OF THE
TIMES
"The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way," it said.Samsung:
"Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80% of users running the latest version of our operating system.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.
"We always urge customers to download the latest iOS to make sure they have the most recent security update."
"Protecting consumers' privacy and the security of our devices is a top priority at Samsung," it said.Microsoft:
"We are aware of the report in question and are urgently looking into the matter."
"We are aware of the report and are looking into it," a spokesman from Microsoft said.Google declined to comment.
"We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators. We're looking at it very carefully," a spokesman for the federal prosecutor's office said, Reuters reported Wednesday.Update: Anonymous "US intelligence and law enforcement officials" have allegedly told Reuters that the CIA was aware of the impending leak since the end of last year, and their investigation is focusing on contractors as the source of the leak:
A German Foreign Ministry spokesman told Reuters that the authenticity of the documents was still to be verified and that Berlin would be in touch with Washington.
The unnamed officials also confirmed that an internal investigation by the agency into the source of the leak is focused primarily on contractors, who the agency believe passed the documents to WikiLeaks.Update (March 9): More recent coverage:
They also stated their belief that the 8,761 documents contained within the current "Year Zero" leak, the first of the "Vault 7" series, appear to be authentic.
...
WikiLeaks says that the classified information contained in the leaked documents was "lost" by the CIA and subsequently "circulated among former US government hackers and contractors in an unauthorized manner."
One of those individuals is then said to have provided the whistleblowing website with the relevant content.
U.S. cyber security expert Robert Graham said WikiLeaks provided enough detail to recognize some known vulnerabilities.Dennis Kucinich writes for Fox News that Vault 7 is proof that the U.S. is "sliding down the slippery slope toward totalitarianism". (Anti-Trumpers, please note that these leaks cover CIA activity during the Obama administration.)
"One anti-virus researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak," Graham said in a blog post.
CNN asked whether it was legal for the CIA to do this, per US law, provided the hacking techniques are used overseas. In response, Assange referenced the CIA's history of "behaving badly" inside the US as well.Assange also addressed the need for a "Digital Geneva Convention", hinting at WikiLeaks cooperation with the tech community toward that end. Some more highlights:
"It is an unusual time in the United States to see an intelligence agency so heavily involved in domestic politics," Assange said, when asked if the CIA was experiencing turmoil within its ranks.
When questioned about redactions, Assange said 78,000 pieces of information were withheld, consisting of IP addresses of both target and attack machines. The IPs will be investigated and identified before the redaction is removed.
Assange said further material to be released would be recent but would not identify a time from which it came. He said WikiLeaks have more material on the "throwing off" mechanism used by the hacks to cover their traces. Tuesday's leak revealed details of the CIA's ability to hide its own hacking fingerprint and attribute it to others.
...
Assange said 'Vault 7' contained too much work for WikiLeaks to do on its own. He said the latest leak has a number of exploits of code that it needs to disarm before it can be published, rendering it useless to "cyber mafia." He did not give details on when it would be published.
...
When asked by ABC if he had ever been paid by either the Russian government or RT he answered "No, but quite interesting to see ABC taking that line." Criticising mainstream media, Assange described it as a "pretty sad question" which tried to divert from the publication of the CIA's documents.
Lt. Col. Tony Shaffer: "ATP2829, the so-called Russian tool that we used to hack the DNC. Sean, we did it. Not me, our guys. Former members of NSA, retired intelligence officers use these tools to break in there and get the information out. That's what the Democrats don't want to talk about, because it doesn't fit their narrative."Update (March 11): VP Pence says the administration will use "the full force of the law" to go after the Vault 7 leaker(s), calling the release a "very serious offense" that "comprises" the "security" of the American people. Which just goes to show he's a moron. Trump and his team have the moral high ground when they go after malicious leakers who are interfering in democracy, i.e., the ones who are leaking serious (but relatively mundane) information with the goal of destabilizing the administration. But leaks such as Vault 7 expose actual criminality. It's an act of whistle-blowing that exposes how the security of the American people is already compromised, by the CIA. The administration should be cutting the CIA down, not going after the leakers.
Sean Hannity: "You know that for a fact. You know the Democrats did it, or that former operatives did it using the malware techniques, they put the Russians' fingerprints and they can appear that the Russians...you're telling me...The whole Russian story that the media has been running with for month and months and months, that it was our people that did it, and they just put the fingerprints of the Russians."
Lt. Col. Tony Shaffer: "That's right. I don't have proof, but this is what I have heard."
"The evidence is not that the Russians did it, but that it was a Russian tool."
John Kiriakou: I think they [the leaks] probably have come from the CIA contractor or former CIA contractor. And this contractor frankly believes he has evidence of waste, fraud, abuse or illegality - which is the definition of whistleblowing. And that is why he took this information to WikiLeaks.Anti-virus legend John McAfee has likened the CIA's inaction on security holes to not giving sick people antibiotics.
...
JK: I left the agency in 2004, and my resignation was official in 2005, and I will tell you the truth I don't even recognize the place anymore. When I was in the agency the mission was really quite simple - it was to recruit spies, to steal secrets and then to analyze those secrets and provide the analysis to the policymaker to make the best in foreign policy. Now the CIA is a paramilitary organization, it is a cyber-military organization.
RT: Is this what we have to do to keep the country safe from being hit again?
JK: I don't think so. I think the CIA really should go back to its foundations and do what it does best, and that is to recruit the spies, as I mentioned. There is probably a place for cyber-security or cyber-hacking or whatever it is, but that place is in the NSA, in the Defense Department. This is not something the CIA should be doing. One of the things that trouble me the most is that we have absolutely no assurances whatsoever that the CIA is not using this technology to target American citizens. They say that they are not, but they say a lot of things that have turned out not to be true.
"The CIA has confirmed that they knew of 'zero day' exploits years in advance of the manufacturers of the software finding out," he said. "Basically, by not fixing those faults it puts customers of Google, Apple, Microsoft and many other American manufacturers at risk, it puts their reputation at risks, and it costs us all billions of dollars."The Russian Foreign Ministry has urged the CIA to provide a detailed, transparent response:
...
"Seriously, aren't we doing the same thing as having a bunch of ill people in our population, and the CIA has a boatload of penicillin, which could cure us, but they are not going to give it to us, because the enemy may get access to it. Do you see the horror of this?" he said.
McAfee believes that with practices like this, the CIA has failed its mandate to protect the American people.
"If John O. Brennan and Michael Hayden, the past CIA directors under Obama, were here, I would like to say: Shame! Shame on you!" he said.
The developer says the world needs a new paradigm on how to deal with cyberweapons, because they are potentially "many times more devastating" than nuclear weapons, but are by nature capable of being used stealthily or fall into the hands of non-government entities.
"We'd really like the security services in Washington to respond fully and openly to the released documents with specific facts, and if this information is confirmed then it poses a great threat to the world and international security," Zakharova said at a briefing in the Russian capital.McAfee's Intel Security tech firm has now released toolkits to detect rogue software:
Moscow "occasionally" receives information about the activities of the American special services, she pointed out. Previously, such reports "were always confirmed, but also there always attempts to retouch this information and remove it from the front pages," Zakharova said. "In any case, almost every time this information was confirmed," the ministry's spokeswoman said.
The [CIA] malware, or 'rootkit', is designed to allow access to parts of a computer where it typically wouldn't be allowed and can hide the existence of other activities.Assange had offered to work with tech firms on these issues. Many Silicon Valley firms apparently prefer the CIA over cooperating with WikiLeaks, however.
According to the leaked data, the CIA created Extensible Firmware Interface (EFI) rootkits to hack into Apple Macbooks. The malicious software can allegedly embed itself in a computer's low-level firmware and runs as the system is booting up. It is also coded to survive system updates, reinstallations, and can restore malware that gets removed.
In response to the WikiLeaks release, Intel Security's Advanced Threat Research team has created a new module for its existing CHIPSEC open-source framework that can detect the rogue EFI. The module can run on Windows, Linux, and macOS.
The Financial Times is reporting that many Silicon Valley firms will not be working with Wikileaks to cover up the CIA's access to their big data.Update: This is rich:
Several tech companies questioned by FT expressed a desire to not cooperate with the whistleblower on the ground of moral or legal barriers of dealing with classified information.
Silicon Valley insiders assume that Assange tried to improve his own reputation through cooperation with tech giants.
FT is reporting that their are several companies that might change their stance and start cooperation with WikiLeaks if more information would be revealed.
"This data is not shared outside CIA. It's only inside CIA. It's on CIA's top secret network, which is not connected to any other network. So, this has to be an inside job," he said.
Comment: Perhaps they realize that the results of such an inquiry wouldn't look good for them: