category

Wikileaks CIA data dump and broken security


Horrendous but not unexpected. CIA exploited security flaws in software rather than notifying vendors of the flaws so they could be fixed. Snowden is completely correct. This is reckless beyond words.

The Wikileaks CIA dump shows that CIA (and no doubt lots of other intelligence services) can plant malware on phones and computers that bypass encryption. This means Signal or WhatsApp encryption is essentially useless if your device has such malware on it because it grabs messages before they’ve been encrypted. We don’t know how prevalent such malware is. I would assume only high-value people are targeted, but there’s no way to know for sure.

There are still a few ways to protect yourself. Use a VPN, as it provides some security. So does the Tor browser. However, if you log into a site using Tor, then they know who you are. Turn off as many internet-enabled devices as possible. Does your TV, refrigerator, and thermostat really need to be on the net? Tape over your webcam unless you are using it. Mark Zuckerberg does. Consider whether you really need Alexa or internet-enabled child toys. Any Internet of Things devices should automatically be suspect because security for them is mostly non-existent or an afterthought. Assume you are being watched and act accordingly.

In the case of a tool called “Weeping Angel” for attacking Samsung SmartTVs, WikiLeaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”

The CIA reportedly also has studied whether it could infect vehicle control systems for cars and trucks, which WikiLeaks alleged could be used to conduct “nearly undetectable assassinations.”

And a specialized CIA unit called the Mobile Devices Branch produced malware to control and steal information from iPhones, which according to WikiLeaks were a particular focus because of the smartphone’s popularity “among social, political diplomatic and business elites.” The agency also targeted popular phones running Google’s Android, the world’s leading mobile operating system.