WikiLeaks: ‘Undetectable Assassinations,’ ‘Weaponized Malware

By now you all know that on Tuesday Wikileaks released its new series of leaks on the CIA, code-named “Vault 7”.  They say it is the largest ever publication of confidential documents on the agency. It exposes the CIA’s  loss of control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.

This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

What you may not know is the extent of the information they found. It comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

In recent years, the CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

According to Fox News, the source of the information is a veteran cyber contractor for the intelligence community who previously worked in the breached unit, the CIA’s Center for Cyber Intelligence. He told Fox that CCI has long maintained an internal database of information — accessible to anyone with proper credentials or security clearance — that seemed to be dumped in total to WikiLeaks. In its news release on the disclosure, WikiLeaks said CCI had more than 5,000 registered users, a number alternatively referred to as “absurd” and “a bit high” by security experts who spoke to Fox News. The CIA declined comment to Fox News.

The following is a summary (courtesy of the Conservative Treehouse) of the information Wikileaks disclosed:

The FBI opened a federal criminal investigation into the WikiLeaks disclosure on Wednesday, Fox News confirmed. As the probe gets underway, experts said there’s a typical incident response playbook they would use to narrow down the massive pool of suspects.

“They’re going to try to do some forensic work because those documents probably have been changed [over time], so that enables them to narrow down the period to when they were taken,” said Alex Yampolskiy, the CEO of SecurityScorecard. “They can look at audit logs of who had access to the document during that time frame.”

Regardless of the results of the inquiry, Brian Vecci, a technological evangelist for cybersecurity company Varonis, said the secret trove revealed by WikiLeaks illustrates the pervasive issue of another “major data breach of a major government organization tasked with security.”

“What’s clear to me – and this is true of pretty much every big data breach – the preventive controls were broken, or the detective controls were broken,” Vecci said. “Meaning, either too many people had access to the information, or the people that had access weren’t being recorded and analyzed. Or both.”

While it’s mind-boggling enough to know that we have an entire government department of hackers – and a duplicate to the NSA – there are several things that take it to next level of mind blowing. One, that they would focus that much time, money and effort on extensive methods to go after ‘troublesome’ individuals, as Garnet put it in his piece yesterday.

Two, that we have a government department with the power to spy on everyone with an internet connection and, three, their efforts can’t be traced back to them – in fact they can leave ‘fingerprints’ and make it appear to have been done by the Russians.

And lastly number four, that it is so horribly mismanaged, an unknown number of people could have accessed this information and leaked it without anyone’s knowledge.

Perhaps someone should tell the brainiac democrats to stop blaming the Russians for everything – it’s us.

~Kathy



Categories: Political

Tags: , ,

7 replies

  1. Outstanding post, Kathy. Very well-written.

    When debating what powers the government should or shouldn’t have with respect to cyber-spying and cyber weaponry, I would urge everyone to take the flowchart approach and follow each path to its logical conclusions. The flowchart always begins with the fundamental, root question. In this case that question is as follows:

    Should we, as the United States of America, allow ourselves to create and employ sophisticated cyber tools that enable us to defend ourselves and be prepared in a world where other nations will be using these same tools to gain the advantage on us?

    Yes or no?

    Cyber weaponry is the latest progression in a world in which the ability to compete successfully at warfare is essential to freedom. Conservatives don’t question the importance of a strong, sophisticated, well-trained and well-armed military force, and yet IN THE WRONG HANDS this force can be used against the American people just as cyber weaponry can. If we deprive ourselves, as a country, of the means to defend ourselves in the modern world because we fear our government, we put ourselves in a lose-lose situation. With this in mind, my answer to the question above is “Yes.”

    So with the correct answer being “yes,” let’s follow where that leads given what we now know about what’s actually been going on in the CIA, et al. How do we protect ourselves as a nation while also protecting ourselves as individual Americans?

    Step 1. Enforce the Constitution. As the good judge said in the link you shared with Garnet, the Constitution already protects us from gov’t overreach if we would only have the good sense to enforce it and protect each and every American by requiring a warrant based upon reasonable suspicion; AND….

    Step 2. Elect only the right people. Americans seem to think that they can have all of the protections and benefits of the Constitution while being sloppy and thoughtless in their choice of elected officials. They can’t – period. All bets are off when the wrong people are in charge, as history has taught us again and again. I cannot stress this enough: It won’t help us to tie our own hands with respect to all military options as a nation if we then turn around and allow our gov’t to be infiltrated by those who will not uphold the Constitution.

