cia
Latest
After Math: Xs and Os
It's been a wild week for schemes and strategies. A band of thieves made off with a load of new iPhones, the CIA released more of bin Laden's hard drive contents, and Netflix nixed House of Cards because Kevin Spacey turned out to be a sexual predator. Numbers, because how else will you know if your fence is underpaying for those looted wares?
CIA releases Bin Laden's personal files with malware warning
Yesterday, the Central Intelligence Agency posted almost 470,000 files (around 321 GB) that were recovered during the raid on Osama bin Laden's Abbottabad compound in May 2011. This is by far the largest release of material found during the operation that resulted in the al-Qaeda leader's death.
CIA uses a secret tool to spy on NSA, FBI and other intel partners
Apparently, nobody's exempt from the CIA's intelligence gathering, not even its own intelligence partners. According to a set of documents published by WikiLeaks, the CIA uses a tool called "ExpressLane" that hides behind a fake software update to collect information from agencies around the world that use its biometric collection system. In the US, the list includes fellow government agencies like the FBI, the NSA and Homeland Security. These partners are supposed to share data with the CIA, but clearly, the intelligence service wants to make sure they're not keeping anything from the agency.
Report: Obama authorized a secret cyber operation against Russia
President Barack Obama learned of Russia's attempts to hack US election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the US to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former US official told The Post.
The CIA has been rooting around in your WiFi router
A recent Wikileaks document dump revealed that the CIA has been hacking wireless routers. The documents suggest it has been going on for years and as many as 25 devices from 10 different manufacturers were targeted.
Microsoft blasts spy agencies for hoarding security exploits
Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."
Reports: US is preparing charges against Wikileaks' Assange
United States authorities have prepared charges for the arrest of Wikileaks founder Julian Assange, CNN reports. Assange has been hiding out in the Embassy of Ecuador in London since 2012, fleeing allegations of rape in Sweden and espionage charges in the US. This makes him difficult to reach, regardless of a formal charge -- unless Ecuador plans to kick him out of its embassy after a five-year stay.
The new CIA head hates WikiLeaks (when convenient)
The new director of the CIA has come out swinging against WikiLeaks, calling the organization a "hostile intelligence service." In his first public speech, Mike Pompeo called Julian Assange a "narcissist who has created nothing of value," adding that he "relied upon the dirty work of others to make himself famous."
WikiLeaks latest CIA dump focuses on malware for Windows
As WikiLeaks continues to extend the mileage from its "Vault 7 cache" of CIA information, its latest release focuses on tools it says the agency uses for hacking Windows computers. While its release didn't include any source code, manuals described a "Grasshopper" tool used to create custom malware setups depending on the target intended. As CSO Magazine explains, it used some elements from the Carberp financial malware that leaked onto the internet in 2013. The CIA's Advanced Engineering Division and Remote Development Branch allegedly modified that malware, while the Grasshopper setup allows them to customize its ability to persist on the victim's computer, reinstall itself and evade antivirus scans.
WikiLeaks: CIA has all sorts of tools for hacking your 2008-era Mac (updated)
One of Apple's big talking points is that Macs don't get viruses and that they're relatively safe when compared to Windows PCs. Well, WikiLeaks would like you to reconsider that notion with more info about Vault 7. The organization's latest dump is a handful of documents from the Central Intelligence Agency that detail, among other things, how the agency can infect a MacBook Air during its boot cycle via a modified Thunderbolt-to-Ethernet adapter. With "Sonic Screwdriver," the CIA's monitoring tools are stored on the dongle and the machine can be infected even if it's password protected. Considering how dongle dependent the new MacBooks are, this sort of exploit becomes even more worrying.
WikiLeaks won't share CIA exploits unless companies meet terms
WikiLeaks offered to work with tech companies to patch the CIA's leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks "made demands" of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They're worried that Russia might have been responsible for forwarding the info.
WikiLeaks CIA cache: Fool me once
This week's poorly conceived distraction from Trump and Putin sittin' in a tree was brought to us by WikiLeaks, which dumped 8,761 documents of the CIA's hacking arsenal online for all to see. The leak factory didn't even bother trying to play coy -- it actually made the "Vault 7" password an anti-CIA JFK quote about destroying the agency. Hilarity ensued. Well, if you think it's funny when the press parrots WikiLeaks' misleading claims wrapped in PR spin.
The Engadget Podcast Ep 31: Look Inside America
On this episode a trio of out-of-towners -- managing editor James Trew, senior editor Aaron Souppouris and senior editor Mat Smith -- join host Terrence O'Brien to talk about the latest tech news. First they'll discuss Consumer Reports decision to start considering security and privacy in their ratings. Then try to figure out just what the hell the New York Times is thinking by putting tweets in the print edition of the paper. Then lastly they'll talk about the latest out of Wikileaks and yell a whole lot about what a terrible person Julian Assange is.
'Many' Android exploits in WikiLeaks CIA files are already fixed
Apple isn't the only company scrambling to reassure the public that it has fixed most of the CIA exploits revealed in WikiLeaks' latest disclosure. Google tells CNET it's "confident" that security patches and safeguards already protect you against "many" of the exploits in both Android and the Chrome web browser. The internet giant will also "implement any further necessary protections" for flaws that have yet to be patched.
WikiLeaks offers to work with tech firms to fix CIA exploits
Founder Julian Assange says that WikiLeaks will offer tech companies access to CIA's leaked hacking techniques and code. During a news conference held at The Embassy of Ecuador in London on Thursday, he said that it would allow firms time to "develop fixes" before further details about the techniques are revealed to the public. Assange said the CIA tools could be used to tap into servers, smartphones and even your TV.
CIA responds to WikiLeaks with an extra long 'no comment'
A day after a WikiLeaks post claimed to reveal inside details of the CIA's hacking apparatus, the agency has responded with a "no comment" and then some. In a statement, the folks at Langley said: "We have no comment on the authenticity of purported intelligence documents released by WikiLeaks or on the status of any investigation into the source of the documents."
Apple says it's already patched 'many' Wikileaks iOS exploits
Less than 24 hours ago, Wikileaks published a large cache of documents detailing top secret CIA operations conducted by its Center for Cyber Intelligence. Included in the 8,761 documents and files, referred to was Vault 7, are references to zero-day exploits that were reportedly being used to track and control iPhones but also Android phones and Samsung smart TVs. While the authenticity of some of Wikileaks' claims are still in question, Apple has confirmed that some of the threats towards its mobile operating system are very real. In a move to reassure customers, the company issued a statement noting that it has already taken steps to patch "many" of the 14 iOS vulnerabilities listed and is working to "rapidly address" the rest.
WikiLeaks claims to have the CIA's hacking toolkit (updated)
WikiLeaks just ignited another powder keg. Julian Assange's outfit has posted the first of a string of CIA leaks, nicknamed Vault 7, that purports to reveal the agency's "entire hacking capacity." The information is said to have escaped an "isolated" secure network at the CIA's Center for Cyber Intelligence in Virginia, and indicates that the organization has far-reaching abilities to snoop on modern technology... including encrypted apps that are supposed to be tough to crack.
CIA reveals new guidelines for collecting data on Americans
There's no question that the US government's approach to handling sensitive data could stand an update to acknowledge the online age, and the CIA is taking a stab at it. The agency has published new procedures that govern how it collects, keeps and shares information on Americans under Executive Order 12333. The guidelines acknowledge that it's much, much easier to collect large volumes of data than when the Order surfaced in the 1980s, and that the nature of the internet requires restrictions that hadn't even been considered before.
12 million declassified CIA files are now available online
The CIA has posted a vast cache of nearly 12 million declassified CIA pages online, including info on Nazi war crimes, the Cuban Missile Crisis, UFO sightings, human telepathy ("Project Stargate") and much more. It's been a long time coming -- Bill Clinton first ordered all documents at least 25 years old with "historical value" to be declassified in 1995. The agency complied, but didn't exactly make it easy to see the trove -- you had to trek all the way to the US National Archives in Washington DC to get a peek.
