WikiLeaks claims CIA targeted iPhones, Microsoft Windows
and turned Samsung TVs into microphones as part of global hacking programmehttp://www.mirror.co.uk/news/world-news/year-zero-series-wikileaks-cia-9981832
The first full part of Year Zero, comprises of 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence, according to Julian Assange
WikiLeaks has claimed the CIA targeted iPhones, Microsoft Windows and turned Samsung TVs into microphones as part of global hacking programme.
The secretive organisations is about to release a huge trove of confidential documents from the U.S. Central Intelligence Agency as part of its mysterious Year Zero series.
The leak, code-named "Vault 7," is the "largest ever publication of confidential documents on the CIA," WikiLeaks said today.
We'll be bringing you the very latest updates, pictures and video on this breaking news story.
For the latest news and breaking news visit Mirror.co.uk/news .WikiLeaks' files reveal major security breach at the CIAhttp://www.repubblica.it/esteri/2017/03/07/news/wikileaks_files_reveal_major_security_breach_at_the_cia-159969039/
07 marzo 2017
It has happened again. Seven years after Chelsea Manning and four years after Edward Snowden, the US security complex is facing what appears to be a new serious crisis. WikiLeaks just published 8,761 internal documents on the CIA's hacking programme
. According to the organisation, this leak is just the first part of its new series on the US Central Intelligence Agency: WikiLeaks could have tens of thousands of files and even Cia cyberweapons.ITALIAN VERSION?
“La Repubblica” was given exclusive advance access to the 8,761 files. The documents appear recent: they include references to the operating systems “Windows 10”, which has only been available since 2015. La Repubblica was unable to validate them considering the last-minute access to thousands highly technical documents, however now that WikiLeaks has published them, software experts are likely to be able to verify them relatively easily, as many files consists of technical details and procedures which can be assessed independently.
These files allow to shed light on a high-tech part of the CIA which has remained completely in the shadows. Three years ago the news that the Agency had spied on the US Senate intelligence committee's years-long effort to investigate CIA's tortures by penetrating the computers of the committee staff members sparked public outrage and political fury. However, little has been known so far about the Central Intelligence Agency's skills and capabilities on hacking, malware and IT tools. These files appear to provide an insight on them for the first time, detailing internal teams and projects.
Many of these documents are classified and contain even the identities of CIA's personnel, which WikiLeaks has not published but it has rather redacted. According to the organisation, these files have been available in “an isolated, high-security network situated inside the Cia's Center for Cyber Intelligence in Langley, Virginia”, but recently the Cia “lost control of the majority of its hacking arsenal”: this archive “appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive”.
The organisation of Julian Assange has decided to publish these documents, while at the same time avoiding “the distribution of 'armed' cyberweapons, until a consensus emerges on the technical and political nature of the Cia programme and how such 'weapons' should be analyzed, disarmed and published”, because “once a single cyber 'weapons' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike”. WikiLeaks claims that the source for these documents made a statement to the organisation, explaining his rationale for providing these files: “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons”.
Inside the Cia's hacking programme Never before had it been possible to look deep inside the software develpment group of the Central Intelligence Agency. Documents allow understanding how on the top there is the so-called “Engineering Development Group” (EDG), which has branches like the Embedded Development Branch (EDB), the Operations Support Branch (OSB), the Remote Device Branch (RDB) and many more, each of them with its own projects and mission.
The EDB's mission, for example, is "To be the premiere development shop for customized hardware and software solutions for Information Operations". By utilizing operating system knowledge, hardware design, software craftsmanship, and network expertise, EDB develops software and hardware solutions "to support the "Information Operations Center" mission.
Last year, speaking to the US Senate the head of the US intelligence community, James Clapper, declared: "In the future, intelligence services might use (the internet of things) for identification, surveillance, monitoring, location tracking". Clapper was certainly not an oracle predicting the future: according to the WikiLeaks' files, the CIA has been able since 2014 to implant malware on on a well-known model of smart TV to capture conversations inside the room where the TV is connected to the Internet. The programme is called "Weeping Angel" and it was developed by the Embedded Development Branch in collaboration with the British intelligence services.