    Step 3. Stick to the conservative doctrine of limited government. Why are there so many thousands of people in the CIA and other agencies? Why do these people have access to so much information?

    Step 4. Reinstate the conservative doctrine of severe consequence for traitorous acts. We mustn’t forget that while the leakers may have opened our eyes about what our gov’t is doing to us as individual Americans, they have also shared our secrets with the world, including countries with whom we might be at war if not for our military superiority. We can be inwardly thankful to know what we now know while still holding leakers to account for imperiling us as a nation, and we must do so no matter how tempted we are to let one wrong justify another.

    Just as an aside, I followed the links to the Wikileaks site and a quick perusal found that under the heading “Redactions” it says:

    “Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.”

    My question:

    Does anyone else see the irony in Wikileaks electing to redact information according to its OWN judgment and presumed authority over information while it purports to be on a mission to unveil everyone else’s secrets? This smacks of typical liberal hypocrisy to me: Secrets for me, but not for thee.

    The U.S. needs to both clean up its act by getting back to limited, Constitutional gov’t AND by going after our enemies like Julian Assange.

    Like

    • By the way, if one were to say “No” in answer to my initial flowchart question and follow THAT path to its logical conclusion the final box would say:

      The U.S. must prepare to lose at war with other nations, because that will be the consequence of tying our gov’ts hands in the modern age of cyber warfare.

      Like

    • Great comments, CW, and you’re absolutely right on all points. Had we adhered to step 2 and chosen the right people, we would doing steps 1, 3 and 4. We’d be that strong country with a sophisticated and prepared military. We as individual citizens would be able to trust our government and know that our rights are protected.

      But, as is always the case, the Demwits are the problem. They have moved so far out into left field, they’re not even recognizable as the party they were decades ago. The Republicans with their nearly non-existent backbone, are not much better.

      That move to the far left gave us a president who had no respect for the Constitution and surrounded himself with people of like minds. There was a complete disregard for our laws, instead they were seen as challenges to overcome. He down-graded our military and he took overreach to a new level. This was made obvious when we learned we have a huge department with over 5000 people who violate our Constitutional rights every day.

      Our rights have been slipping away more rapidly ever since 9-11, all in the name of safety, but there has to be a way to preserve those rights and still pursue threats to the US.

      Was it a good thing when Assange leaked all this information? No, it wasn’t and he needs shutting down. The shame of it all, is that minus his efforts, we would have never known. On the other hand, it wouldn’t have been confirmed for our enemies either.

      Yes, we have much to clean up. The question is, will we ever have the right people in place to make it happen.

      Liked by 1 person

      • “…will we ever have the right people in place to make it happen?”

        A good place to start fixing this would be for Trump and his Republican dominated congress to undo the law that gives the POTUS the power to wire-tap any American without a FISA warrant; to make it a serious crime for any gov’t employee to look at personal data that’s been automatically collected without a proper warrant; and to make sure the FISA courts are following strict rules the protect due process.

        If they would do this, that would be a true step toward draining the swamp, and not only could Republicans own the credit for that but it would ensure that we at least begin from the right place if we lose power again.

        The problem isn’t just getting the right people, Kathy. It’s also keeping the right people. Being at war, which we are, requires constant diligence. It’s very tiring and easy to let one’s guard down. That’s how the progressives make progress.

        Like

      • Agreed, CW, that is the place to start and since this huge leak happened on Trump’s watch, he could make that a priority.

        His problem will be the House and the Senate. Good grief, I’ve seen paint dry faster than these people move, and their short work weeks will continue to stall his efforts.

        Like

  2. Coupled with Obama’s opening up the security “vault” to every acronym agency in the government in his final days, we are witnessing an “ELE” (Extinction Level Event) in our expectation of any sort of privacy. Our own government is apparently sucking up everything we communicate with others like a giant data vacuum cleaner and the worst part is – now they can even tag the stored data with foreign source credentials – as if someone else (the Russians?) actually gathered (hacked) it so it now becomes impossible to forensically determine who did the hacking. I guess that really doesn’t matter anyway, it’s become common for our own government to lie to us when it serves their purpose. We are truly screwed.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: