Vault 7 wikileaks docs hint cia could bypass 21 security products

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
One of the hidden gems included in the Vault 7 data, dumped yesterday by WikiLeaks, is a document detailing bypass techniques for 21 security software products.

The document is part of a data dump of nearly 9,000 other files, all documentation files and manuals for various hacking tools, which WikiLeaks claims belong to the CIA.

One particular document, labeled "Personal Security Products (PSPs)" lists 21 security products, each linking to a separate document, containing descriptions of various exploits and techniques that could be used to bypass the named security tools.

The list covers almost all major antivirus vendors, including Comodo, Avast, Kaspersky, AVG, ESET, Symantec, and others.

For most security products included in this list, the bypass/exploit technique has been redacted. Yesterday, when it announced the Vault 7 leak, WikiLeaks said it made 70,875 redactions in total, mainly to remove any harmful code and personal details, such as names and IP addresses.

Bypass and exploit techniques were only listed for three vendors: F-Secure, Avira, and AVG (partial info).

More details in the link above
 
  • Like
Reactions: Rengar, Andytay70, harlan4096 and 9 others
giants8058

giants8058

Level 4
Verified
Jan 26, 2016
150
https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf
https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf

I know these are from 2014 but I wonder how many more vulnerabilities were discovered that haven't been patched yet. Bitdefender was mentioned 16 times and at one point mocked "security service my ass". This also effects any 3rd party companies that use their engine along with other engines. Being an Emsisoft customer, I won't lie, it's got me kind of worried.

I also saw that they are able to push out backdoors via Windows Update. Crazy..Just crazy. How is that possible unless Microsoft gave them their private key/s. Which actually wouldn't surprise me in the least bit.
 
Last edited:
  • Like
Reactions: AtlBo, Solarquest and shukla44
D

Deleted member 178

giants8058 said:
I also saw that they are able to push out backdoors via Windows Update. Crazy..Just crazy. How is that possible unless Microsoft gave them their private key/s. Which actually wouldn't surprise me in the least bit.
Click to expand...

Do you believe that such a huge company deploying OSes all over the world , won't help its country intelligence agencies? i don't think so, and those reports just confirmed what my old "acquaintances" told me decades ago.

Dean Winchestere said:
I wonder how effective VooDooShield and others would be at stopping these cyber crooks. Would anyone know?
Click to expand...

if the attacker targets you specifiacally , and in topof that have the tools and resources for it , no products will save you; the attacker will use a kernel exploit and then disable every softs you have since they dont run at kernel level.
 
  • Like
Reactions: harlan4096 and shukla44
bunchuu

bunchuu

Level 8
Verified
Well-known
Mar 17, 2015
370
giants8058 said:
https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf
https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf

I know these are from 2014 but I wonder how many more vulnerabilities were discovered that haven't been patched yet. Bitdefender was mentioned 16 times and at one point mocked "security service my ass". This also effects any 3rd party companies that use their engine along with other engines. Being an Emsisoft customer, I won't lie, it's got me kind of worried.

I also saw that they are able to push out backdoors via Windows Update. Crazy..Just crazy. How is that possible unless Microsoft gave them their private key/s. Which actually wouldn't surprise me in the least bit.
Click to expand...

and dual engine wont help either, 2 engine=more vulnerability
 
  • Like
Reactions: shukla44
bunchuu

bunchuu

Level 8
Verified
Well-known
Mar 17, 2015
370
Umbra said:
Cylance is funded by CIA so sure you won't have risks :p
Click to expand...
do you have reference for this claim?
however, clyance is just giving up your security configuration to their IT team
 
5

509322

giants8058 said:
https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf
https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf

I know these are from 2014 but I wonder how many more vulnerabilities were discovered that haven't been patched yet. Bitdefender was mentioned 16 times and at one point mocked "security service my ass". This also effects any 3rd party companies that use their engine along with other engines. Being an Emsisoft customer, I won't lie, it's got me kind of worried.

I also saw that they are able to push out backdoors via Windows Update. Crazy..Just crazy. How is that possible unless Microsoft gave them their private key/s. Which actually wouldn't surprise me in the least bit.
Click to expand...

The agencies harvest open-source stuff just like everybody else and build upon it. That's why you see references to documents.

Vulnerabilities are essentially a never-ending thing.
 
  • Like
Reactions: Solarquest, harlan4096 and shukla44
Dean Winchestere

Dean Winchestere

Level 2
Verified
Mar 9, 2017
50
Here's a thought: Imagine all these tools the gov has at their disposal and the ability to hack through the sophisticated security defenses commercially available.. Does our gov hack the banks, stock exchange, etc for fraudulent purposes? And assuming ONLY the govt has these tools heaven forbid lets hope. :eek:

Honestly i am starting to think bitcoin and ether are the future now. Blockchain is the future.
 
  • Like
Reactions: shukla44
giants8058

giants8058

Level 4
Verified
Jan 26, 2016
150
Umbra said:
Do you believe that such a huge company deploying OSes all over the world , won't help its country intelligence agencies? i don't think so, and those reports just confirmed what my old "acquaintances" told me decades ago.
Click to expand...

Yes I believe they would and without a valid warrant (not the ones presented to the rubber stamp FISA Court), it is a complete and total violation to the 4th amendment of the constitution making it illegal.
 
  • Like
Reactions: Solarquest and shukla44
5

509322

HarborFront said:
AppGuard, ReHIPS, VoodooShield, Deep Armor, Cylance etc not mentioned. So must be safe to use

:D
Click to expand...

Every security soft - that is systematically targeted - will eventually be bypassed in one way or another. What form any bypass takes could be anything. It might range from mundane social engineering to an overlooked\unfixed bug to some form of very sophisticated attack.

Just because those products aren't in the Vault 7 leak, it is completely wrong to assume they have absolutely no vulnerabilities or that they offer CIA-unbreakable protection.
 
Last edited by a moderator:
  • Like
Reactions: harlan4096, Deleted Member 3a5v73x, vivid and 2 others
5

509322

In the U.S., you have no online rights. An there is no protections against any government agency from hacking your system.

Just because they can do it, doesn't automatically mean that they will do it to you. At the same time, history has shown that government officials and employees screw-up all the time and do things that they should not. So there are valid arguments for both points of view - but most users do not need to fret over it.
 
  • Like
Reactions: Solarquest, Deleted member 178, harlan4096 and 2 others
5

509322

I'm a privacy advocate, but here we go...

images.jpg


"Nonsense once again prevails on the security soft forums. It will never end."
 
  • Like
Reactions: Andytay70, harlan4096, Deleted Member 3a5v73x and 1 other person
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,036
Lockdown said:
Every security soft - that is systematically targeted - will eventually be bypassed in one way or another. What form any bypass takes could be anything. It might even be mundane social engineering to some sophisticated attack.

Just because those products aren't in the Vault 7 leak, it is completely wrong to assume they have no vulnerabilities or that they offer CIA-unbreakable protection.
Click to expand...
But users have an alternative not to buy those listed products :)
 
  • Like
Reactions: Deleted Member 3a5v73x and shukla44
5

509322

HarborFront said:
But users have an alternative not to buy those listed products :)
Click to expand...

If you avoided every security soft that could be bypassed, then you wouldn't use a single one. In fact, you might as well throw all of your digital devices into the trash bin because every one of them can be "bypassed."

Just because the list is incomplete, doesn't mean the products haven't been targeted and studied by the CIA. They might not have documented their findings, might not have gotten around to pen-testing and documenting it before the document-grab, pen-tested products might be selected upon some minimum market share, plus a whole lot of reasons why they aren't there.
 
Last edited by a moderator:
  • Like
Reactions: ZeroDay, harlan4096, WinXPert and 1 other person
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,036
Lockdown said:
If you avoided every security soft that could be bypassed, then you wouldn't buy a single one. In fact, you might as well throw all of your digital devices into the trash bin.

Just because the list is incomplete, doesn't mean the products not on the list are more capable. They might not have documented their findings, might not have gotten to pen-testing them yet, pen-tested products based upon some minimum market share, plus a whole lot of reasons why they aren't there.
Click to expand...
Well, can use those not on the list :p
 
You must log in or register to reply here.

Similar threads

SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,751
Other security for Windows, Mac, Linux
Warencom
W
Gandalf_The_Grey
    • Like
    • Wow
AV-Comparatives AV-Comparatives Explains the Implications of Takeovers in the IT-Security Industry
Replies
1
Views
1,200
Security Statistics and Reports
russ0408
russ0408
Trident
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Harmony Endpoint by Check Point
Replies
677
Views
46,242
Other security for Windows, Mac, Linux
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top