CIA can see through Signal and other privacy apps, and they hacked your phone, and they lost control of those tools

Wikileaks dump summary at REDDIT

From the Washington Examiner:

Former NSA contractor Edward Snowden said on Tuesday that the WikiLeaks dump of what it claims to be more than 8,700 documents from the CIA’s Center for Cyber Intelligence “looks authentic” and “is genuinely a big deal.”

WikiLeaks announced that its “Vault7” publication shines a light on the CIA’s secret hacking program with targets around the world, using malware that can bypass encryption protection in a wide range of devices, including Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since the document dump, WikiLeaks account has shared several pieces of information via its official Twitter account, including this one: “WikiLeaks #Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption.”

Copy paste this link into a browser:

It doesn’t seem to open in Safari but it does for the moment, in Chrome. Ironic as Google is the CIA is the US state Department. Same people, different desks. But for the moment, the link works in Google Chrome.

About Eeyore

Canadian artist and counter-jihad and freedom of speech activist as well as devout Schrödinger's catholic

22 Replies to “CIA can see through Signal and other privacy apps, and they hacked your phone, and they lost control of those tools”

    • It isnt Signal that was hacked. Its your phone. Any data gets to the CIA way before it gets into signal if you follow.

      Its like you manage to encrypt and safety your bank machine, but the envelopes you put the money in are CIA envelopes and ehey never make it into the slot.

      More accuratly they are duplicated before they go in the slot so yur never the wiser

    • This bellyache against the American government and all Western Democracies keeping vigilance.

      The internet is flawed. Communist and Islamic governments are hammering at it.

      America is winning. But, losing the moral war, once again to an entitled child.

  1. The Russia thing… CIA developed a hacking strategy (codes) that mimicked Russian fingerprints without leaving a trace.
    The loss of control is outright scary.
    Wiki says the best is yet to come.

  2. Germany’s chief federal prosecutor has announced examination of U.S. hacking activities at the Frankfurt ‘Consulate’ and may prosecute.

    GERMANY – The state office of public Prosecutor of Germany will examine the data on WikiLeaks “spying” from the U.S. Consulate

    The General Prosecutor’s office of Germany will examine new documents published yesterday by Wikileaks concerning the activities of the Central intelligence Agency (CIA). About it to Agency Reuters said the representative of the Prosecutor General of the country

    “We will start investigating if we see evidence of specific criminal acts or specific perpetrators,” — said the representative of the Prosecutor General. “We very closely follow the observed”, – he added.

    In turn, the representative of the Ministry of foreign Affairs of Germany said Wednesday that Berlin is in close contact with Washington about the documents made public. According to Reuters, the representative of the German foreign Ministry stressed that first of all it is necessary to check whether these documents are genuine.

    On Tuesday, March 7, WikiLeaks began publishing leaks of documents relating to CIA activities. In particular, some of the documents shows that the CIA organized the secret “hacker database”in the U.S. Consulate in Frankfurt-on-main. There, according to WikiLeaks, organized cyber-attacks on Europe, the middle East and Africa.

    Other documents indicate the existence of a global program for hacking various devices and systems, including the iPhone, Android operating systems and Windows and even TVs Samsung, which was able to turn into a recording device.

    This leak is the largest leak of confidential intelligence data, emphasizes WikiLeaks. Eve was published only the first portion of the document.

  3. BBC News – Wikileaks dump has made US ‘less safe’ –

    Former CIA boss Michael Hayden has said the supposed leak of highly sensitive CIA data by Wikileaks is “incredibly damaging” and has put lives at risk. The website claims the papers give details of a wide range of hacking methods used by the American spy agency, via mobile phones and other gadgets. The CIA has refused to comment.

  4. The Feds Would Rather Drop a Child Porn Case Than Give Up a Tor Exploit

    The Department of Justice filed a motion in Washington State federal court on Friday to dismiss its indictment against a child porn site. It wasn’t for lack of evidence; it was because the FBI didn’t want to disclose details of a hacking tool to the defense as part of discovery. Evidence in United States v. Jay Michaud hinged at least in part on information federal investigators had gathered by exploiting a vulnerability in the Tor anonymity network.

    “Because the government remains unwilling to disclose certain discovery related to the FBI’s deployment of a ‘Network Investigative Technique’ (‘NIT’) as part of its investigation into the Playpen child pornography site, the government has no choice but to seek dismissal of the indictment,” federal prosecutor Annette Hayes wrote in the court filing on Friday. She noted that the DoJ’s work to resist disclosing the NIT was part of “an effort to balance the many competing interests that are at play when sensitive law enforcement technology becomes the subject of a request for criminal discovery.”

    In other words, the feds are letting an alleged child pornographer free so that officials can potentially catch other dark-web using criminals in the future.

    Open Tor

    The feds have relied on the NIT, which is classified, for evidence in hundreds of other cases. Previously, though, the DOJ was able to overturn orders to reveal information about it, or sidestepped disclosure when a defendant pled guilty before trial. This marks only the second time that federal prosecutors dropped charges rather than expose a secret exploit.

    For years now, federal investigators have used hacking tools to undermine the Tor anonymity network and identify suspects attempting to conceal their identities and actions. These Tor exploits help federal law enforcement agencies investigate serious crimes, particularly child porn rings on the dark web, that would otherwise be difficult to prosecute. But the DOJ will apparently go to extreme lengths to protect the disclosure of those exploits, raising new questions about the boundaries of investigative hacking.

    In fact, United States v. Jay Michaud has turned out to be a sort of case study, at each legal stage, for how the government may treat NITs in the future. Federal investigators arrested school administrator Jay Michaud, of Vancouver, WA, in July 2015 for viewing child pornography. The DOJ built their case using a controversial warrant, and in November Congress expanded the DOJ’s ability to get that type of warrant. As the case progressed, Judge Robert J. Bryan suggested that the DOJ could use a protective order to give relevant details about the NIT to Michaud’s defense in a limited and controlled way. Bryan also noted that he did not have the technical expertise to evaluate any DoJ disclosure himself. The Justice Department refused to pursue a protective order, though, and ultimately opted to drop charges rather than reveal the secret to even a single person.
    A Wider Net

    The controversy in the case didn’t end there, though. In May, Mozilla, the maker of the Firefox browser which Tor is also partly based on, filed a brief asking that the government tell the company about the NIT if the vulnerability was present in Firefox, thereby endangering the browser’s users. The concern about hoarding vulnerabilities instead of disclosing them to be patched is that criminal hackers could find the flaws and maliciously exploit them while the government is keeping them secret for investigative purposes.

    “Mozilla has reason to believe that the exploit that was part of the complete NIT code that this Court ordered the Government to disclose to the defense involves a previously unknown and potentially still active vulnerability in its Firefox code base,” Mozilla wrote in its May submission to the court. “Absent great care, the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability.”

    In United States v. Jay Michaud the indictment will be dismissed without prejudice, meaning that the DoJ can pick the case up again within the statute of limitations (five years in this case) if it chooses. Federal investigators may be gambling that they can drop the case for now and pick it up again in a few years when technology has evolved, and the NIT has either been disclosed for other reasons or is no longer effective, says Riana Pfefferkorn, a cryptography fellow at the Stanford Law School Center for Internet and Society.

    “It’s an interesting avenue to think about whether we might start seeing longer gaps between an alleged offense and an indictment if the government is trying to sort of run out the clock on the utility of its hacking methods.” Pfefferkorn says.

    This approach also creates uncertainty for suspects, who are presumed innocent until proven guilty. Jay Michaud will have to wait five years knowing that the DoJ has a case against him, but unsure of whether it will ever pursue the prosecution again.

    The drastic measures to hide this exploit may indicate that this particular NIT isn’t just used for domestic criminal cases, but national security investigations as well. “Outside of terrorism-related prosecutions in the FISA context, I can’t think of [situations] where the government uses some type of classified surveillance technique to go after regular domestic crimes—it’s pretty unprecedented,” says Mark Rumold, a senior staff attorney at the digital rights group Electronic Frontier Foundation.