However, at least at the beginning Weeping Angel was not free from tricky challenges: "updating firmware over the internet", the Agency writes in its documents, "may remove implant (not tested) or portions of it" and a blue LED on the back created headaches to the CIA, by remaining powered even when the TV appeared to be powered off: they call it Fake-off. That blue LED could reveal that something strange was going on inside the spied TV. According to the documents, the Agency's tech people tried to address this problem in June 2014 in a joint workshop with the British intelligence agency MI5 and the Agency was ready to focus on new challenges: how to capture video and video snapshots from that smart TV. Since 2015, concerns had emerged about smart TVs ability to spy: files published today by WikiLeaks appear to confirm those concerns were not paranoia.
The Company and the dinosaurs Old and new devices are targeted by the Central Intelligence Agency, which uses both commercial and open sources software to develop its products to spy on future technologies like the internet of things devices, but also on very old ones, like the floppy disks.
A programme called "Pterodactyl", a curious name probably referring to a dinosaur technology like the floppy disk, and developed by the Embedded Development Branch has the stated goal "to provide the asset with the ability to rapidly copy 3.5" floppy disk in a covert manner. Among the requirements needed for this programme is the "obfuscation" requirement: "in order to conceal activities on the device as much as possible, the device should behave as normally as possible on the device filesystem", writes the Agency's branch.
Floppy disk technology is often dismissed as a relic of the 1980s with no relevant use, however last year a US government report allowed us to learn that they are still used to control the system that coordinates the operational functions of the US nuclear forces: from intercontinental ballistic missiles to nuclear bombers.
The Hacked Team The Central Intelligence Agency's software development group appears to learn not only from British services like MI5 but also from other companies' disgraces.
In 2015, when the Italian company Hacking Team was hacked and its internal files and correspondence was published by WikiLeaks, the CIA did not loose the opportunity to examine the Hacking Team's material.
"The data dump includes everything anyone could imagine that a company would have in its infrastructure", writes the Agency in its files, "In the interest of learning from and levereging existing work, it was decided to review selected pieces of publicly dumped data".
A Cia operative? Please fill the form Intelligence operations supported by the CIA's sofware development group are not identified in the documents: these files do not allow us to understand targets' identities and operations.
Are these software and hardware tools used in a legitimate manner to spy on terrorists? Are they used for operations involving serious human rights violations like CIA tortures or even for criminal purposes, like spying on the US Senate intelligence committee? The documents do not provide specific answers to these questions, however they do provide answers for CIA's skills and capabilities and for its programs and goals. According to WikiLeaks, “The Agency's hacking division freed it from having to disclose its often controversial operations to the Nsa (its primary beaurocratic rival) in order to draw on the Nsa's hacking capacities”.
An interesting questionnaire details the information Cia's tech people need to acquire before devising the right software and hardware tools suitable for a certain operation. "Who will be the operator of the tool?", the questionnaire asks, "Who is the target of collection (of data and information)?", the questionnaire continues, "An asset? A foreign information operation? A foreign intelligence agency? A foreign government entity? A system administrator or comparable technical target?" and “how much time do you have on the target? less than 1 minute? less than 5 minutes? between 5 and 10 minutes?”.
In the heart of Europe The files mention that the Agency's Center for Cyber Intelligence Europe Engineering (CCIE) is based in Frankfurt and it is responsible for major areas of the world, spanning from Europe (hence Italy included) to North Africa and the Middle East.
When the CIA personnel are requested to travel for duty, they have a list of "hotels [that] are pre-approved by Frankfurt Base" and are suggested some the cover story for action. "If you are OVERT CIA", the file reveal, then "your cover-for-action (for this trip) is State Department employee" and “Your point of contact's actual job” is “Frankfurt Base Officer or Declared CCIE TIO”. According to the book “The Wizards of Langley”, authored by the US intelligence expert Jeffrey Richelson who reconstructed CIA's Directorate of Science and Technology , “TIO” is an acronym which stands for “Technology Investment Office”.
Commenting this first part of its Cia series, WikiLeaks said that it has redacted “tens of thousands of Cia targets and attack machines throughout Latin America, Europe and the United States” and while stressing its decision of “avoiding the distribution of 'armed' cyberweapons”, Julian Assange warned against the risk of their proliferation:
“There is an extreme proliferation risk in the development of cyber 'weapons. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which result from the inability to contain them combined with their high market value, and the global arms trade”.