Vault 7....For all we know the CIA may have hacked the Democrats

[barbos]

So anyway, Wikileaks released a lot of stuff that could get people killed. Are they liable for this?

They have not released tools yet.

 

[Jarhyn]

So anyway, Wikileaks released a lot of stuff that could get people killed. Are they liable for this? This isn't some sort of bullet point list with critical information redacted to prevent other people/organizations from getting to use the tech as well. They put it all out there. For anyone to use until the holes can be plugged up. It isn't as if Wikileaks sent it to Apple and Samsung, etc... as a paper to let them know this was being used to exploit their tech. We aren't talking embarrassing emails, we are talking about being able to exploit a whole lot of electronic devices.

This action can create a lot of harm, and Wikileaks is guilty of putting it all out there. What can be done? What should be done? While Wikileaks had dropped in my favor several years ago, and I was suspicious whether they could remain a moral advocate for getting out the truth, they are now heading into dangerous territory of becoming advocates for chaos. They were very reckless here, and for what gain? No one gains by them doing it this way.

The CIA doesn't care about your car today. But what about when they catch wind that you run a forum for people who in general dislike the government and on which there are people who argue consistently that even if they did care about your car, they shouldn't have the power to act on that?

I'm curious, what methods of espionage should the CIA be limited to?

As malintent outlined, there is exactly one end result for all things gleaned from national (information) security operations: publish it, shame the (target), demand fixes. WikiLeaks is, ironically (and while still, unfortunately, political in their releases) the best example of a moderately ethical intelligence organization.

 

[Mumbles]

Hold this thought until some random punks start murdering people with their own cars.
And let me get it straight, you are OK with CIA killing journalists which look into their business?

They seem to be uninterested in doing such things, and instead prefer to listen in on conversations.

Phishing is not the only way to hack things.

No, it's just the easiest way, by far.

I won't comment on what has been released on Wikileaks directly, but from what I've seen, this is a lot of breathless reporting on well-known security flaws in consumer devices. A lot of Android phones are hopelessly out of date security-wise, many internet devices are laughably insecure (thus we get internet-connected fridges at Best Buy displaying Purn, roadside signs warning us about zombies, and so forth), and most of these exploits require either phishing, or physical access to hardware.

Whether or not I *trust* the CIA is not the point - these were all well-known before reporters started clutching their pearls over some Wikileaks tweets.

 

[barbos]

They seem to be uninterested in doing such things, and instead prefer to listen in on conversations.

You don't seem too sure.
https://en.wikipedia.org/wiki/Michael_Hastings_(journalist)#Alleged_foul_play_controversy

 

[barbos]

One of the former NSA/CIA directors was on Colbert. Steve was very soft on him to say the least. Former CIA guy repeated their standard song "We don't spy on americans, we only spy on these bad guys from abroad" .... and congress, and when we want to spy on Americans we ask British for that or to hell with British we spy on them ourselves. Of course the topic of CIA actively trying to degrade security of everything in order to spy better was not mentioned.

 

[Mumbles]

One of the former NSA/CIA directors was on Colbert. Steve was very soft on him to say the least. Former CIA guy repeated their standard song "We don't spy on americans, we only spy on these bad guys from abroad" .... and congress, and when we want to spy on Americans we ask British for that or to hell with British we spy on them ourselves. Of course the topic of CIA actively trying to degrade security of everything in order to spy better was not mentioned.

Open secret - the night show hosts generally discuss what the topics will be with their guests. Most folks who have/had clearance are very cautious about these interviews, since a bad misstep can land them in prison. It's generally softballs or nothing when it comes to these guys.

And no, this isn't actually them "actively degrading" security. They will certainly take advantage of any weakness they know of, and I think it's foolish for any tech industry to rely on the CIA to inform them of any security flaw in their product - in fact, it's so foolish that I think they don't actually do it.

Does the CIA spy on Americans? Generally, no. Again, that's generally a waste of time. Never confuse this with a claim that they work for the best of every American individually - much less that they work for anyone who isn't American.

 

[whichphilosophy]

One of the former NSA/CIA directors was on Colbert. Steve was very soft on him to say the least. Former CIA guy repeated their standard song "We don't spy on americans, we only spy on these bad guys from abroad" .... and congress, and when we want to spy on Americans we ask British for that or to hell with British we spy on them ourselves. Of course the topic of CIA actively trying to degrade security of everything in order to spy better was not mentioned.

Open secret - the night show hosts generally discuss what the topics will be with their guests. Most folks who have/had clearance are very cautious about these interviews, since a bad misstep can land them in prison. It's generally softballs or nothing when it comes to these guys.

And no, this isn't actually them "actively degrading" security. They will certainly take advantage of any weakness they know of, and I think it's foolish for any tech industry to rely on the CIA to inform them of any security flaw in their product - in fact, it's so foolish that I think they don't actually do it.

Does the CIA spy on Americans? Generally, no. Again, that's generally a waste of time. Never confuse this with a claim that they work for the best of every American individually - much less that they work for anyone who isn't American.

Of course the CIA spies on who it wants to.

 

[Mumbles]

[Of course the CIA spies on who it wants to.

That's usually more of an NSA thing. And for US citizens, FBI and state/local police forces.

 

[barbos]

One of the former NSA/CIA directors was on Colbert. Steve was very soft on him to say the least. Former CIA guy repeated their standard song "We don't spy on americans, we only spy on these bad guys from abroad" .... and congress, and when we want to spy on Americans we ask British for that or to hell with British we spy on them ourselves. Of course the topic of CIA actively trying to degrade security of everything in order to spy better was not mentioned.

Open secret - the night show hosts generally discuss what the topics will be with their guests. Most folks who have/had clearance are very cautious about these interviews, since a bad misstep can land them in prison. It's generally softballs or nothing when it comes to these guys.

I know that. It was one hell of a softball.

And no, this isn't actually them "actively degrading" security.

According to Snowden they actually do. They actively inject their code into everything they can.
And you seem to forget about That iPhone vs FBI story.

They will certainly take advantage of any weakness they know of, and I think it's foolish for any tech industry to rely on the CIA to inform them of any security flaw in their product - in fact, it's so foolish that I think they don't actually do it.

Does the CIA spy on Americans? Generally, no. Again, that's generally a waste of time. Never confuse this with a claim that they work for the best of every American individually - much less that they work for anyone who isn't American.

NSA, CIA, same thing. NSA asks british when they need to spy on americans, that way it looks legal. Of course they did not ask British when they decided to spy on Congress.

 

[Jayjay]

Some of the evidence of Russian involvement is in the leaked documents themselves.

Refresh my memory with a link.

https://arstechnica.com/security/20...p-research-has-a-russians-fingerprints-on-it/

The clues come from the edits and releases made by the leaker, not from original documents of course, but nevertheless it would be impossible for CIA to "plant" anything like this after the fact. They would have to either embed documents edited with Russian-language computers into the leaked files themselves, or hack Guccifer and/or wikileaks to put the evidence in. Which would make no sense.

Only way to plant that evidence is by doing it before the leak, which would be bizarre.

And they could be "pre-planting" "russian" hackers everywhere just in case. They have a budget. They could be hacking DNC for their own purposes. Former CIA people could be doing it too. And the fact that it looked like russians means that it was made to look like that. The fact is, if CIA (and FSB for that matter) wanted they could frame anyone, and that poor bastard will go to prison for the rest of his life.

And they could have staged the moon landing. Doesn't mean that it happened.

Furthermore, this latest CIA leak of hacking methods is probably valid (Snowden seems to think so), but it has absolutely nothing to do with DNC.

Well, documents in the leak suggest that CIA hackers do try to make it look like it's Russians doing the hacking.

That is not proof of any single incident of alleged Russian hacking is done by CIA. If you want to stretch it, that doesn't even suggest that the method has ever been used in the real world (though it probably has been).

 

[Jayjay]

CIA prohibited from collecting intelligence at home. But not from hacking Senate Intelligence Committee?


CIA admits it broke into Senate computers; senators call for spy chief’s ouster

An internal CIA investigation confirmed allegations that agency personnel improperly intruded into a protected database used by Senate Intelligence Committee staff to compile a scathing report on the agency’s detention and interrogation program, prompting bipartisan outrage and at least two calls for spy chief John Brennan to resign.

