{"id":180588,"date":"2017-03-07T22:15:00","date_gmt":"2017-03-08T03:15:00","guid":{"rendered":"https:\/\/www.panix.com\/~msaroff\/40years\/2017\/03\/07\/wikileaks-explains-why-the-internet-of-things-sucks\/"},"modified":"2017-03-07T22:15:00","modified_gmt":"2017-03-08T03:15:00","slug":"wikileaks-explains-why-the-internet-of-things-sucks","status":"publish","type":"post","link":"https:\/\/www.panix.com\/~msaroff\/40years\/2017\/03\/07\/wikileaks-explains-why-the-internet-of-things-sucks\/","title":{"rendered":"Wikileaks Explains Why the Internet of Things Sucks"},"content":{"rendered":"
Another document dump from Wikileaks, this revealing how the CIA hacks into PCs, phones, and smart televisions<\/a>:<\/div>\n

In what appears to be the largest leak of C.I.A documents in history, WikiLeaks<\/a> released<\/a> on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.<\/p>\n

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.<\/p>\n

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer. Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.<\/p>\n

The document dump was the latest coup for the antisecrecy organization and a serious blow to the C.I.A.<\/a>, which uses its hacking abilities to carry out espionage against foreign targets.<\/p>\n

The initial release, which WikiLeaks said was only the first installment in a larger collection of secret C.I.A. material, included 7,818 web pages with 943 attachments, many of them partly redacted by WikiLeaks editors to avoid disclosing the actual code for cyberweapons. The entire archive of C.I.A. material consists of several hundred million lines of computer code, the group claimed.<\/p>\n

In one revelation that may especially trouble the tech world if confirmed, WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect \u201caudio and message traffic before encryption is applied.\u201d<\/span><\/p><\/blockquote>\n

If you are wondering why you are constantly hearing of some large organization being hacked, one reason is that our state security apparatus refuses to patch holes, because they use them to spy on the rest of us<\/a>:<\/p>\n

\u2026\u2026\u2026<\/span>

<\/span> Some of the attacks are what are known as \u201czero days\u201d \u2014 exploitation paths hackers can use that vendors are completely unaware of, giving the vendors no time \u2014 zero days \u2014 to fix their products. WikiLeaks said the documents indicate the CIA has violated commitments made by the Obama administration to disclose serious software vulnerabilities to vendors to improve the security of their products. The administration developed a system called the Vulnerabilities Equities Process to allow various government entities to help determine when it\u2019s better for national security to disclose unpatched vulnerabilities and when it\u2019s better to take advantage of them to hunt targets. <\/span>

<\/span> At least some civil liberties advocates agree with the WikiLeaks assessment. \u201cAccess Now condemns the stockpiling of vulnerabilities, calls for limits on government hacking and protections for human rights, and urges immediate reforms to the Vulnerabilities Equities Process,\u201d Nathan White, senior legislative manager for digital rights group Access Now, wrote in response to the new leak in a press release.<\/span><\/p><\/blockquote>\n

Iterestingly enough, it appears that the hacking tools were not actually classified<\/a>:<\/p>\n

\u2026\u2026\u2026<\/p>\n

But Wikileaks also suggests that, because the CIA doesn\u2019t classify its attack tools, it leaves them more vulnerable to theft.
<\/span><\/p>\n

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of \u201cVault 7\u201d \u2014 the CIA\u2019s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems \u2014 the agency has little legal recourse.<\/span>

<\/span>The CIA made these systems unclassified.<\/span>

<\/span>Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the \u2018battlefield\u2019 of cyber \u2018war\u2019.<\/span>

<\/span>To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying\/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber \u2018arms\u2019 manufactures and computer hackers can freely \u201cpirate\u201d these \u2018weapons\u2019 if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets. <\/span><\/p><\/blockquote>\n<\/blockquote>\n

This is why offensive cyber war is something to be avoided, because any weapon you devise becomes immediately available to the enemy to be deployed against you.<\/p>\n

If you find a bug, it should get fixed, because if you can use, so can anyone else.<\/p>\n","protected":false},"excerpt":{"rendered":"

Another document dump from Wikileaks, this revealing how the CIA hacks into PCs, phones, and smart televisions: In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[369,367,501,382,681],"class_list":["post-180588","post","type-post","status-publish","format-standard","hentry","tag-espionage","tag-internet","tag-secrecy","tag-technology","tag-transparency"],"_links":{"self":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/180588"}],"collection":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/comments?post=180588"}],"version-history":[{"count":0,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/180588\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/media?parent=180588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/categories?post=180588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/tags?post=180588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}