Tag Archives: Vault 7

Vault 7: New WikiLeaks dump details Android SMS snooping malware

Source: Naked Security

"Since launching its Vault 7 project in March, WikiLeaks has dumped documents outlining the CIA’s efforts to exploit Microsoft and Apple technology. In this week’s latest release, it focuses on malware called HighRise, which the agency used to target Android devices. WikiLeaks describes HighRise this way on its website: 'HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts.'" (07/14/17)

https://nakedsecurity.sophos.com/2017/07/14/vault-7-new-wikileaks-dump-details-android-sms-snooping-malware/

Vault 7: WikiLeaks dump reveals how the CIA can track your exact location

Source: Wired

"How many people specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you're using a Windows laptop or PC you could add another group to the list: the CIA. New documents released on Wednesday as part of WikiLeaks' series of CIA hacking revelations detail a method the agency uses to geolocate computers and the people using them. The agency infects target devices with malware that can then check which public Wi-Fi networks a given computer can connect to at a given moment, as well as the signal strengths of those networks. From there, the malware compares the list of available Wi-Fi options to databases of public Wi-Fi networks to figure out roughly where the device is. The leaked documents detailing the project, which is known as ELSA, date back to 2013, and specifically address laptops and PCs running Windows 7. But experts say that the technique is straightforward enough that the CIA could have a version of it for every Windows release." (06/29/17)

http://www.wired.co.uk/article/wikileaks-cia-tracking

WikiLeaks reveals CIA tool for spreading malware in latest Vault 7 release

Source: Ars Technica

"WikiLeaks just published details of a purported CIA operation that turns Windows file servers into covert attack machines that surreptitiously infect computers of interest inside a targeted network. 'Pandemic,' as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers." (06/01/17)

https://arstechnica.com/security/2017/06/wikileaks-says-cias-pandemic-implant-turns-servers-into-malware-carriers/

Fresh WikiLeaks dump shows CIA was hacking iPhones a year after launch

Source: Forbes

"A new Wikileaks release called DarkMatter was released today, affirming that the Central Intelligence Agency has long targeted Apple Macs, creating malware designed to evade the tech giant's security mechanisms. The leak also revealed the CIA had been targeting the iPhone since 2008, a year after the landmark device was released. That slice of info was included in a small dump of information Wednesday, that included manuals for a handful of implants and rootkits — malware that can hide at the lowest level of Apple systems, the kernel and the firmware of the device. … As of this week, after some delay, Wikileaks was in touch with Apple, Google, Microsoft and other tech companies about the leaks, the aim being to help them release patches. But as reported by Vice Motherboard, Wikileaks issued a list of demands before handing over information, such as a promise to fix the bugs within 90 days." (03/23/17)

https://www.forbes.com/sites/thomasbrewster/2017/03/23/wikileaks-cia-apple-mac-iphone-hacking/#658634a91e3b

Is the Vault 7 source a whistleblower?

Source: Antiwar.com
by Jesselyn Radack

"The FBI has already begun hunting down the source as part of a criminal leak investigation. Historically, the criminal justice system has been a particularly inept judge of who is a whistleblower. Moreover, it has allowed the use of the pernicious Espionage Act — an arcane law meant to go after spies — to go after whistleblowers who reveal information the public interest. My client, former NSA senior official Thomas Drake, was prosecuted under the Espionage Act, only to later be widely recognized as a whistleblower. There is no public interest defense to Espionage Act charges, and courts have ruled that a whistleblower's motive, however salutary, is irrelevant to determining guilt. The Intelligence Community is an equally bad judge of who is a whistleblower, and has a vested interest in giving no positive reinforcement to those who air its dirty laundry." (03/15/17)

http://original.antiwar.com/jesselyn_radack/2017/03/14/is-the-vault-7-source-a-whistleblower/

Government officials: Contractors were probably the heroes who helped WikiLeaks expose CIA's surveillance horror show

Source: Time

"Contractors likely breached security and handed over documents describing the Central Intelligence Agency's use of hacking tools to anti-secrecy group WikiLeaks, U.S. intelligence and law enforcement officials told Reuters on Wednesday. Two officials speaking on condition of anonymity said intelligence agencies have been aware since the end of last year of the breach, which led to WikiLeaks releasing thousands of pages of information on its website on Tuesday." (03/09/17)

http://time.com/4696405/wikileaks-cia-contractors-documents-source/

Thanks again WikiLeaks

Source: Authority!
by Timothy J Taylor

"The TV pundits are all riled up again about the latest WikiLeaks 'Vault 7' revelations detailing how our Central Intelligence Agency (CIA) now has the full capability to hack into almost every electrical device we use, even those not connected to the internet, to spy on foreigners and Americans alike. Word is that more horrific revelations are yet to come. Good! Thanks WikiLeaks! The Feds are desperately searching for the rogue CIA mole that blew the whistle. They're screaming treason. They want blood. I hope they never catch the leaker. He or she is an American hero just like Julian Assange and Edward Snowden. They're not traitors. They're heroes because they are exposing government wrongdoing, constitutional violations and criminality. It's the government criminals who are the traitors." (03/09/17)

http://authoritycon.blogspot.com/2017/03/thanks-again-wikileaks.html

Apple, Samsung and Microsoft respond to Vault 7

Source: BBC News [UK state media]

"Several of the tech firms whose products have been allegedly compromised by the CIA have given their first reactions to the claims. Wikileaks published thousands of documents said to detail the US spy agency's hacking tools on Tuesday. They included allegations the CIA had developed ways to listen in on smartphone and smart TV microphones. Apple's statement was the most detailed, saying it had already addressed some of the vulnerabilities. … The CIA has not confirmed whether the documents — said to date between 2013 to 2016 — are real." (03/08/17)

http://www.bbc.com/news/technology-39203724