
The Truth About the WikiLeaks C.I.A. Cache - malmaud
https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html?pagewanted=all&action=click&pgtype=Homepage&clickSource=story-heading&module=opinion-c-col-right-region&region=opinion-c-col-right-region&WT.nav=opinion-c-col-right-region&_r=0
======
whatgoodisaroad
Perhaps a better title would be "The Truth About NYT's Level of Scrutiny
toward Wikileaks Tweets".

~~~
mmaunder
I've found that journos rely on sources to essentially write their story for
them and many clearly know nothing about the subject they're covering.

I don't think they realize this is the reason many people don't get their news
from main stream media anymore. Because you can just read the source's blog
and twitter feed.

So in this case a journo is frustrated that a source who they should have been
able to echo, and call that news, has their own agenda.

~~~
n72
You should maybe check out who @zeynep is before you suggest she knows nothing
about this subject.

~~~
dtornabene
seconded. amazing that comments like parent are bright and shiny.

------
hackuser
Can people who have read the article address specific facts the author brings
up, or specific errors in the analysis? Maybe we can have a serious discussion
right here.

I read the article and it looks straightforward to me, but I don't
independently know the facts. The analysis seems solid, but perhaps someone
knows something I don't.

Unfortunately I've rarely seen so much noise (i.e., non-contributing comments)
on HN, though the level tends to rise when someone doesn't buy into a
Wikileaks' message.

~~~
ploggingdev
The article gets all the facts and analysis right. The article is most likely
meant for a less tech savvy audience than HN i.e the average internet user who
falls for fake news such as "WhatsApp is hacked". Yes, such nonsense is
circulating on social media.

Since this article does not bring anything new to the table for us HNers and
has a reasonable number of upvotes, people start creating noise here.

------
Torgo
Everything in this article was extrapolated from 140 characters.

------
macintux
Amazing how many people fail to grasp the difference between opinion and
journalism.

~~~
vortico
Agreed, and here's a way one can easily tell. Summarize the article's new
content that it brings to the table in one or two sentences. These sentence(s)
will be easier to classify as fact or opinion as the article as a whole. I
would summarize her unique message as "Wikileaks over-sensationalizes their
releases", which may be fact if it's true (and she offered good evidence), but
90% of the rest of the writeup had little to do with that new content.

~~~
fulafel
Another way is to read the section title (in this case "The Opinion Pages").

------
AnimalMuppet
Off topic: Maybe I'm too cynical, but whenever I see an article titled "The
Truth About X", I immediately expect that it contains someone's crackpot
theory about X, rather than anything resembling truth.

~~~
wamsachel
Yep, a school teacher doesn't need to harp to their students about how they're
hearing the truth. Whereas a church pastor frequently brings it up

~~~
zaphar
Pithy statement there. But I would hope a school teacher would harp on it, and
further, that they would explain just why it is the truth. Part of their job
is taking students to detect and evaluate the truth of something.

------
nohat
>Using automated tools to search the whole database, as security researchers
subsequently did, turned up no hits.

This sounds so serious and involved, but probably took 10 seconds and just
involved ctrl-f or (even) grep.

------
rfrank
NYT defends its source of leaked information on Trump's White House,
regardless of what they do. More news at 11.

------
edge17
Not sure if this is the right place to post this, but is there some place
where one can read a description of the exploits?

On the surface, Whatsapp, Signal, etc being compromised can mean either they
are individually compromised or the platform they're on is somehow
compromised, or something else... in my experience journalists have the
incentive to just pick the headline that is the most sensational rather than
the most informative.

~~~
duskwuff
Generally speaking, most of the "exploits" I've seen so far have fallen into
the mundane category of "if you have full access to the computer/device, you
can inject code into target applications to exfiltrate information". This is
more of a demonstration of the platform's security than of any specific
application -- if you can get the user to run code, all bets are off.

For what it's worth, iOS has come out of this looking _very_ safe. The CIA is
essentially riding on the coattails of jailbreaks, which have been getting
increasingly rare.

------
multinglets
Oh cool another round of "but they can't spy on the _whole_ internet" from
media stooges and their dumbass readership who haven't seen the pattern that's
been going on for 20 fucking years now.

~~~
jaimex2
Yep, and the nytimes's reputation takes another hit on #fakenews

------
hrodriguez
> Device and information insecurity, overzealous surveillance by governments —
> these are real concerns that call for real attention.

I'm looking forward to The NY Time's Zeynep Tufekci's real discussion about
Operating Systems that spy on us, collect our data and share that data;
tracking across the internet; lack of security updates on phones; a tie-in
with PRISM (allowing the NSA unfettered access to company databases) and
anything else her top-notch "security researchers" turn up.

Maybe she can add a few words about the lack of oversight, transparency and
accountability our tech & phone companies enjoy for the privilege of
cooperating with certain government agencies. Let's get your "sources" to add
a few words about backroom deals that circumvent _The Constitution_ and the
laws of this land too. It's a big topic with many players.

Be careful though, Mrs Tufekci. This kind of _real_ news will get you into hot
water with your masters.

I'm sure she'll get to it after another hit-piece on Wikileaks for actually
bringing this discussion to the table instead of trying to kill it. That is,
once she gets over her political biases (which are sprinkled throughout the
article) and does some _real_ journalism.

Security and Privacy are issues that need "real attention" and not something
that gets tacked on at the end of an article and forgotten.

*edit: word

~~~
norikki
This is standard operating procedure at propaganda outlets like NYT/Washington
Post Et Al. It's called "burying the lead". When the crux of an issue is
buried as a footnote in the last paragraph.

The controlled media will quibble over symantics of a Tweet and ignore the
shocking truth that innumerous government agencies can aquire blackmail on
anyone they want at any time without even breaking the law; and if they fear a
journalist or leaker sufficiently, cause a high speed car or plane crash to
get rid of them.

~~~
untog
> This is standard operating procedure at propaganda outlets like
> NYT/Washington Post Et Al.

It's an opinion piece. It's literally _right there in the title_ that you
should expect someone to be expressing an opinion, not engaging in objective
reporting.

------
gens
As an outsider whose only contact with New York Times is from submissions
here, it seems that they don't know what they are talking about most of the
time.

------
revelation
I love how the NYT turns their own ignorance of technology into some
condemnation of WikiLeaks. That tweet is perfectly fine. What exactly do they
believe "bypass" to mean? Of course their own misstep here is only referred to
as "a honest misunderstanding" of the generic "press".

The article then goes on to explain what should have been researched from the
beginning and delivers the brilliant sentence

 _This should not come as a surprise._

Right. Here is the salient excerpt from the WikiLeaks release _linked in the
tweet_ (!):

 _These techniques permit the CIA to bypass the encryption of WhatsApp,
Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones
that they run on and collecting audio and message traffic before encryption is
applied._

You turned a tweet into a press article, didn't bother to read the referred
article and then have the audacity to depict that as some sort of deliberate
misinformation campaign in yet another article instead of simply admitting you
rushed for the clicks. On the upside, it is now much clearer that it's maybe
not only WL that is in the business of misinformation..

~~~
dogma1138
Not really, having a rootkit on a device allows you to bypass anything this is
a given.

Wikileaks tweets are also quite demagogic and are tailored for maximum effect,
these "techniques" do not actually allow the CIA to bypass the encryption,
bypassing the encryption is a whole other thing completely what it does is
allow the CIA to read anything on the phone and use any of it's hardware
sensors.

Overall the problem with this leak specifically it that there is so far
nothing damning, this is exactly the toolkit a modern intelligence agency
should have, in fact this is likely to kiddy stuff not the rogue nation
targeting kinetic payloads.

What it doesn't show is who these tools target, if Wikileaks to be believed
the NSA only targets journalists and human rights activists whilst in reality
this isn't the case.

Unlike the NSA the CIA is also not interested in mass surveillance, the CIA
produces intelligence analysis primarily revolving around humint sources and
targets, which means that their operations tend to be much more targeted a
SIGINT agency which relies on bulk data collection.

~~~
rfrank
> ...these "techniques" do not actually allow the CIA to bypass the
> encryption...

The definition of the word bypass is, "a secondary channel, pipe, or
connection to allow a flow when the main one is closed or blocked." How is a
rootkit not bypassing encryption? It doesn't _break_ encryption.

> Unlike the NSA the CIA is also not interested in mass surveillance...

Why do you believe this to be true?

> Overall the problem with this leak specifically it that there is so far
> nothing damning

The wholesale violation of 4th Amendment protections isn't damning to you?

~~~
hackuser
> wholesale violation of 4th Amendment protections

Where is there a violation of the 4th Amendment? The 4th Amendment is not
about capabilities, which always have existed in one form or another (e.g.,
reading people's mail), but about legal authorization to use them.

