Well, thanks Wikileaks!
WikiLeaks has shoved online more internal classified stuff nicked from the CIA – this time what's said to be the source code for spyware used by Uncle Sam to infect and snoop on targets' computers and devices. Today's code dump is part of a larger collection called Vault 8, and spills onto the internet what is claimed to be …
Friday 10th November 2017 07:31 GMT mhenriday
As Mr Nichols put it in what is obviously his favourite language, well done, Julian (and others) ! Keep up the good work ; we very much need to know what criminal organisations like the CIA, NSA, and the rest of the US alphabet soup are doing to intercept and monitor our communications....
Friday 10th November 2017 08:25 GMT amanfromMars 1
A Lack of Intelligence is Proven in Programs Targeted for Infiltration rather than Initiation
we very much need to know what criminal organisations like the CIA, NSA, and the rest of the US alphabet soup are doing to intercept and monitor our communications.... ...Henri
Failing spectacularly to lead smartly is surely the default they exercise, Henri. And thus is mayhem and madness the confection they gorge upon and have to deal with/waste time and space delivery on.
Such failures are the responsibility of the heads of those agencies?! Aint that right, Alex Younger [MI6]/Andrew Parker [MI5]/Jeremy Fleming [GCHQ]/Ciaran Martin [NCSC]?
Protecting the status quo is a Subprime Fools' Errand and a most unnatural course of action for nothing lively ever remains the same. It evolves and changes, and at times both radically and fundamentally.
Friday 10th November 2017 08:43 GMT Potemkine!
The HTTPS connections are established using security certificates that appear to belong to antivirus maker Kaspersky Lab, allegedly.
But but but.... I thought that according to US intelligence Kaspersky was working for the FSB? Would they have dare to lie and try to dirty Kaspersky, a non-US company? I can't believe it! :rolleyes:
Complementary questions: how many tools from the FSB were uncovered by Wikileaks? Is there any stats about how many leaks are related to the US vs related to Russia?
Friday 10th November 2017 09:24 GMT Anonymous Coward
"Complementary questions: how many tools from the FSB were uncovered by Wikileaks? Is there any stats about how many leaks are related to the US vs related to Russia?"
I don't think I would want to be a Russian leaker. I wouldn't want to be Snowden either, but his Russian equivalent might have a short life expectancy.
Besides, I suspect most of the Russian writers of hacking tools are working for oligarchs, extremely well paid and closely monitored.
Friday 10th November 2017 13:10 GMT ST
> I thought that according to US intelligence Kaspersky was working for the FSB? Would they have dare to lie and try to dirty Kaspersky, a non-US company?
It's explained in the Wikileaks Dump:
Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated..
Friday 10th November 2017 11:27 GMT SotarrTheWizard
Friday 10th November 2017 11:47 GMT Baldrickk
Re: MIPS ? PowerPC ?
A recent job had me producing builds of new software to target both of those architectures, along with about five others.
Many companies will still be running old hardware because it hasn't become redundant for its role yet, so it doesn't make sense to spend the time and money replacing it.
From what I understand, there are some major systems running at large companies (not sharing any names) that are still running on those systems.
Friday 10th November 2017 15:33 GMT Anonymous Coward
Saturday 11th November 2017 07:53 GMT amanfromMars 1
Lunatics in Parliamentary Charge of the Public Servant Asylum
Thanks for that info, Walter Bishop.
Conclusion: That's not to say the GCHQ doesn't perform MITM attacks, but there's no evidence to be found in this document. Though, FLYING PIG may be used to prepare MITM attacks, e.g. by providing information about a target. ..... FLYING PIG: GCHQ's TLS/SSL knowledge base ..... Walter Bishop
There is, is there not, an over-abundance of evidence of ineffective MITM attacks, for such are a valuable invisible weapon in any spooky virtual arsenal, with globalised media news, both mainstream and alternative and underground, presenting bad and austere views for mass realities?
Whatever happened to fantastic leaderships that presented brave new worlds with brighter futures?
Why do you accept and reward the frauds that currently squat in high office, professing to do all in your name with a democratic election their justification? Is such an arrangement pimped as the best that is on offer and therefore made available to you [hoorah, how kind] or the only one offered to you?
Saturday 11th November 2017 23:23 GMT PaidTroll