WikiLeaks document dump reveals CIA iPhone penetration team, insecurity of exploit library...

Posted:
in iPhone edited May 2018
A new batch of 8,761 files was released on Tuesday by WikiLeaks that alleges that the U.S. Central Intelligence Agency has a dedicated iOS exploit team -- and lacks the ability to keep the attack vectors under lock and key.




According to the latest document dump by WikiLeaks, the CIA's Center for Cyber Intelligence (CCI) responsible for computer intrusion methods has over 5000 members. The group has allegedly targeted more than 10,000 individuals world-wide, spanning iOS, Windows, and Android devices including smart televisions.

The CIA obtained the hacks by either purchasing them on the open market, or by sharing information with the FBI, NSA, or U.K. GCHQ. WikiLeaks also alleges that the CIA "lost control" of the code archive -- which ultimately led to the release of the information to the group.

The "Vault 7" release covers 14 iOS exploits and penetration methods spanning iOS 4 through iOS 9.2, with some not requiring physical device access.

Overall, WikiLeaks claims that the Engineering Development Group inside the agency's CCI has produced more than 1000 hacking systems and "weaponized" malware. Reportedly, the codebase associated with the vectors is larger than Facebook's.

WikiLeaks has chosen to not distribute information on "armed" cyberweapons at this time until "a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published."

Other documents released in Tuesday's dump includes rules on how malware should be developed as to not point back to the CIA or U.S. government, how to avoid other nation's similar attempts, and how to exfiltrate mass amounts of data gathered in a successful attack.
«1

Comments

  • Reply 1 of 37
    StrangeDaysStrangeDays Posts: 7,604member
    but but but russia hacked the election! they're bad!
    patchythepirateawilliams87tomkarlmobirdlongpathbuzdots
  • Reply 2 of 37
    gatorguygatorguy Posts: 20,603member
    sog35 said:
    And the CIA/FBI wanted Apple to hand them the keys to an iOS backdoor? 
    It appears they didn't need one from Apple since they already had a few, at least in the case of the CIA. So odd that the FBI and CIA don't seem to work together on stuff. 
    longpathstevenozbadmonk
  • Reply 3 of 37
    but but but russia hacked the election! they're bad!
    What does that have to do with this article??
    Daekwanlarryaminicoffeedaven
  • Reply 4 of 37
    wizard69wizard69 Posts: 12,791member
    but but but russia hacked the election! they're bad!
    What does that have to do with this article??
    It has everything to do with the article as it is about state sponsored hacking.   
    toysandmeawilliams87tomkarllongpathStrangeDays
  • Reply 5 of 37
    boltsfan17boltsfan17 Posts: 2,160member
    This is a perfect example of why it would have been a disaster if Apple was forced to create a backdoor to iOS for the government. 
    toysandmeawilliams87brucemclongpathmagman1979stevenozdavenlolliverlostkiwiwatto_cobra
  • Reply 6 of 37
    sog35 said:
    And the CIA/FBI wanted Apple to hand them the keys to an iOS backdoor? 
    It was the FBI, not the CIA. The CIA already had tools to get into certain devices. They wouldn't let the FBI know that they had any knowledge of any type of vulnerability that would get them into an iOS device. 

    Im sure the CIA knew about the remote jailbreak hack that's mentioned in this article:

    http://www.vanityfair.com/news/2016/11/how-bill-marczak-spyware-can-control-the-iphone
  • Reply 7 of 37
    wizard69 said:
    but but but russia hacked the election! they're bad!
    What does that have to do with this article??
    It has everything to do with the article as it is about state sponsored hacking.   
    Sorry, I thought everyone knew after 9/11 and Snowden you are vulnerable to be monitored by our government or a foreign one.

    longpathDaekwanbaconstangwatto_cobra
  • Reply 8 of 37
    blastdoorblastdoor Posts: 1,918member
    I expect the CIA/FBI/XYZ to develop hacking tools -- that's rightly a part of their job. 

    If they used those tools against American citizens without proper court approval, that would be troubling. 

    But I'd also expect them to do a better job of keeping the tools secure. The fact that wikileaks may have gained access to these tools is troubling. Seems the three letter agencies need to improve security. 
    longpathwigginfracbaconstangdaven
  • Reply 9 of 37
    blastdoor said:
    I expect the CIA/FBI/XYZ to develop hacking tools -- that's rightly a part of their job. 

    If they used those tools against American citizens without proper court approval, that would be troubling. 

    But I'd also expect them to do a better job of keeping the tools secure. The fact that wikileaks may have gained access to these tools is troubling. Seems the three letter agencies need to improve security. 
    "Proper" court approval depends on who's the judge. PRISM was not proper, and depending on who's arguing it, it wasn't legal.
    Since 9/11 our judicial and legislative branch of government are rushed to make decisions based on fear. 
    tomkarllongpathmagman1979baconstanglolliverwelshdog
  • Reply 10 of 37
    SpamSandwichSpamSandwich Posts: 31,113member
    gatorguy said:
    sog35 said:
    And the CIA/FBI wanted Apple to hand them the keys to an iOS backdoor? 
    It appears they didn't need one from Apple since they already had a few, at least in the case of the CIA. So odd that the FBI and CIA don't seem to work together on stuff. 
    This is the problem with all governments. All people are self-interested, so organizational Balkanization, ass-covering and infighting among agencies and departments has never been anything other than an absolute certainty. And that's part of why the founding fathers were so wise to pit the forces of US government against each other and limit the power of government via the Constitution. What they failed to consider was the possibility the various branches would join together on certain issues for their own benefit, plus when the Constitution is violated it cannot defend itself. 
    edited March 2017 hammeroftruthlongpathbuzdots
  • Reply 11 of 37
    georgie01georgie01 Posts: 241member
    I completely support the CIA and other security organisations developing tools like this, in the same way I support the development of weapons for security reasons. I expect them and want them to do it and am pleased to find out they're competent enough to do it.

    As long as these tools are used in legal ways against the citizens they serve we should feel good about it. Whether they do or not is a different story!
    Daekwanwigginavon b7
  • Reply 12 of 37
    gatorguy said:
    sog35 said:
    And the CIA/FBI wanted Apple to hand them the keys to an iOS backdoor? 
    It appears they didn't need one from Apple since they already had a few, at least in the case of the CIA. So odd that the FBI and CIA don't seem to work together on stuff. 
    There's actually laws in place to stop them from working 'together' in many instances. The CIA does not carry out domestic investigation unless they are tied to international 'crime'. Theoretically. Having one all powerful security agency doesn't work out well for most countries that like not to be run as dictatorships. Often what is seen as 'inxffencies' are protections against any one man or group grabbing too much power. It can still happen - one man or one group going too much power in a democracy -  but that's why things are not alway shared.
    StrangeDaysbaconstang
  • Reply 13 of 37
    hill60hill60 Posts: 6,989member

    georgie01 said:
    I completely support the CIA and other security organisations developing tools like this, in the same way I support the development of weapons for security reasons. I expect them and want them to do it and am pleased to find out they're competent enough to do it.

    As long as these tools are used in legal ways against the citizens they serve we should feel good about it. Whether they do or not is a different story!
    These tools have been leaked, they are available to be used by criminals, terrorists and foreign governments.
    edited March 2017 longpath
  • Reply 14 of 37
    mobirdmobird Posts: 140member
    ...
    As long as these tools are used in legal ways against the citizens they serve we should feel good about it. Whether they do or not is a different story!
    Going to be interesting to see who Obama was listening in on. Merkel, WTO, UN, AP that we already know about. Many more revelations will be forthcoming I'm sure.

    http://www.libertyheadlines.com/track-record-shows-obama-president-surveillance/?AID=7236
    edited March 2017
  • Reply 15 of 37
    The time has long since past when any tech(tablet, phone or PC) user, Of Apple or otherwise, should expect or believe that their machines offer privacy or security from advanced interlopers, government, foreign/domestic and private villains.

    To still not accept this reality is on the individual business, institution or person. The writing has been on the wall for some time.
    edited March 2017 baconstang
  • Reply 16 of 37
    blastdoorblastdoor Posts: 1,918member
    blastdoor said:
    I expect the CIA/FBI/XYZ to develop hacking tools -- that's rightly a part of their job. 

    If they used those tools against American citizens without proper court approval, that would be troubling. 

    But I'd also expect them to do a better job of keeping the tools secure. The fact that wikileaks may have gained access to these tools is troubling. Seems the three letter agencies need to improve security. 
    "Proper" court approval depends on who's the judge. PRISM was not proper, and depending on who's arguing it, it wasn't legal.
    Since 9/11 our judicial and legislative branch of government are rushed to make decisions based on fear. 
    I agree.

    But I fully support a system in which law enforcement and intelligence agencies *that are genuinely acting to defend and protect citizens* hack the devices of criminal suspects, provided that they have permission from a judge, that probably cause has been established, basically all the good pre-911 stuff that we imagined protected us from tyranny. 

    Also, just to be clear, I do not support the FBI's desire to get a universal back door. They can hack all they want, but they can't force Apple to do their hacking for them. 
    gatorguy
  • Reply 17 of 37
    gatorguy said:...So odd that the FBI and CIA don't seem to work together on stuff. 
    Not odd at all. If you ran the FBI, would you trust the CIA? And if you ran the CIA, would you trust the FBI?  Neither can be trusted, even by each other, so they don't share.  Makes perfect sense.
  • Reply 18 of 37
    Need to know is the operating philosophy between agencies. cross pollination takes place as necessary. Interdisciplinary teams make decisions about information dispersal and sharing.
  • Reply 19 of 37
    StrangeDaysStrangeDays Posts: 7,604member
    wizard69 said:
    but but but russia hacked the election! they're bad!
    What does that have to do with this article??
    It has everything to do with the article as it is about state sponsored hacking.   
    Sorry, I thought everyone knew after 9/11 and Snowden you are vulnerable to be monitored by our government or a foreign one.

    My point may have been too abstract for the hammering of truth. The US is currently going after Russia and US politicians hard over alleged state sponsored hacking ("bad"), while falsely insinuating the election was hacked rather than DNC org having its emails hacked and its own unethical cheating revealed. And yet, the US is a major state sponsored hacker itself, and will now claim outrage over this leak. 

    Its hypocrisy. And more proof that no gov body can be trusted with backdoors, golden keys, etc..
    edited March 2017
  • Reply 20 of 37
    redefilerredefiler Posts: 323member
    Big problems from this:

    1. CIA effectively ran a counter NSA department, when those functions are by law given to the NSA.  This was done long ago to ensure that no one agency had too much spying power.  This specific change was an Obama directive.

    2. They Obama admin entered into a cooperative agreement with technology companies in 2010 to inform them of exploits, and then completely reneged on that arrangement.

    3.  This counter NSA group at CIA purposely left all of their weaponized software exploits as "unclassified" to circumvent procedures and legalities when using highly sensitive, classified weapons and state secrets directly or through any surrogates.  This is not only highly illegal, totally shady but incredibly careless.

    4. CIA cultivated a highly destructive arsenal in secret and against the law/their agency directive, and then completely failed to protect it.

    5.  Obama admin's knowledge and usage of these tools, along with their incredibly poor history with respect to US citizens' privacy rights/rule of law regarding evidence collection, but also clandestine activities in spying on other countries, but also domestic press (including reporters at both CNN & FoxNews).

    6. Former Obama admin officials and supporters frequent vague claims of Russian hacking as a default response for information leaks and exposed embarrassing behavior by the admin, Clinton campaign and DNC.


    edited March 2017 SpamSandwich
Sign In or Register to comment.