Hacker News new | past | comments | ask | show | jobs | submit login

Technically, there is absolutely nothing impressive whatsoever, in the archive released yesterday; I went through the entire thing. Relative to the Snowden leaks, the CIA tools look benign. The biggest difference between the two sets of leaks(and subsequent NSA revelations) however, is scale & automation. NSA's tools are built almost entirely by contractors. The 'hacking' tools are integrated with deployment tools, as well as data collection. For example, say I work for the NSA and I want to see Bob's desktop wallpaper. I already have some generic social network information, as well as ISP info on bob, and he has already been assigned a 'selector,' which I use to query Bob's information, which was gathered from all sorts of sources. Assuming I don't already have a RAT or similar installed on Bob's computer, a further step is required. The NSA has many redundant attacks entirely automated, and most of the massively successful attacks, require some sort of MITM attack. Schneier released a video(on October 26th 2016, I think - if not real close to that date,) of some sort of intelligence meeting he spoke at, with just a handful of people, where he claimed he was going to bring something to light that had not previously been revealed anywhere in public. He revealed that the majority of home routers in the U.S.(commonly believed to be the ones provided by ISP, which run a custom Linux distro, with half a dozen internal subnets, mine runs on Arris hardware, has full busy-box, and used to contain a root pivot script that was previously accessible via ssh, on an accidentally unsecured network interface, within an obscure IP range, whos shell login turned out to be the commonly available Arris rolling code('arris pw of the day?'). The embedded Linux running on the device is based on the "RDK project" as is the DVR's and modem/router combos from a variety of other ISP's. Supposedly this is patched(for arris) but I haven't attempted any further investigation since August 2016. I believe the backdoor was simply a poorly designed interface between the router and the technician GUI software.) Sorry for the unnecessary details, but I've already typed it out now. Schneier revealed that these routers(HE never specified which, but said they are everywhere), referred to by the NSA internally as 'diodes'. The diodes are used(automatically) to provide better proximity to other users, not necessarily the target, where the plethora of attacks are then executed from. The initial development costs are immensely greater than those of the CIA's, much easier and cheaper to use, by the lay person, and are more carefully controlled/depend on the system hosted by the NSA. While proximity attacks are not the only method of intrusion/full control, the next best, or perhaps better alternative is Acidfox, which is often delivered via email/browser, and requires user intervention. Clearly the NSA is leaps and bounds ahead of CIA in terms of sophistication, as well as control/oversight, as you can't just walk out the door with an archive containing 75% of their tools(they depend on infrastructure.) The CIA attacks depicted in the Wikileaks archive, almost all require manual intervention, are less reliable, and 'janky' as hell. The CIA has a record of using their tools for less than honorable/legal purposes(which may be further elaborated on, depending on what goes down with the Trump wiretaps,) either way, the CIA hacks seem like a waste of time and money (5000 employees at the consulate in Germany) and redundant. The CIA must be able to utilize the NSA's vastly superior technology/information after receiving a warrant, which makes the motives and means all the more suspicious. Who knows what will come out, but one thing is for certain, there will be a lot more information revealed pertaining to the illegal, unwarranted, for personal gain, sharing of their tools with ex employees and contractors, in the coming weeks. I could go on for ages on this stuff, but I usually just get instantly downvoted, and I'm not providing sources(as it's all from memory[pro memory,] but it's all easily duckduckgo-able [or google.]) There are certainly more sophisticated employees and programs at the CIA(obviously), but I have a feeling that the shindig over in Germany consists mostly of this sort of thing, cheaper, younger, less experienced kids, copy & pasting junk together, customized and deployed on a case by case basis. I also have a feeling that the reasons Obama set that up, is going to be an interesting narrative which we will soon watch unfold. (hint: 7th floor group; aka 'shadow government') P.S. I refuse to go back and grammar check this monstrosity.

Edit: Maybe someone can answer this question for me.. So from the Snowden leaks, we know the extent of the NSA toolkits and the requirements which need to be met to utilize them. Now we know some of the CIA's capabilities, and after Apple refused to unlock the San Bernardino Shooter's iPhone, we found out the FBI was playing some sort of politics, by claiming that justice might not be served without Apple's intervention, and proceeded to publicly shame the ethical position Apple took. So why on earth was Obama trying to force Apple's hand in that matter? Soon as Apple said no, the FBI somehow found the single magical person willing and able to defeat the privately enhanced security of the shooter's 5S? Makes no sense to me.

Thanks for sharing. Consider breaking it up into a few paragraphs to make it easier to parse.

The most interesting tool I found in the leaks was the bug that jumps airgap to make Nero burn trojaned binaries. If we see more tools like this come out of the woodwork, it shows that the CIA is at least in some ways keeping their teeth sharp.

I believe that the FBI and Obama both played politics for a few reasons, namely:

- Obama and the FBI probably withheld a reasonable amount of information from each other regarding the case

- This was all a charade to bring the topic into the public sphere. It backfired, but the aim was to allow future high-profile cases on which concurrent evidence trails are harder to establish. Once it backfired, Comey came out with a public letter admonishing the American people, comparing us to children. He stated that with Rule 41 coming into effect, the FBI would use its expanded powers to collect information for the following year. They would then use that information in an upcoming "adult conversation" the FBI wishes to have with the public about the future of open, libre encryption.

We should be expecting that "conversation" to take place this year. And I don't expect it to be much of a dialogue so much as a monologue. I expect the FBI to either directly or indirectly (thru Wikileaks, etc) release information that "proves" that backdoored encryption and its inherent reduced security is necessary for public safety. There is a saying we all know and love about the merits of this particular trade-off

I'm certain the FBI always had that contact on standby. They probably received multiple unprompted bids from various hacking companies during the public run of the case. They wanted to flex how much pull they had over a giant like Apple. Even though they seemingly failed, they came out with a huge data point: The American people need further brainwashing and ideological shifting before attempting a full coup over libre encryption in America.

I hope that things make a little more sense now.

I don't think they wanted to flex muscle over Apple, I think they were trying to build case law for situations like this. Also breaking into a phone with an exploit like this is expensive and if they have an exploit, they might not want to publish that they have it in the future so having the backdoor provides deniability even if it's fundamentally dumb.

/puts on tinfoil hat

There is also the other option which is that trust in American tech companies has been sketchy at best following the NSA leaks and this was a chance for the Obama administration to allow companies to reestablish some legitimacy when it came to security by making the US government look evil but having the corporations 'prove' that they are not backdoored by the NSA. They can still break in the covert way, but it makes it look tech companies are not as compromised as the NSA leaks would suggest.

/puts tinfoil hat

they might also used the whole stunt as a way to inform the public that they have the capability so that next time around at the interview goes "look kid, we do have the capability to unlock the phone, but it's costly, nasty, annoying for everyone involved and will put your refusal in a very very bad light in front of the judge and jury, why you don't just give the code and we tell the judge you cooperated?"

To be frank, the whole concept of "plea bargaining" in US law is a vulnerability, broadening the attack surface for many otherwise less harmful vulnerabilities.

Yeah! If only we could make the courts and the wider legal system cheaper.

Interesting, hadn't thought of this, nor the previous comment's theory.

Hadn't thought about it like that. Interesting. Was too late to edit when I saw your comment. Unrelated: Most interesting thing to me, of this nature(was from the snowden leaks) is known as 'RAGEMASTER;' an RF retro-reflector built into a vga cable(deployed by intercepted packages between computer supplier and target I believe) which allows NSA to observe the contents of a vga signal remotely, using radar, and subsequent re-modulation and sync of the signal.. Totally bizarre.

Edit: https://leaksource.files.wordpress.com/2013/12/nsa-ant-ragem...

This comment with paragraphs:


Thank-you. That wall of text was impossible to read.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact