Posts Tagged ‘Vault 7’

What WikiLeaks Really Revealed About the CIA’s Spying Techniques — Plus Former CIA Deputy Director Michael Morell Says “This data is not shared outside CIA… this has to be an inside job.”

March 11, 2017

March 11, 2017 7:00 a.m. ET

WASHINGTON—The “Vault 7” trove of documents released Tuesday by WikiLeaks has been cited by commentators to claim that the Central Intelligence Agency may have been masquerading as other foreign states while conducting its cyberhacks.

The documents being cited, however, offer no smoking gun.

The idea that the CIA posed as foreign actors has gained currency among people who are using the WikiLeaks disclosure to question the U.S. intelligence community’s conclusion that Russia hacked the Democratic National Committee and Hillary Clinton’s campaign chairman last year in order to help elect President Donald Trump. These political commentators and outlets are implying the campaign hacks could have been a CIA operation.

“CIA uses techniques to make cyberattacks look like they originated from enemy state. It turns DNC/Russia hack allegation by CIA into a JOKE,” internet entrepreneur Kim Dotcomwrote after the release in a tweet picked up by ZeroHedge, a financial blog known for its antiestablishment worldview. Mr. Dotcom, who founded the file-sharing website Megaupload, is wanted in the U.S. on charges including criminal copyright infringement, money laundering and conspiracy to commit racketeering.

Conservative commentator Laura Ingraham promoted the same line of reasoning in an exchange with host Sean Hannity on Fox News, claiming the leaks show U.S. intelligence agencies using countries like Russia as a scapegoat for their own attacks.

“If [CIA agents] were using specific deceptive techniques to look like the Russians, then that opens up the question…in all of this Russian conspiracy… did [the CIA] do it internally? The same people that were leaking on Trump?” Mr. Hannity replied.

WikiLeaks tweeted the Fox News segment to its millions of followers.

Infowars, an online outlet associated with the far right, ran a story titled: “VAULT 7: CIA CAN STAGE FAKE RUSSIAN HACKING TO UNDERMINE TRUMP.”

One problem: The documents WikiLeaks released on Tuesday don’t show examples of CIA operatives masquerading as any foreign actors, let alone Russian military intelligence, while conducting cyberattacks.

What they do show: The CIA appears to have a group called Umbrage that maintains a library of malware samples and techniques from external sources for agency programmers to repurpose when developing their own hacking tools.

Some of the Umbrage library appears to include pieces of malware linked to Russian criminal hackers and Chinese state actors, as well as publicly available malware, such as a program a French code released that can take over a web camera remotely.

WikiLeaks suggested in its news release accompanying the leak the CIA is collecting these samples to leave the fingerprints of foreign actors at the crime scene of attacks and to confuse investigators.

WikiLeaks has released thousands of documents and files dubbed Vault 7 that it says expose how the CIA is capable of hacking smartphones, computer operating systems, automobiles, messenger applications and even internet-connected televisions. Here’s a look at how they could work. Photo: Adele Morgan/The Wall Street Journal
.

But the documents released so far say nothing about the CIA using the Umbrage malware library to cover the tracks of an attack. The documents say the library there is for a different purpose: to save time and money in programming.

“The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware,” one document says. “The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions.”

The CIA has declined to comment on the authenticity of the leak or its contents.

Few cybersecurity experts doubt that U.S. intelligence agencies have the capability to impersonate other actors while hacking and the motive to mask the provenance of their attacks. Some say the CIA theoretically could use the malware samples in the Umbrage library in pursuit of that goal, though the leak so far doesn’t appear to show an example of that occurring.

“It is true that probably every intelligence agency is looking at what others are doing and trying to learn techniques and methods from them,” said Ben Buchanan, author of the “Cybersecurity Dilemma” and a postdoctoral fellow at Harvard Kennedy School’s Belfer Center for Science and International Affairs. “These documents show the CIA was doing that.”

Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs specializing in cyber conflict,said U.S. cyber operatives would need far more than pieces of hacking tools from foreign agencies to impersonate an attack by another foreign actor.

“Even if we had their tools, we’d have to suborn their infrastructure, as well as use the tools in the exact same manner,” he said. “It’s not just the tools. It’s not just the infrastructure. It’s the manner of operating.”

WikiLeaks says it has put out less than 1% of the total information it has in the “Vault 7” trove. Founder Julian Assange said in a press conference Thursday that he has additional information about ways the CIA tries to mask its attacks by masquerading as other actors.

“We have quite a lot more material that talks about these attempts to throw off attribution,” Mr. Assange said, suggesting that fulsome evidence of the CIA impersonating another actor during an attack could be forthcoming.

But cybersecurity researchers caution to pay attention to the leaked documents themselves, rather than the spin WikiLeaks or others try to put on them.

“WikiLeaks doesn’t make stuff up, but they do spin it,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “And the spin makes you wonder what’s really going on.”

Write to Paul Sonne at paul.sonne@wsj.com

https://www.wsj.com/articles/what-wikileaks-really-revealed-about-the-cias-spying-techniques-1489233601

***********************************

Former CIA Deputy Director, Michael Morell on CIA leaks — “This data is not shared outside CIA… this has to be an inside job.”

.

Advertisements

Wikileaks Exposes CIA Exploit Capable Of Cyber “False Flag” Attack — Will President Trump Blame His CIA or Russia?

March 8, 2017

 

Zero Hedge

Via Whitney Webb of TheAntiMedia.org,

Earlier today, Wikileaks once again made headlines following its release of the “largest ever publication of U.S. Central Intelligence Agency (CIA) documents.” The massive release – just the first batch in a trove of documents code-named “Vault 7” by Wikileaks – details the CIA’s global covert hacking program and its arsenal of weaponized exploits.

While most coverage thus far has focused on the CIA’s ability to infiltrate and hack smartphones, smart TVs and several encrypted messaging applications, another crucial aspect of this latest leak has been skimmed over – one with potentially far-reaching geopolitical implications.

According to a Wikileaks press release, the 8,761 newly published files came from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia. The release says that the UMBRAGE group, a subdivision of the center’s Remote Development Branch (RDB), has been collecting and maintaining a substantial library of attack techniques ‘stolen’ from malware produced in other states, including the Russian Federation.”

As Wikileaks notes, the UMBRAGE group and its related projects allow the CIA to misdirect the attribution of cyber attacks by “leaving behind the ‘fingerprints’ of the very groups that the attack techniques were stolen from.”

In other words, the CIA’s sophisticated hacking tools all have a “signature” marking them as originating from the agency. In order to avoid arousing suspicion as to the true extent of its covert cyber operations, the CIA has employed UMBRAGE’s techniques in order to create signatures that allow multiple attacks to be attributed to various entities – instead of the real point of origin at the CIA – while also increasing its total number of attack types.

Other parts of the release similarly focus on avoiding the attribution of cyberattacks or malware infestations to the CIA during forensic reviews of such attacks. In a document titled “Development Tradecraft DOs and DON’Ts,” hackers and code writers are warned “DO NOT leave data in a binary file that demonstrates CIA, U.S. [government] or its witting partner companies’ involvement in the creation or use of the binary/tool.” It then states that “attribution of binary/tool/etc. by an adversary can cause irreversible impacts to past, present and future U.S. [government] operations and equities.”

While a major motivating factor in the CIA’s use of UMBRAGE is to cover it tracks, events over the past few months suggest that UMBRAGE may have been used for other, more nefarious purposes. After the outcome of the 2016 U.S. presidential election shocked many within the U.S. political establishment and corporate-owned media, the CIA emerged claiming that Russia mounted a “covert intelligence operation” to help Donald Trump edge out his rival Hillary Clinton.

Prior to the election, Clinton’s campaign had also accused Russia of being behind the leak of John Podesta’s emails, as well as the emails of employees of the Democratic National Committee (DNC).

Last December, Director of National Intelligence James Clapper – a man known for lying under oath about NSA surveillance – briefed senators in a closed-door meeting where he described findings on Russian government “hacks and other interference” in the election.

Following the meeting, Rep. Adam Schiff (D-CA), a ranking member of the House Intelligence Committee, remarked: “After many briefings by our intelligence community, it is clear to me that the Russians hacked our democratic institutions and sought to interfere in our elections and sow discord.”

Incidentally, the U.S. intelligence community’s assertions that Russia used cyber-attacks to interfere with the election overshadowed reports that the U.S. government had actually been responsible for several hacking attempts that targeted state election systems. For instance, the state of Georgia reported numerous hacking attempts on its election agencies’ networks, nearly all of which were traced back to the U.S. Department of Homeland Security.

Now that the CIA has been shown to not only have the capability but also the express intention of replacing the “fingerprint” of cyber-attacks it conducts with those of another state actor, the CIA’s alleged evidence that Russia hacked the U.S. election – or anything else for that matter – is immediately suspect. There is no longer any way to determine if the CIA’s proof of Russian hacks on U.S. infrastructure is legitimate, as it could very well be a “false flag” attack.

Given that accusations of Russian government cyber-attacks also coincide with a historic low in diplomatic relations between Russia and the U.S.,

the CIA’s long history of using covert means to justify hostile actions against foreign powers – typically in the name of national security – once again seems to be in play.

http://www.zerohedge.com/news/2017-03-07/wikileaks-exposes-cia-exploit-capable-cyber-false-flag-attack-blame-russia

************************************

Image may contain: 1 person

Chief Intelligence correspondent for FOX News Channel Catherine Herridge said on Fox News Wednesday that in seeking the source of “leaks,” investgators often start by asking, “Who is to gain by such a leak?” In the case of the latest WikiLeaks publication of CIA documents it would seem that Russia has a lot to gain….

Sputnik Gloats: So “Russian Hackers” Were CIA All Along?

March 8, 2017
15:27 08.03.2017(updated 17:30 08.03.2017) Get short URL
Image may contain: 1 person
‘Vault 7’: WikiLeaks Exposes CIA’s Global Covert Hacking Program in Largest Ever Leak (11)
WikiLeaks has published part one of Vault 7 – a massive trove of documents on the CIA. As expected, the leaks’ contents, including new details on the intelligence agency’s shocking capabilities, and important revelations about the so-called ‘Russian hack’, have riled up social media. Sputnik has collected some of the most interesting reactions.

The first part of the leak, dubbed by WikiLeaks as “the largest ever publication of confidential documents on the agency,” comprises over 8,700 documents and files, and reveals the scale and scope of the CIA’s global hacking and tracking program.

The leak reveals that the agency has developed the means to penetrate most prominent anti-virus programs, that it has apps to turn smart televisions into recording devices, and that it has been ‘looking into’ ways to hijack computer systems in modern cars to carry out untraceable assassinations.Perhaps more than anything, social media users were freaked out by the agency’s seemingly Orwellian technical capabilities. Edward Snowden, former National Security Agency contractor turned whistleblower, explained just how big a deal it was that the CIA was using consumer electronics to target people.

Turning to Vault 7’s political implications, Twitter users pointed out that the revelations made in the leaks about the CIA’s capabilities in Russia make the Obama administration’s evidence-free ‘Russian election hack’ claims seem even more hypocritical.

Others still pointed to a very important detail about the CIA’s capabilities and efforts to misdirect attribution via phony digital fingerprints, accusing others (hint: Russia) of doing what they themselves may have done. Popular comments on this point were chock-full of sarcasm and memes.

Other users also noted that it was impressive, and scary, just how far the CIA had moved ahead of their Cold War-era opponents, the East German Stasi and the Soviet KGB. Those agencies were known for being fearsome and effective, but their technical capabilities were extremely primitive, and the butt of numerous jokes. The CIA, users said, is shaping up to look more and more like these agencies all the time, but with technology that’s far more advanced.

Bizarrely, in spite of these revelations, some Twitter users still rushed to defend the dominant Democratic Party and US mainstream media narrative, claiming that the WikiLeaks CIA leak was “another distraction from Trump’s ties with Russia” and that the revelations were all a ruse by “KGB Putin,” who “wants to destroy our CIA.”

Others still accused President Trump, who has yet to comment on the leaks, of being a “russian asset” (sic) for staying silent.

What do Trump’s opponents expect him to say? That the WikiLeaks CIA leak again confirms the ridiculousness of the hysterical ‘Siberian candidate’ campaign against him? Or that the surveillance behemoth built up under his predecessor has become more powerful than anyone could have possibly imagined?

As WikiLeaks continues its work, and to reveal more and more classified information, it will be sure to result in more reaction, and debate, about the inner workings of powerful and secretive government institutions, shattering many myths and illusions people may have about their governments and politicians.

https://sputniknews.com/politics/201703081051372136-cia-wikileaks-dump-twitter-reaction/

************************************************

WikiLeaks reveals CIA secrets — including the ability to bypass the encryption of popular messenger applications

March 8, 2017

WikiLeaks said the documents show the CIA’s ability to bypass the encryption of popular messenger applications. Shown, the agency’s headquarters in McLean, Va.

WikiLeaks said the documents show the CIA’s ability to bypass the encryption of popular messenger applications. Shown, the agency’s headquarters in McLean, Va. PHOTO: JIM LO SCALZO/EUROPEAN PRESSPHOTO AGENCY
  • WikiLeaks published 8,761 documents and files claiming to be from the CIA’s Center for Cyber Intelligence on Tuesday
  • Leak details information on how CIA-developed malware can target iPhones, Android phones and smart TVs
  • WikiLeaks alleges some remote hacking programs can turn electronic devices into recording and transmitting stations to spy on targets
  • Documents also claims the CIA can bypass encryption of Whatsapp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking smartphones
  • CIA investigated hacking control systems in cars and trucks, which would allow agency to engage in nearly undetectable assassinations 

WikiLeaks has published thousands of documents claiming to reveal top CIA hacking secrets, including the agency’s ability to infiltrate encrypted apps like Whatsapp, break into smart TVs and phones and program self-driving cars.

WikiLeaks said the files released on Tuesday – mysteriously dubbed ‘ Vault 7’ – are the most comprehensive release of U.S. spying files ever made public.

The leak purportedly includes 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

It details intelligence information on CIA-developed software intended to hack iPhones, Android phones, smart TVs and Microsoft, Mac and Linux operating systems.

WikiLeaks alleges that some of the remote hacking programs can turn these electronic devices into recording and transmitting stations to spy on their targets.

It also claims the CIA can bypass the encryption of Whatsapp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the smart phones the applications run on.

The CIA was also looking at hacking the vehicle control systems used in modern cars and trucks, WikiLeaks claims.

Scroll down for video 

WikiLeaks, founded by Julian Assange, has published thousands of documents that it says come from the CIA's Center for Cyber Intelligence

WikiLeaks, founded by Julian Assange, has published thousands of documents that it says come from the CIA’s Center for Cyber Intelligence

Wikileaks dumps information claiming proof of CIA hacking

According to a document in 2014, CIA’s Embedded Devices Branch met to discuss malware that could infect vehicle systems.

‘The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,’ WikiLeaks said.

The documents could not immediately be authenticated, but WikiLeaks has a long track record of releasing top secret government documents. A spokesman for the CIA would not comment.

WikiLeaks, which had been dropping cryptic hints about the release for a month, said in a lengthy statement that the CIA had ‘recently’ lost control of a massive arsenal of CIA hacking tools as well as associated documentation.

The organization said that ‘the archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner’ and that one of them ‘provided WikiLeaks with portions of the archive.’

They said the archive of files – referred to as Year Zero – introduces the scope of the CIA’s global covert hacking program and includes software that could allow people to take control of consumer electronic products.

The documents cover a range of topics, including what appeared to be a discussion about how to compromise smart televisions and turn them into improvised surveillance devices.

The alleged program called ‘Weeping Angel’ is said to have been developed in conjunction with the British spy agency MI5 and allows them to hack a Samsung smart TV when it is seemingly switched off.

‘After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on,’ the files say, according to WikiLeaks.

‘In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.’

The files detail intelligence information on CIA-developed software intended to hack iPhones, Android phones, smart TVs and Microsoft, Mac and Linux operating systems

The files detail intelligence information on CIA-developed software intended to hack iPhones, Android phones, smart TVs and Microsoft, Mac and Linux operating systems

WikiLeaks said the leaked data also included details on the agency’s efforts to subvert American software products and smartphones, including Apple’s iPhone, Google’s Android and Microsoft’s Windows.

The files claim the CIA  had developed numerous attacks to remotely hack and control popular smart phones.

‘Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone,’ the files state.

‘A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones including Samsung, HTC and Sony.’

According to WikiLeaks, the CIA knew about several flaws in software made by Apple, Google, Samsung and others but didn’t tell the companies about them.

Disclosing such vulnerabilities is supposed to be common practice so companies could fix them before hackers use them. But WikiLeaks says the CIA kept knowledge of the vulnerabilities to itself for use in bypassing the encryption on apps such as WhatsApp, Signal, Telegram and Confide.

WikiLeaks says the CIA had two dozen such undisclosed vulnerabilities for Android gadgets alone.

A ‘substantial library’ of digital espionage techniques borrowed from Russia and other countries is in the data as well, WikiLeaks said.

WikiLeaks claims each technique the CIA has created ‘forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity’.

‘The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

‘With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.’

WikiLeaks said it redacted the names of CIA officers and avoided publishing damaging details of cyber weapons.

They said they will refrain from doing do ‘until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.’

The files also reveal that in addition to its operations in Virginia, the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

The leak purportedly includes 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina (above)

The leak purportedly includes 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina (above)

WikiLeaks said in a lengthy statement that the files, mysteriously dubbed ' Vault 7', are the most comprehensive release of U.S. spying files ever made public

WikiLeaks said in a lengthy statement that the files, mysteriously dubbed ‘ Vault 7’, are the most comprehensive release of U.S. spying files ever made public

Wikileaks said the release of confidential documents on the agency already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Experts who’ve started to sift through the material said it appeared legitimate – and that the release was almost certain to shake the CIA.

If it did prove legitimate, the dump would represent yet another catastrophic breach for the U.S. intelligence community at the hands of WikiLeaks and its allies, which have repeatedly humbled Washington with the mass release of classified material.

Jake Williams, a security expert with Augusta, Georgia-based Rendition Infosec, has experience dealing with government hackers. He said that the voluminous files’ extensive references to operation security meant they were almost certainly government-backed.

‘I can’t fathom anyone fabricated that amount of operational security concern,’ he said. ‘It rings true to me.’

‘The only people who are having that conversation are people who are engaging in nation-state-level hacking.’

Bob Ayers, a retired U.S. intelligence official currently working as a security analyst, agreed, saying that the release was ‘real bad’ for the agency.

Ayers noted that WikiLeaks has promised to release more CIA documents, saying Tuesday’s publication was just ‘the first full part of the series.’

‘The damage right now is relatively high-level,’ he said. ‘(But) the potential for really detailed damage will come in the following releases.’

Read more: http://www.dailymail.co.uk/news/article-4289942/WikiLeaks-publish-1000s-says-CIA-documents.html#ixzz4ajHmjHHE
Follow us: @MailOnline on Twitter | DailyMail on Facebook

U.S. Government Can Spy on Just About Anyone Via The Cell Phone or TV — WikiLeaks

March 7, 2017

No automatic alt text available.

By March 7, 2017 10:59 AM PST

WikiLeaks says it’s released thousands of documents showing the CIA’s secret hacking tools that the agency can use to break into our phones, cars, computers and smart TVs.

The organization, which has published everythin from US diplomatic cables to Hillary Clinton’s campaign chairman’s emails, posted the documents Tuesday. The documents could potentially reveal the agency’s most important hacking techniques used to penetrate systems around the world. CNET is unable to verify if the documents are real or have been altered.

“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in an email.

If true, the leaks provide a glimpse into just how much access the CIA has into your life — thanks to the gadgets that you carry around all day. The magnitude of the hacking tools are jaw-dropping; the documents suggest the agency was able to break into the underlying operating systems running iPhones, Android phones and Windows and Linux computers. That meant that it had access to data stored on the device, and even encrypted messages sent through popular services like WhatsApp, Signal and Telegram.

WikiLeaks has a long track record of releasing top secret government documents, and experts who’ve started to sift through the material said it appears legitimate, CBS News reported. Yet it’s unclear whether these programs are still running or whether they affect the latest versions of each operating system.

These leaks come after more than a year of debate over government investigators accessing consumer devices. Frustrated at not being able to access encrypted information — which is scrambled and unreadable without a password — the government can purchase or develop its own hacking tools that get around encryption by unlocking devices.

