PDA

View Full Version : Vault 7: WikiLeaks reveals CIA's secret hacking tools and spy operations



Aragorn
7th March 2017, 13:58
https://betanews.com/wp-content/uploads/2017/03/cia-vault-7.jpg


Source: BETANEWS (https://betanews.com/2017/03/07/wikileaks-vault-7-cia-year-zero/)



WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive.

The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe.

WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. WikiLeaks says: "This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA."

Julian Assange's organization had been promoting the upcoming leak and accompanying press conference on Twitter. When the press conference came under attack, Plan B was brought into play meaning that the required password was released earlier than expected:



http://oi67.tinypic.com/w13fpj.jpg


WikiLeaks published a lengthy press release (https://wikileaks.org/ciav7p1/) to introduce the findings, summarizing what the archive contains. Unsurprisingly, the release is highly critical of the CIA:


Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

WikiLeaks says that it has taken care to review all of the documents and information it received from its source, and has been careful to avoid "the distribution of 'armed' cyberweapons." Some information has been redacted or anonymized, but an explanation for this has not been given.

The documents reveal that the CIA worked with MI5 in the UK to infect Samsung smart TVs so their microphones could be turned on at will. Investigations were carried out into gaining control of modern cars and trucks, and there is even a specialized division of the CIA focused on accessing, controlling and exploiting iPhones and iPads. This and Android zero days enables the CIA to "to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."

Other revelations made in in Year Zero include the suggestion that the US Consulate in Frankfurt is actually a "covert base for [the CIA's] hackers covering Europe, the Middle East and Africa."

The cache makes for terrifying reading, but will take some time to be fully analyzed.

If you want to download the files for yourself, you can grab the torrent (https://t.co/gpBxJAoYD5) (sorry, no magnet link from WikiLeaks!) and extract it using 7-Zip. The password you'll need to decrypt the archive is: SplinterItIntoAThousandPiecesAndScatterItIntoTheWi nds

Enjoy.


Source: BETANEWS (https://betanews.com/2017/03/07/wikileaks-vault-7-cia-year-zero/)

RealityCreation
8th March 2017, 00:12
WikiLeaks has published what it claims is the largest ever release of confidential documents on the CIA. It includes more than 8,000 documents as part of ‘Vault 7’, a series of leaks on the agency, which have allegedly emerged from the CIA's Center For Cyber Intelligence in Langley, and which can be seen on the org chart below, which Wikileaks also released:


More info & chart:

http://www.zerohedge.com/news/2017-03-07/wikileaks-hold-press-conference-vault-7-release-8am-eastern

Aragorn
8th March 2017, 11:13
And even more highlights... :eyebrows:




Source: Independent (http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-what-are-they-explained-vault-7-year-zero-julian-assange-secrets-a7616826.html)



WikiLeaks CIA files: The 6 biggest spying secrets revealed by the release of 'Vault 7'


Julian Assange has claimed the documents are the biggest intelligence release ever


WikiLeaks has released a huge set of files that it calls "Year Zero" (http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-vault-7-julian-assange-year-zero-documents-download-spying-secrets-a7616031.html) and which mark the biggest exposure of CIA spying secrets ever.

The massive set of documents – over 8,000 pages in all – include a host of hacking secrets that could embarrass intelligence agencies and the US government, as well as undermining spying efforts across the world. Here are six of the biggest secrets and pieces of information yet to emerge from the huge dump.


1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers

The US intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.

If that software is as powerful as WikiLeaks claims, it could be used to remotely control those devices and switch them on and off. Once that happened, a vast array of data would be made available – including users' locations, messages they had sent, and potentially everything heard by the microphone or seen by the camera.


2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure

Encrypted messaging apps are only as secure as the device they are used on – if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user. WikiLeaks claims that has happened, potentially meaning that messages have been compromised even if all of the usual precautions had been taken.


3) The CIA could use smart TVs to listen in on conversations that happened around them

One of the most eye-catching programmes detailed in the documents is "Weeping Angel". That allows intelligence agencies to install special software that allows TVs to be turned into listening devices – so that even when they appear to be switched off, they're actually on.

That's just one of the technologies created by the Embedded Devices Branch, the CIA division at the centre of much of the leaks of new information.


4) The agency explored hacking into cars and crashing them, allowing 'nearly undetectable assassinations'

Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA were looking into ways of remotely controlling cars and vans by hacking into them.

"The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations," WikiLeaks notes, in an unproven piece of speculation.


5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments

WikiLeaks claims that its source handed over the documents in order to provoke a debate about the power of intelligence agencies and how their information should be exposed. Perhaps central to that is the accusation that the CIA was "hoarding" exploits that it had found – rather than handing them over to the companies that could fix them, and so make users safe, as they had promised to do.

Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.

"Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability," a WikiLeaks statement read. "If the CIA can discover such vulnerabilities so can others."

WikiLeaks noted that those unfixed exploits affected everyone using the equipment, including "the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers".


6) More information is coming

The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analysed but many of which hasn't.

The files are being shared publicly on the WikiLeaks website and the organisation has encouraged its supporters to keep looking through the documents in the hope of finding more stories.

And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said.

When taken together, those "Vault 7" leaks will make up the biggest intelligence publication in history, WikiLeaks claimed.


Source: Independent (http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-what-are-they-explained-vault-7-year-zero-julian-assange-secrets-a7616826.html)

Maggie
8th March 2017, 19:43
I liked what John McAfee said here and it seems relevant to vault 7

aDTKKmBjlwE

listening to this now

qRBKpeMHT5E

Aianawa
9th March 2017, 00:28
Things are cooking, this pepper has interesting time indeed.

Aianawa
9th March 2017, 00:54
https://www.youtube.com/watch?v=42Er4A0N8PU

Maggie
10th March 2017, 22:09
"Historic act of devastating incompetence"- Julian Assange

Se6XWhKOE2Q

CrossTalking with Larry Johnson, Suzanne Nossel, and Patrick Henningsen.

RUHdv99AY2g

Maggie
11th March 2017, 16:10
Videos I thought had some interest

K2RvD5ZEcfA

q_zWmOZXO_I

RealityCreation
12th March 2017, 03:18
Thanks Maggie,

All interesting videos. I kind of wished they had left out the book part about Obama in the last interview & done it as a separate mini clip as I feel it restricts the audience somewhat.
I know some fervent Obama lovers who on seeing this would just wipe the whole interview.




I was rereading the link that I had posted - (http://www.zerohedge.com/news/2017-0...se-8am-eastern) above & noticed an interesting snippet:

Examples of CIA projects

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools. The majority of these projects relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration.

Umbrage: The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

Fine Dining: Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations. Among the list of possible targets of the collection are 'Asset', 'Liason Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals.

'Improvise'; a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor).

HIVE: HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants. The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

I quoted in my Alt news thread that I had come across this
Google is changing many of its search engine parameters and one of the things that will get a site "de-ranked" in searches is links that use "HTTP" instead of the encrypted browser link "HTTPS" (the "S" stands for secure - which it is... sort of...). Sites that have the open links are de-ranked. [My] blog has over 4000 postings and I do not have the time to go through each of them and update all the links just to please Google's search engine requirements. So I am starting fresh with a new blog, and ad revenue generally mostly comes from recent postings.


Things that make you go hmmmm & wondering if there is a connection, especially since I just read today that that blogger who had recently started up another entire new site to accomodate this (https) a couple of weeks ago has just overnight mysteriously had a particular article wiped from their site.

Aragorn
12th March 2017, 10:41
[...]

HIVE: HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants. The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

I quoted in my Alt news thread that I had come across this


Google is changing many of its search engine parameters and one of the things that will get a site "de-ranked" in searches is links that use "HTTP" instead of the encrypted browser link "HTTPS" (the "S" stands for secure - which it is... sort of...). Sites that have the open links are de-ranked. [My] blog has over 4000 postings and I do not have the time to go through each of them and update all the links just to please Google's search engine requirements. So I am starting fresh with a new blog, and ad revenue generally mostly comes from recent postings.

