Spies do spying, part 97: Shock horror as CIA turn phones, TVs, computers into surveillance bugs WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops' ability to spy on people. The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, to read messages, listen in via …
"To me, naive fule that I are, it seems that running a write-protected thumb-drive OS configured to use a VPN into TOR -- of course using a no-JavaScript browser, Disconnect or similar plug-in, etc -- might be current best practice for staying unnoticed. (Going from your ISP into a VPN is less attention-getting than going directly to TOR, I believe.)"
Except you forgot about the secrets in your hardware, probably embedded into your Ethernet/WiFi controller chip where you can't avoid it.
Just confirmation (more or less depending on your view of Wikileaks) of what most of us have suspected for a long time.
Damnitall anyhow!!!!! 1984 was a work of fiction and not a frikkin' instruction manual.
No tinfoil hat here... I'll just go hide out in the bunker with some excellent adult beverages and try to ignore the world for a while.
None of you get it?
Seriously? Everything has a back-door by it's creator??? Rubbish!
An you guys call yourself computer user's? Programmers even?
This is a standards war, the argument here is for encryption & privacy as your civil right!
What Snowden leaked was enlightening to say the least, it concerns Micro kernels and Micro-code not Monolithic Kernels filled with C++ that do things differently, like co-exist as two Operating Systems on your Telephone as L4 from the American National Standards Institute (ANSI).
The US forces companies to comply with the Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton. However they have attacked the security of there own operating system's and have been caught lying about it bare faced repeatedly. The ANSI Standards happens to be a secure standard, they've just been too busy squeezing there own math's department for back-door's to keep all the evil doers away, only to discover the agencies that do the most evil are there own.
As to what it record's... Everything..
So hackers are doing the only thing they can, helping spread the C standard everywhere, liberate your mind, your brain along with the Go code's will follow.
Upgrade cryptography, include Galois Counter mode's with better padding and more Pi-P and S-Boxes and make encryption Ubiquitous!
If a creator makes a back-door that's micro-code in size and hides it in your "compiler" or even on inside embedded chips as proposed by Professor Ken Thompsons paper "Reflections of Trusting Trust" how would you even know the back-door (trap-door) was there?
You might suspect it exists, but finding out about it would prove difficult, but easily detectable if your every single device connection was slowly being sucked into a giant social & advertising network like Google via Google android!
I don't get it. Not smart enough by half.
But. I do know that the Intel Management Engine is proprietary code which runs before the BIOS, is always running, and which has unrestricted access to the host. We dunno what's in there. I believe AMD and other chipsters have similar code. From x86 considered harmful:
"There is another problem associated with Intel ME: namely it is just a perfect infrastructure for implanting targeted, extremely hard (or even impossible) to detect rootkits (targeting 'the usual suspects'). This can be done even today, i.e. before the industry moved all the application logic to the ME, as theorized above. It can be done even against users who decided to run open, trustworthy OS on their platforms, an OS and apps that never delegate any tasks to the ME. Even then, all the user data could be trivially stolen by the ME, given its superpowers on the x86 platform."
So yes, there could be a backdoor in every modern PC regardless of OS, regardless of BIOS, regardless of sandboxes and hypervisors.
If that is true, then the CIA and NSA are strewing red herrings all over the place with regard to hacking tools. I am not sure that's the case.
If that is true, then the CIA and NSA are strewing red herrings all over the place with regard to hacking tools.
Ah now you are one of the Enlightened!
Please see "security in Plan 9" an over-view by Russ Cox - it is a highly complex scientific research OS - based on the more Unix than Unix philosophy!
No, it does not intentionally include back-doors and as far as restrictive goes, it gives you "the end user" fine grained access control over your whole filing system, everything is a file.
Networking work's completely differently, no viruses, no firewall and encryption is "supposedly" easy to audit!
This post has been deleted by its author
Or maybe different aspects of the same thing?
My understanding is that the Intel Management Engine is not an optional download, it is an integral part of modern Intel chipsets. There is an extension -- the Management Engine Bios Extension -- which is open to user configuration. But not the ME itself.
If I understand what I've read, if you run an Intel machine of recent vintage then the ME is running. It runs whether you use Windows, BSD, Minix, Solaris, or anything else -- because it boots first and is necessary to initialize system clocks and hardware. As well as other critical functions.
Igor Skochinsky: "Intel Management Engine ('ME') is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS."
From a page in the Libreboot project:
"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. ... In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware. " (Emphasis in the original.)
I know I'm running on about this, but it's quite interesting to my tiny mind.
It would seem that if NSA / CIA had prevailed upon Intel to put a backdoor in the ME, then many of these leaked hacking tools and techniques are unnecessary. If there were a backdoor, then any Intel machine could be taken over by sending a special instruction to the ME (which has not only its own microcontroller and kernel but its own networking stack, and complete access to the machine's memory and peripherals as well).
So my first guess is that the ME is not thus backdoored. Because I don't think the NSA / CIA are subtle enough to create and then leak 8700 docs with hacking info. Nor are they crazy enough to release info on device hacking and antivirus amelioration, info which may be quite useful to CIA's advarsaries, whether criminal or nation-state actors.
"So my first guess is that the ME is not thus backdoored. Because I don't think the NSA / CIA are subtle enough to create and then leak 8700 docs with hacking info. Nor are they crazy enough to release info on device hacking and antivirus amelioration, info which may be quite useful to CIA's advarsaries, whether criminal or nation-state actors."
Except, given that both the CIA and Intel are American, who else could exert enough sovereign pressure to make Intel release a signed spy malware complete with encryption keys so nothing leaves the network stack in any obvious way? The Management Engine runs black-boxed like a good crypto-system, after all. How will anyone be able to know where anything is going, especially if like a smart module it piggybacks on existing traffic instead and uses a different kind of system that doesn't rely on specific destination addresses? It's practically perfect plausible deniability, and only an American sovereign authority can put that kind of pressure on an American firm like Intel.
Thanks for all of the juicy inside intel released in that post of yours, Palpy.
What it reveals to those who would see and foresee the Bigger Pictures in Greater IntelAIgent GamesPlays is more than just extremely helpful whenever able to be enabled and devastatingly subversive.
Intel Management Engineers may be more incandescent with rage and helplessly furious, though, if they be of the opinion that such remote invisible tailored access operations into multiple systems should be only an exclusive elite executive tool rather than readily available feature to deep and dark shadowy web programmers for Base Source Projects.
I would also not disagree with you about the NSA/CIA being like headless chickens in such fields as they are not in anyway suitably equipped to deal with. But then pearls before swine would be considered a gratuitous waste in any time zone or field in space.
The more the Great Game changes IT, the more Sublime InterNetworking Things stay the same with New Players and Novel State and Non State Actors plugging catastrophic vulnerabilities with devastating exploits.
“The only way to get smarter is by playing a smarter opponent” ….. Fundamentals of Chess 1883
From a page in the Libreboot project:
"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible.
Since you quote Libreboot (as I have myself done in several posts), don't forget that Intel is not alone. AMD is equally evil with its equivalent PSP.
What are they doing with them? I'd love to hear them say "we're sharing them with the OEM so holes still applicable to current versions can be patched, and will make them available later" but since they didn't say that I assume not.
Simply redacting them without comment could mean anything from waiting a few weeks and releasing them on their site causing potential chaos, to selling them on the black market, to Assange using them to hack into Trump's Twitter to make him tweet "I wear pampers under my suit to control my wiki leaks!"
"some folks are speculating that the source of the leak could be the Russians, and its true purpose is to derail the CIA for political gain."
"Journalists covering #Vault7: consider this could be as much about Russia as CIA or WikiLeaks, a continuation of teardown of US government"
No, it's yet more evidence it's the CIA that's a threat to US democracy. Notice I said 'US democracy' as the US government supposedly works for the people. and the CIA supposedly works for the US government instead of being part of a shadow government. If the US government is going to collapse it won't be anything the Russians do. It'll be mostly self inflicted. Like those people in the security services who concocted the Trump golden shower dossier.
Journalists are starting to confirm a few elements of that dossier, and reportedly US intelligence agencies have confirmed many of the details that put a specific person in a specific place at a specific time or saying a certain thing over the phone, so the more outlandish stuff like the golden showers becomes a bit less outlandish every day.
It doesn't matter what gets Redacted, the guy's in charge of "SECURITY" are pissed, that they've taken years of security research and completely abused it!
Think....
A Micro-code sized back-door?
Now think about the crap slowly creeping into your iCore and PSP chips!
Much better encryption is coming, the C code is written in plain easy to digest language, it bloody well should be, it was the fore-runner of the Morris worm.
An the last thing you want is a load of guys who understand Unix and telephone switches and I mean really understand Unix, putting it everywhere and on everything because there all Security extremists... Lol
See YouTube and get a 9front!
I feel sorry for thosee hackers .....
They work so hard to keep the upper hand in a "war" to protect their values and way of life.
Yet, to win that war they have to give up their way of life and forgo their values on a daily basis.
Eh? How'd you work that out? is there something in the Constitution that says the US shall not have intelligence agencies or conduct espionage?
Your mobile phone is a radio operating within a narrow band set by the government.
Never send an email you don't mind being read by someone else. There are so many intercept points between the sender and receiver that by the very architecture of the internet security can be breached by multiple hackers.
The government spies because being untrustworthy they suspect everyone else of being untrustworthy.
One of the oldest and most basic rules of intel is to pretend that your organisation and powers are much, much greater than they really are. Thus intimidating and discouraging the enemy, maybe preventing them from using effective countermeasures, and increasing the likelihood that they'll choose to co-operate with you.
Riddle me this: if the spooks can listen in on all of us with such ease, then why are they so fixated on requiring new backdoors in equipment and protocols? Why did the FBI have such a hard time unlocking that iPhone last year?
Assume that whatever Wikileaks publishes, the CIA wants you to see it. Countermeasures don't have to be perfect: the goal isn't "total invulnerability", it's just "don't be the low-hanging fruit".
Riddle me this: if the spooks can listen in on all of us with such ease, then why are they so fixated on requiring new backdoors in equipment and protocols? Why did the FBI have such a hard time unlocking that iPhone last year?
1) Because the people with the access to break it are the NSA/GCHQ.
2) The above obsessively avoid handing out any information about their operations and capabilities, to the point they won't use intercept transcripts in court, and in cases where they know that weapons etc are being smuggled around they'll phone up the police and tell them to do a "random safety check" on $vehicle and then tell the police to lie about having had a tipoff. (as covered by el reg)
3) Bearing in mind 1 & 2, what are the chances of these people unlocking the iPhone for use in court for the FBI?
That was one of my first thoughts, that the CIA intentionally leaked this to play up their capabilities. However, this leak paints a picture of a typical bureaucratic organization struggling to keep up with trendy technology. It makes them look second-rate.
The real culprit here isn't even the CIA, it's the smart-ass developers (in Silicon Valley and the open-source community) flooding the world with shiny, complicated, insecure devices & software. They're making it too easy for the CIA and anyone else to do mass hacking.
Unless it's a false flag operation made to make them LOOK second-rate while in truth they have a working quantum computer in Utah running away decrypting their historical data.
Falsely stating your capabilities can work BOTH ways. If you claim to be better than you are, you can cow some enemies, while if you claim to be worse, you can lull others into a false sense of security and catch them in their hubris.
The professional network equipment maker based in NATO member Latvia apparently had a whole section of the CIA's lab devoted to cracking its router and switch products. Since the Snowden leaks showed industry leader Cisco's products have been pwned by the NSA, it's only natural that Langley would go after upstart Mikrotik. A close look at the docs show a good portion of the equipment are older models that apparently can't be updated to the latest firmware. That seemed odd, until it occurred to me that those new model "cloud routers" are pretty expensive and might have been swapped out for the older kit by the CIA's less idealistic contractors. I mean, if they were willing to steal top secret weaponized government software why would they leave behind a perfectly good advanced Internet router? Recalls the PR bump Lincoln Motors got back in the 80's when crime reports showed their luxury limosines were the top pick of the nation's auto thieves.
This post has been deleted by its author
Because there's a stupid, stupid rhetoric banded about: "If you have nothing to hide then you have nothing to fear". The general idea that as you know you're not a terrorist you don't mind the state checking everything you do to prove that.
So all that will happen today is a load of "experts" saying "X government could listen in on your converstations through your smart TV, Amazon Fire Stick, your mobile phone etc", and Joe Public will hear that and first think "Well I don't mind I've nothing to hide" followed by "Well there's billions of people in the world they couldn't possibly be snooping on me" ended by "I don't understand any of this and I don't care enough about it to learn".
The rest of us who are savvy enough in IT know the risks, the dangers, and the way society is headed. In the UK especially we have lost too much liberty now for it to be stopped. It is, sadly, inevitable that the state spies on us to the point they want to know everything we do. Our political views, and any skeletons in the closet that we'd rather have no one no about just so that if we were become a potent threat the establishment we can be shut up fairly quickly with dirt they've found. And no one is squeaky clean.
«Strangely, Wikileaks seems to target some more than others.» So, Potemkine, because WikiLeaks doesn't have access to FSB or SVR documents, the work that it does in publishing documents related to the CIA or NSA is suspect ? I appreciate your logic there, but perhaps the quandary could be resolved if you were to contribute a part of your own personal stash of FSB and SVR material to WikiLeaks ?...
Henri
«Meanwhile, some folks are speculating that the source of the leak could be the Russians, and its true purpose is to derail the CIA for political gain.» How dare those tools of the dastardly Russians (and/or Chinese, depending upon how the political winds blow in Washington and vassal capitals) besmirch that valiant defender of our civil liberties - not least the 4th Amendment to the US Constitution, the CIA ?!! That is indeed carrying freedom of expression too far !...
Henri
..., which will be remotely controlled and televisualised
How intelligent does one have to be in order to work for secretive intelligence services servering to Grand Worshipful Masters of the Expanding and Exploitable Zeroday today? Or are all the really virtually smart folk that future secret intelligence servers need for tomorrow freelancing under the cover of renegade rogue state and non-state actor bodies .... and much more sensibly into the flash crashing of sensitive corrupted perverse systems of SCADA administration, as opposed to aiding and abetting them and thus allowing continuance of the great sub-prime charades that are daily media presented austere reality shows?
Such is surely the folly of fools thinking themselves smart tools.
Agents are therefore forced to carry out targeted snooping on individuals' devices, rather than carry out mass blanket surveillance.
The NSA does SIGINT. Makes sense for them to trawl as much raw comms data as possible for interesting stuff.
The CIA does HUMINT. By definition, their targets are individual people.
As Robert "ErrataSec" Graham pointed out, the NSA and CIA have different missions, and use different tools to accomplish them.
http://blog.erratasec.com/2017/03/some-comments-on-wikileaks-ciavault7.html
Lol, they publish, the hackers - read all - see all an know all and suddenly Hotmail is inaccessible to Millions of user's.. Alien invasion or just co-incidence and today in the budget report, the low hanging fruit called Chancellor of the exchequer says he wants to invest, in disruptive technologies including bio-hacking!
Read between the line's, "if we invest heavily in disruption say to the tune of 100 million" we can just carry on trying to bull-shit people about no trap-door hidden inside there boxes and blame it all on kids!
The bit that makes you laugh... They understand enough about the technology to use Linux all over there CIA machines, but little enough to realize that back-door software can be reverse engineered and then don't blame your TV manufacturer if what your looking at on the box isn't quite what you expected!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
