WikiLeaks Opens Vault 7: CIA's Entire Hacking Capacity

D

Deleted member 178

The issue is not that they ca do it , it is ; will they do it illegally? without authorization?

These "leaks" is not really a leak , everybody knows that they could do it, they just use the tools available to them, and Internet is heaven for spying agencies. In the 60's they had to send agents disguised as cable operators to wiretap the line above your house. Now they do it remotely and will not risk to get shot by the house owner.
 

Kubla

Level 8
Verified
Jan 22, 2017
355
This pretty much renders obsolete all these encrypted messaging apps.
At least when the CIA is involved.

Did they not get their tools to exploit them stolen making them obsolete period?

On the brightside all these software companies will have to fix all the exposed CIA created vulnerabilities in their software giving us more secure apps.
 

Kubla

Level 8
Verified
Jan 22, 2017
355
Reading this https://nypost.com/2017/03/07/how-the-cia-turns-everyday-devices-into-high-tech-spy-weapons/

In addition to outlining the programs’ snooping capabilities, the documents describe ways to inject malicious code into computers operating Microsoft Windows, even if they’re running anti-virus programs.

Methods are discussed for defeating security products produced by Kaspersky Lab, BitDefender, AVG Technologies, F-Secure and Rising Antivirus, with CIA hackers apparently quoted boasting about their abilities in youthful slang.

This should take multi-layer security configurations out of the "geekosphere" in to the mainstream out of sheer necessity.
 
D

Deleted member 178

Methods are discussed for defeating security products produced by Kaspersky Lab, BitDefender, AVG Technologies, F-Secure and Rising Antivirus, with CIA hackers apparently quoted boasting about their abilities in youthful slang.
Oh such a coincidence !!! those are vendors i never trusted and liked. Umbra you are sooooooo godly ! :p
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Just an FYI- there are a number of Private companies that have as their sole purpose the analysis of code of just about any application you can imagine. When an exploit is found in any program they will give it to whatever Country that they have a contract with. This is Big Business and unless the exploit is obvious (or Arch-Traitors disclose them) you'll never be the wiser.

Although most of these companies fly under the radar, one of them, Endgame, has had the absolute gall to develop a presence on VT with some jive-time endpoint "protection" thingy.

And please remember that the overriding purpose of acquiring such exploits is not to spy on you, but to keep someone you love from getting murdered by a Psychotic. I know this is not a popular thing to say, but it is the truth.
The problem is not countries "spying" on you. The problem is first who has access to such tools and how much supervision do these people get to avoid misuse? The second part of the problem is what happens until these companies figure out this tools get leaked/hacked and that they also affect their software so they can patch them.
Don't know if you ever watched Person of Interest but that show highlights some of the issues. Sometimes those with access and power tend to abuse it and the issue is not the monitoring tool itself but the abuse of such system to target. Some member here recently quoted this. Sadly i don't remember which one but i will link anw.

Power attracts the corruptible. Suspect all who seek it.
 

RVS2

Level 3
Verified
Oct 17, 2016
118
The problem is not countries "spying" on you. The problem is first who has access to such tools and how much supervision do these people get to avoid misuse? The second part of the problem is what happens until these companies figure out this tools get leaked/hacked and that they also affect their software so they can patch them.
Don't know if you ever watched Person of Interest but that show highlights some of the issues. Sometimes those with access and power tend to abuse it and the issue is not the monitoring tool itself but the abuse of such system to target. Some member here recently quoted this. Sadly i don't remember which one but i will link anw.
If a product used by millions has gaping security holes, it's probably wise to think the "good hackers" are not the only ones who know it. It's an escalating problem with no end near. The 'bad guys' will invent ways to keep on doing their thing whereas we will be left with hacker-prone, backdoor infested products.
 
  • Like
Reactions: Kalimirro
D

Deleted member 178

I'm so amused , in CNN they comment all day long about it, as if they didn't know...they are surely the one media the most spied on :D

i have to say that some vendors (aka big tech companies) will not patch the backdoor (or worse, will create one) because they work hand-in-hand with agencies.
 

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
It better be out in the middle of a field somewhere with no electronic devices on or near you. They can literally get into anything. Look up BadBios in which high frequency sound waves can be used by one device to infect another device via it's microphone that can even bypass an airgapped network.
Yes, but then it would have to be someone nearby and targeting you specifically. Then you would have bigger problems.
That's not necessarily true. If you have an exploited smartphone in your pocket(which we now know they target both iPhone/Android), they would be able to implement this technique remotely.
:( Yes, it is absolutely true. If you follow the conversation you will note my reply was to your comment (which I quoted) about using "high frequency" sound waves to infect another smartphone via its microphone.

Contrary to your claim, you cannot send sound waves through a remote connection. It would have to be someone standing nearby with a line-of-sight, unobstructed view of you. On top of that, because you specifically said "high frequency" sound waves - unlike low frequency sound waves which are omni-directional - high frequency sound waves are highly uni-directional requiring this person to be standing nearby and pointing a parabolic speaker at you. Something you would probably [hopefully] notice!

While sound can travel great distances, it still cannot be sent through the air remotely. Also, even the best smartphone microphones have limited frequency response (they are made for voice only, after all) and they purposely are not very sensitive to minimize picking up too much "background" noise when you are talking.

And BTW, if going to cite examples, especially extreme examples, please use applicable ones. BadBIOS involved the PC, Mac, and BSD computers - NOT smartphones! And BadBIOS required the use of full spectrum speakers capable of reproducing sound above 20KHz - a challenge for any speaker. And BadBIOS required the target "computer" to already be infected. That's a bunch of huge assumptions. Then of course, it assumes BadBIOS is real and not a myth and not something for the tinfoil hat wearers. :(

So I stand by my original comment; "it would have to be someone nearby and targeting you specifically. Then you would have bigger problems."
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I have 2 questions here, (NOT political judgement)
Q 1. What do they get by spying on normal people, it's not like they're stopping crimes or attacks?
I am under the impression that they have specific targets, for example, terror suspects and other groups that are a threat to national security. Prevented crimes are not usually published to the public, they also may have other on-going investigations which could compromise their operations if everyone knew including criminals.

It's not as newsworthy as knowing a celebrity has been arrested for DUI.
 

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
The reality is, our privacy is threatened more from marketing types spying on us than the our government.

If you are involved in child pornography, smuggling tons of cocaine or heroin, human trafficking, or plotting another 9/11, then you need to be worried about government spying on you. But if you are not involved in those activities, then you just need to worry about Google or worse, your cell phone carrier tracking your every movement (within a few feet! :eek:) via your smartphone, then selling that information to marketers who will then target you with ads picked just for you.
 
  • Like
Reactions: SHvFl

giants8058

Level 4
Verified
Jan 26, 2016
150
The reality is, our privacy is threatened more from marketing types spying on us than the our government.

If you are involved in child pornography, smuggling tons of cocaine or heroin, human trafficking, or plotting another 9/11, then you need to be worried about government spying on you. But if you are not involved in those activities, then you just need to worry about Google or worse, your cell phone carrier tracking your every movement (within a few feet! :eek:) via your smartphone, then selling that information to marketers who will then target you with ads picked just for you.
So hypothetically speaking if someone has full access to your smartphone (via an exploit) with capabilities and unlimited resources of the CIA, they wouldn't be able to push digital audio code to it, through the DAC and out the speakers? My point was not being infected in such a manner, but using your device to infect other devices. And yes this all may of sounded far fetched at some point in the past, but now not so much. Between all of the NSA leaks and now these, I don't believe these are "extreme examples" that you can just dismiss as something for the "tinfoil hat wearers" as you put it.

If I had to choose between being targeted for marketing purposes for ads in which Adguard blocks anyway or the possibility of all my personal, intimate and sensitive information being obtained under the guise of "national security", then I'd rather deal with smartphone case ads from time to time. And if you weren't aware you don't have to commit any of the crimes you mentioned to be targeted. You do realize the NSA indiscriminately gathers massive amounts of internet/cell traffic daily and stores it in their 100,000 square foot data center in Utah. In case you missed it, you should check out the Snowden documentary Citizenfour. And they are saying this is much worse.
 
Last edited:

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
if someone has full access to your smartphone
IF? :( IF someone has full access to your smartphone, then you have bigger problems to deal with. Like how did it get infected in the first place?

And now you've changed your tune (pun intended! ;)) to "digital audio code". I don't believe you understand what sound is. "Digital audio" is NOT "sound". You cannot hear digital audio.

Sound is analog only. Period. Sound is sound waves moving through the air. BadBIOS was all about sound being reproduced by a speaker that then moved through the air and picked up by a microphone. How the digital audio was created and transmitted through a network, through analog to digital then back through digital to analog converters before sent as analog to the speaker is 100% totally immaterial. Those are just audio signals, not "sound".

Sound is only sound when it is in waves moving through air (or water in the sea). If it is in digital format being conducted through wires, fiber, or on a RF carrier, it is not sound.

So yes, using sound to infect our smartphones (setting aside the fact your examples applied to computers with computer speakers - not smartphones therefore not applicable) is extreme, thus I do dismiss it as an exception to the rule. Exceptions don't make the rule.

As for the tin foil hat reference, it still stands. That BadBIOS issue (about using ultra-high frequency sound waves to infect another device) came about 4 years ago and has NEVER been seen out in the wild. And it NEVER applied to smartphones anyway. Sorry, but those are just the facts.
 

giants8058

Level 4
Verified
Jan 26, 2016
150
IF? :( IF someone has full access to your smartphone, then you have bigger problems to deal with. Like how did it get infected in the first place?

And now you've changed your tune (pun intended! ;)) to "digital audio code". I don't believe you understand what sound is. "Digital audio" is NOT "sound". You cannot hear digital audio.

Sound is analog only. Period. Sound is sound waves moving through the air. BadBIOS was all about sound being reproduced by a speaker that then moved through the air and picked up by a microphone. How the digital audio was created and transmitted through a network, through analog to digital then back through digital to analog converters before sent as analog to the speaker is 100% totally immaterial. Those are just audio signals, not "sound".

Sound is only sound when it is in waves moving through air (or water in the sea). If it is in digital format being conducted through wires, fiber, or on a RF carrier, it is not sound.

So yes, using sound to infect our smartphones (setting aside the fact your examples applied to computers with computer speakers - not smartphones therefore not applicable) is extreme, thus I do dismiss it as an exception to the rule. Exceptions don't make the rule.

As for the tin foil hat reference, it still stands. That BadBIOS issue (about using ultra-high frequency sound waves to infect another device) came about 4 years ago and has NEVER been seen out in the wild. And it NEVER applied to smartphones anyway. Sorry, but those are just the facts.

Ok man, I'm done going back and forth with you. We can agree to disagree then. I am aware that digital audio isn't sound. That is why I said digital code which passes through the DAC (Digital to Audio Converter) then to the speaker. How do you think you get streaming music. Kind of like a modem but in reverse.

>"So yes, using sound to infect our smartphones (setting aside the fact your examples applied to computers with computer speakers - not smartphones therefore not applicable) is extreme, thus I do dismiss it as an exception to the rule. Exceptions don't make the rule."

Once again I didn't say using sound to infect a smartphone, but using a smartphone as a springboard for attacks against other devices. But unlike you I'm not claiming this as fact, but based off of the leaked documents, their intentions and previous similar speculated infections, it MIGHT be possible. (You see I can capitalize too. Along with changing the font color and size, underline it, and heck I'll even italicize it ;)) And I didn't change any tune. I said high frequency sound waves and digital audio code, not digital audio. Sound waves are the result of digital code after conversion. I see reading comprehension isn't really your forte ;) while simultaneously trying to call someone out for backpedaling on their point. (And I can also follow passive aggressive comments with emojis too)

>"IF? :( IF someone has full access to your smartphone, then you have bigger problems to deal with. Like how did it get infected in the first place?"

A sophisticated zero day exploit that umm..maybe the CIA/NSA is only aware of. Did you even read any of the leaks?

>"As for the tin foil hat reference, it still stands. That BadBIOS issue (about using ultra-high frequency sound waves to infect another device) came about 4 years ago and has NEVER been seen out in the wild. And it NEVER applied to smartphones anyway. Sorry, but those are just the facts."

Has it ever occurred to you that after 4 years it may have evolved to smartphones? You are so definitive in your assumptions and claim your opinions as facts, but unless you have actual inside access/knowledge to the inner workings of these intelligence agencies, then in the end they are indeed just your opinions.
 
Last edited:

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
Ok man, I'm done going back and forth with you.
:( And yet you keep spewing out more, and totally unsubstantiated nonsense.
Has it ever occurred to you that after 4 years it may have evolved to smartphones?
First IFs and now MIGHTs and MAY HAVEs? :rolleyes: Unicorns and Bigfoot MIGHT exist too - even though no one has ever found any unicorn or Bigfoot poop or any skeletal remains. I guess the Leprechauns MAY HAVE swept-up the poop and destroyed the remains IF it doesn't magically disappear upon excretion or death.

At the same time, the entire security and anti-malware industries, even though they have known about this family of malware for 4 years, MAY HAVE totally missed its existence since, allowing it to be ported from only computers to smartphones. o_O

Once again, BadBIOS, as seen through your own links, is spread by using "ultrahigh" (20,000Hz and higher - well above what the vast majority of humans can hear) frequency sound reproduced by a speaker, spread through the air then picked up by a microphone.

Very few speakers (even audiophile quality speakers), and likely no smartphone speaker, are capable of reproducing frequencies that high, let alone with any usable amplitude - not to mention unmangled with distortion. The energy required to send ultrahigh sound any distance is substantial. And once again, smartphone microphones are designed for voice, not ultrahigh frequencies.

So you can stick with your IFs, MIGHTs, MAY HAVEs, rumors and myths. I will stick with the known facts.

And the facts are (1), the security industry is aware of BadBIOS and have created code to block it. (2) There is no evidence - yet - the leaked documents are authentic. (3) Assuming they are authentic, what they revealed were tactics, techniques, and tools used by the CIA to conduct legitimate foreign intelligence against the enemies of the free world. That's to help fight those who want kill innocent peoples (that includes you) of democratic societies in the UK, Paris, Baghdad, Istanbul, Belgium, the US, Israel, Germany and everywhere else in the free world. To fight those who kidnap entire villages of young girls for sex slaves. To stop those who want to destroy ancient historical monuments and artifacts. Who want to kill any and everybody who does not believe as they do.

Like it or not, Freedom is NOT Free! And if those documents are legitimate, whoever leaked them is a traitor - nothing more.
 
  • Like
Reactions: conceptualclarity

Dean Winchestere

Level 2
Verified
Mar 9, 2017
50
Bad Bios 2.0 :eek: Features not ultrasound, but hidden frames of sounds embedded in those YouTube videos... are really subliminal messages by Russian malware that's taken over Google to secretly influence the election.

Very similar to that malware that uses photo ads to encrypt data by encoding variations of the pixels.

Hell that's a scary af idea that's actually possible if we knew the exact specifications of a speaker ie iPhone 7. Then you detect the phone using app/browser and adjust accordingly to the specific speaker.

You can transmit data at 10 or 20k per second perhaps, then not only infect every device with a microphone, but control the people! Bahasa hahaha.

The new world order is already here! Pfffft.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top