Things that make you go hmmmm & wondering if there is a connection, especially since I just read today that that blogger who had recently started up another entire new site to accomodate this (https) a couple of weeks ago has just overnight mysteriously had a particular article wiped from their site.


Actually, no, there is no connection between Google's favor for https links and this recent disclosure, my friend. Or that is to say, not directly. I too have seen that message you quoted quite a while ago already — I monitor Slashdot (https://slashdot.org) on a daily basis. ;) It is however connected — on a longer time scale — with the Edward Snowden revelations.

The thing is this: http stands for HyperText Transfer Protocol, and among other things, it is the protocol by which web browsers retrieve information from — and send information to — web servers. However, this information is sent over the internet "as is", which means that if you log in (*) at a website — such as The One Truth — then your password is sent over the internet unencrypted, and then in theory, someone could be eavesdropping on the connection between your computer and the server — in IT jargon, we call that "packet sniffing" — in order to intercept the traffic and look for logins and passwords in the data stream.

This is why https is better. It is the same thing as http, but it adds SSL ("Secure Sockets Layer") encryption to the traffic sent to and from the web server. And based upon my having seen that message that you quoted, I made the recommendation to Malc that we'd switch to https as soon as possible.


(*) If you've checked the box labeled "Remember Me", then you will be logged in automatically, but then no passwords are sent back and forth between your browser and the web server anymore beyond the first time you log in with the "Remember Me" box checked. Automated logins like that use so-called tokens, which are a kind of cookies stored on your computer, and which authorize your web browser for visiting the website with the permissions associated with your member account. So in that case, there wouldn't be much of a difference between http versus https. But even then still, https would be preferable, because you may be sending/retrieving other confidential information to/from the server — such as when you read or send private messages — and https would then still make it difficult for anyone "sniffing" the packets between your browser and the server to decypher the data stream.

However, Malc has a lot on his hands right now — personal stuff — and this kind of switchover must be made at the level of the web server, and may involve the cooperation of the people at the company hosting our server. For one, we'd need to obtain an SSL certificate from an authorized source. So Malc promised me he'd look into it, but it'll probably still take a few weeks (if not longer) before we can implement this here at The One Truth.

After we will have switched over, if you then copy over a thread URL, it'll be a https link from there on. Older external links at other websites or bookmarks in members' browsers to threads or individual posts here at The One Truth may still contain the http identifier, but that's no problem — the links or bookmarks won't be broken — because the server would then automatically translate that into https upon opening the page and would thus initiate the establishment of an encrypted connection between the user's browser and the web server. If the user's browser does not support SSL or fails to accept our certificate — that scenario is rare these days, but it can still happen — then (and only then) will the server fall back to the unencrypted http protocol.

So there was a precedent already with regard to the switchover from http to https, i.e. the Edward Snowden revelations. Because now the CIA have been caught with their pants down, but what they have been doing is in fact very similar to what the NSA had already been doing for much longer, and that's what has triggered the increase in vigilance within the IT community, not Vault 7. ;)


Edit: Look what Malc has just announced. (http://jandeane81.com/threads/10691-Moving-from-http-to-https) ;) I swear I had no idea that he was going to do it this weekend! :D

Amanda
13th March 2017, 00:00
Why would the CIA or any of the alphabet agencies allow the above information to become public?? Do they not care anymore?? I suspect that with all the satellites in the upper atmosphere, that hacking into any electronic device is available to them.

Whatever is possible in this day and age - I know that the ability to 'spy' on any one particular individual or group is not new. Many times I have read articles that state the technology we have - the masses - is anywhere from fifty to a hundred years behind what is actually operational.

We certainly live in an interesting era. Does anyone recall the engineer who helped design the 'smart television' - who came forward and publicly declared that he was sorry he collaborated on the design??? He stated that he would never use a 'smart television' as he was scared of what he helped create.

Much Respect - Amanda

Aragorn
13th March 2017, 11:55
Why would the CIA or any of the alphabet agencies allow the above information to become public??

They didn't. The information was leaked out to Wikileaks by an insider, similar to what Edward Snowden did with the NSA stuff.


Do they not care anymore?? I suspect that with all the satellites in the upper atmosphere, that hacking into any electronic device is available to them.

In theory, yes. In practice, it's a little harder because this kind of operations works on a "wholesale" level, similar to carpet bombing. Identifying a single and small target is very difficult, so the preferred method is to already compromise the targets before they reach the consumer, and thus have the targets identify themselves to the perpetrators as a hackable candidate by way of a secret broadcast message — i.e. the target "phones home".


Whatever is possible in this day and age - I know that the ability to 'spy' on any one particular individual or group is not new. Many times I have read articles that state the technology we have - the masses - is anywhere from fifty to a hundred years behind what is actually operational.

Well, I wouldn't put a number on the years of difference in progress, because it varies widely, depending on the branch of technology we're talking about. Those who've been involved with ET technology will probably already be many thousands of years ahead of the mainstream, but the farther away you move from the breakaway civilization and the closer to the mainstream you get, the smaller that difference will be.

But yes, ultimately, the controllers are always a certain amount of steps ahead of us, and especially when it comes to military-grade technology. That's a given. :ninja:

Amanda
14th March 2017, 23:02
Not wanting to incite an argument but my comments above were based on Lateral and Critical Thinking. I know that in this day and age - if an article or an image or video is available on the worldwideweb - then it has been permitted to be on the worldwideweb.

I am sure we have all seen an article or image or video and then when seeking it out again, perhaps to share with others - it has quite simply disappeared. Anyone recall recently when the image of the Queen was uploaded and published to the worldwideweb? Apparently her hand was morphing into a scaly lizard like appendage. The person who uploaded and published the image stated: That he was not a believer until he saw her start changing right before his eyes. He also stated that he watched comments being placed online and within twenty seconds he watched as they were removed - in real time - as he watched.

The word 'leaked' is right up their with the word 'conspiracy' - well at least for me. Many online and hard copy publications have stated that the CIA/Alphabet Agencies created the word 'conspiracy' and injected it, as it were, into the collective conciousness of all those who engage in online discussion of what is available to them ....

Again I state that the information that is being discussed within this thread - has been permitted to be online. My personal theory is that the global platform that is available to the CIA/Alphabet Agencies is far too complex to be properly 'policed' and thus anything that is online - is there for a purpose. If and when something makes it way online - it is due to being 'permitted' to be online and to stay there ....

Just my thoughts, my Lateral Thoughts and Critical Thoughts - that is all. Creative Thoughts? Where we think on a Divergent level and problem solve - well solving the problems of the worldwideweb/global platform - I think that might be about paying close attention to detail and paying close attention to our own thoughts and not those that are projected onto us - yes?????

Much Respect & Much Peace - As we all seek answers to our questions - Amanda

Aianawa
14th March 2017, 23:33
Thanks for your critical thinking Amanda, the weres however are unable to fully control either the internet or human consciousness imo and are losing heavily from observation, the consciousness and/or mind game as such, which I feel is totally tied in nowadays with the internet. The weres will look to be ahead of the game as such internet wise and I feel and have observed that the growing human consciousness aspect has and continues to negate them, as the consciousness only followed the least resistance, which cannot be forknown by the weres imo.

Maggie
17th March 2017, 18:49
I liked what John McAfee said here and it seems relevant to vault 7

aDTKKmBjlwE

listening to this now

qRBKpeMHT5E

More lately from John McMcafee. Cyberhacking is deployed by many different people armed with weaponized software. What is the hope for cyber security?

hVqklqCmr0U

8eM1Vu-1Cs0