SCF Advanced Search


Members
Stats
  • Total Posts: 31878
  • Total Topics: 9597
  • Online Today: 1322
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: 8.700 documents related to CIA's cyber-spying tools PUBLISHED by WikiLeaks  (Read 433 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7456
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


WikiLeaks has released more than 8,700 documents it says come from the CIA’s Center for Cyber Intelligence, with some of the leaks saying the agency had 24 “weaponized” and previously undisclosed exploits for the Android operating system as of 2016.

Some of the Android exploits were developed by the CIA: https://wikileaks.org/ciav7p1/cms/page_11629096.html , while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday: https://wikileaks.org/ciav7p1/index.html

Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.

The documents show the CIA “hoarding” undisclosed, or zero-day, exploits for a number of systems, despite promises from former President Barack Obama’s administration to share the vulnerabilities with vendors, according to WikiLeaks analysis.

The CIA declined to comment on the authenticity of the leaks. The documents, which cover the years 2013 to 2016, amount to the “largest ever publication of confidential documents on the agency” and the “entire hacking capacity of the CIA,” WikiLeaks claimed.

Some documents released describe how the spy agency used malware and hacking tools to target iPhones and smart television sets. Others detail the CIA unit’s efforts to compromise Windows, Apple’s OS X, Linux, and routers.

One attack, called Weeping Angel: https://wikileaks.org/ciav7p1/cms/page_12353643.html , targets Samsung smart TVs and was developed by the CIA and the U.K.’s MI5, according to WikiLeaks’ analysis of the documents.

The Weeping Angel attack attempts to place the target TV in a “fake-off” mode to trick the owner into believing the devices is off when it is on. In the fake-off mode, the TV set can be used as a bug, recording conversations in the room and sending them over the internet to a CIA server.

In late 2014, the CIA was also looking for ways to infect vehicle software systems, according to one document: https://wikileaks.org/ciav7p1/cms/page_13763790.html

The CIA unit’s cyber weapons could create serious problems if the agency loses control of them, WikiLeaks editor Julian Assange said in a press release.

“There is an extreme proliferation risk in the development of cyber ‘weapons,’” he said. “Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade.”

Samsung and Google, the creator of the Android operating system, didn’t immediately respond to questions about potential CIA attacks against their products.

(PCW)

Samker's Computer Forum - SCforum.info

Sponsored Links:




Samker

  • SCF Administrator
  • *****
  • Posts: 7456
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
RE: Detection tool for CIA's rootkits - download by Intel Security
« Reply #1 on: 12. March 2017., 11:27:15 »
Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.

The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.

The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.

EFI, also known as UEFI (Unified EFI), is the low-level firmware that runs before the operating system and initializes the various hardware components during the system boot process. It's the replacement for the older and much more basic BIOS in modern computers and resembles a mini operating system. It can have hundreds of "programs" for different functions implemented as executable binaries.

A malicious program hidden inside the EFI can inject malicious code into the OS kernel and can restore any malware that has been removed from the computer. This allows rootkits to survive major system updates and even reinstallations.

In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant."

The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components: https://github.com/chipsec/chipsec
It can be run from Windows, Linux, macOS, and even from an EFI shell.

The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

If the tool finds any binary files that don't match the clean EFI list, it's possible that the firmware has been infected. The rogue files are listed and can then be further analyzed.

"We recommend generating an EFI 'whitelist' after purchasing a system or when sure it hasn’t been infected," the Intel Security researchers said in a blog post. "Then check EFI firmware on your system periodically or whenever concerned, such as when a laptop was left unattended": https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/

EFI firmware updates for various Mac and Macbook versions are available on Apple's support website: https://support.apple.com/en-us/HT201518

(PCW)

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising