Vault 7 (wikileaks data dump)

The dump is from 2014 as far as I can see, so maybe some of the attack vectors have been patched, else, they hopefully will be real quick now.

Nearly all of the commercial PSP exploits have been redacted, indicating that Wikileaks thought it irresponsible to release them --likely they are very much not patched.

5 Likes

Guys, read the actual documents, not just what Wikileaks has to say about them. I started last night, and so far it seems like they're not being almost at all honest about what's in those documents.

The amount of meme-ing going on in the malware devs' personal pages and correspondence is pretty surreal.

It's like listening to a gaggle of high functioning sociopaths discuss the best ways to hide a body

1 Like

Who isn't?

Wikileaks, unfortunately. They make it sound like the CIA has compromised messaging apps, like they're doing mass surveillance same as the NSA and like they're placing false flag fingerprints to make it look like intrusion was done by other state sponsored actors. None of that is actually what's in the documents. It seems like they're counting on the idea that most people won't actually bother to read anything other than their explanation.

There's no mass surveillance - CIA does physical intrusion of specifically targeted devices. Meaning if you're not their target you're not being spied upon by the CIA (the NSA is still probably spying on you though). There's also no compromization of actual messaging apps. Instead the CIA found a way to intercept messages on end-user devices before they're encrypted and collect them after they've been decrypted. But this isn't done on a massive scale, but rather on end-user devices that they've specifically targeted. There's also nothing about the CIA being able to place false flag fingerprints to make it look like somebody else was behind the hack.

The timing of the release of these documents isn't a coincidence. Right now, just as the whole Trump-Russia scandal is progressing, they release these documents and misrepresent what they actually say and trying to make it sound like the CIA can fake a hack by Russians? I'd say it would be pretty naive to call that a coincidence. A lot of people will fall for it, which seems to be the general idea.

This is still pretty awful stuff that the CIA is doing, don't get me wrong. And probably immensely unconstitutional. And if their tools are now available to everyone, that is a pretty big deal. But that doesn't seem to be the reason for the release of these documents. There an intelligence war between fought between the US and Russia. Like the Cold War, only way cooler.

1 Like

where do they mention whatsapp (and similar) hacking? they mention that compromising the underlying OS makes logging these apps trivial, which is completely reasonable. Outside of that, I've not seen any narrative spin from them in that context

There is not a single mention on mass surveillance on their press release. It is not their fault that the outlets reporting on this have no idea of the difference between mass and targeted surveillance.

That is exactly what they are saying.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

There is a reason. Let the public know and activate the security community, provide them with the sources code so they can identify vulnerabilities that still exist and patch them up as soon as possible.

3 Likes

As far as I'm aware they've briefly indicated some of the things that are there and what they can do. I think you might be reading to much into something. They've made the redacted data available to everyone. If they wanted to make up some story theyd have previously prepared news

2 Likes

An airgap didn't help the Iranians defend against Stuxnet and if someone wants you bad enough, it won't help you either. People are just so reliably careless and naive, that social engineering is far easier to perpetrate and more reliable than breaking into an iPhone, Linux, Windows, etc.

3 Likes

You're all Kremlin's puppets in this thread. Except @ImprovizoR. Three-letter agencies can't spy on you, no way, they employ the most honest and honorable people and do their job (which is protecting you, of course) most diligently. Anyone who doubts it is an enemy and pro-russian communist terrorist pedophile monster deserving to be put into Guantanamo and waterboarded. Don't be like that guy, be like @ImprovizoR. Now, repeat after me: "Russians did it!" =)

2 Likes

This is actually an interesting thread, I'd prefer it didn't devolve into partisan shit slinging and get locked

That'd be a crying shame

1 Like

And just to think, this is just the first batch

There's more otw

I think YOU need to read their post again...because your claims are way off.

That is defiantly true i guess the point that i was getting at was is it really surprising they are using these methods when people have been talking about the possibilities of these things happening for a long time. rerouting IP traffic using iptables as one example has been used and documented for a long time. I know wendell and others have talked about others having access to our tv's and smart phone's. I guess this is just a confirmation that what we considered "tin foil hat talk" is actually reality. I just hope people and company's can WAKE UP!!! and fix their stuff.

Well then, here you go fellas: http://blog.erratasec.com/2017/03/some-comments-on-wikileaks-ciavault7.html?m=1

Wikileaks claims are highly misleading.

Well right off the bat this is false because whatsapp has been cracked for a while now. You remember China editing people's messages in real time just months ago?

They probably haven't cracked the encryption but I garuntee you they are receiving all traffic before or after it's sent.

Idk why you are so adamant at defending and trying to discredit things we've known to be true for a decade at least.

Whether or not the CIA created or directly used these is not the point. The NSA CIA and FBI have all proven that they operate outside of any rules that are in place.

This is not a Republican or Democrat thing at all or pro trump or anti trump. It's just common sense reasoning.

When you have the head of the NSA in front of Congress lie to their faces, say they never ever ever collect any data on US citizens. Without a single consequence or suspicion by congress. Why the FUCK would you ever believe a word these people say??

2 Likes

no ? not really............ I was trying to figure out what the " big shock " was.

Who says that I do? Just because one side lies doesn't mean we shouldn't pay attention when the so-called whistleblowing organization is deliberately misleading the public.

You should all keep an eye on that blog by the way. It's very informative.

Actually, you are the one spreading misleading claims...

One example:

"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."

Keyword BYPASS!!!! They never claimed CIA broke the encryption.

Learn to read!