Did you read the article? I wouldn't call it "hacking". The computers in question were CIA computers that were reserved for the senate committee's use. Some CIA employees snooped around and checked which databases they had accessed and even eamils sent from those machines. But nothing that actually required "hacking", because CIA already had access to these computers. It was of course not acceptable in any way, but this is more like breach of contract and violation of trust between CIA and the Intelligence Committee, rather than violation of the laws prohibiting domestic surveillance.

 

[barbos]

Refresh my memory with a link.

https://arstechnica.com/security/20...p-research-has-a-russians-fingerprints-on-it/

The clues come from the edits and releases made by the leaker, not from original documents of course, but nevertheless it would be impossible for CIA to "plant" anything like this after the fact. They would have to either embed documents edited with Russian-language computers into the leaked files themselves, or hack Guccifer and/or wikileaks to put the evidence in. Which would make no sense.

I remember that now. "Feliks Edmundovich" part suggests that these "hackers" are most likely have no connection to the government. Too humorous for FSB/KGB/NKVD/GRU. None of the clues exclude someone intentionally trying to make it look like russians did it. Article itself says that.
And CIA can still be responsible. Imagine CIA knows that there was a hack and they know it's gonna end on wikileaks. CIA then decides to make bad situation slightly less bad by dumping some of the the same documents to wikileaks themselves pretending to be russians. Wkileaks does not verify who their sources are.

Only way to plant that evidence is by doing it before the leak, which would be bizarre.

And they could be "pre-planting" "russian" hackers everywhere just in case. They have a budget. They could be hacking DNC for their own purposes. Former CIA people could be doing it too. And the fact that it looked like russians means that it was made to look like that. The fact is, if CIA (and FSB for that matter) wanted they could frame anyone, and that poor bastard will go to prison for the rest of his life.

And they could have staged the moon landing. Doesn't mean that it happened.

Furthermore, this latest CIA leak of hacking methods is probably valid (Snowden seems to think so), but it has absolutely nothing to do with DNC.

Well, documents in the leak suggest that CIA hackers do try to make it look like it's Russians doing the hacking.

That is not proof of any single incident of alleged Russian hacking is done by CIA. If you want to stretch it, that doesn't even suggest that the method has ever been used in the real world (though it probably has been).

True, but it puts forensic research in doubt.

 

[tupac chopra]

There is quite a bit about the hacks/leaks that is strange.

Guccifer2.0: Game Over

Metadata suggests that it took only 30 minutes to go from a DNC tech/data strategy consultant creating documents to Guccifer2.0 tainting them - all occurring on a date that Guccifer2.0 claimed to be after he was locked out of the DNC Network - occurring on the same day that Guccifer2.0 emerged

and

The Yandex Domain Problem

The point that I’m trying to make is that if anyone in Russia wanted to spear phish employees of the DNC, then creating a @yandex.com email address instead of a @yandex.ru email address is not only unnecessary extra effort but it makes absolutely no sense. You don’t gain anything operationally. You’ve used Yandex. You might as well paint a big red R on your forehead.
However, you know what does make sense?
That the person who opened the account DOESN’T SPEAK RUSSIAN!
He went with Yandex.com because all analysis stops with merely the name of a Russian company, a Russian IP address, or a Russian-made piece of malware. To even argue that a Russian intelligence officer let alone a paranoid Russian mercenary hacker would prefer a Yandex.com email to a Yandex.ru email is mind-numbingly batshit insane.
I have no idea who created hi.mymail@yandex.com to spear phish Billy Rhinehart, but I bet you $100 that he wasn’t Russian.
Or Who In Russian Intelligence Doesn’t Speak Russian?

 

[barbos]

There is quite a bit about the hacks/leaks that is strange.

Guccifer2.0: Game Over


and

The Yandex Domain Problem

The point that I’m trying to make is that if anyone in Russia wanted to spear phish employees of the DNC, then creating a @yandex.com email address instead of a @yandex.ru email address is not only unnecessary extra effort but it makes absolutely no sense. You don’t gain anything operationally. You’ve used Yandex. You might as well paint a big red R on your forehead.
However, you know what does make sense?
That the person who opened the account DOESN’T SPEAK RUSSIAN!
He went with Yandex.com because all analysis stops with merely the name of a Russian company, a Russian IP address, or a Russian-made piece of malware. To even argue that a Russian intelligence officer let alone a paranoid Russian mercenary hacker would prefer a Yandex.com email to a Yandex.ru email is mind-numbingly batshit insane.
I have no idea who created hi.mymail@yandex.com to spear phish Billy Rhinehart, but I bet you $100 that he wasn’t Russian.
Or Who In Russian Intelligence Doesn’t Speak Russian?

Interesting, I tried to read metadata for one of the doc files and it confirmed what they say except Feliks Edmundovich is not shown but I think it's because I don't have russian configured. If what they say about Warren Flood is true (being kicked out off of DNC network around that time) then he could be Guccifer2.0 or leaked it to him.
This 30 min theory is something that needs to be explained.
As for linguistic stuff then yes, his english is way better than that of an ordinary russian hacker, but russian intelligence surely have people who are good at english.

 

[tupac chopra]

Even more interesting is that some of the "evidence" could be due to a blunder by Matt Tait, CEO of Capital Alpha Security, aka pwnallthethings.

Russia and WikiLeaks: The Case of the Gilded Guccifer

This blunder was published in arstechnica and regurgitated ad-infinitum by the clueless and expert alike.
Although this would turn out to be Tait’s mistake — his own copy of MS Office had converted the Russian error messages back to English, a blunder he refuses to acknowledge — it would highlight a curious inconsistency in Guccifer2’s documents, and point the way to a much more interesting and complicated explanation.

And the killer

So it‘s’ clear that meta-data was deliberately altered and documents were deliberately pasted into a ‘Russianified’ word document with Russian language settings and style headings. Maybe on a VM — a Mac VM in the case of donors.xlsx? Or is this more untrustworthy meta-data?
So I think we can say for certain that the author wanted the Russian elements to be found. Like, really desperately by the looks of things.

 

[barbos]

Guccifer2 was a rushed emergency response by the DNC or by CrowdStrike (aka cyber arm of the Atlantic Council) or both, after the announcement of impending leaks, to create a ‘deception story’ providing narrative weighted links between the ‘Russian malware’ found in the DNC servers, and Wikileaks. And ultimately, to render the prospect of an independent leaker irrelevant.

LOL, they suggest what I suggested earlier in this thread
I think they have a good point about russian styles-sheet. There is a clear indication that documents were unnecessary tampered with, keyword here is "unnecessary". Russians had no reasons to tamper with documents, they would simply damped them "as is".

 

[Jayjay]

If we can't trust an anonymous opinion on a site that has no editorial control, who can we trust?

 

[barbos]

If we can't trust an anonymous opinion on a site that has no editorial control, who can we trust?

That's not an anonymous opinion, that's anonymous argument. And you clearly don't have an answer, not even anonymous answer.

 

[Jayjay]

If we can't trust an anonymous opinion on a site that has no editorial control, who can we trust?

That's not an anonymous opinion, that's anonymous argument. And you clearly don't have an answer, not even anonymous answer.

Not every troll has to be addressed. But true, I do not have a counter-argument because I did not bother reading the article due to its dubious source. If there is a specific point that tupac or you want to address, it would be better to summarize it here shortly.

On a superficial level based on the small snippet that was quoted, to me it doesn't seem odd at all that Guccifer would have opened the document only 30 minutes after it was created. If he had penetrated the DNC system and was rummaging around for a while, he could have easily noticed a new interesting-looking document and taken a look as soon as he saw it. To me this seems to support the idea that it was a hacker who had an active access to the network, rather than a leaker.

 

[Elixir]

Russians had no reasons to tamper with documents, they would simply damped them "as is".

Two possibilities here -

1) Barbos *somehow* knows what the un-fucked-with version looked like, or
2) the un-fucked-with version wasn't as effectively damning as the Russians wished so they "improved" it.

Either way, what we have here is a Russian troll Trumpapologist.