    The classified status is one of the many techniques DOJ has used to avoid disclosing the NIT, and the government seems to be using cases like United States v. Jay Michaud as a training ground to figure out how to keep hacking tools secret. All that’s certain is that the feds have dropped a case against an alleged child pornographer, with some unknowable trade-off down the road.

    “It does seem to provide this moral hazard that if the government believes they can get away with it, that would seem to incentivize them to push the envelope,” Pfefferkorn says. “And my sense is that the government is continually pushing the envelope in what kind of surveillance it will ask courts to authorize.”

  5. reuters -Wikileaks’ CIA hacking dump sends tech firms scrambling for fixes

    Tech companies must rapidly step up information sharing to protect users from prying eyes, a security software executive said on Wednesday after WikiLeaks released a trove of documents detailing the CIA’s capacity to hack all manner of devices.

    Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization’s revelations, although some said they needed more detailed information on what the U.S. intelligence agency was up to before they can thwart suspected, but previously hidden attacks.

    Sinan Eren, vice president of Czech anti-virus software maker Avast, called on mobile software makers Apple (AAPL.O) and Google (GOOGL.O) to supply security firms with privileged access to their devices to offer immediate fixes to known bugs.

    “We can prevent attacks in real time if we were given the hooks into the mobile operating system,” Eren said in a phone interview from Silicon Valley, where he is located.

    “If we can drive a paradigm shift where mobile platforms don’t shut off access, we’ll be better able to detect when hackers are hiding in a mobile (phone)”, he said.

    Avast, which counts more than 400 million users of its anti-virus software worldwide, was named in the Wikileaks documents as one of the security vendors targeted by the CIA in a leaked page labeled “secret” but with no further details.

    The leaks – which Wikileaks described as the biggest in the Central Intelligence Agency’s history – had enough technical details for security experts and product vendors to recognize widespread compromises exist. However, they provided few specifics needed to offer quick fixes.

    Reuters could not immediately verify the validity of the published documents, but several contractors and private cyber security experts said the materials appear to be legitimate.

    The 8,761 leaked documents list a wealth of security attacks on Apple and Google Android smartphones carried by billions of consumers, as well as top computer operating systems – Windows, Linux and Apple Mac – and six of the world’s main web browsers.

    Apple said in a statement that nearly 80 percent of iPhone users run its current iOS software with the latest security patches. “Many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said on Tuesday. The statement made no reference to attacks on its computer software.

    Google did not immediately respond to a request for comment, while a Microsoft spokeswoman said: “We’re aware of the report and are looking into it.”

    Widely-used routers from Silicon Valley-based Cisco (CSCO.O) were listed as targets, as were those supplied by Chinese vendors Huawei [HWT.UL] and ZTE (000063.SZ) and Taiwanese supplier Zyxel for their devices used in China and Pakistan.

    Cisco security team members said in a blog post that because WikiLeaks has not released any of the actual hacking exploits “the scope of action that can be taken by Cisco is limited”.

    Omar Santos, a principal engineer in Cisco’s security response unit, said malware appears to be targeting whole families of Cisco devices but is designed to remain hidden so as to steal data unnoticed. He said Cisco assumes WikiLeaks will eventually disclose the hacks, allowing it to fix them.

    Huawei declined to comment. ZTE and Zyxel were not immediately available to respond.


    Messaging apps protected by full software encryption also appear to be vulnerable to hacking of the smartphones themselves, communications app provider Telegram said in a blog post. But one positive outcome may be that device and software makers will be able to close up these holes, it said.

    “This is not an app issue. It is relevant on the level of devices and operating systems like iOS and Android,” Telegram stated, adding that: “The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn’t start worrying just yet.”

    The WikiLeaks collection contains a mix of copious data and empty files marked “secret” that promised more details to come on attacks against more than 15 security software firms.

    U.S. cyber security expert Robert Graham said Wikileaks provided enough detail to recognize some known vulnerabilities.

    “One anti-virus researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak,” Graham said in a blog post.

    Some security experts said the CIA’s possible use of tools from other spy agencies raised the risk of false attribution for targeted cyber attacks by the U.S. intelligence agency.

    He said CIA cyber spying efforts could be set back years.

    The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

    WikiLeaks said it aims to provoke a political and legal debate over the CIA’s cyber arsenal. However, it was holding back, for now, much of the technical documentation that would allow other hackers and cyber criminals to exploit the hacks – while putting vendors on notice to expect further revelations.

    The organization said in a statement it is “avoiding the distribution of ‘armed’ cyber weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published”.

    It describes sophisticated tools for targeting the devices of individual users, in contrast to the revelations by former National Security Agency contractor Edward Snowden’s of mass data collection on millions of web and phone users worldwide.

  6. DAILY MAIL – It’s all Obama’s fault! White House says CIA programs exposed by WikiLeaks ‘occurred under the last administration’ as he complains about Democrats’ selective outrage

    White House press secretary Sean Spicer underscored for reporters that CIA programs exposed this week by WikiLeaks were all from the Obama era
    ‘All of these occurred under the last administration – that is important – all of these alleged issues,’ Spicer said Wednesday
    U.S. intelligence and law enforcement officials have been aware since late last year of a CIA security breach that led to the WikiLeaks document dump
    Spicer also complained that Democrats were more upset last year when a Gmail account belonging to Hillary Clinton’s campaign chairman was hacked

    The White House on Wednesday blamed the Obama administration for CIA snooping programs whose details were disclosed to WikiLeaks this year.

    And press secretary Sean Spicer carped about a lack of media coverage, compared to a torrent of news stories about 2016 document leaks that hurt Hillary Clinton’s White House ambitions,

    ‘All of these occurred under the last administration – that is important – all of these alleged issues,’ Spicer told reporters.

    WikiLeaks describes its latest trove, planned for rolling release in the coming weeks, as covering the years 2013 to 2016.

    And Reuters reported Wednesday afternoon that U.S. intelligence and law enforcement officials have been aware since late last year of a CIA security breach that led to the WikiLeaks document dump.

    Two officials said they were focusing on government contractors as the likeliest source of the leak.

    That means the materials were likely served up on a silver platter to the anti-privacy organization before President Donald Trump took office.

    Spicer said Wednesday that Trump is committed to punishing leakers,

    ‘We will go after people who leak classified information. We will prosecute them to the full extent of the law,’ he said.

    ‘This is – playing with our nation’s national security is not something that should be taken lightly under this administration.’

    Spicer also complained about a lack of outrage among Democrats following the publication of 8,761 documents and files this week.

    Among Democrats in Congress, he said, ‘you had member after member talking about disclosures that occurred during the last administration.’

    Spicer was referring to the damaging election-year WikiLeaks publication of an email archive belonging to Hillary Clinton campaign chairman John Podesta.

    ‘When it dealt with Hillary Clinton, there was complete outrage about the leaks that occurred, members calling for investigations into the leaks. It’s interesting how there is sort of a double standard with when the leaks occur, how much outrage there is,’ he said.

    ‘There is a big difference between disclosing John Podesta’s Gmail accounts about a back and forth, and his undermining of Hillary Clinton and his thoughts on her on a personal nature, and the leaking of classified information,’ Spicer insisted.

    He also mentioned Democrats’ 2016 obsession with the Justice Department ‘when there was potential that the FBI had leaked certain information’ last year.

    ‘The members of Congress on the other side of the aisle, Hillary Clinton and others talked about how there was so much concern about classified information,’ Spicer said.

    ‘We’ve seen such silence in outrage from the media, from others, with the current disclosure now.’

    ‘There should be a lot more coverage of this,’ he added. ‘This alleged leak should concern every single American in terms of the impact it has on our national security.’

Leave a Reply

Your email address will not be published. Required fields are marked *