Previous Story
WikiLeaks dump ‘equips’ United States adversaries — Central Intelligence Agency
Posted On Mar 09 2017
Comment: Off
Furthermore, actual hacking tools and software exploits weren’t released. If the documents turn out to be genuine they represent another massive breach of security for the U.S. intelligence community. Antivirus vendors can use this to look at their customers’ networks for any traces of past intrusions. The virus created a “fake off” button that left owners thinking the receiver wasn’t operating.
Uncle Sam’s spies have discovered and obtained from government branches including the National Security Agency and Federal Bureau of Investigation “numerous” ways – unknown to phone makers – to get into phones’ systems, WikiLeaks said. It is also not the first instance of sensitive USA documents ending up in the hands of the public and the media through WikiLeaks and other parties.
WikiLeaks is, for now, withholding details on the specific hacks used “until a consensus emerges” on the nature of the CIA’s program and how the methods should be “analyzed, disarmed and published”.
WikiLeaks editor Julian Assange called the disclosures “exceptional from a political, legal and forensic perspective”.
But some security researchers believe WikiLeaks is trying to mislead the public by exaggerating the CIA’s hacking capabilities. But while the iPhone manufacturer has quickly indicated that it has fixed “many” of the vulnerabilities, Microsoft and Samsung have merely said they are looking into the issues raised.
How real are the risks?
After an “initial analysis” of the leaks, Apple stated that numerous problems had already been patched in that latest iOS update, and that it will “continue work to rapidly address any identified vulnerabilities”. “I imagine the toolset is in the hundreds”, he said.
“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption”, wrote the company.
Journalists and security researchers are still looking over the dumped documents.
Several independent security researchers have said that the threat to the latest Android versions appears to be minimal.
Dubbed “Weeping Angel”, the program allows smart TVs to be converted into devices which eavesdrop on owners, recording audio from its surroundings. Microsoft says that the company is investigating these reports. “It’s not remote hacking”.
Just how the documents found their way into the hands of WikiLeaks is the big question. We don’t know if these techniques have been used to spy on American citizens, but it could show how the government deliberately kept mobile phone devices vulnerable to cyber threats to ensure easier surveillance.
In a statement accompanying the document release, WikiLeaks alleges that the Central Intelligence Agency has recently “lost control of the majority of its hacking arsenal”, and that an archive with “several hundred million lines of code” has been circling among former government hackers, giving them “the entire hacking capacity of the Central Intelligence Agency”.
“In the computer security world, it is widely known that unknown vulnerabilities in products do exist and that there is potential for these vulnerabilities to be exploited to compromise systems”, Kirda said. “We’ve always made security a top priority and we continue to invest in our defenses”.
