![]() An initial investigation conducted by security firms indicates that the CIA’s capabilities may not be as advanced as some have supposed. So what does this all mean for me and my business? Actually most of this is not new, it doesn’t break encryption itself and its sophistication has been doubted. Car hacking could be beneficial for both abusing cars as weapons and for spying at the conversations inside cars. It is also mentioned that “Vehicle System (e.g. Removable USB-devices (“ FineDining”) and CD/DVD tools called “ HammerDrill” can be used to infect and misuse isolated machines. There are special tools to spread malware to systems that are isolated from the internet. The CIA is also looking at Industrial Control Systems (SCADA). This is a consequent step as routers are core technology for network access and flaws in their firmware or software can be very beneficial for agencies. One of the target technologies are routers and other “Network Devices (including but not limited to SOHO routers)”. This comprises using Alternate Data Streams ( Brutal Kangaroo), unused space inside files and hiding data inside images. There are also several means to covertly transmit data to the machine or away from it. There are ways to evade and defeat security products (including G DATA’s) and forensic tools. The CIA has several strategies to evade detection and analysis. Samsung has reacted and is already looking into the possible bug. There is no evidence of them doing so remotely over the Internet. ![]() There have been examples where Android apps infected Smart TV’s but in the CIA files physical access with a USB device seems to be necessary. Hacking a Smart TV doesn’t look that easy. This effectively turns a SmartTV into a Orwell style televisor. But the camera and the microphone still records data. When activated the TV just looks like it is switched off. In an operation coined Weeping Angel, CIA and the British MI5/BTSS implemented a “Fake-Off” mode for Samsung Smart TVs. “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.” They seem to have several exploits for iOS and Android and by that they can sideload (or install) other apps (or programs) which are e.g. “CIA malware targets iPhone, Android, smart TVs”. The wide scope of attacked devices is not limited to PCs and network devices. So let’s have a look at a couple of the highlights in Wikileaks’ Vault7. That entails plenty of code (“several hundred million lines of code”, “more code than that used to run Facebook”) and many coworkers (“more code than that used to run Facebook”). The CIA seems to be targeting just nearly everything: Windows, OS X, Linux, routers, smartphones, SmartTVs, Embedded devices, Industrial Control systems, vehicle control etc. Reading through the documents it becomes clear that a wide scope is covered. ![]() In a computerized world it is inevitable that they have a powerful arsenal of cyber tools and cyber weapons. And they should have as a state agency like CIA needs to protect citizens. However the “Year Zero” documents indicate that CIA has powerful tools in their hands. Of course there is no confirmation at all from the CIA whether the leaked data is true or not. In more than 8700 secret files, most of them dating from 2013 to 2016 it, describes the tools used by the CIA and shows in detail how CIA’s cyber experts engage in hacking. The first episode in a series of planned publications is called “Year Zero”. On Tuesday Wikileaks published what it described as the biggest leak ever of confidential documents from the CIA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |