By Ciro Metaggiata)
03/24/17
http://www.difesaonline.it/evidenza/cyber/la-dura-legge-del-controspionaggio-svelati-angelo-piangente-pterodattilo-e-le-altre
The news quickly made the rounds of the world at the beginning of the month: WikiLeaks, the organization headed by Mr.. Assange, came into possession of more than eight thousand files leaked by the CIA server, from which emerge "disturbing" spy programs based on amazing "cyber-weapon". The media have highlighted that the agency would even be able to spy on unsuspecting citizens, through the smart TV. Amazement, indignation, diplomatic tensions and, more than anything else, so much sensationalism useful to the media to fill the news pages, print and web, for a few days.
But what's really sensational in that the transaction in question, named by WikiLeaks with "Vault 7" code, unveiled? Perhaps, that governments do, and intelligence that make it especially abroad? Or that the cyberspace has become the local favorite hunting by the Secret Service? Or, again, that the smart electronic devices we use every day are real "sieve" from a security point of view? No, nothing of all this obviousness is sensational. Only the hypocrisy of governments and the general media and the common lack of education on cyber security can be "shocking" believe such news.
The real novelty, however, are at least four other: some used by the CIA hacking techniques innovative, the fact that these and other have escaped to the agency's control, the interweaving with the case, all Italian, "Hacking Team" and 'yet another resounding failure of US counterintelligence.
But before addressing these issues we must have a premise: the majority of experts agrees that the material released by WikiLeaks, which is only a first tranche of the total stolen, is authentic and that it will still take a long time to analyze it completely.
Point one. The arsenal of the CIA revealed is very vast and includes both techniques developed on their own, also in collaboration with private (so-called contractor) is sent across the network techniques, taken as such or adapted to the needs of the agency. It is so vast and diverse the range of cyber-CIA weapons, which WikiLeaks has caused grouped into six types to allow to orientate. In particular, one of these has been preferred by the media to make "sensational" the scoop. Specifically, in the category "Embedded Branch" (ie hacking of everything that has an operating system but which is neither a personal computer or a smartphone) we find the famous Weeping Angel (Weeping Angel), which aims to transform Samsung TV model F8000, in clandestine listening environment tools. Once infected, these TV, even when they seem to be switched off, send everything that is picked up by the microphone and by an onboard camera, to servers under the control of the CIA.
Even Pterodactyl (Pterodactylus) is part of the Embedded family and is special: it is a malware, not really sophisticated, contained in USB drives or in small cards, which allows for rapid and illegal copy of the floppy disk contained 3.5 " . what will this "dinosaur"? it is probably intended to obsolete systems but still in service, used for special applications. in these applications they do exist and even unthinkable that, for example, the American nuclear arsenal management system, dating back to last century.
The plethora of Vault with 7 revealed malware is truly remarkable and covers virtually any operating system, even in newer versions. Indeed - and this is what really impresses - some would be able to penetrate the core of Apple's operating systems, Microsoft and Linux (the so-called kernel, that is the fundamental code lines, at the base of their operation), so far considered inviolable, going to modify them in order to take control of the devices that host them. If confirmed, this could be a nightmare for the producers, who would find themselves practically to rewrite their operating systems. Therefore, they should be QuarkMatter and Hive to scare most other malware, however, probably not coincidentally, on their behalf have been published yet little information. Moreover, even encrypted chat would be safe but also that aspect not much is known. Then there are dedicated malware to network devices such as routers or switches of the most common brands and others that spread through USB memory or even through CDs and DVDs, so no need networking. In short, we salva ben little dall'armamentario CIA. Note that many of the techniques traceable in the WikiLeaks files are not applicable "remote", ie comfortably seated behind a keyboard
But requiring action "on the spot". So it is not surprising that, according to what has been learned, the agency has (or had) a basis for hacking operations "covered" by the US consulate in Frankfurt in Germany.
Second point. The material published by Assange's site is not recent and it seems that circles among the hacker community for some time now. This is probably the most serious aspect of the matter: since the cyber-weapons are outputs from its servers, the CIA has lost control and then the world is certainly a less safe place. Especially when you consider that if one part of many software and hardware manufacturers will run for cover, trying to fix the security flaws exploited by the agency, on the other updating their products take time and it is said that all customers they will do it and they will do it properly. In the meantime, we can bet that the network already proliferating variants of malware stolen. Bad situation.
Point three. The CIA team, appointed to monitor and record all news concerning hacking techniques, long ago came across the material of a small and, until then, little known Italian company: Hacking Team. It was 2015 and the case went around the world: strangers had spread for malware network, mostly in espionage, made by small Milan company for the intelligence services, legal prosecutors and the Italian police and for other foreign customers. It is natural to draw a parallel with the case of the CIA and, as now, even then national security was hard hit. If only because the outbreak of the event, in addition to spreading sophisticated malware that unfortunately will certainly only inspired the CIA, has probably compromised some sensitive counterterrorism investigations under way in those days.
Last point. The strategically important security projects, always at least one thing in common: paranoid attention to possible leaks of information. The counter in some cases creates a real asphyxiating "bubble" of protection around the components of the working groups, in order to prevent that leak out even the slightest information about the activities carried out. That said, amazed and dumbfounded they leave some resounding failures counterintelligence USA weblog, promptly exploited by WikiLeaks: Manning before the case, then what Snowden, up to 7 Vault operation a few days ago. Even in the latter case, in fact, more than the organization's hacking ability to Assange, the revelation of cyber-secret CIA seems to be due, rather, to another sensational leak of files by officials, agents operational or private consultants hired by the agency. Probably the background is not enough to make people feel the need to review the counterintelligence procedures. Yet Manning, at the time, was a soldier in short stops that were entrusted tasks of intelligence analyst after only a couple of years of service, while Snowden (former CIA officer) was a private consultant to the National Security Agency (he set on his own after working for the same agency). In short, the threat of "untrustworthy employee" is always around the corner.
One last thought: in the face of so many Americans sensational scandals, "Iron Curtain" it seems that the counterintelligence functions very well. The Russian government is brought up to be responsible for almost any cyber attack, yet not leaked even incontrovertible evidence of his involvement (which, however, could only come from the inside). Counterintelligence infallible or is there more? But that's another story.
Main sources:
http://formiche.net/2017/03/09/wikileaks-cia-intelligence-cybersecurity/
www.wired.it/amp/174350/attualita/tech/2017/03/13/funzionano-davvero-cyb ...
www.repubblica.it/esteri/2017/03/07/news/wikileaks_cosi_la_cia_ci_spia-1 ...
http: //www.ilfattoquotidiano.it/2017/03/07/wikileaks-diffonde-documenti -...
http: //www.lapresse.it/wikileaks-germania-prendiamo-sul-serio-accuse-a-c ...
www.repubblica.it/esteri/2017/03/08/news/wikileaks_cnn_usa_aprono_indagi ...
https: //www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-f ...
More at source above.
---
IZAKOVIC