become so circular that it no long means anything.

        1990s stroppy lefty me would have described Mark Z as a capitalist running dog.

        Early 00s me, now-paying income tax and aspiring to be a dot-com millionaire, would have described Mark Z as a lucky bastard.

        2017 me no longer knows what the fsck is right, left or whatever the hell - only that pretty much any public figure is flawed and not to be trusted. And Mark Z gives me the creeps but nowhere near as much as the Orange One.

        1. Anonymous Coward
          Anonymous Coward

          Re: Signal / WhatsApp "good news"

          Likely already said, that's growing up for you.

        2. pigeonworrier

          Re: Signal / WhatsApp "good news"

          Hey! What's wrong with Dale Winton?

    3. Charlie Clark Silver badge

      Re: Signal / WhatsApp "good news"

      The fact that they rely on compromising the phone to get at Signal / WhatsApp should not be read to imply those are secure.

      Strawman: whoever though they were? The protocols have yet to be shown to be compromisable and Signal, at least, has a fairly robust anti-tamper mechanism through the PKA. If an agency gets hold of the device then they can nearly always be compromised. To avoid that then you need hardware encryption and a password, because we know biometrics are useless, which is why more countries are making it illegal not to provide the password.

      However, in terms of security for those wishing to stay under the radar, the current crop of secure messengers make this both easier to do, especially when combined with a VPN, and easier to detect when it's compromised and when a switch of device, network or means may be necessary.

      1. Danny 14

        Re: Signal / WhatsApp "good news"

        (Tinfoil hat version).Or that the have good relations with the company and simply ask for the data. No hack needed...

  2. Rich 11

    Claim drain

    it was the CIA all along, Trump can now claim.

    Now claim? He could always claim that. Trump has never had more than a fleeting interest in such trivial things as evidence or veracity.

    1. James 51
      Joke

      Re: Claim drain

      Or reality.

    2. Wayland

      Re: Claim drain

      Wonderful logic there. Trump was proved right but that's irrelevant because you think he would have said it even when wrong. Oh and Wikileaks leaking the evidence at the right time somehow means it does not count as validation of Trump. What evidence is there that Trump gets this stuff wrong?

      At some point you are going to have to admit defeat in that the American people actually voted Trump into office and not the Russians.

      1. TRT Silver badge

        Re: "Trump was proved right"

        In an alternative reality, far, far away.

      2. James 51
        FAIL

        Re: Claim drain

        @ Wayland: Where is the prove that Trump is right? For the phone tapping stuff, as president he could immediately release all the information regarding that investigation and he hasn't. That he hasn't tell us one of two things. Either he got caught being naughty and doesn't want that info released or far more likely, that he's trying to distract people from the Russian links/hooks in his cabinet. I always thought he was a moron. Now he is just making himself look stupid.

        1. Evil Auditor Silver badge

          Re: Claim drain

          James 51, there was me reading ...distract people from Russian...hookers in his cabinet... and thinking, that's where he keeps her!

      3. anonymous boring coward Silver badge

        Re: Claim drain

        Trump was proven right?

        My god, how Fox and Breitbart have rotted your brain!

        1. Version 1.0 Silver badge

          Re: Claim drain

          Move along, there's nothing to see here. It's been a known fact for 40+ years that the NSA listen to all phone calls made from the USA to other countries - this is not fake news, it's old news. How Trump and his people could not know this beggars the imagination.

          As for the latest Wikileaks dump - it all looks pretty accurate to me, I'd guess this was hovered up a while back and released now to buttress Trumps old news claims. I'd love to be a fly on the wall in the Kremlin, it's starting to look like any plan that they had is coming unraveled.

          1. Tom Paine

            Re: Claim drain

            I'd guess this was hovered up a while back

            There are docs dated January 2017 in there; I don't know what the most recent dates are but two months ago is pretty recent in my book.

          2. Frumious Bandersnatch

            Re: Claim drain

            > it's starting to look like any plan that [the Kremlin] had is coming unraveled.

            Or, if you believe a certain news outlet, it's actually progressing too fast for them:

            http://www.theonion.com/article/russian-officials-scrambling-plan-delegitimize-wes-55434

        2. Rastor728
          Facepalm

          Re: Claim drain

          Actually, 31 out of 50 States elected President Trump!

          It has never been the popular vote to select the United States President.

          If I remember correctly very few "Heads of State" are elected completely (or at all) by their National Popular vote.....

          I am sure someone will bring up those "few" that do....

          1. Sandtitz Silver badge

            Re: Claim drain

            "If I remember correctly very few "Heads of State" are elected completely (or at all) by their National Popular vote....."

            You remember wrong. Wiki helps.

            Two-round system using the national popular votes is the most common type of election for Presidents.

          2. BillG
            Angel

            Re: Claim drain

            @Rastor728 wrote: Actually, 31 out of 50 States elected President Trump!

            It has never been the popular vote to select the United States President.

            With very good reason - a popular vote system is the most vulnerable to corruption and voter fraud. The main purpose of the Electoral College system is that it is inherently designed to resist manipulation. The voters do not elect the President, the States do.

            Look at California - registering to vote is basically based on the honor system. Just go online, fill out the forms, and California mails anyone, anywhere a voter registration card.

            Google Dog Registered to Vote in California and look at the live dogs, dead dogs, dead cats etc. easily registered to vote in CA.

            As Bill Clinton famously said, "If a system can be gamed, it will".

            1. martinusher Silver badge

              Re: Claim drain

              >Just go online, fill out the forms, and California mails anyone, anywhere a voter registration card.

              Not quite. Anyone can register to vote but the county elections division (at least in our county) will check them out. Same with identity -- they match signatures and they do check.

              No system is 100% foolproof but the one we use locally is fairly bulletproof. I work as precinct inspector** so I've had a good bit of time to check out how things work.

              (**UK readers. Elections are managed by county elections divisions. These civil servants organize elections, recruit and train poll workers and count and verify the results. Poll workers -- the front line people working at the polling stations -- are volunteers who are trained and managed by county elections 'handlers'; they're paid a nominal amount for a (very long) day's work. One detail that's weird to people from the UK is that we hold numerous elections on the same day (its mandated which day is used); these elections can be for federal, state and local offices, include ballot propositions and all sorts of other things. The result can be a very large ballot form -- no single bit of paper with an 'X'...)

              1. Stork Silver badge

                Re: Claim drain

                As opposed to registering in the UK:

                I needed to be on the electoral roll to get a better bank account.

                Went to the municipal office, showed my EU passport (and possibly a utility bill). Nice man took my details, which were posted at the noticeboard, and as no-one objected within 2 weeks I was on for EU and local elections.

                No proof that I was actually resident in the UK - there simply was/is not a system for that, as a lot of EU citizens have discovered recently when trying to get their residence rights confirmed.

            2. Calin Brabandt

              Re: Claim drain

              >The main purpose of the Electoral College system is that it is inherently designed to resist manipulation.

              If the Electoral College members are pledged or required to vote according to the results of their state's popular election, then I don't see how the Electoral College resists the manipulations you cite. Personally, I don't care at all who rules over my ass. It's all the same...monarch, dictator, polls rigger, or the rule of the allegedly virtuous democratic mob, and it's all immoral. Force is force and government IS force, by design and definition. "Self-rule" is inconsistent with government in any form.

      4. Scroticus Canis
        Holmes

        Re: Claim drain - "American people actually voted Trump into office"

        No they voted Clinton in, she had a million more votes than Trump. Trump was voted in by the electoral college. Boy talk about spreading FAKE NEWS.

        1. Anonymous Coward
          Anonymous Coward

          Re: Claim drain - "American people actually voted Trump into office"

          I certainly have no love for Trump, but claiming "the American people voted in Clinton" because she won the popular vote is stupid. US elections don't work on popular vote, and for good reason. Everyone knew that going in, it isn't like someone changed the rules at the last second to help Trump.

          1. Uffish

            Re: " US elections don't work... "

            Please note that this commentator is truly pissed off with stupid merkins 'explaining' their constitution to each other. Get a life guys. Start doing something useful.

  3. chivo243 Silver badge
    Big Brother

    Like gramps used to say

    If someone can imagine it, someone else is smart enough to do it.

    There's a kernel of truth in every myth.

    You're only paranoid until they get you.

    1. Aladdin Sane

      Re: Like gramps used to say

      Close to rule 34 of the internet.

    2. ArrZarr Silver badge

      Re: Like gramps used to say

      "If someone can imagine it, someone else is dumb enough to do it."

      FTFY

    3. ThePendragon
      Black Helicopters

      Re: Like gramps used to say

      Then the younger, Geek Gods, said to gramps -- let there be OpenBSD, on a laptop, with full disk encryption, OpenSSH, encryption extensively throughout the entire OS etc...Sure, gramps you don't have the skills to use it but we do !

  4. graeme leggett Silver badge

    the message to take away is?

    Computing devices of all kinds have their weak points - in some cases lots of them - despite the manufacturers trying to squash them. There are people whose job it is to find those weak spots.

    As a result, those people (employed by your government) with a desire to subvert a particular computing device probably have some technique at their fingertips to do so.

    caveat

    In some cases those people are on your side and subverting someone else's device is in your interest. In some cases they are on your side and it's not in your interest

    In some cases they are not on your side and it is in your interest

    In some cases they are not on your side and it's definitely not in your interest.

    Isn't life complex

    1. Flywheel

      Re: the message to take away is?

      despite the manufacturers trying to squash them

      Or not.

  5. wyatt

    No matter how much you disagree with what they do and how they do it, you have to be impressed with what they're achieving.

    1. Aladdin Sane

      “Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we.”

      ― George W. Bush

      1. Anonymous Coward
        Anonymous Coward

        They never stop thinking about new ways to harm our country and our people, and neither do we.”

        I always thought that about Bush, nice to see that he admits harming the USA. An honest politician, howda thunk it.

        1. Version 1.0 Silver badge

          "W" is quite a decent guy, his presidency was ruined by the same bunch of idiots currently advising Trump.

          1. Anonymous Coward
            Anonymous Coward

            "W" is quite a decent guy, his presidency was ruined by the same bunch of idiots currently advising Trump.

            Interesting you say this. At the time, we were hard pushed to find anyone worse, which is something that Trump fixed rather comprehensively.

            However, W used to be quite a decent lawyer before his presidency, and his recent appearance is also good: he looks good and talks very considered and coherently. It's almost as if they kept him on drugs during his presidency.

            Maybe that's a way to address the Trump problem. It's either that or impeachment, but something is going to happen soon.

            1. Anonymous Coward
              Anonymous Coward

              But the US elected someone worse immediately - or don't you remember Obama ?

              1. Rattus Rattus

                Obama?

                The redneck brigade really can't get over the fact that for eight years their leader was a black man.

                1. Jaybus

                  Re: Obama?

                  I have always found it quite racist to think of Obama as a black man, since his mother is white. How does that work? Is black more powerful than white, genetically, so that the black traits outweigh the white? Or is it the tired, old, racist adage that "you're only white if you are "pure" white"? Any non-white ancestry means that you are not white?

          2. Anonymous Coward
            Anonymous Coward

            Nah, the REAL ruination hit under the shit Obama. That's what having a lying toad for a president does for ya.

      2. Schultz

        "never stop thinking about new ways to harm our country"

        You hit the sweet spot of sarcasm there ... go collect your upvote from all sides!

      3. Anonymous Coward
        Anonymous Coward

        "The lesson of the years we have spent fighting terrorism since Sept. 11 is that every time we depart from our values we worsen the very problem we are trying to contain." -- Angelina Jolie, special envoy of the United Nations High Commissioner for Refugees.

        IMHO, the most succinct comment ever on this mess.

    2. Tom Paine

      Eh?

      This dump says nothing at all about what they're achieving. As others have pointed out, in terms of technical capability they're clearly a long, long way behind the NSA.

      1. Rastor728
        Trollface

        Re: Eh?

        At least in the content captured/released by WikiLeaks they are behind, or is it "misinformation" in the "leak"?

  6. tr1ck5t3r

    Its just another form of population farming. For years the ruling elites have targeted anyone who disagrees with them, criminal laws are just another form of imposing conformism on the population.

    Theres only one monopoly, nature, so whilst they might complain about Snowdens leaks causing criminals to go underground, perhaps that is what is desired.

    The best way to stick two fingers up to them, is to roll over and die, let them farm someone else stupid enough to not realise you are all set up to fail from the day you are born, because population levels dictate this.

    1. Anonymous Coward
      Anonymous Coward

      I bet you're fun at parties!

      I'm not saying you are wrong regards the fact the system is stacked against the majority in favour of the elite however, I just disagree we should die instead of raging against it (however futile this is).

      1. Anonymous Coward
        Anonymous Coward

        The thing is, no matter how "elite" you are or how much money/power you have, the Grim Reaper WILL call for you.

        1. anonymous boring coward Silver badge

          Why won't he call on Murdoch? The grim reaper is sh*t!

          1. Triggerfish

            I think it's because he is already dead, and is now just some dried up revenant haunting the world as a precursor to the apocalpsye.

            He's one of the minor horsemen, working under Panic; dunno whether he is Misinformation, Rumour, Gossip or Denial though.

        2. JimboSmith Silver badge

          Did you mean: Will call for you on his Horse Binky.

          "I DON'T KNOW ABOUT YOU, he said, BUT I COULD MURDER A CURRY" (c)

          1. Scroticus Canis
            Happy

            Binky eats currry? Really?

            So that's how he gets airborne. Didn't know he could talk though.

        3. This post has been deleted by its author

    2. Tom Paine

      criminal laws are just another form of imposing conformism on the population.

      Yes, and well done you for managing to smuggle your message out of the camp for political prisoners.

      *rolls eyes*

  7. Mage Silver badge
    Coat

    Hmm, wikileaks

    There is nothing here I not expect them to have. It's always "game over" when you attack one specific person and get physical access to their device. Even cloning a targets phone to an identical looking one with bug HW &SW is old hat.

    Indeed as the article suggests, is the reason to leak this to support freedom and democracy or some other reason?

    Even if the Trump angle is wrong, (why would Wikileaks support him?), Wikileaks seem more interested in their own ego than the public good.

    All the expert agencies are using these sort of tools and often they rely on a human attack on a specific target, such as the "hotel maid" and the senior official's laptop.

    Nothing to see here at all, bear in woods etc.

    1. Doctor Syntax Silver badge

      Re: Hmm, wikileaks

      "Even if the Trump angle is wrong, (why would Wikileaks support him?)"

      Pardon?

    2. Tom Paine

      Re: Hmm, wikileaks

      WL supports Trump because Putin tells them to.

  8. Anonymous Coward
    Anonymous Coward

    5 cents off wax paper

    Wow. So wikileaks have revealed that the CIA uses technology to spy on people. Shit.

    1. Aladdin Sane

      Re: 5 cents off wax paper

      In other news, water is wet.

    2. Wayland

      Re: 5 cents off wax paper

      "Wow. So wikileaks have revealed that the CIA uses technology to spy on people. Shit."

      If you remember a while back the Democrats claimed to have intelligence that Trump was talking to the Russians. Then it was claimed that Russia hacked the election.

      When Trump claimed Obama hacked his phone it was some big no no like no one would ever do that. However earlier his party had been bragging that they had the intelligence resulting from such hacks.

      Now Wikileaks has confirmed what we should have known all along, that Trump was right Obama did hack his phone. OK so Obama did not personally crawl under Trump's desk with wire cutters but as the boss who was aware of the Intelligence against Trump and using it politically against him he is responsible.

      1. TRT Silver badge

        Re: 5 cents off wax paper

        Erm... Person A calling up some Russian dude, Person B, who has been under surveillance for ages does not equal bugging Person A's calls. From a legal standpoint that is. If, as a result of their conversation with Person B, Person A then becomes a person of interest, at that point you might get Person A becoming the subject of a surveillance campaign.

      2. sorry, what?
        Facepalm

        Re: 5 cents off wax paper

        @Wayland, at best this reveals that the CIA could, technically, have done this 3 years ago (on older technologies). What it doesn't do is prove that they did it.

      3. James 51
        Headmaster

        Re: 5 cents off wax paper

        OK so Obama did not personally crawl under Trump's desk with wire cutters but as the boss who was aware of the Intelligence against Trump and using it politically against him he is responsible.

        Out of the mouths of babes...

      4. Naselus

        Re: 5 cents off wax paper

        ... you don't appear to understand what constitutes 'proof'.

        This leak shows that the CIA has the means to spy on people using tech. No shit. That is, in fact, their job description. Moreover, Trump's remark that the CIA 'tapped his wires' (and there's no evidence that they tapped his specifically in this dump) only requires that they have the technological capacity of an early-sixties campus model railway club. I kinda figured that they'd be doing a bit better than that.

        1. Anonymous Coward
          Anonymous Coward

          Re: 5 cents off wax paper

          I think you will find that this is in fact their job description:

          https://www.cia.gov/about-cia/todays-cia/what-we-do

          It's rather different from what you allege.

      5. JimboSmith Silver badge

        Re: 5 cents off wax paper

        Could I please have some of whatever it is you're taking or smoking because that must be some good stuff. I'm normally opposed to taking mind altering substances but (to quote Will Smith) Damn Man.

        As this info is supposedly a few years old how the hell does it directly prove that Mr Trump (as he was back then) was having his phones tapped? Please explain preferably with the page reference or number where it says that the CIA were specifically targeting Mr Trump.

      6. Anonymous Coward
        Anonymous Coward

        Re: 5 cents off wax paper

        If you remember a while back the Democrats claimed to have intelligence that Trump was talking to the Russians. Then it was claimed that Russia hacked the election.

        LOL. There aren't just intercepts, there is also physical surveillance to back up the times of such meetings. The whole crux of FORMAL investigations versus 5am tweets during the 5am Trump Dump is that they rely on evidence, usually from at least two separate sources if they can manage - that is exactly what has the Trump team so worried.

        They won't be able to shrug off the results as Fake Evidence - it doesn't work that way. Given the apparent panoply of evidence already gathered it appears to be less and less a question of "if" and more and more a determination of just how much collusion there has been between the Trump team and Russian officials.

        If this is proven, it raises a lot of pretty ugly questions:

        - just how valid is an election result if there is evidence of gross manipulation?

        - who knew in advance? (this may involve more Republican figures)

        - if others knew or even suspected, why did they keep quiet about this?

        - what can be done about Russia?

        - now what? Does this put not-so-crooked-after-all-in-comparison Hillary in charge? And what happens to the Republican party as a whole who invited Trump in despite clear indications he was merely planning to enrich himself?

        (etc etc - this could create the biggest friggin' mess even inflicted on the American public, and, by consequence, on the world)

      7. Anonymous Coward
        Anonymous Coward

        Re: 5 cents off wax paper

        @Wayland, your inability to reason logically is the exact aspect that will help Trump to Make His Bank Account Great Again (I'm paraphrasing here, corrected it for accuracy).

        When Trump claimed Obama hacked his phone it was some big no no like no one would ever do that. However earlier his party had been bragging that they had the intelligence resulting from such hacks.

        No. They received actionable intelligence. This means they received enough data to consider it evidence, proof. Which, by the way, Trump was made aware of in January - both him as president elect and Obama as president were briefed on this so it's not exactly new knowledge. That data, by the way, will probably have originated from the NSA as they intercept anything going to Russia as part of their job (NSA does mass surveillance, but they can be tasked more narrowly). This could then have triggered a further investigation by the FBI and/or CIA (depending on which side of the wall border the events were, but that too is not something that Obama could control. The only thing Obama did on his way out was making it easier for the NSA to legally share its data with other agencies, I suspect with the exact purpose of helping an investigation he could otherwise not touch..

        Now Wikileaks has confirmed what we should have known all along, that Trump was right Obama did hack his phone.

        That I have a sledgehammer in my shed does not automatically imply I'm responsible for all the bashed up cars in my area, only that I have the ability to inflict such damage. Your irrational conclusion is the exact reason that makes me suspect that Wikileaks is again in cahoots with Trump - the timing of this makes it not that unlikely that this is a clumsy attempt to create "alternative evidence" to discredit the findings or those who have compiled the dossier so far. The problem is, however, that he needs to convince the people who do NOT believe him and judging by the press coverage so far, that ain't working. at. all.

        I also don't trust Wikileaks and not just because of Assange, although his antics certainly didn't help. Their clear partisan attempts to influence the US election has fully discredited them as an independent source of data, an opinion only amplified by the fact that CIA data seems to have readily leaked, yet there's still not a trace of Trump's tax records or any other data from the Republican side. Statistically that is simply not credible.

  9. Aladdin Sane

    Weeping ANgel

    Nice to see that our spooks are Whovians.

    1. TRT Silver badge

      Re: Weeping ANgel

      They hide their faces if you look at them. And wasn't there that thing about Amy and a TV monitor in the space truck?

    2. TRT Silver badge

      Re: spooks are Whovians

      They are the Cyber-persons. (I would have said Cybermen, but you've got to be PC about these things. Equality of opportunity in having all your organs ripped out and replaced by cybernetic equivalents etc).

    3. Salamamba

      Re: Weeping ANgel

      and "Bowtie" earlier in the story, so definite Matt Smith fans.

    4. Robin Bradshaw

      Re: Weeping ANgel

      There is also a "sontaran" project which looks like a work in progress to create an implant for a siemens VOIP phone, so Dr Who does appear to be quite an influence.

  10. frank ly

    Where's Linux?

    I didn't see Linux in that set of bullet points. Is it secure or are you still reading about all the exploits they have for it? Enquiring minds are anxious to know.

    1. wolfetone Silver badge

      Re: Where's Linux?

      I'd like to know where the BlackBerry is as well.

      It might be dead now, but lets be honest there are plenty out there in the wild that are used by people who would be good to spy on.

      But yes, another anxious mind here wanting to know whether Linux is included. The BBC have mentioned Linux, but that's the BBC. They probably got confused by Android being an offshoot of Linux.

      1. Anonymous Coward
        Anonymous Coward

        Re: Where's Linux?

        I'm still using my BlackBerry and will be until it stops working. It's interesting that they don't appear to have mentioned them though. Could just be because they don't think they're worth going after given the limited market share. Or might not.........

    2. Ogi
      Devil

      Re: Where's Linux?

      > I didn't see Linux in that set of bullet points. Is it secure or are you still reading about all the exploits they have for it? Enquiring minds are anxious to know.

      I am still reading through the data, but based on what I have read (and wikileaks actual press release: https://wikileaks.org/ciav7p1/ ) Linux is a target and has been compromised.

      Just an example quote from the press release link:

      "HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants."

      No mention of the BSDs so far though (hence the Icon).

      1. Tom Paine

        Re: Where's Linux?

        Yes, Linux is on the available targets list for some of the exploits, as is FreeBSD. (Haven't noticed OpenBSD yes though... )

        1. wolfetone Silver badge

          Re: Where's Linux?

          "Haven't noticed OpenBSD yes though..."

          Watch the usage numbers for that shoot up from this point forward.

      2. yossarianuk

        Re: Where's Linux?

        BaldEagle - effects Linux + BSD BTW

        https://wikileaks.org/ciav7p1/cms/page_9535850.html

        However looks like it used HAL which I believe is no longer included in modern Linux distros.

      3. yossarianuk

        Re: Where's Linux?

        Also Sparrowhawk - keystroke logger works on FreeBSD, looks like they didn't get Linux support on that one

        https://wikileaks.org/ciav7p1/cms/page_524321.html

      4. Simon Harris

        Re: Where's Linux?

        "HIVE is a multi-platform CIA malware suite and its associated control software..."

        I always thought there was something a bit creepy about those IoT central heating controllers.

    3. Naselus

      Re: Where's Linux?

      Linux is in there and being targeted, not just on PC platforms but also on IoT (which is like 99% Linux-based).

  11. Anonymous Coward
    Anonymous Coward

    Who...

    ...actually uses the smart features of a TV?

    I have a Samsung Smart TV, to my knowledge nobody has ever connected it to the internet and used the Smart features.

    However, I'm now tempted to plug it in and have a Wireshark session.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who...

      BBC iplayer

      Netflix

      Amazon Prime

      Three reasons I've used the smart features on a Samsung TV for TV-like activites

      Also browsing and playing media on the home NAS

      1. Wayland

        Re: Who...

        Hook the TV's LAN up but don't give it a gateway, leave that box blank. That way you can watch your local server without the TV phoning home.

        1. Version 1.0 Silver badge

          Re: Who...

          "Hook the TV's LAN up but don't give it a gateway, leave that box blank."

          You really think that will work? Because it won't - read the hacks.

          1. julian.smith
            FAIL

            Re: Who...

            Citation required .... put up or shut up!

        2. Naselus

          Re: Who...

          "Hook the TV's LAN up but don't give it a gateway, leave that box blank. "

          Tell me, do you also think adding a 'cia.com' 127.0.0.1 line into your hosts file will make you 100% spyproof?

          1. Anonymous Coward
            Anonymous Coward

            Re: Who...

            > Tell me, do you also think adding a 'cia.com' 127.0.0.1 line into your hosts file will make you 100% spyproof

            As a data point... the IP address comes first on hosts file lines, so that's not going to work for more reasons than just the concept you're attempting to point out.

        3. julian.smith
          Thumb Up

          Re: Who...

          Exactly what I did when I bought mine

          (I read about Samsung's spying behaviour a couple of years ago)

      2. Tom Paine

        Re: Who...

        Us grumpy old men (and women) don't need any of that crap. If we want to iPlayer something we can do it on a mobile device or Bt it to the telly if a bigger screen's absolutely essential; Netflix is crap TV you pay for, who on earth has time and money to waste on something like that?; Amazon Prime... IDK what that's got to do with your telly, it's just a higher charges / quicker delivery thing isn't it?

        "Browsing and playing media on the home NAS" - the very few progs I'd like towatch again are get_iplayer'd and watched on a computer. I'll be buying myself a large hi-res display a long time before I buy a telly, if I really have to watch something again on a big screen. (Hmmm actually it's a while since I last watched Micro Men... better start saving for a telly!)

        1. theModge

          Re: Who...

          Amazon Prime... IDK what that's got to do with your telly, it's just a higher charges / quicker delivery thing isn't it?

          Which includes free access amazon's video streaming service, or at least a 'lite' tier there of. Smart telly's have an app to connect, obviously you can watch it via a laptop and a cable, as I had to before I got a smart telly, but if you have to use the VGA out (as opposed to a digital port) then as with several of the legal options you run into HDCP issues.

    2. theModge

      Re: Who...

      I watch virtually no live broadcast TV, aside from the news if I get a chance over breakfast. Beyond that it's a mix of iPlayer, amazon prime and netflix. I struggle to find anything I like live as such not having to plug my laptop into the telly whenever I wanted to watch anything has been a massive bonus since I procured the smart telly. No doubt this means the organisations listed above know my viewing habits (mostly vikings recently for the record) but given they don't even offer porn there's nothing to worrying there. I do worry a little about Samsung spying on me them selves, but logic prevents them employing a human to listen to voice recordings (too many TVs) and anyway what's the point? That leaves some meta data. I can't say it's a price I'm happy to pay, but they will find my data surprisingly low value and confusing, I doubt they can do much with it.

      1. Tom Paine

        Re: Who...

        Relax. You are not a CIA target.

    3. TRT Silver badge

      Re: ...to my knowledge...

      Just where they want you.

    4. Digitall

      Re: Who...

      '...actually uses the smart features of a TV?'

      The CIA, big brother is watching YOU whether you think you are using it or not!

      1. TRT Silver badge

        Re: Who...

        In soviet Russia, TV watches YOU!

        1. Christoph
          Big Brother

          Re: Who...

          "In soviet Russia, TV watches YOU!"

          In Airstrip One, Telescreen watches you.

  12. Anonymous Coward
    Anonymous Coward

    WhatsApp / Signal

    I can see how Signal would be safe, you can't screenshot it and it seems to have some pretty robust protection around the app...however, if a phone has been locally compromised (which appears to be the point of these 'sploits) then WhatsApp could easily be compromised since you can screenshot it.

    Also, WhatsApp images are stored in the clear on your phone.

    Am I right?

    1. Pseu Donyme

      Re: WhatsApp / Signal

      I don't think any app is safe against local root access, never mind an exploit that allows running code in kernel mode i.e. unfettered access to the hardware: with these the attacker has access to everything the user has (and more).

      1. Tom Paine

        Re: WhatsApp / Signal

        SGX is an attempt to implement privacy from root:

        https://en.wikipedia.org/wiki/Software_Guard_Extensions

        Can't see it working in the real world, myself, and it's already had some flaws discovered:

        https://arxiv.org/abs/1702.08719

        Apologies to whoever/wherever I picked those links up from, I can't remember where it was. El Reg, possibly.

      2. Anonymous Coward
        Anonymous Coward

        Re: WhatsApp / Signal

        If they'd like to show me how to root my new-ish Chinese Doogee phone I'd be very grateful to them. :o)

  13. Anonymous Coward
    Anonymous Coward

    You were right, no surprises

    just disappointment and disillusion caused by the use of politically motivated leaks... and the do as I say, not as I do el president.

    What did they expectafter all ? an inventory of ear trumpets, micro cameras and telescopes?

  14. Anonymous Coward
    Anonymous Coward

    Dunno what to say

    but El Reg did a great job in going through the documents so...

    d(*⌒▽⌒*)b "good job"

    but if this is a single target operation organization, then it's some what expected. If someone is determined to hack the target, it's very like they'll get hacked especially in today's security.

    1. TRT Silver badge

      Re: Dunno what to say

      That comment?

      ಥ_ಥ

  15. regregular

    Question not adressed

    I am not tech savvy enough to look at exploits and figure this one out myself, so here is a question to the editors or knowledgeable readers...

    It is claimed that Wikileaks has not dumped raw this time around, but redacted stuff. One new report also said that the "exploits" aren't, they are just rough descriptions with no code, tools or proof of concept. So, on the surface a responsible thing to do, otherwise every criminal could now use those exploits with minimal effort and research in a fresh incarnation of malware/ransomware.

    What I wonder though, are those released bits enough to let the engineers at the manufacturers figure out what is wrong with their code and fix it? Is this leak going to result (at least with manufacturers who care) in mitigation of those attack vectors or are they just being told "your stuff is exploitable, but you don't know how..." ?

    1. Naselus

      Re: Question not adressed

      Depends on the vendor, mostly.

      Quite a few of the exploits rely on already-patched vulnerabilities - so several of the iOS, OSX and Android ones won't work on modern equipment regardless. Others are of questionable value to patch - anything which requires them to actually nick your phone to deploy is unlikely to be considered a high priority, for example.

      Of the remaining ones, Microsoft, Apple, Google, Linux and Cisco are likely to go into patchmode overdrive to clear up actual vulnerabilities of zero-days. High-end phone manufacturers (Sony, Samsung etc) will probably look to implement some fixes too. Some of the leaks are pretty specific (say, the Windows control panel exploit) and so can be patched around. others are vague to the point of useless.

      Lower-end phone manufacturers, mid-range and below models from the big names, and 95% of IoT vendors, on the other hand, are pretty unlikely to do anything either way; as a rule, anything IoT doesn't require any effort whatsoever to hack right now and so is unlikely to see any improvement from this. There's 2 or 3 devices this doesn't apply to (Nest thermostats, Amazon Echo and Google Home, one or two others) but even they are unlikely to be particularly secure and shouldn't be given access to any sensitive information.

      In terms of non-vendor security stuff, we could add extra blocking rules to firewalls and monitor back-end traffic based on some of the information in the leaks, but the odds of the CIA continuing to use any easily-changed stuff (like port numbers or C&C server IPs) after this are basically zero, so any short-term fixing on that score will be obsolete before you read this post.

      On the other hand, unless you're either a high-ranking member of the Russian government or presently running an Al Qaeda cell, you're probably not on the CIA's radar anyway and not likely to be a victim of any of the exploits listed. They don't really care what most people are doing unless it's directly pertinent to a current investigation, and having useless extra data to analyse is generally considered detrimental by most spy agencies.

      There's about 3 billion phone calls made in the USA alone every day. The NSA may be recording them all, but no-one is listening to them for the most part; they use heuristic software (like your antivirus) to try and filter it down to a manageable number for human analysts to look at in real time, but not particularly successfully. I recall at least one senior intelligence official specifically stating that the NSA's mass-tapping program was a waste of time, effort and money that yielded far less useful intel than old-fashioned spy work did, and made the agency complacent on top - it's almost pure security theater with very little benefit. You're just not that interesting to the US government.

  16. Aristotles slow and dimwitted horse

    Slightly off topic...

    Apologies for a slightly off-topic post... but can anyone point me to a guide as to how to Wireshark other devices on my LAN via wi-fi. I have W/S on my PC and can see the traffic coming and going from that, but as a previous commentard mentioned I'd like to see what traffic is coming from my TV and other connected devices on my network, and then to ensure that it's all leaving my router encrypted properly via my VPN.

    I have it in promiscuous mode, but I still can't seem to see traffic from other devices - so perhaps I have the method totally wrong?

    Thanks in advance.

    1. hplasm
      Boffin

      Re: Slightly off topic...

      You will either need a non-switch hub that you can use to tap the lead from the device of interest; or the switch that it is connected to, if better than base level, would need to support port spanning, that can direct the target's port traffic to your Wireshark PC's port.

      HTH

      1. TRT Silver badge

        Re: Slightly off topic...

        If the WiFi Access Point is built in to the final gateway/modem, then you'll have to run a custom firmware/OS on the modem/WAP/switch.

        I've got my devices all separated out so I can control and monitor each step. Meraki Wi-Fi WAP, connects to a switch/vLAN gateway for the wired LAN, switch/vLAN gateway connects to a firewall/NAT, firewall/NAT connects to a DOCSIS3 modem. I can insert a laptop with two ethernet ports in-between any two of the devices and capture all the packets travelling between them. Kind of cumbersome, but I feel it's better than having it all in one "magic box".

    2. Anonymous Coward
      Anonymous Coward

      Re: Slightly off topic...

      I just use arpspoof on a linux box to sniff whatever traffic I like:

      echo 1 > /proc/sys/net/ipv4/ip_forward (to activate port forwarding)

      arpspoof -i wlan0 -t <target> <default gateway> -r (to arpspoof both ways).

      Then you just run wireshark. If you want to specifically target HTTP/HTTPS traffic you fire up burpsuite on port 8080 then use an iptables rule to forward all 80/443 traffic to that. Have fun!

    3. Phil Endecott

      Re: Slightly off topic...

      > can anyone point me to a guide as to how to Wireshark other

      > devices on my LAN via wi-fi.

      Your switch needs "port morroring".

      I.e. you need an ethernet switch connected to (a) broadband router, (b) wifi acces point, (c) PC, configuured so that port (b) is mirrored to port (c).

      This isn't easy if you have a combined wifi+boradband box, as most people do, unless that has a mirroring feature itself (which it probably doesn't). And the cheapest ethernet switches don't have port mirroring.

      The alternative is to have two network interfaces on your PC, and to make the PC itself a bridge that the data must traverse between the broadband internet connection and the device of interest.

    4. Aristotles slow and dimwitted horse
      Pint

      Re: Slightly off topic...

      Thanks chaps for all of the responses to my initial query. Very helpful commentards you all are.

      Have a pint on me --->

  17. Anonymous Coward
    Anonymous Coward

    Just like normal developers

    Did anyone notice they are all using Jira + Git for their source control/workflow?

    Also there was a funny bit where someone listed the passwords to their 'test' laptops and then in the comments people are going 'What if security sees this?'. You'd be forgiven for thinking it was a leak from some random company's intranet, not the CIA.

  18. Digitall
    Black Helicopters

    That CIA exploit list in full?

    As previously mentioned, Linux and derivatives have not been mentioned due to the CIA using Linux as their base OS..as if they would show the exploits to compromise themselves!

    Thus in itself would be a backdoor to the CIA ..no?

    1. Tom Paine

      Re: That CIA exploit list in full?

      You are mistaken. For a start, there are mentions of Linux exploits.

      1. EvadingGrid

        Re: That CIA exploit list in full?

        This is what happens when you rely on reporting, instead of looking for yourself. Most of the Linux docs are instructions for n00b windows gurus to do simple stuff using Linux. The only exploits I've found so far assume the user is to thick to look in /var/log or notice the mysterious extra .config file.... RTFwikileaks.

  19. John Smith 19 Gold badge
    Coat

    UMBRAGE?

    Does that make the Team Leaders code name "Dolores"?

    1. Aladdin Sane

      Re: UMBRAGE?

      Who'd've thunk that a bunch of nerds would be so geeky.

  20. Allonymous Coward
    Big Brother

    What depresses me about all this

    Is the fact that, once again, Richard Stallman has been shown to be right instead of just a toejam-eating, tinfoil-hat-wearing nutcase.

    1. wolfetone Silver badge

      RE: toejam-eating

      Oh come on! I was nearly free of the image of seeing him do that. Thanks for refreshing that particular memory.

    2. Kiwi
      Linux

      Re: What depresses me about all this

      Is the fact that, once again, Richard Stallman has been shown to be right instead of just a toejam-eating, tinfoil-hat-wearing nutcase.

      So.. And please note that I am a fan of Linux and get great pleasure at deriding the crapfest that is windoze, and while I respect at least some of what RS has tried to do for the computer users of the world and for those of us who use free software..

      But I have to ask.. Is he "proven right" when he "developed" the software we erroneously call "Linux"? I thought that was some guy named Linus or something like that in the 90's but I guess I could be wrong, and I quote : "I gave this system the name GNU. (You have probably heard people call it “Linux”, but that's an error.).

      Stuff like this undermines otherwise good work. Perhaps his reputation as a bit of a nutter is somewhat earned? Am I missing something here?

  21. Winkypop Silver badge
    Joke

    I got spied on once....

    ....CIA said I was too boring, so moved on to the Hamdani's next door.

  22. Anonymous Coward
    Anonymous Coward

    "Nothing to see here, folks, move along..."

    I know the CIA has made a practice of handing complete articles to the media and having them published as if independently written. But I didn't know The Register participated in the program.

    "First, though, a few general points: one, there's very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people".

    So there's nothing to see here, move along people, nothing to worry about. Just your government doing its job as usual.

    Of course, dirty lousy Russian fink spying is a rotten trick that we should all abhor. But good ol' American spying is, well, just what you should expect.

    It's amusing to note that the CIA apparently has "five main directorates" - just like the KGB in all those thriller novels and movies.

    1. Tom Paine

      Re: "Nothing to see here, folks, move along..."

      So there's nothing to see here, move along people, nothing to worry about. Just your government doing its job as usual.

      Of course, dirty lousy Russian fink spying is a rotten trick that we should all abhor. But good ol' American spying is, well, just what you should expect.

      Yes, that's right, except that you should expect Russia to hack in pursuit of intelligence as well. Nothing controversial in that. What the US and EU are getting upset about are active information warfare operations designed to influence domestic politics. I can see both sides on that; the US, I'm sure, would love to be rid of Putin and might well be doing things to try to hasten that day, but Putin's Russia is (1) an adversary and (2) not a liberal democracy. If there was evidence the CIA were trying to influence, say, domestic UK politics in a significant way, there'd be an uproar, and rightly so.

      1. Anonymous Coward
        Anonymous Coward

        Re: "CIA evidence influencing domestic UK politicks..."

        as if! https://en.wikipedia.org/wiki/The_Atlantic_Bridge

        quote: A 2010 report by the Charity Commission ruled that it was "not evident that [The_Atlantic_Bridge] had advanced education" and "may lead members of the public to call into question its independence from party politics". It was ordered to enact a 12-month review to bring it into line with its charitable objectives. On 30 September 2011, The Atlantic Bridge was dissolved by its trustees.

        The 'old' guardian mentioned this additional high-level group of non-transparent influenced politicos etc

        https://www.theguardian.com/world/2004/nov/06/usa.politics1

        quote: US news, Friends in high places

        You won't have heard of the British-American Project, but its members include some of the most powerful men and women in the UK. Officially it exists to promote the 'special relationship', but it has been described as a Trojan horse for US foreign policy. Even its supporters joke that it's funded by the CIA. Should we be worried? Andy Beckett reports Saturday 6th November 2004

        "Mo Mowlam ... Chris Smith ... Peter Mandelson ... Baroness Symons ... George Robertson ... Jonathan Powell ... Geoff Mulgan ... Matthew Taylor ... // ...James Naughtie and Jeremy Paxman " etc

        On the wider media fringes, can find loads more 'open source evidence,' possibly including https://en.wikipedia.org/wiki/Kennedy_Scholarship

        just look at some of those 'useful idiots' on that list - some of them still try to influence domestic UK politics, allegedly.

        polyticks = many, evil blood-sucking insects

      2. Anonymous Coward
        Anonymous Coward

        Re: "Nothing to see here, folks, move along..."

        "What the US and EU are getting upset about are active information warfare operations designed to influence domestic politics".

        Well, in that case they should tell the CIA and NSA to stop doing it.

      3. Uffish

        Re: "Nothing to see here, folks, move along..."

        @ Tom Paine, you wrote:-

        "If there was evidence the CIA were trying to influence, say, domestic UK politics in a significant way, there'd be an uproar, and rightly so."

        My personal belief, without any proof, is that the USA has influenced UK domestic politics and there wasn't an uproar. Mind you, they are usually very good about not leaving evidence.

    2. WatAWorld

      Re: "Nothing to see here, folks, move along..."

      "I know the CIA has made a practice of handing complete articles to the media and having them published as if independently written. But I didn't know The Register participated in the program."

      I wonder if they'll be resignations over this at The Reg.

  23. Pseu Donyme

    I'll have to object to the idea (a tautology, really) that being a spy organization legitimizes spying: in civilized countries this is illegal without a warrant (for a good reason). Moreover, a spy organization operating outside its native country / jurisdiction cannot legitimately have such a warrant.

    1. Tom Paine

      Of course Country B's laws won't allow Country A to spy on it, but Country A's laws certainly allow them to spy on Country B, and vice versa. Not sure what point you're trying to make here. Espionage and intelligence are a Bad Thing and unsporting, and gentlemen should never do it? If so, I'm sorry but that ship sailed many centuries ago.

      1. Anonymous Coward
        Anonymous Coward

        Country A = USA

        We were talking about Country A (i.e. the USA) being spied on by its own "intelligence agencies" (aka "criminal enterprises"). And not being able to do anything about it, because:

        1. The American voter has no influence whatsoever over either the President or Congress;

        2. Neither the President nor Congress has any influence whatsoever over the alphabet soup;

        3. If any mere politician (or anyone else) looks like being too much of a nuisance, the agencies just kill them. (Cf both Kennedys, MLK, etc. etc.)

    2. Naselus

      ...ish.

      While, in theory, spying is illegal, in practice it's tolerated because otherwise it makes diplomacy almost impossible. In international relations, having some level of espionage is considered sort of polite; it shows you take an interest in what your neighbour's up to and his culture. Plus, because it's still theoretically illegal, it gives you someone to expel if you want to make a diplomatic statement - which is why during the cold war the US or USSR could always conjure up 70+ spies to expel when the other pissed them off. They already knew they were there, but were tolerated because not spying on each other obsessively would cause the odds of nuclear war to go up.

      1. Aladdin Sane

        Besides, if you know somebody's a spy then you keep them around, otherwise they'll be replaced by somebody who may not be a spy.

  24. Christoph

    "Hacking devices this way is fraught with risk and cost"

    Not if the target goes through an airport and has their phone taken away and compromised.

  25. Anonymous Coward
    Anonymous Coward

    Not sure where Intelligence is lower

    The news from WikiLeaks is not that the CIA spies but what they are using to do it. I'm not sure why so many commentards seem to think this proves Obama didn't spy on Trump but then, from what they are saying, it seems like they think Obama's apparent penchant for annoying President Putin and the Russians is fully justified because Obama said Trump was talking to the Russians before he became President.

    Since the alternative is NOT talking to the Russians (who, coincidentally, have more nukes than anyone else) which would almost certainly feed their alleged paranoia and distrust of (Obama's) America, I am not quite sure what would be gained by following the sentiments displayed by most of the people here.

    Honestly, trying to discuss whether or not the Alphabet Soup mobs should be spying on their own citizens (regardless of exactly how they are doing it, and doing it through the other '5 Eyes' nations as proxies is no different than doing it themselves if you stop and think about it) is getting to be like trying to hold an intelligent conversation about non-manmade global warming or the UK leaving the EU without having some idiot start shouting to cover for the fact they have no real evidence to back up their claims.

  26. Anonymous Coward
    Anonymous Coward

    Finally, a valid use case for smart meters

    Finally, a valid use case for smart meters. The real-time power usage monitor will tell me when the CIA is secretly turning on my TV.

    Unless they're fiddling my smart meter readings too of course. Am I just the right amount of paranoid, or not paranoid enough?

    1. regregular

      Re: Finally, a valid use case for smart meters

      Curiosity: knowing if/when they eavesdrop

      Paranoia: Switchable power outlet to cut all power to device when not in use. For good measure, opening up the device and drilling out or unsoldering microphone / camera. That is paranoia.

      1. Anonymous Coward
        Anonymous Coward

        Re: Finally, a valid use case for smart meters

        > Paranoia: Switchable power outlet to cut all power to device when not in use.

        Errr... sound more like an effective way to manage power use?

  27. Anonymous Coward
    Anonymous Coward

    Democracy has ended

    To have functioning democracy the citizenry must be informed, the government transparent, and voters free from manipulation, fear, and government reprisals. None of that is possible in the 21st century, where any or all citizens can be covertly targeted for total surveillance, even eliminated leaving no evidence if required. Where China is the success story and Russia is showing the world the way forward for what is still being called democracy. Where even the President of the U.S.A. has the power to drone kill American citizens without due process and has indeed drone killed American citizens without due process and the MSM dutifully reported that new power as nothing to worry about. .

    With nations ignoring the interests of their citizens with trade and immigration policies, transferring ever larger tax loads unto individuals, giving the wealthy open access to State coffers, and failing to protect all cultures equally what is a concerned citizen to do?

    When peaceful revolution is made impossible.

    1. Anonymous Coward
      Anonymous Coward

      Re: Democracy has ended

      "To have functioning democracy the citizenry must be informed, the government transparent, and voters free from manipulation, fear, and government reprisals..."

      Hahahahahahahahahahaha! I thought we were discussing the USA - why have you suddenly switched to Russia?

      As for the USA, it's been ready for the proverbial fork for a few decades now.

      https://www.amazon.co.uk/GOVERNMENT-WOLVES-JOHN-W-WHITEHEAD/dp/1590799755

      https://www.amazon.co.uk/CIA-Organized-Crime-Illegal-Operations/dp/0997287012

      https://www.amazon.co.uk/Devils-Chessboard-Dulles-Americas-Government/dp/0008159661

      https://www.amazon.co.uk/Brothers-Stephen-Kinzer/dp/1250053129

      1. Anonymous Coward
        Anonymous Coward

        Re: Democracy has ended

        "Hahahahahahahahahahaha! I thought we were discussing the USA - why have you suddenly switched to Russia?"

        Maybe because the USA gazed too long into the abyss but as this story and your links tell us the reasons matter little. The "Democratic" West has become a monster, become the very things those before us fought against. And all we had to do to avoid this monster was to protect their vision of our future, to speak up and protect the rights we had.

        Now we are fighting a 5 eyed monster that is far more powerful than they could have ever imagined.

        Interesting times.

  28. Zmodem

    thats all well and good unless you have zonealarm on your windows, its still british and won't take no CIA money like PGP

  29. Robert D Bank

    Targetting

    I expect by far the greatest use of any of these exploits is for gaining advantage in international trade or other negotiations, for corporate commercial advantage and to some extent criminal and terrorist tracking, in that order. And by the above I wouldn't align this to any particular state, there are those that happily sit way above that level that feed off this.

    May their pubes catch on fire.

  30. Anonymous Coward
    Anonymous Coward

    "The President's pet news outlet Breitbart"

    Other way round, no?

  31. PTW
    Flame

    Dear el Reg,

    How about you stick to reporting tech news?

    The subject is tech, the political bias in this piece is just bullshit, it's not a six form common room!

    I really feel for your hacks that failed to be hired by the HuffPo, or The Indy but here really isn't the place.

    Caveat - This may have been said previously in the thread but it was TL;DR

    I want the old Reg back.

    1. mark9w

      Re: Dear el Reg,

      Yes, that is what I thought too. I seriously doubt that Wikileaks publishes this to help a right wing politician such as Trump.

      And if instead of spinning conspiracy theories The Register would focus on the technical details they would maybe have spotted what is most problematic about the leak.

      The CIA is paying contractors to develop zero day vulnerabilities, does not inform the vendors and then the malware leaks. The CIA is actively helping criminals this way. If they could keep the code secret, it might not be that bad. But this is a scandal!

      But when there is a story about Trump it seems journalists loose their mind.

      1. diodesign (Written by Reg staff) Silver badge

        Re: Re: Dear el Reg,

        "The Register would focus on the technical details"

        There are very few technical details in the WL dump - and we've linked to the most interesting stuff for you to read yourself. There is basically not much of worth in the leak, relative to the hype, which makes us wonder why St Jules went to the trouble of going ballistic over it...

        "The CIA is paying contractors to develop zero day vulnerabilities, does not inform the vendors and then the malware leaks"

        We've written pages and pages and pages about the IC hoarding vulns. And no malware nor exploits leaked in this WL dump.

        C.

    2. diodesign (Written by Reg staff) Silver badge

      Re: Dear el Reg,

      Haha, no. We'll write what we want.

      C.

  32. Mage Silver badge
    Black Helicopters

    Obligatory XKCD

    Also my view on how significant this "wikileak" is

    XKCD Hacking

    Hover mouse text (for those on phones/tablets)

    The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.

    (use view element, copy outer HTML)

  33. Joe Harrison

    Who me? I'm just a regular tech guy

    We spoke to Affinity's manager, Bill Collins, who checked out the page and pronounced himself baffled. They're a small computer repair shop, he said, with no links to the CIA.

    He would say that, wouldn't he.

  34. WatAWorld

    False news?

    " was engineered to help the President pin the hacking of his political opponents' email server on the CIA"

    The link in there is to a page that no longer exists.

    Doubtless false news, so you should recraft your article changing your phrasing from "statement of fact" to "idle speculation".

  35. WatAWorld

    The CIA is supposedly prohibited by US federal law from spying within the USA

    The CIA is supposedly prohibited by US federal law from spying within the USA.

    If it is, that is huge news. Huge huge news.

    https://en.wikipedia.org/wiki/Central_Intelligence_Agency

    "Unlike the Federal Bureau of Investigation (FBI), which is a domestic security service, the CIA has no law enforcement function and is mainly focused on overseas intelligence gathering, with only limited domestic intelligence collection."

    https://en.wikipedia.org/wiki/National_Resources_Division

    "The National Resources Division (NR) is the domestic division of the United States Central Intelligence Agency. Its main function is to conduct voluntary debriefings of U.S. citizens who travel overseas for work or to visit relatives, and to recruit foreign students, diplomats and businesspeople to become CIA assets when they return to their countries"

  36. Simon Harris

    CIA departments...

    Is there one dedicated to making up names for stuff?

  37. WatAWorld

    Your Twitter link in this is dead, so the garbage it contained has probably been withdrawn

    "Thirdly, if you've been following US politics and WikiLeaks' mischievous role in the rise of Donald Trump, you may have clocked that Tuesday's dump was engineered to help the President pin the hacking of his political opponents' email server on the CIA. "

    1. The CIA is barred by US federal law from spying domestically.

    2. Are you guys mind readers? If no, then you must be making it up.

  38. Cynic_999

    Samsung

    It's not true that the CI|A would need physical access to infect a TV. Just spoof Samsung's server and the TV will download the Trojan as an automatic firmware update.

  39. FlamingDeath Silver badge

    Who watches the watchers

    Let's face it, the security services are rotton to the core and will happily give billions of dollars to "moderate rebels" to fight their ill thought out NWO plan. They can't be trusted in any capacity and to say they are there to protect citizens is hugely naive, the security services are nothing more than the establishments lawless thugs and are there to protect the establishments interests no matter what the fallout may be for ordinary people. The media are in the same boat, there to protect the interests of the established elite, by pushing out lies and fake news and twisted facts, telling you what to think, not how to think.

    Just look at it this way, when you were at high school, did you have any lessons teaching you how to minimise your tax bill? or how to hold your elected officials to account? or to make sure you are getting all the benefits you are entitled to?

    Of course fucking not, you're a fucking pleb, and thats how the establishment view you.

    If you're a member of a secret society, you're an idiot and have no idea

  40. kdd

    "Engineered to help the President"? Oh puhleez...

    Anyone who wasn't aware that attribution is extremely difficult and is intentionally being misrepresented by hackers, or uncritically accepts what the CIA said about it as true, is either a moron or has an axe to grind in distracting us from blaming the Democrats for a general rout of their party's candidates rather than the Russians. It doesn't take another Wikileaks treasure trove exposing massive government abuse of power to realize any of that.

  41. FlamingDeath Silver badge
    Black Helicopters

    The S in IoT stands for security

    I have a Samsung telly, the damned thing has been attempting to ARP cache poison my network so it can pretend to be the gateway, it wouldn't surprise me if the security services were working in collusion with Samsung. We know this sort of thing goes on now, no longer just a very strong suspicion, it is happening, and there is no accountability.

    The thought of having someone creep around in between the walls of my home scares the crap out of me, because that is essentially the only analogy I could muster, what's worse is once they're in they will look to gain persistence in the network, like an uninvited guest you can't get rid of.

    I guess we won't be seeing any kind of eutopian progress soon, it's proper shit.

    George Orwell, what a guy!

  42. Anonymous Coward
    Anonymous Coward

    "The President's pet news outlet Breitbart"

    -> "The news outlet Breitbart's pet president"

    ftfy

  43. Wzrd1 Silver badge

    Odd!

    Not a hint of *BSD.

    Interestingly enough, I have precisely zero Windows based systems at home, my Mac was stolen and not replaced after a burglary, the rest are Linux or *BSD (you'll excuse me for not discussing the variant) and I still hold a US security clearance.

    But then, my rather lengthy file does mention two things.

    I'm a dick.

    And I'm one hell of a good, long or short distance shot.

    OK, a third entry, "Mostly harmless". ;)

    1. Baldy50

      Re: Odd!

      Anyone seen Samsung's new TV commercial? Are they trying a bit to hard, to placate the masses, with more of the production moving back to the US?

      The Adds funny, though!

  44. dmacleo

    If you're using Windows Exchange 2010, the CIA has a tool for that, dubbed ShoulderSurfer. This performs a code injection attack against the Exchange Datastore manager process that would allow an agent to collect emails and contacts at will and without the need for an individual's credentials.

    ************************************

    huh odd thats what clintons exchange server was. I forced a bouceback to get headers and found it one service pack and a few CU behind current for 2010.

  45. This post has been deleted by its author

  46. GrapeBunch
    Big Brother

    Shiftily

    Just a few years ago, if a reference was made to a laptop open to hacking, a system operator would pipe up that anybody whose machine was hacked, was simply not taking the proper precautions. Then would follow a short list of the precautions to take. Not all of these precautions would be understandable to the layman, but oh well.

    Today those might still be useful precautions, but it seems that the likelihood of getting hacked, if a hacker is intent on you, is high. If a government agency can do it, anybody can do it.

    Where before, the layman was "stupid" if (s)he did not take the indicated steps to secure the computer, it seems that today, may it be suggested?, the layman is ill-advised to conduct medium or important business over the internet. Is this what they mean by "paradigm shift"?

    1. ThePendragon

      Re: Shiftily

      The Geek Gods say screw the layman and let there be OpenBSD !

  47. Kiwi
    Linux

    Obvious..

    Ever since version six of Comodo's code, things have become a lot easier and the CIA has an exploit dubbed the Gaping Hole of DOOM. That version ignores malware that it thinks is part of the Windows core operating system.

    Pretty obvious. Windows? Then malware. No need to look further.

    BTW, no mention of Linux? (aside from Android) Surely they have something on Linux, but the word only comes once in the article.. I know it's way more secure than Windows, but surely even Linux is not so secure that it's beyond the CIA?

  48. GMYF

    Russia Russia Russia

    Interesting article even almost a year later, particularly when seeing how the recent Meltdown and Spectre exploits affect nearly every computer system released in the last decade, necessitating an emergency update. Makes one wonder if there might be an ulterior motive.

    Regardless, you almost lost me. I'm a US citizen and a registered Democrat, and like an increasing number of Americans, I find the Russian lie to be as ludicrous and cringe-worthy today as the day it was uttered by Clinton herself. I swear if I hear it one more time, I just might vote Republican in the next election.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like