Your browser does not support the HTML5 canvas tag.
Εγχειρίδιο χειρισμού κρίσεων λόγω πολιτικών ΔΝΤ από τη CIA! / Already confirmed: Civil liberties under attack! / Greece's creditors gone completely insane! / How the global financial mafia sucked Greece's blood / ECB's economic hitmen / The German Thatcher confirms bureaufascists' plans! / Η Μέρκελ επιβεβαιώνει τα σχέδια των γραφειοφασιστών! /Greece: the low-noise collapse of an entire country/ How the neoliberal establishment tricked the masses again, this time in France / Ενώ η Γερμανία προετοιμάζεται για τα χειρότερα, η Ελλάδα επιμένει στο ευρώ! / Ένας παγκόσμιος "proxy" πόλεμος κατά της ελευθερίας έχει ξεκινήσει! / McCarthyism 2.0 against the independent information / Ο επικεφαλής του "σκιώδους συμβουλίου" της ΕΚΤ επιβεβαιώνει ότι η ευρωζώνη είναι μια χρηματοπιστωτική δικτατορία! / It has started: A global proxy war against freedom! / Βαρουφάκης: Το ΤΧΣ δεν ελέγχεται από το δημόσιο! / Η Ευρώπη συνθλίβεται από τους φασίστες, τους ισλαμοφασίστες, τους γραφειοφασίστες και τα αφεντικά τους / Europe crushed by the fascists, islamofascists, bureaufascists and their masters / Δεν γίνεται έτσι "σύντροφοι" ... / Panama Papers: When mainstream information wears the anti-establishment mask / The Secret Bank Bailout / The head of the ECB “shadow council” confirms that eurozone is a financial dictatorship! / A documentary by Paul Mason about the financial coup in Greece / The ruthless neo-colonialists of 21st century / First cracks to the establishment by the American people / Clinton emails - The race of the Western neo-colonialist vultures over the Libyan corpse / Επιχείρηση Panama Papers: Το κατεστημένο θέλει το μονοπώλιο και στις διαρροές; / Operation "looting of Greece" reaches final stage / Varoufakis describes how Merkel sacrificed Greece to save the Franco-German banks / France officialy enters the neo-Feudal era! / The US establishment just gave its greatest performance so far ... / A significant revelation by WikiLeaks that the media almost ignored / It's official: the US is funding Middle-East jihadists! / Οι αδίστακτοι νεο-αποικιοκράτες του 21ου αιώνα / How to handle political unrest caused by IMF policies! / Πώς το νεοφιλελεύθερο κατεστημένο ξεγέλασε τις μάζες, αυτή τη φορά στη Γαλλία

16 March, 2017

CIA hacking tools revealed

WikiLeaks

Part 7 - How the CIA dramatically increased proliferation risks

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7" — the CIA's weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator's intent.

Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired. However the analogy is questionable.

Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.

A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.

Source and links:


[1] [2] [3] [4] [5] [6] [8] [9]

No comments:

Post a Comment