This debate took off when the US Department of Justice sought to require Apple to help it open an encrypted iPhone belonging to one of the San Bernardino shooters. After Apple fought back in court, the FBI said it had obtained another way to access the phone.

If the CIA could break into a phone’s operating system, it wouldn’t have to break the encryption, but rather gain the same access to messages that a regular user would have when unlocking their phone or computer.

Apple, Google and Motorola declined to comment on WikiLeaks’ claims. Samsung didn’t respond to a request for comment.

“We’re aware of the report and are looking into it,” a Microsoft spokesman said in an email.

WhatsApp declined to comment. Signal parent Open Whisper Systems didn’t immediately respond to requests for comment. Telegram said on its website that the problem lies with operating systems and not encrypted messaging apps and that naming specific encrypted services is “misleading.”

Edward Snowden, the former NSA contractor who leaked documents detailing NSA spy programs to journalists in 2013, wrote about the WikiLeaks documents Tuesday on Twitter. He said hacking the operating system is actually “worse” than hacking encrypted messaging services like WhatsApp.

PSA: This incorrectly implies CIA hacked these apps / encryption. But the docs show iOS/Android are what got hacked – a much bigger problem. https://twitter.com/wikileaks/status/839120909625606152 

The hacking tools described by WikiLeaks go beyond merely opening encrypted devices. The WikiLeaks press release says the documents show the CIA developed tools to turn Smart TVs into listening devices with a tool called “Weeping Angel,” and sought to find ways to hack the control systems in internet-connected cars. Like something out of a spy movie, other colorful codenames include “Brutal Kangaroo,” a system to hide data images, or “Hammer Drill,” which infects software distributed on CDs or DVDs.

WikiLeaks said the CIA had also “hoarded” vulnerabilities in the software run by tech giants like Apple and Microsoft, staying quiet about exploits so the agency could retain backdoor access.

WikiLeaks claims the leaks come from a high-security CIA network in Langley, Virginia. The US spy agency appears to have targeted computers, phones and smart TVs, according to CBS News.

WikiLeaks said in a tweet that the CIA showed “negligence” in not protecting the very information it was publishing.

CIA negligence sees it losing control of all cyber weapons arsenal sparking serious proliferation concerns https://wikileaks.org/ciav7p1/#PRESS 

First published March 7, 2017 at 10:04 a.m. PT

Update, 10:59: Adds comment from Microsoft, commentary from Edward Snowden and background information, and notes that WhatsApp declined to comment. 11:32 a.m.: Notes that Motorola declined to comment and that Open Whisper Systems didn’t immediately respond to requests for comment, and adds comment from Telegram and more details from leaks.

CNET Magazine: Check out a sampling of the stories you’ll find in CNET’s newsstand edition.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it? CNET investigates.

Related:

 

WikiLeaks Posts Thousands of Purported CIA Cyberhacking Documents

March 7, 2017

Records show CIA able to spy on smartphones, internet TVs

WikiLeaks released thousands of documents and files Tuesday that it said exposed hacking tools the Central Intelligence Agency uses.

WikiLeaks released thousands of documents and files Tuesday that it said exposed hacking tools the Central Intelligence Agency uses.PHOTO: LARRY DOWNING/REUTERS

.

Updated March 7, 2017 12:23 p.m. ET

WASHINGTON—WikiLeaks released thousands of documents and files Tuesday that it said exposed tools the Central Intelligence Agency uses to hack smartphones, computer operating systems, messenger applications and internet-connected televisions.

The unauthorized disclosure—the first part of which WikiLeaks said consisted of 8,761 documents and files from the CIA’s Center for Cyber Intelligence—confronts President Donald Trump with a threat from the very organization that leaked documents on his opponent, Democrat Hillary Clinton, during the 2016 presidential campaign.

WikiLeaks named the series of files “Vault 7” and called the unauthorized disclosure the “largest ever publication of confidential documents on the agency,” saying it exposed the malware and exploits the agency amassed to hack smartphones and turn some televisions into covert microphones.

A CIA spokesman declined to comment “on the authenticity or content of purported intelligence documents.”

An intelligence source said some of the information does pertain to tools that the CIA uses to hack computers and other devices. This person said disclosing the information would jeopardize ongoing intelligence-gathering operations and the revelations were far more significant than the leaks of Edward Snowden, a former contractor for the National Security Agency who exposed active surveillance programs in 2013.

Mr. Snowden’s leaks revealed names of programs, companies that assist the NSA in surveillance and in some cases the targets of American spying. But the recent leak purports to contain highly technical details about how surveillance is carried out. That would make them far more revealing and useful to an adversary, this person said.

In one sense, Mr. Snowden provided a briefing book on U.S. surveillance, but the CIA leaks could provide the blueprints.

WikiLeaks said in its statement that it was not publishing such information as computer source code that could be used to replicate the tools it claims to have exposed. But the group left open the possibility of publishing those crucial details if “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [sic] analyzed, disarmed and published.”

Mr. Snowden said in a tweet Tuesday, “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”

WikiLeaks said the CIA recently “lost control” of the majority of its hacking arsenal. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” the site said in a statement. “The archive appears to have been circulating among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

The website put out what it called the first installment in a series of planned leaks on Tuesday, calling it “Year Zero.” It said the first installment “introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products.”

WikiLeaks said the information on CIA hacking came from an unidentified source who believes the spy agency’s hacking authorities “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”

This is the latest high-profile leak of information by WikiLeaks, which last fall published emails stolen from Mrs. Clinton’s campaign chairman, John Podesta. U.S. intelligence agencies concluded that Russian government hackers stole those emails and provided them to WikiLeaks.

WikiLeaks said the documents show the CIA’s ability to bypass the encryption of popular messenger applications, including WhatsApp, Signal, Telegram and Confide by hacking the smartphones they run on and collecting audio and message traffic before the applications encrypt the user’s texts.

The site said the documents also show how the CIA developed other mobile hacking technologies, including the ability to activate the camera and microphone of a target’s smartphone covertly and surreptitiously retrieve a target’s geolocation, audio and text communications.

WikiLeaks said one of the documents also shows how the CIA developed a program to hack internet-connected televisions in conjunction with British intelligence. The attacks can place Samsung smart TVs in a fake off mode, so the owner believes the television is switched off, while in reality it is functioning as a bug and recording conversations in the room, WikiLeaks said.

Write to Shane Harris at shane.harris@wsj.com and Paul Sonne at paul.sonne@wsj.com

.

‘Vault 7’: Wikileaks Starts New Series of Leaks on CIA

March 7, 2017

From Russia’s Sputnik

No automatic alt text available.

Wikileaks has announced the start of a new series of leaks on the US Central Intelligence Agency (CIA). The leaks are code-named “Vault 7.”

It is the largest ever publication of confidential documents on the CIA, Wikileaks said in a press release.

“The quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”

The first part of the leaks dubbed “Year Zero” comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

Image may contain: indoor

“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” Wikileaks stated.

“Year Zero” leaks reveals the scope and direction of the US intelligence agency’s “global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

Wikileaks said that since 2001, the CIA “has gained political and budgetary preeminence” over the National Security Agency (NSA). The whistleblowing site said that the agency built a “globe-spanning force — its own substantial fleet of hackers.” Moreover, the agency’s hacking division is anot allowed to disclose its operations to the NSA.

“The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”

Wikileaks stated citing the source of the leaks that “Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”

has announced the start of a new series of leaks on the US Central Intelligence Agency (CIA). The leaks are code-named “Vault 7.”

It is the largest ever publication of confidential documents on the CIA, Wikileaks said in a press release.

“The quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”

The first part of the leaks dubbed “Year Zero” comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” Wikileaks stated.

“Year Zero” leaks reveals the scope and direction of the US intelligence agency’s “global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

Wikileaks said that since 2001, the CIA “has gained political and budgetary preeminence” over the National Security Agency (NSA). The whistleblowing site said that the agency built a “globe-spanning force — its own substantial fleet of hackers.” Moreover, the agency’s hacking division is anot allowed to disclose its operations to the NSA.

“The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”

Wikileaks stated citing the source of the leaks that “Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”

https://sputniknews.com/world/201703071051342572-wikileaks-cia-series/

Related: