back to article Amazing new WikiLeaks CIA bombshell: Agents can install software on Apple Macs, iPhones right in front of them

Startling leaked documents show the CIA could purchase Apple Macs and iPhones, install spyware onto them, and give them to targets. The secret files, dumped online today, are the latest documents from WikiLeaks' Vault 7 series of classified CIA hacking tools and manuals. The files, dated 2008 to 2013, describe malware that …

  1. thames

    Airports

    El Reg: "Sonic Screwdriver is cleared aimed at molesting seized machines, or during black bag operations, not at interfering with factory-fresh products in transit."

    Do it at airports during a customs inspection. Take the computer out of the owner's sight and install whatever you want.

    Or better still, come up with some sort of bogus excuse to force everyone to put their laptops in checked baggage, and then do it in the baggage handling process. That way the subject wouldn't know they had been targeted. Not that anyone would ever dream of doing something as disruptive as arbitrarily forcing people to check their laptops of course ...

    1. diodesign (Written by Reg staff) Silver badge

      Re: Airports

      Yeah - that sort of thing, not a supply chain.

      C.

    2. Anonymous Coward
      Anonymous Coward

      Re: Airports

      Not new.

      The did this to my previous company laptops.

      That, and targeted banners on Linkedin.

      It was so blatant that we could no longer take our laptops to the us.

      1. Dave 126 Silver badge

        Re: Airports

        > Next in the dump, there's Sonic Screwdriver – a Doctor Who reference suggesting the design may have come from the UK's GCHQ spy nerds

        Jesus fucking wept. No, a reference to a British TV series does not suggest a link a British agency unless you are soft in the head. Was it not in the Reg that I read that the OSX source code is peppered with reference to the British series Porridge? Does Python not take it's name from the British Monty Python's Flying Circus? Spam, ditto. For crying out loud, even the Simpsons has made jokes about US college nerds' love of British humour and sci-fi. Shit, even the Asperger's character from Dan 'Sony pay me whether I run the show or masturbate and play PlayStation' Harmon's Community has an obsession with 'Inspector Space Time' [Dr Who].

        And seriously, what kind of retard thinks that an organisation like GCHQ, full of very smart, game-playing individuals, would name a software tool such that it links back to them?

        What the hell has happened to the Reg? I know it's a Friday and all, but I'm pissed and yet seem to be doing a better job of critical thinking. I don't know if the author has noticed what's going on in this year of our Lord 2017, but it might just be an idea to double-down on what we used to call journalism, because there is a queue of bullshit merchants out there just champing at the bit (to mix my quadruped-based metaphors).

        Live by the snark, die by the snark.

        /Frumious

        1. Anonymous Coward
          Anonymous Coward

          Re: Airports

          >And seriously, what kind of retard thinks that an organisation like GCHQ, full of very smart, game-playing individuals, would name a software tool such that it links back to them?

          It's hardly branded as such so there are no back links, this is documentation they expected to remain sealed. Previous leaks explicitly have Weeping Angel attributed to UK - albeit Thames House rather than GCHQ.

          1. John H Woods Silver badge

            Re: Airports

            If it is indeed obvious to people that the moniker "Sonic Screwdriver" would betray a British origin, then perhaps the old double bluff might apply ...

        2. Frumious Bandersnatch

          Re: Airports

          > /Frumious

          You rang?

        3. Anonymous Coward
          Anonymous Coward

          Re: Airports

          And seriously, what kind of retard thinks that an organisation like GCHQ, full of very smart, game-playing individuals,

          Admittedly a different kind of retard than the retards who still believe that anyone with intelligence actually works in the "intelligence services" and therefore they deserve millions and millions to "keep us safe" - yet both categories are still full-on retards!

          "Intelligence Agencies" remains the province of crooks, screw-up's, misfits, dumb-asses and drunks! It is very sad indeed that anyone takes them seriously.

          1. Anonymous Coward
            Anonymous Coward

            Re: Airports

            "Intelligence Agencies" remains the province of crooks, screw-up's, misfits, dumb-asses and drunks! It is very sad indeed that anyone takes them seriously.

            I normally don't comment on tripe like this, but intelligence agencies do actually have a role to play (in this context I'd flag that outfits like the CIA are not really "intelligence" insofar that they're less about information gathering). The problem is that their tasking is nowadays politically focused.

            The reason, for instance, that terrorists consider the UK a difficult target for anything but the sort of malicious lone ranger idiocy we saw a few days ago is because UK intelligence and police actually manage to collaborate fairly successfully on threat identification and management, but for obvious reason they don't go public on this very often.

            Yes, mass intel gathering pisses me off because it piles more hay on the dangerous needles in the stack, but focused work has its place and has clocked up wins for the general public. The problem starts when that whole mechanism is politicised, for two reasons: 1 - they're not working on facts, they're asked to work towards a desired conclusion, 2 - as this is dodgy, THAT is when the real push for operation secrecy shows up, because exposing that would be bad news for those who issued that tasking.

            In other words, when transparency and oversight are pushed away, it's time to take a MUCH closer look. But I would not tar all the people working in those agencies with the same brush.

            1. Anonymous Coward
              Anonymous Coward

              Re: Airports

              "UK intelligence and police actually manage to collaborate fairly successfully on threat identification and management, but for obvious reason they don't go public on this very often."

              Worked so well so quickly with the IRA didn't it. It's said that 50% of the people at any IRA (or maybe UDA) meeting were spooks. But nobody knew who else was a spook, so they all carried on, till it became very clear that there weren't going to be any winners (thank you Mo).

              Worked so well in Birmingham too didn't it. Well, no actually. After the pub bombings in 1974 West Midlands Police just picked up half a dozen plausible looking culprits and had them locked up, and it took years of work from the likes of Chris Mullin MP (where's his modern equivalent?) to get the truth out. And the real culprits are still out there somewhere.

              More recently (2009 or so) WMP tried to run a half baked wide area non-specific (well, Muslim-specific) CCTV surveillance program. It was set up in secret, loads of money was spent, but it was never enabled because once the public became aware of what was planned, it had to be 'suspended' (ie abandoned):

              http://www.bbc.co.uk/news/uk-england-birmingham-11616278

              Or there's the story of Mark Kennedy/Stone, undercover cop infiltrating a legitimate peaceful protest group.

              One important thing the police need which they don't get at the moment is trust from the public. And only the police (and specifically those at the top) can fix that.

              1. Anonymous Coward
                Anonymous Coward

                Re: Airports

                Worked so well so quickly with the IRA didn't it. It's said that 50% of the people at any IRA (or maybe UDA) meeting were spooks. But nobody knew who else was a spook, so they all carried on, till it became very clear that there weren't going to be any winners (thank you Mo).

                I actually worked with the Met on some of this in the IRA days, and it's a shame they cannot go public for reasons of method and information source disclosure. As has been said before, it only takes one group to succeed for carnage, but it could have been much, much worse.

                That said, I still believe there is a right way of going about this and a wrong way. Simply ignoring law and human rights is IMHO absolutely the wrong way, and this ever recurring nonsense about backdoors has to stop - that's like a child thinking that wishing something to happen makes it real.

                It can NOT be done without significant, unacceptable side effects so get over it and plan accordingly. Stop the idiotic wishful thinking that imposing legislation will magically change reality - it ain't gonna happen.

      2. Anonymous Coward
        Anonymous Coward

        Re: Airports

        More attempts to access core routers for GRX/ IPX / SS7 interconnect like BICS, who were the subject of Operation Socialist / Regin?

        Or summit else?

    3. Adam JC

      Re: The Need For Speed

      "Or better still, come up with some sort of bogus excuse to force everyone to put their laptops in checked baggage"

      What, you mean like this?

      https://www.theregister.co.uk/2017/03/21/tsa_laptop_ban_latest/

    4. Alumoi Silver badge
      Big Brother

      Re: Airports

      Have you seen the news regarding the ban of anything larger than phones on flights? You may be onto something here.

    5. Anonymous Coward
      Anonymous Coward

      Re: Airports

      It wouldn't work because people would setup their baggage in a way that they'd work out its been opened.

      1. Mahhn

        Re: Airports

        and if it's been opened what are you going to do?

        if its a firmware infection you'll never know it.

  2. macjules Silver badge

    Haha Foiled!

    But I have zer Mac OSX Sierra! So I am INVINCIBLE! INVINCIBLE I tell you.

    Well, for at least 2 years .. or until GCHQ catches up with OSX updates.

    1. Anonymous Coward
      Anonymous Coward

      Re: Haha Foiled!

      It's more like "until Wikileaks manages to convince someone to pass them some more recent paperwork". Internet time is like dog years - what they got was so old it must have been written on parchment, so their attempts to drum up some publicity for "duh" level information feel a little bit desperate to me.

      It's almost as if the supply of Ferrero Rocher and Ecuadorian patience is running out :)

  3. Grease Monkey Silver badge

    The perennial problem with wikileaks is that they always try to make every story look much bigger and more significant than it really is. After you've seen them do it a few times you don't even bother looking at the detail. One day they may have a story that is every bit as big as they claim, but nobody will pay attention.

    The boy who cried wolf indeed.

  4. Sampler
    Trollface

    Secure by design...

    ...so, how's that working out for you...

    As I've said to many fanboi, secure by obscure, target base isn't big enough*, not that it's actually more secure.

    *for desktop usage, obviously not mobile.

    1. Dave 126 Silver badge

      Re: Secure by design...

      If the CIA have a keen interest in you, I don't think your choice of OS is going help you. Spanners.

      Indeed, they have said it themselves - if you use Tin Hat Linux or whatever, you're just marking yourself out for further inspection, though most likely just written off as a bit of an irrelevant saddo in due course.

    2. Anonymous Coward
      Anonymous Coward

      Re: Secure by design...

      These hacks all use physical access. Please tell me which OS you use that's secure against physical attack?

      As for 'secure by obscure', Apple has sold over a billion iOS devices as of last year, so one could hardly claim it is obscure.

    3. Voland's right hand Silver badge

      Re: Secure by design...

      No OS is secure by design brief against the agency of a top 5 nation state attacker. If CIA, MI6, GRU and their Chinese or French equivalents decide that you are to be owned, you will be owned. The amount of resources these guys have is staggering, a retail product destined for Joe Average Luser does not stand a chance.

      1. Anonymous Coward
        Anonymous Coward

        Re: Secure by design...

        While I agree, and I think perfect security is a goal, not a state possible to reach for such a complex product as a smartphone, I think Apple is on the right path with the way they have multiple layers of file/device encryption (google the iOS Security Guide to read the nitty gritty details)

        The big hole as I see it for when your phone is in a 'locked' state is that keeps some of the encryption keychain handy because it has to be able to do stuff like receiving text messages that need to be written to the database or whatever where they are kept. If they used sort of an intent log to track stuff that happens while the phone is locked, and loaded code for functionality that is necessary while locked into RAM (i.e. ability to make emergency calls or whatever) then they could drop the entire encryption keychain while locked.

        Now obviously if you have a fingerprint unlock that's trivial to defeat, but if you chose a nice long password instead your adversary would have to come up with an exploit for the secure enclave if you want to break into the phone without taking it apart. That's probably not possible given that it runs the formally verified L4 microkernel.

        At that point you'd need to attack the secure enclave physically, by disassembling the phone. It really only needs to be "secure enough" that it isn't possible to stage an on-site black bag operation over a short term - like say they break in while you're in the shower. Obviously if they can take it to a secret lab that operates on an unlimited black budget there isn't much you can do - and if they're going that far they can simply rendition you and use the $5 hammer on your kneecaps to make you tell them what they want to know...

        I wouldn't be surprised if after the brief battle with the FBI, Apple has put a lot of thought into how they can tighten things up by insuring that the entire keychain is dropped for a locked device, and tightening up the hole the FBI wanted to use - i.e. the ability to install firmware in DFU mode which Apple deliberately put in place to allow recovery from a bad flash. Considering that iOS 10 development would have been pretty far along when that happened, you wouldn't see any of the fruits of that yet, but there's a pretty good chance we might see something of that effort in iOS 11.

  5. Herby

    Why??

    Does WikiLeaks only have info on things from English speaking countries, and not others who are equally invested in spying operations (China, Russia, North Korea) in the world? This seems a great injustice.

    As the saying goes: Inquiring minds want to know!

    Maybe they could run a story on how the diplomat got "stung" and died later. THAT would be interesting!

    1. thames

      Re: Why??

      Wikileaks is just a publisher, they're not an international spy organisation. They don't break into offices and steal secrets. If you've got secret North Korean documents, by all means send them to Wikileaks.

      Mostly what you're seeing though is that your own press is mainly interested in what is related to your own country. If you are relying upon what your country's popular press is reporting, you are very unlikely to be seeing a representative cross section of what appears in Wikileaks. Instead, you are seeing a very small cherry-picked sample of what your press thinks interests their readership.

    2. Voland's right hand Silver badge

      Re: Why??

      According to Assange - Russians have their own places where they publish stuff, so do the Chinese. Now, why there are little or no French leaks - that is somewhat surprising.

      1. Sandtitz Silver badge
        Coat

        Re: Why??

        "Now, why there are little or no French leaks - that is somewhat surprising."

        If you'd follow the news about e.g. French presidential elections or Battistelli@EPO then you'd notice that the French politics are so transparent that there's nothing to leak.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why??

          "French politics are so transparent that there's nothing to leak."

          And/or so closely knit that stuff that the inner circle all knows about simply isn't written or talked about in public.

          I'm thinking presidential mistresses, for example, but I could be misremembering.

        2. LDS Silver badge

          Re: Why??

          That's also why they hire family member or close friends as assistants, and then don't let them work as such and thereby access maybe classified documents - it's to avoid leaks!

  6. Doctor Syntax Silver badge

    So if you get a present or a bribe from your friendly local CIA agent - eBay.

    1. Anonymous Coward
      Anonymous Coward

      Or give it to grandma...

      FBI in blacked-out vehicle outside a suburban Joanne's Fabrics store: Okay, get ready to move on the target. On my mark. GO! GO! GO!

      Grandma: Hello, young man. What seems to be.. OOOF!!

      FBI: We have her! Repeat, we have the suspect!

      In other news, I worked in a fruity department last summer as we released that flagship phone with no jack. Although not located in a factory, I would suspect a government agent from Beijing before any from Washington DC would be able to infiltrate it. It seems much more likely IMO. And not for surreptitiously installing spyware, rather just normal product espionage. Curves and other futuristic super tech info and crap, to make a more clever looking phone at the nearby "competitor" factories. Plus, why bug a phone, when you already have access to all the US government data directly, just add emails to the shopping list? And each of a dozen factories are churning out thousands of the devices a day. How do you, as a secret CIA agent, replete with fancy Chinese disguise, or perhaps a paid local stooge, know which phone to plant the kit in? Or do you just put it in all of them? Julian is really reaching for the wacky with this one.

      Plus, how can a device signal it's masters without also leaving detectable and observable network traffic? Either 4G or WiFi, something is sending a beacon to a receiver, and that can be discovered. Sort of like how any computer is hack-able, if you gain physical access. You can't call home without picking up the handset and making the call.

      Will a Quantum Computer in my smartphone make it more secure? Will we get there with secure chip designs and tightly integrated OSes before then? Things are going to get more interesting, and not really more secure, in the short term at least.

      1. Charles 9 Silver badge

        You hide it in plain sight by not using traditional channels. Say disguise it with other encrypted traffic with no specific destination (the plods intercept at switch level).

      2. Anonymous Coward
        Anonymous Coward

        re: detectable and observable network traffic?

        "how can a device signal it's masters without also leaving detectable and observable network traffic? "

        Have you ever tried to understand and justify the activity on a modern Window box? Zillions of processes and even more threads hidden inside "services". And the same for network traffic.

        Lots of semi-justifiable stuff that no one can really explain properly.

        Getting data into or out from the target isn't exactly going to be difficult in that kind of environment.

        I'm assuming Android and Macstuff and commodity Linux (esp with systemd) are no better than Windows in this respect. Cut-down InterwebOfTat Linux devices bring their own challenges. Other OSes may be available.

      3. Anonymous Coward
        Anonymous Coward

        You don't bug the phone in the factory

        You intercept it during shipping. The only reason you'd need a mole in the factory is to get you some phones before they start shipping, so you can get a head start and figuring out how to bug it. Then you simply swap the bugged phone for the original in some airport cargo warehouse.

        Since new phones aren't locked, you don't need to worry about a user's encryption keys and so forth. You just need a way to jailbreak it, and then you can hack it up to your heart's content. Then make it appear to run through the same "unboxing" sequence as a new one, and the victim is none the wiser unless he tries to jailbreak it and found that's already happened. Not sure how they keep their hacks intact after an OS update, but since minor updates only replace some files I'm sure they've got that figured out.

        1. John Brown (no body) Silver badge

          Re: You don't bug the phone in the factory

          "Then make it appear to run through the same "unboxing" sequence as a new one, and the victim is none the wiser unless he tries to jailbreak it and found that's already happened."

          Is it possible to jailbreak it in a way that's undetectable? eg you install some banking software that refuses to run on a jailbroken phone?

          1. Anonymous Coward
            Anonymous Coward

            Re: You don't bug the phone in the factory

            Probably by going below the OS and pwning one of the hardware components.

          2. Anonymous Coward
            Anonymous Coward

            Re: You don't bug the phone in the factory

            I'm not sure how apps are detecting whether a phone is jailbroken, so I'm not sure how easy it would be to create a jailbreak that evades such detection. If anyone could find a way around that, it would be state funded actors with essentially unlimited budgets.

            How common are apps that detect it? I've never jailbroken my iPhones, so I have no idea how prevalent this is.

  7. goldcd

    "Agent Storm: My Life Inside al-Qaeda"

    is a very interesting book about a western backed infiltrator. I'd take a fair amount of the content with a pinch of salt - but there was definitely a theme of ensuring "specific items of western electronic decadence" where pushed in the vague direction of targets.

  8. RichardB

    Embedded operatives

    Some of that sounds ideal for the more active, undercover type spy...

    The cleaner at work, the mistress, the 'turned' wife or business partner, the junior functionary with too many bills to pay and no real career prospect...

  9. Colin Millar
    Facepalm

    Let me get this straight

    Wikileaks and some cheap hacks that can't be arsed to do real journalism so just settle for copy and paste with a bit of random capitalised bold are wetting their panties because the CIA does spy stuff?

    Oh boy - wait until they hear that the IRS is demanding money from people.

    IRS DEMANDS that US citizens give them money or face CRIMINAL sanctions.

  10. Frumious Bandersnatch

    Erm, but ...

    You dismiss the possibility of interfering with the supply chain, but how does that square away with more recent events:

    https://www.theregister.co.uk/2017/03/12/malware_infecting_androids_somewhere_in_the_supply_chain/

    OK, it's apples for oranges (lemons?) and different animals on your free Chinese takeaway calendar, but still...

    1. LDS Silver badge

      Re: Erm, but ...

      There's a different aim. If you're a crook and want to implant malware to make money, you're going to infect as many devices as you can. You know sooner or later malware will be spotted, but you need a large number of infection to insure you get enough money before it.

      If you need to spy on a smaller number of individuals, and for a long time, you need to ensure the infection is limited because there are less chances the malware gets spotted by researches. So you need to target exactly the devices you need to spy. Surely, you don't want a ransomware or ads to generate revenues...

      It is true in some cases the differences may blur - i.e. industrial espionage actors may attempt to compromise a number large enough of devices to get better chances one of them is used in an environment that gives access to desired data quickly, or to increase persistence.

      1. Anonymous Coward
        Anonymous Coward

        Re: Erm, but ...

        "If you need to spy on a smaller number of individuals, and for a long time, you need to ensure the infection is limited because there are less chances the malware gets spotted by researches. So you need to target exactly the devices you need to spy."

        You may want to learn a little more about how Stuxnet (and doubtless others) initially propagated.

        Grossly oversimplified: get it out in volume, but then it stays silent (and therefore less detectable) till it observes environmental evidence that it has reached a target of interest. Then it does interesting things.

      2. patrickstar

        Re: Erm, but ...

        One way that I'm sure is being done a lot already is to have your stuff look just like random ordinary malware. Adware/ad fraud stuff will typically phone home with some information about the computer and receive further payload(s) in return. This is all that's needed to send the actual spy stuff to your intended targets and noone else. And if someone who's not an intended target notices it, it's gonna be written off as yet another malware strain. Even when it's on the intended targets the spy-specific actions will often be short-lived.

  11. Conundrum1885

    Re. hacked laptops

    I have suspected this since 2009, ever since my mostly new x520 started throwing "Disk Read Errors" and refusing to let me copy files from the stock 500GB to a new drive.

    Every single machine that drive was installed in later failed inexplicably, even after a zerofill (twice!) and other tests which passed SMART and other attributes the drive never reliably held a Windows install.

    This machine also had intermittent problems from the start, later found that the Core 2 Duo only had 3MB instead of 4MB cache and also refused to let me use more than 4GB RAM.

    Also lost a 1TB drive and another 500GB since, all failed with the same symptom pattern and machines they were installed in also failed apart from the c650 which seems (so far) to be holding.

    The drive which is in there is also slowly deteriorating and this time it shows actual bad sectors yet the

    SMART says everything is fine and it is losing performance. (yes I backed it up!!)

    Lost my external 3TB hard drive but this is just a power supply issue and traced one problem back to a bad USB3 cable.

    It wasn't the infamous x32 memory limit as the machine simply wouldn't turn on, also had issues with external drives inexplicably failing, two bad pendrives (both same controller) and bad SD cards.

    Trouble is that as mentioned earlier every drive has been "contaminated" with this thing and I can't trust a single backup made since.

    Latest casualty was my HP 3000 netbook which failed after upgrading the stock 500GB to an SSD at which point it failed to boot about 2 days later.

    Apparent BIOS issue here as its the same chip (Winbond 25x160) and in fact the machines that failed all had near identical parts. Acer Extensa 5220 (1MB), AOA110, AOA150, PCG61611, 650C but my desktop also has an earlier version of the same BIOS albeit on a 44 pin chip.

    Can someone skilled in forensics please have a look at this before I hand over the drives and be done with it? Thanks!

    1. CrazyOldCatMan Silver badge

      Re: Re. hacked laptops

      Every single machine that drive was installed in later failed inexplicably, even after a zerofill (twice!) and other tests which passed SMART and other attributes the drive never reliably held a Windows install.

      I too had a server like that. Turns out the IDE chipset was faulty and feeding too high a voltage to one of the drive lines.

      So odd things happening are not necessarily proof of enemy action. Remeber the mantra:

      "Software sucks and hardware is worse"

      1. John Brown (no body) Silver badge

        Re: Re. hacked laptops

        "I too had a server like that. Turns out the IDE chipset was faulty and feeding too high a voltage to one of the drive lines."

        Yes, this. I've seen a number of hardware devices with out of spec failures which have caused attached devices to fail first, sometimes multiple devices, and their replacements. It's relatively unusual, but far from being unheard of. I've seen one recently where a DVD drive was causing odd fails and crashes. Pulled the DVD drive out and the problem went away. Tested the DVD drive in an identical system and the faults appeared there. The DVD drive appeared to be otherwise working normally in between the system crashes.

        1. Conundrum1885

          Re: Re. hacked laptops

          Found something about AOA150 speaker being too close to the HDD.

          What if: the voltage from the DVD drive motor during spindown was somehow causing glitching in the voltages going to other pins?

  12. allthecoolshortnamesweretaken

    "That means the agents wanted to buy the equipment, infect it, and then pass it to the target as a freebie."

    Beware of Greeks spooks bearing gifts.

  13. Anonymous Coward
    Anonymous Coward

    So if I'm reading this right I just need to post stuff to the internet to get me on a watch list then start entering competitions to get free stuff?

    1. creepy gecko
      Black Helicopters

      AC... "So if I'm reading this right I just need to post stuff to the internet to get me on a watch list then start entering competitions to get free stuff?"

      Well done! You've won a free Samsung television.

      Please contact Mr A. Spook at PO Box 3255, London, SW1P 1AE.

      1. Random Handle

        >Well done! You've won a free Samsung television.

        >Please contact Mr A. Spook at PO Box 3255, London, SW1P 1AE.

        I'll happily install the spyware myself if any spooks want to send me a UHD set for free - not prepared to compromise my privacy for anything less than a 60" though.

  14. roger 8

    just pondering a few thoughts.

    With the latest airline checked in baggage news about tablets and laptops and other gizmos.It seems not many people have picked up its actually traveling FROM certain countries and not too.

    So are the spooks looking to target certain people coming from these countries. Are these people are a bit tech savvy and the spooks have not been able to tamper with their gizmos by their normal spooky means.

  15. Clive Galway

    Beware strangers bearing gifts

    "Think about it: why go to all that bother when you can send someone an infected birthday present?"

    Am I missing something or are you being REALLY dumb?

    An stranger gives you a free iDevice - how is this not massively suspicious?

    1. John Brown (no body) Silver badge

      Re: Beware strangers bearing gifts

      It's the CIA being talked about. What makes you think some random CIA operative is just going to give a "present" to a "stranger". These are the people most likely to be working undercover and infiltrating groups and organisations.

      1. Clive Galway

        Re: Beware strangers bearing gifts

        "Think about it: why go to all that bother when you can send someone an infected birthday present?"

        How common do you think it is to get a birthday present of a computing device worth thousands from someone who is not a family member or personal friend?

        If it is a business associate, then aren't there bribery laws on giving personal gifts?

        It just does not add up. An expensive wine or tickets to an event maybe, but businesses do not generally give iDevices to each other.

    2. patrickstar

      Re: Beware strangers bearing gifts

      I am quite certain the CIA - and similar organizations - have gotten pretty good at getting people to do things, including accept various gifts, by now.

      Classic one from history, though of limited relevance here as the object was clearly made not to be suspicious: https://counterespionage.worldsecuresystems.com/the-great-seal-bug-part-1.html

    3. Tom Paine

      Re: Beware strangers bearing gifts

      What makes you think it would be a stranger?

  16. Anonymous Coward
    Anonymous Coward

    old is safe?

    Time to break out that old Celeron laptop running XP with Black-ice - to feel secure.

  17. Conundrum1885

    Won't work

    Apparently all the Intel chips made since the P2 *which includes Celeron* have CPUID, but its turned off.

    Or so they say.......... (X-files theme)

    I did suggest way back when that it is possible using a timing attack to determine which CPU a piece of code is running on, by measuring things like instruction unitialised value bias shifts and decay time on unrefreshed memory, this is basically also how data is exfiltrated from "erased" SSDs and HDDs.

    There's a few kB unused which is kept refreshed but no data is written to it, that caches the microcode during bootup but is usually not written to after that, so this is entirely feasible.

    Similar to how some older machines would let you access the SMBus or SPD chips as they only ever normally get read during initial boot-up. Even found a few laptops and netbooks (eg PCG-61611) that let you write and read to them which is handy when you have flaky RAM that needs to be underclocked.

    Obviously replacing the chips with a slightly larger (eg 256KB) re-marked custom part would let you compromise a machine using buffer overflow on each and every startup, even flashing a custom rooted BIOS that fakes out the password routine so the target thinks the machine is secure.

    Some webcams in laptop screens have 512KB of memory in them and this stores things like the offset

    tables for the CMOS sensor so that the image is clear. Obviously this would also be trivial to replace.

  18. Anonymous Coward
    Anonymous Coward

    ... and that was then....

    ... just imagine how the CIA's spying capability must have improved since 2013....!

    You're in bed having sex with your wife while the CIA logs into your optic nerve and d!ck via the microwave. While you think you have the time of your life they've litterally f@cked your wife and you're just a vehicle for them.

    Now - everybody be very scared!

  19. Anonymous Coward
    Anonymous Coward

    Would The Register terribly mind

    linking to the Wikileaks content in question, if it's not too much to ask?

  20. Tom Paine

    The main goal

    ...debunking specific claims and misrepresentations made by WL, though useful and interesting, misses the point of the whole exercise, which is to install the firm idea in Westerners that their governments are just as Russia's, that every email or IM we send is pored over by a human analyst tasked with keeping our files up to date, and so on and so forth. As such it seems to have been a roaring success.

    (The other function of course has been to act as a cutout for the FSB/GRU to release stuff like the Podesta emails.)

  21. Anonymous Coward
    Anonymous Coward

    Re. Black Ice

    I would have thought that DSL running from a slightly larger (eg 128Mbit) BIOS chip pre-coded to *only* work with the exact memory chips and suchlike would be much more effective.

    Change any part and it nukes the encryption key, data appears to be scrambled and looks like a typical Windows fail or hard drive problem to the casual inspection.

    Can store the equivalent of a preinit table in the extra space so that bootup can resemble any OS you like including Windows 10 but its really DSL underneath.

    Especially effective at defeating certain folks infiltrating memory suppliers and replacing the stock 24LC02 SOIC e2proms with a larger part carefully laser relabeled with the correct part number.

    99.9% of users won't see this has been done and will happily install the new RAM with no idea it has been compromised, Wikileaks "SAINT Smurf" apparently. (presumably a reference to "Short Circuit", I have no idea but sounds plausible) there are other variants that use unused space in the network boot chips and screen controllers so that "bargain" cheap LCD might not be.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021