It’s been windy for several days now, too windy to sail anywhere and almost too windy to even get off the boat. Shelly has been taking advantage of this time to work on her new iPhone app. I had run out of projects to do and was getting fairly bored. Until today.
Why did I tag this under the “sailing” category? Because if we were sailing, I would not have investigated this to the degree that I did. Ignore the rest if you are not interested in cyber security.
Yesterday, Wikileaks published the first part of semi-raw data supposedly leaked or stolen from the Central Intelligence Agency. The documents supposedly cover the CIA’s cyber spying operation and Wikileaks claim it is “…the largest ever publication of confidential documents on the agency.” Wikileaks claims that the CIA employs at least 5000 “hackers,” as Wikileaks characterizes them, and characterizes this as the CIA’s “own NSA.” This seems highly plausible as government agencies like to be completely independent of each other even though there is a lot of overlap. Overlap with the NSA in this case, or really any number of other three-letter agencies who employ “hackers” such as the FBI, DHS, etc.
Having somewhat of a professional interest in this area (and nothing better to do), I sampled some of what Wikileaks released. Specifically, I looked at a cryptographic requirements document and a “tradecraft” document.
The crypto requirements for their software spy tools is excellent and the tradecraft doc, which describes special practices necessary when writing spyware, enumerates robust techniques that a professional spyware creator would certainly use. Also, some of the trivial files, which appear to be from the personal directories of real people, look to me to be the kind of thing a professional “hacker” would have in their directory, whether in the CIA or not.
Many media outlets preface their stories about this with, “…if this is real.” In my opinion, based on a long career working with, and against, the type of people who would create such spyware, as well as my specific experience in the cyber security realm, this is either an extremely well done hoax or it is the real deal. If this were a hoax, I can’t imagine any one or group who were not highly experienced in computer science, engineering, cyber security AND spyware techniques could produce such an archive and what would be the point if they did?
Media: This leak is real.
So unfortunately, this is yet another highly damaging leak in the United States cyber intelligence machinery. It is more damaging than the recent NSA leaks because these documents describe tools and techniques up to 2016, whereas the NSA leaks were not newer than 2013, if I recall correctly.
This will force the cyber intelligence agencies to rewrite a significant number of their cyber spyware tools, a very expensive proposition, though quite do-able. The good that comes from this? Apple, Microsoft, Google and many other cyber manufacturers will fix gaping holes in their products. Too bad the U.S. Government doesn’t have such an enthusiastic division dedicated to finding and fixing these holes, instead of exploiting them.
Expect things to get worse before they get better in the Internet-of-Things world.
Posted in Cyber Security, Sailing by Mark with .