JackRiddler » Wed Mar 08, 2017 4:46 pm wrote:barracuda » Wed Mar 08, 2017 5:22 pm wrote:This whole thing is very weird, because I just can't imagine a situation where Wikileaks would do something that so clearly helps Donald Trump. #spiritcooking
On the other hand, I can imagine and have heard far more intelligent statements from you than this.
WIKILEAKS FILES SHOW THE CIA REPURPOSING HACKING CODE TO SAVE TIME, NOT TO FRAME RUSSIA
ATTRIBUTING HACKING ATTACKS to the correct perpetrators is notoriously difficult. Even the U.S. government, for all its technical resources and expertise, took warranted criticism for trying to pin a high-profile 2014 cyberattack on North Korea, and more recently faced skepticism when it blamed Russia for hacks against top Democrats during the 2016 election.
In those cases, government officials said they based their attribution in part on software tools the hackers employed, which had been used in other cyberattacks linked to North Korea and Russia. But that sort of evidence is not conclusive; hackers have been known to intentionally use or leave behind software and other distinctive material linked to other groups as part of so-called false flag operations intended to falsely implicate other parties. Researchers at Russian digital security firm Kaspersky Lab have documented such cases.
On Tuesday, Wikileaks published a large cache of CIA documents that it said showed the agency had equipped itself to run its own false-flag hacking operations. The documents describe an internal CIA group called UMBRAGE that Wikileaks said was stealing the techniques of other nation-state hackers to trick forensic investigators into falsely attributing CIA attacks to those actors. According to Wikileaks, among those from whom the CIA has stolen techniques is the Russian Federation, suggesting the CIA is conducting attacks to intentionally mislead investigators into attributing them to Vladimir Putin.
“With UMBRAGE and related projects, the CIA can not only increase its total number of attack types, but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” Wikileaks writes in a summary of its CIA document dump
It’s a claim that seems intended to shed doubt on the U.S. government’s attribution of Russia in the DNC hack; the Russian Federation was the only nation specifically named by Wikileaks as a potential victim of misdirected attribution. It’s also a claim that some media outlets have accepted and repeated without question.
“WikiLeaks said there’s an entire department within the CIA whose job it is to ‘misdirect attribution by leaving behind the fingerprints’ of others, such as hackers in Russia,” CNN reported without caveats.
It would be possible to leave such fingerprints if the CIA were re-using unique source code written by other actors to intentionally implicate them in CIA hacks, but the published CIA documents don’t say this. Instead they indicate the UMBRAGE group is doing something much less nefarious.
They say UMBRAGE is borrowing hacking “techniques” developed or used by other actors to use in CIA hacking projects. This is intended to save the CIA time and energy by copying methods already proven successful. If the CIA were actually re-using source code unique to a specific hacking group this could lead forensic investigators to mis-attribute CIA attacks to the original creators of the code. But the documents appear to say the UMBRAGE group is writing snippets of code that mimic the functionality of other hacking tools and placing it in a library for CIA developers to draw on when designing custom CIA tools.
“The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions,” notes a document in the cache that discusses the project. “Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications.”
Robert Graham, CEO of Errata Security, agrees that the CIA documents are not talking about framing Russia or other nations.
“What we can conclusively say from the evidence in the documents is that they’re creating snippets of code for use in other projects and they’re reusing methods in code that they find on the internet,” he told The Intercept. “Elsewhere they talk about obscuring attacks so you can’t see where it’s coming from, but there’s no concrete plan to do a false flag operation. They’re not trying to say ‘We’re going to make this look like Russia’.”
The UMBRAGE documents do mention looking at source code, but these reference widely available source code for popular tools, not source code unique to, say, Russian Federation hackers. And the purpose of examining the source code seems to be for purposes of inspiring the CIA code developers in developing their code, not so they can copy/paste it into CIA tools.
C.I.A. Scrambles to Contain Damage From WikiLeaks Documents
By MATTHEW ROSENBERG, SCOTT SHANE and ADAM GOLDMAN
MARCH 8, 2017
https://www.nytimes.com/2017/03/08/us/w ... s-cia.html
WASHINGTON — The C.I.A. scrambled on Wednesday to assess and contain the damage from the release by WikiLeaks of thousands of documents that cataloged the agency’s cyberspying capabilities, temporarily halting work on some projects while the F.B.I. turned to finding who was responsible for the leak.
Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.
An intelligence official said the information, much of which appeared to be technical documents, may have come from a server outside the C.I.A. managed by a contractor. But neither he nor a former senior intelligence official ruled out the possibility that the leaker was a C.I.A. employee.
The officials spoke on the condition of anonymity to discuss an ongoing investigation into classified information. The C.I.A. has refused to explicitly confirm the authenticity of the documents, but it all but said they were genuine Wednesday when it took the unusual step of putting out a statement to defend its work and chastise WikiLeaks.
The disclosures “equip our adversaries with tools and information to do us harm,” said Ryan Trapani, a spokesman for the C.I.A.
He added that the C.I.A. is legally prohibited from spying on individuals in the United States and “does not do so.”[/b]
The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, “I love WikiLeaks.”
Sean Spicer, the White House spokesman, said the release of documents “should be something that everybody is outraged about in this country.”
There was, he added, a “massive, massive difference” between the leak of classified C.I.A. cyberspying tools and personal emails of political figures.
The documents, taken at face value,
suggest that American spies had designed hacking tools that could breach almost anything connected to the internet — smartphones, computers, televisions — and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday.
A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws.
One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one.
One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of “secret/noforn,” which is a relatively low-level of classification.
Some technical experts pointed out that while the documents suggest that the C.I.A. might be able to compromise individual smartphones, there was no evidence that the agency could break the encryption that many phone and messaging apps use.
If the C.I.A. or the National Security Agency could routinely break the encryption used on such apps as Signal, Confide, Telegram and WhatsApp, then the government might be able to intercept such communications on a large scale and search for names or keywords of interest. But nothing in the leaked C.I.A. documents suggests that is possible.
Instead, the documents indicate that because of encryption, the agency must target an individual phone and then can intercept only the calls and messages that pass through that phone. Instead of casting a net for a big catch, in other words, C.I.A. spies essentially cast a single fishing line at a specific target, and do not try to troll an entire population.
“The difference between wholesale surveillance and targeted surveillance is huge,” said Dan Guido, a director at Hack/Secure, a cybersecurity investment firm. “Instead of sifting through a sea of information, they’re forced to look at devices one at a time.”
Mr. Guido also said the C.I.A. documents did not suggest that the agency was far ahead of academic or commercial security experts. “They’re using standard tools, reading the same tech sites and blogs that I read,” he said.
Some of the vulnerabilities described by the C.I.A. have already been remedied, he said: “The holes have been plugged.”
But Joel Brenner, formerly the country’s top counterintelligence official, said he believed the leak was “a big deal” because it would assist other countries that were trying to catch up to the United States, Russia, China and Israel in electronic spying.
He added that the intelligence agencies would have to again assess the advisability of sharing secrets widely inside their walls. “If something is shared with hundreds or thousands of people, there’s a sense in which it’s already no longer a secret,” he said.
The WikiLeaks release included 7,818 web pages with 943 attachments. Many were partly redacted by the group, which said it wanted to to avoid disclosing the code for the tools.
But without the code, it was hard to assess just what WikiLeaks had obtained — and what it was sitting on. The documents indicated that the C.I.A. sought to break into Apple, Android and Windows devices — that is, the vast majority of the world’s smartphones, tablets and computers.
While the scale and nature of the C.I.A. documents appeared to catch government officials by surprise, there had been some signs a document dump was imminent. On Twitter, the organization had flagged for weeks that something big, under the WikiLeaks label “Vault 7,” was coming soon.
What is #Vault7? pic.twitter.com/PrjBU0LSAF
— WikiLeaks (@wikileaks) Feb. 4, 2017
On Feb. 16, WikiLeaks released what appeared to be a C.I.A. document laying out intelligence questions about the coming French elections that agency analysts wanted answers to, either from human spies or eavesdropping. When WikiLeaks released the cyberspying documents on Tuesday, it described the earlier document as “an introductory disclosure.”
US identifies suspect in leak of CIA hacking tools
File photo: Joshua Schulte worked in the CIA’s Engineering Development Group, which produced the computer code, according to sources with knowledge of his employment history as well as the group’s role in developing cyber weapons.
By The Washington Post | PUBLISHED: May 15, 2018 at 12:22 pm | UPDATED: May 15, 2018 at 12:24 pm
By Shane Harris | Washington Post
WASHINGTON – The U.S. government has identified a suspect in the leak last year of a large portion of the CIA’s computer hacking arsenal, the cyber tools the agency had used to conduct espionage operations overseas, according to interviews and public documents.
But despite months of investigation, prosecutors have been unable to bring charges against the man, who is a former CIA employee currently being held in a Manhattan jail on unrelated charges.
Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, is believed to have provided the agency’s top-secret information to WikiLeaks, federal prosecutors acknowledged in a hearing in January. The anti-secrecy group published the code under the label “Vault 7” in March 2017. It was one of the most significant and potentially damaging leaks in the CIA’s history, exposing secret cyber weapons and spying techniques that also might be used against the United States, according to current and former intelligence officials.
Schulte’s connection to the leak investigation hasn’t been previously reported.
Federal authorities searched Schulte’s apartment in New York last year and obtained a personal computer equipment, notebooks, and hand-written notes according to a copy of the search warrant reviewed by The Washington Post. But that failed to provide the evidence that prosecutors needed to indict Schulte with illegally giving the information to WikiLeaks.
“Those search warrants haven’t yielded anything that is consistent with [Schulte’s] involvement in that disclosure,” Matthew Laroche, an assistant U.S. attorney in the Southern District of New York, said at a hearing on Jan. 8, according to a court transcript.
Laroche said at the time that the investigation “is ongoing,” and that Schulte “remains a target of that investigation.”
Part of that investigation, Laroche said, was analyzing whether a technology known as TOR, which allows Internet users to hide their location, “was used in transmitting classified information.”
In other hearings in Schulte’s case, prosecutors have alleged that he used TOR at his New York apartment, but they have provided as yet no evidence that he did so in order to disclose classified information. Schulte’s attorneys have said that TOR is used for all kinds of communications and have maintained that he played no role in the Vault 7 leaks.
Schulte is currently in a Manhattan jail on charges of possessing, receiving, and transporting child pornography, according to an indictment filed last September. He has pleaded not guilty.
A former federal prosecutor, who is not connected to the case, said that it’s not unusual to hold a suspect in one crime on unrelated charges, and that the months Schulte has spent in jail doesn’t necessarily mean the government’s case has hit a wall. The former prosecutor, who spoke on the condition of anonymity to discuss an open investigation, also said that if government lawyers acknowledged in a public hearing that Schulte was a target, they probably believe he acted alone.
In documents, prosecutors allege that they found a large cache of child pornography on a server that was maintained by Schulte. But he has argued that anywhere from 50 to 100 people had access to that server, which Schulte, now 29, designed several years ago in order to share movies and other digital files.
Schulte worked in the CIA’s Engineering Development Group, which produced the computer code, according to sources with knowledge of his employment history as well as the group’s role in developing cyber weapons.
At the time of the leak, people who had worked with that group said that suspicion had mainly focused on contractors, not full-time CIA employees like Schulte. It’s not clear whether the government is pursuing contractors as part of the leak investigation, but prosecutors haven’t mentioned anyone other than Schulte in court proceedings.
Schulte, who also worked for the National Security Agency before joining the CIA, left the intelligence community in 2016 and took a job in the private sector, according to a lengthy statement he wrote that was reviewed by the Post.
The CIA declined to comment.
Schulte said in the statement that he joined the intelligence community to fulfill what he saw as a patriotic duty to respond to the Sept. 11, 2001, attacks.
Schulte also claimed that he reported “incompetent management and bureaucracy” at the CIA to both that agency’s inspector general as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA in 2016, suspicion fell upon him as “the only one to have recently departed [the CIA engineering group] on poor terms,” Schulte wrote.
Schulte said he had also been planning a vacation with his brother to Cancun, which may have given the appearance that he was trying to flee the country.
“Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me,” Schulte said.
Schulte, who has launched a webpage to raise money for his defense, claims that he initially provided assistance to the FBI’s investigation. Following the search of his apartment in March 2017, prosecutors waited six months to bring the child pornography charges.
The Washington Post’s Ellen Nakashima contributed to this report.
https://www.mercurynews.com/2018/05/15/ ... ing-tools/
seemslikeadream » 07 Mar 2017 17:30 wrote:Vault 7: CIA Hacking Tools Revealed
https://wikileaks.org/ciav7p1/New Wikileaks Series Details CIA's 'Specialized Unit' Dedicated to Creating iOS Exploits
Tuesday March 7, 2017 8:37 am PST by Mitchel Broussard
In a new series of leaks focusing on the United States Central Intelligence Agency, code named "Vault 7," Wikileaks has revealed 8,761 documents discovered within an isolated network in Langley, Virginia that "amounts to more than several hundred million lines of code." The code contains what Wikileaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA."
This "Year Zero" release is the first in the full Vault 7 series by Wikileaks, and is said to act as an introduction to the capacity and means of the CIA's covert hacking program. The agency's abilities can take aim at a number of popular consumer products from companies like Apple, Google, Samsung, and Microsoft, turning everything from an iPhone to a smart TV into a "covert microphone."
https://www.macrumors.com/2017/03/07/wi ... -exploits/
Joshua Schulte named as suspect in 'Vault 7' leak of CIA tools to Wikileaks, but charged instead over child porn
Federal investigators believe a man who once worked for the U.S. Central Intelligence Agency is responsible for last year's massive leak of Top Secret CIA hacking tools, court documents reveal.
The suspect has been named as Joshua Adam Schulte, 29, who lived in New York, and is now in federal jail in Manhattan--not for the hack, but on child pornography charges.
https://boingboing.net/2018/05/15/joshu ... e-cia.html
FBI Search Of CIA Leak Suspect Turned Up Photos Of Sex Assault On Unconscious Friend
The government suspects that Joshua Adam Schulte gave documents to WikiLeaks, but they’re holding him on child pornography charges.
https://www.huffingtonpost.com/entry/jo ... 3fb50b8e79
Users browsing this forum: No registered users and 13 guests