May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous
cells
It is generally stupid to talk about individual vulnerabilities without taking into account the
general architecture of a particular network segment, especially set of ports opened across the
segment. Also routers, switches and even network printers can be as vulnerable or even more
vulnerable then individual Linux servers or desktops.
Internet routers are now the most common point of attacks
on individual home computers. That means that the usage of a proxy server after the rounter (using some kind of
Firewall Micro Appliance ) for internet access now should be viewed as the necessary evil, as the
"best practice".
But unfortunately in home networks they are not widely used, mostly because the user lack the necessary skills. That is often
true even for home netwrk of system administrators, who are lazy enough to configure VPN for connection with the organization and
use completely separate, not connected to home network computer to work with corporate server. Duel use laptops in such case
is huge evil. Which means that home networks of system administrators often represent the weakest link in corporate security and the
optimal entry point for a determined hacker into corporate or some other networks.
Another important fact is the level of
stupidity/gullibility of users in a large organization. It can take various forms. With the most recent, most stunning example
being
Hillary Clinton email scandal which demonstrated that shadow
IT represents a significant and underappreciated danger. And the level of stupidity and greed cannot be overestimated. Note that the level of qualification of
system administrators in this case was average at best, and even NIST recommendations were ignored in
setup and maintenance of the server(s). So people who installed and maintained the server were not qualified to do that. And
such situation is typical for shadow IT.
So the security and vulnerability of Linux is only a small part of the whole puzzle. Human factor is another important variable
and some user represent natural Trojan horse in corporate networks. That means that many organizations which enforce monthly
or even more frequent patching in a vain attempt to increase their server security actually lower it, as they are barking to the
wrong tree. And those efforts might be better used for user education and for improving general architecture (for example
blocking the ability of desktops/laptops to communicate with other desktops laptops directly but only via server segment. Even
Windows administrators should first connect to some window server (which serve ads multiplexor of remote desktops) and from it
to user laptops/desktops.
Fascination with the installation of multiple security products on a corporate desktop is another cancer that recently hit
corporate networks. Not only it make desktops/laptops often barely operable, it also provide a false sense of security, offloading
the responsively to protect the network of AV vendor. Usefulness of AV in protection of Linux and linux workstations is
highly questionable and attempt to "unify" them with Windows are badly advised.
Also security vulnerability patches are created equal. Only very few of them represent remotely exploitable vulnerability and
even those presuppose that specific ports are open. which often is not true in corporate or a good home network where only
three of for port are allowed to communicate with external sites. (for example, http https, DNS and ssh/scp) Most security patches
pushed by vendors like Red hat each month are exploitable only with the account on the server or even some additional conditions.
Claims that open source software is more secure then proprietary solutions can not be taken at their
face value. Theoretically this is true, but the complexity of open source software negates this.
Historically OpenSSH vulnerabilities were one of the most favorite ways for breaking into
Internet ISPs, for at least a half of the decade. According the US Government's database of computer security vulnerabilities maintained
by the National Institute of Standards and Technology (http://icat.nist.gov)
as of April 15, 2004, there have been more High Severity (remotely exploitable) vulnerabilities
found in the Linux operating system than in Microsoft Windows. And this is not surprising as Linux has more goodies installed in the standard setup and more ports opened (recently that changed in
RHEL). But if linux installed in minimal configuration (as it should) many of those vulnerabilities are related to
non-existent packages and protocols. So the reverse is true -- minimized linux even without hardening is much more secure than any,
even hardened, Windows desktop or server.
Also many vulnerabilities are applicable only to specific version of linux or application, or protocol In March 2004, Forrester Research
published a
report
that came to the conclusion that Linux is no more secure than Windows. Also Linux in practice (especially in home networks) is often running
with firewall disabled, which is big "no-no" security wise. Amateur users often use root as
their user account -- another bog "no-no". Add to this mind boggling complexity of modern
Linux where even Apache server probably requires years of study to be configured and used properly
and you get the picture.
It is true that Windows is often used is less secure way then Linux (with the user operating
all the time from Administrator account or equivalent), but if regular user account is used such mechanisms for providing security
as
Windows Group policy and cryptographically signed executables beats Linux in default
configuration. An excellent security system introduced by Suse
AppArmor did not became Linux standard. Red
Hat SElinux that few people understand and few configure correctly (most often disable) is dominant.
Only Solaris is competitive in this area. It also benefits from security via obscurity,
especially if deployed on Sparc servers.
Another key factor that the
number of security flaws discovered is generally proportional to market share, so the dominant OS
is the most natural target of attacks. This issue on a new level is often replayed in Linux vs.
Solaris security debate. In security, being a non-mainstream has its own set of advantages.
There is huge and lucrative market for Windows zero days exploits. Some market exist for Linux too. There is no such market for
Solaris.
There is also government sponsored hackers who develop professional exploit for both windows and
Linux. Stuxnet, Flame and subsequent set of nasty worms were developed by government and later
those technologies fall into the hand of the hackers. Unlike regular munitions, cyber weapons
did not explode on contact. They can be captured disassembled, studied and replicated on a new, more
sophisticated and dangerous level in a never ending battle of defense and attack tools. When
some government unleashed Stuxnet out of the box it literally open the Pandora box of cyber war.
In other words when we discuss security of an individual Linux box this is an abstraction, and often not very
useful abstraction,. What we should discuss is the security of network in which particular Linux box
is installed. Also there are some "semi-hidden" parts of network infrastructure, for example
the subnet on which management interfaces like Dell DRAC or HP ILO exist (and nobody knows how many
vulnerabilities those contain and who has them other then NSA), and which are seldom
secured properly despite the fact that this is an obvious like of attack on linux servers. As
such they represent more subtle and potentially more lucrative way to break into the server the
frontal attack. There are a lot of commercial servers, even in major datacenters which still have
default passwords for DRAC or ILO, and default accounts still enabled.
All this suggest that when discussing individual vulnerabilities it is important to see the bigger picture --
it is
architecture that matter most in providing desirable level of security. What boxes
are open to internet and which are not. Which ports are opened across the segment on this sensitive
box is installed. Is DMZ configuration used. Is private DNS used? answers to all those
questions by-and-large define the level of security that you can achieve. Patching is another
interesting topic with its own set of warts. And patching infrastructure can and was in the past
used as a way to break into the servers (breaking into repository and installing troyanized versions
of some components is just the tip of this iceberg). Again look at the level of stupidity in
configuring Hillary bathroom server (Hillary
Clinton email scandal) as a pretty educational example how not to do such things.
Smartphone infrastructure (and Android is nothing but a proprietary version of Linux used by
Google) in companies is now another "Wild West" with little security and a lot of ways to
subvert those few measures that are used. Here stupidity and gullibility of users reached probably
its maximum level.
But there silver lining in any dark clouds. first of all there are "DVD-only" distributions which are secure after each reboot. So for highly
confidential tasks you can reimage the server from DVD or just use such a distribution. That
somewhat guarantees that for the next few hours you work with "clean" system. In general use
of non-violable storage
can be considered as a measure that is to some extent is alternative to periodic patching. In
this case you are guaranteed that you executables will not be troyanized or some accounts or
components are added to the system. There is no real necessary for such directories as /bin /usr
/boot /root, and some others to be writable. And /etc/while writable consist mostly of static files
that can be overwritten as often as you wish from "safe" non-violable storage. This is one way to avoid web site hacking -- nobody can
write file on a write protected disks without physical access to the disk.
And then there is such danger as Shadow IT, which often
exists below the radar in many highly bureaucratized, fossilized/outsourced IT environments.
Which are pretty common for large corporations. This was the essence of
Hillary Clinton email hacking scandal. To make long story short the key part of the State
Department IT infrastructure -- mail server used by Secretary of state and her close entourage --
was installed as a private "bathroom" Windows-based server with Microsoft Exchange as a
mail server directly opened to the Internet. And all this mess was maintained by rank-and-file specialists with mainly
experience in IT for non-profits and without proper security training.
After this episode it is easy to stop believing into the ability of the US government to maintain
security of its servers. The server (or group of servers ) was configured without any attempt to satisfy NIST guidelines for this type of servers. If you have
architecture flaws like this, you are royally f*cked no matter how hard you try to patch individual
vulnerabilities. Architecture faults overwrite all this and when we are talking about individual
vulnerabilities we assume that sound architecture, proper for desirable level of security of
particular server is already in place. Otherwise the whole discussion just does not
make any sense.
If you have architecture flaws like those in Hillary email server you are royally f*cked no matter how hard you try to
patch individual vulnerabilities. Architecture faults overwrite those efforts and when we are talking about individual
vulnerabilities we assume that sound architecture, proper for desirable level of security of
particular server is already in place. Otherwise the whole discussion just does not
make any sense.
Forrester measured the time between the discovery of a flaw and the release of a fix for the flaw
-- not a perfect but still worthwhile metric. It claims Linux, in this particular sense, was less secure than Windows because
not only the total number of security
alerts for Linux outnumbered those for Windows, but also because time for fixing it was not impressive. But this is a difficult metric to provide objectively,
as the severity of the flaws varies and the most flaws counted against Linux were actually flaws in
applications or programming environments that run on Linux, not in the Linux kernel per se. Also
with firewall tightly configured many of them just does not make any sense and are not exploitable.
Paranoia fueled by greedy security firms, which exaggerate the severity of the flaw and hide the
information about conditions necessary for its exploitation, actually does a lot of harm to
Linux.
On high level
of security with AppArmor enabled (or if you have an
expert in SElinux security, able to configure it properly for your case) and with internal firewall
not only enabled, but properly configured (emphasize of properly), you simply deny access to most vulnerabilities and it does not matter much if they patched
or not -- they are simply inaccessible.
Only very few protocols that are opened (DNS is one example)
can be secured by constantly monitoring the integrity of the server and blocking any changes outside
/tmp and similar filesystems. In case of DNS using private internal DNS with "fake"
root also helps. For small organizations it is possible to use /etc/hosts table
instead, eliminating DNS. But even for DNS there are inventive way to improve security -- for
example in most organizations DNS tables are pretty much
static and can be written on CD instead of hard drive. That makes it harder possibility to modify them
you need to create new writable directory copy files and redirect DNS server to this folder -- the
task which is difficult to accomplish without already being root. In
general the more secure environment you wish to have the larger part of this environment should
consist of non writable media.
Another important aspect is what you are running. For example if you do not run X server, it is unclear
why you should worry about those vulnerabilities that apply to this environment. In this sense
minimization of your installation is the most powerful security tool and early hardening packages
like Titan provides some minimization frameworks. Now most commercial distribution have the option
"minimal server" which is a good start.
Minimization of your installation is the most powerful security tool. Now most commercial
Linux distribution have the option "minimal server" which is a good start.
As Linux is an independent POSIX compatible reimplementation of Unix, the principles of
Linux hardening are the same as for other Unixes and are well developed.
That means that Linux in principle can be more completely and more deeply hardened then Windows,
because it is more open system.
But the way how Linux is typically installed often deny or even pervert this advantage. In June 2004, Danish security firm Secunia
compared
security across operating systems and concluded that Windows was more secure, than many people think.
According to a new Aberdeen Group report, open-source solution Linux has surpassed Windows as the most
vulnerable OS, contrary to the high-profile press Microsoft's security woes. And march larger
share of servers running windows. Furthermore, the
Aberdeen Group reports that more than 50 percent of all security advisories that CERT issued in the
first 10 months of 2002 were for Linux and other open-source software solutions.
"Open-source software, commonly used in many versions of Linux, UNIX, and network routing equipment,
is now the major source of elevated security vulnerabilities for IT buyers," the report reads. "Security
advisories for open-source and Linux software accounted for 16 out of the 29 security advisories--about
one of every two advisories--published for the first 10 months of 2002. During this same time, vulnerabilities
affecting Microsoft products numbered seven, or about one in four of all advisories."
Decentralized nature of Linux development makes possible for critical flows in applications (and
sometimes even kernel) to exist for years without detection.
The Aberdeen Group says this information proves that Linux and UNIX are just as prone to Trojan horse
attacks as any other OS, despite press reports to the contrary. According to the Aberdeen Group, the
open-source community's claim that it can fix security vulnerabilities more quickly than proprietary
developers means very little. The group says that the open-source software and hardware solutions need
more rigorous security testing before they're released their products to customers. As I
mentioned before, it is
interesting that open SSH implementation was for several year the preferred way of hacking into
Linux ISPs.
We can rail against Microsoft and its security policies (which are indefensible), but far more people and systems use Microsoft's
software than any competing software. And most Linux system administrators do not know how secure Linux
and are not motivated to do this as it makes their work much more difficult. Linux is moving to
Windows environment when "clueless administrator managed servers used by clueless users". And this
environment that can't be defended by any technical means.
Moreover even despite the fact that Linux isn't as prevalent as Windows, we're still seeing a
gradual increase in Linux security advisories from year to year. We judge that the large companies
should exercise caution in deploying Linux on DMZ and deploy Solaris instead, if they are really
concerned about hacking and Linux security. Security via obscurity is not a bad thing. Even
use of FreeBSD (or, better, OpenBSD) sometimes can dramatically improve the level of security, as it automatically stops
most of linux exploits without any patching.
Long time ago, Secunia publishes graphs on the security
advisories for Red Hat Enterprise AS3. According to the graphs, 66% of the listed vulnerabilities can be exploited
remotely, meaning they are exposed to an attacker who does not have an account on the system. Even
if they are wrong by 50% that's a lot. Another
graph shows that 17% of the vulnerabilities can allow a cracker to escalate his privileges on the vulnerable
system, which means that after getting into the system on non-privileged account the cracker may be able to get root privileges.
Secunia page that includes similar graphs for Windows 2003 Enterprise Edition. According to these
graphs, only 48% of the Windows 2003 vulnerabilities can be exploited by a remote user, which taking
into account weakness of their methodology might mean that in this sense Linux and windows are
close. None is superior to another. The number of vulnerabilities that allow a cracker to escalate
privileges is only 13% in Windows compared to 17% for Red Hat, which also means that they are close
(as those figures need to be taken with a grain of salt and definitely rounded tin a single significant
digits, as one percent difference means nothing in this context.
That means that without additional hardening Red Hat Enterprise Server AS3 used to have
approximately the same level of risk as Windows 2003 Enterprise Edition. which means both are
indefensible against motivated hacker.
In other words the level of security of the system depends on several factors:
General architecture of particular network (whether NIST recommendations were used to
configure the network and servers, is it proxied, firewalled both on entrance from the internet
and individual server level, whether AppArmor is
used and properly configured (brilliant security idea that never get enough traction as Red Hat
supported SElinux), whether organization uses private DNS, uses hostfile for name resolution
instead of DNS (not a bad idea for small networks), how well individual server is hardened,
etc) and
the level of hardening
Qualification of administrators and users.
Level of security of other components of particular network segment (DRAC or ILO if they are
on the same segment, router, switch, etc)
It means that it is almost meaningless to discuss it in abstract terms, It should be self-evident that the most serious type of vulnerability,
unless architecture prevent their use, it possible for an attacker without any account on the system to gain administrator privileges
and seize control of your system via the Internet both on Windows and Linux. Especially for the
attacker who can buy "zero-day" exploit.
If you need highly secure environment, then your network should be isolated from internet, and/or
use non IP based communication protocols (such as good old UUCP, BBS infrastructure and Fidonet
internally, or on more more modern level by use of Infiniband for UUCP). I actually saw that UUCP
was used in some organizations for explicitly this purpose. New is sometimes well forgotten
old. The most secure way to use computers is to use isolated non-network computers producing CD/DVDs
or just print materials. Rescanning of printed documents is pretty accurate, especially for regular
text files. I read somewhere that Russian government, after Stuxnet and Flame were exposed,
switched a part of its operation to electric typewriters. That's probably too drastic move,
but good old DOS can do wonders for most office tasks and has collection of applications which was
produced before NSA figured the ways to troyanize them ;-)
The question arises what vulnerabilities of the Linux operating systems are most often targeted by
malicious attackers. While there is a non-stopping stream of remotely exploitable Linux vulnerabilities
but only few of them were used for actual exploits against the number of servers.
But for the top vulnerabilities it make sense to go extra mile. for example it does not make any
sense to open ssh to the world unless absolutely necessary. Restricting IP range via tcp
wrappers or firewall in a powerful mechanism of making more secure even top exploitable protocols.
Below we will reproduce slightly edited list of the ten most commonly exploited vulnerabilities
similar to on produced by SANS
Institute The list for Unix/Linux vulnerabilities currently
includes (vulnerabilities that represent additional danger in large corporate environment due
to the number of servers with those applications installed):
Services like Webmin, phpmyadmin, Cpanel, etc that provide Web-based interface for
administrators and webmasters. They are typically attacked by script kiddies 24 x 7. As
they typically they do not understand what they are doing this is just noise, but still it
requires some means to hide ports and make URLs unique for the site. You should never have
generic URLs for those applications (Cpanel is an exception for obvious reasons).
Web and Application Server Misconfiguration: It is of critical importance that a secure Web application
have a strong server configuration standard.
PHP Web applications misconfigurations or, more commonly, bugs in major PHP applications. PHP is rarely
used in enterprise environment, but it attracts lion share of exploits directed against Web
sites. The top ten
are:
Unvalidated Parameters: Those intent on an attack can use this flaw to get at backside components
through a Web application. Information from Web requests is not validated before being used by a
Web application.
Broken Access Control: These flaws can be taken advantage of by hackers to access other users'
accounts, view sensitive files or use unauthorized functions. The flaws occur because the restrictions
on what authenticated users are allowed to do are not properly enforced.
Broken Account and Session Management: This vulnerability occurs when account credentials and
session tokens are not properly protected. Attackers can assume other users' identities by compromising
passwords, keys, session cookies or other tokens.
Cross-Site Scripting (XSS) Flaws: An attacker can use the Web application as a mechanism to transport
an attack to an end user's browser. Successfully utilizing this method can disclose the end users'
session token, attack the local machine or spoof content to fool the user.
Buffer Overflows: Web application components in some languages that do not properly validate
input can be crashed and, in some cases, used to take control of a process. These components can
include CGI, libraries, drivers and Web application server components.
Command Injection Flaws: Web applications pass parameters when they access external systems or
the local operating system. If an attacker can embed malicious commands in these parameters, the
external system may execute those commands on behalf of the Web application.
Error Handling Problems: If an attacker is able to create errors that the Web application does
not handle, they can gain detailed system information, deny service, cause security mechanisms to
fail or crash the server.
Insecure Use of Cryptography: Web applications often use cryptographic functions to protect information
and credentials. These functions, along with the code to integrate them, have proven difficult to
code properly, often resulting in weak protection.
Remote Administration Flaws: Many Web applications allow administrators to access the site using
a Web interface. If these administrative functions are not very carefully protected, an attacker
can gain full access to all aspects of a site.
Secure Shell (SSH) -- paradoxically ssh due to complexity of protocol and its implementation
is the most common way to get into remote system. Stream of remotely exploitable openssh vulnerabilities
has a long and ugly history.
BIND Domain Name System (large corporations often use appliances for DNS, but that
does
not mean that they are more secure ;-).
Java. Exploits against Java programs are actually far more common then exploits against
Apache. See the list of PHP vulnerabilities. It is fully applicable. Popular Java-based
application can be attacked like popular PHP application with application-specific exploits.
Open Secure Sockets Layer (SSL) -- like SSH it has a history of nasty exploits.
Patching is very important.
Remote Procedure Calls (RPC). There were several famous malware worms instances that
used those vulnerabilities to spread inside corporate environment.
Apache Web Server (large corporations generally use HTTP proxy and firewall before any Web server,
which limit impact of even unpatched exploits)
General UNIX Authentication problems such as accounts with no passwords or weak passwords.
In modern environment chances of cracking password via external login are close
to zero, unless the attacker has additional information about the victim. But still prudence
dictates the necessity to two factor authentication for any Internet facing server. In this sense many US banks, brokers and financial companies are simply negligent. For you
as a customer ability to provide a token is now an important criteria of choosing the financial
institution. For example both eTrade and Paypal provide tokens to customers.No externally facing corporate server can use just password authentication. Tokens are
really cheap and increase security. CMS protocol and cell phones can be used instead. In this
case CMS message is send and serve as the second password after the user authenticated,
One time passwords , mascots , etc also increase security of authentication. Individual user
mascots allow to distinguish real site from fake one.
Clear Text Services and shell vulnerabilities (predominantly bash). The most recent was
Shellshock (September, 2014).
Sendmail and set of email based exploits including phishing. Sendmail is outdated and
poorly understood by administrator program with multiple vulnerabilities and dismal history of
exploits that is still widely used in large corporate environment. The program still
has vulnerabilities that were not patched in common distributions but they are becoming more rate.
Sendmail mainly is used as a transport mechanism for malware and here the weakest link is not
the software but the users. Some phishing attempt are so ingenious, that they can full a large
number of users.
Simple Network Management Protocol (SNMP). This is a little understood by a typical
sysadmin protocol which
if enabled often has mistakes in configuration. Generally it should be restricted to relevant IPs. Opening it to the world is a big mistake.
Misconfiguration of Enterprise Services like NIS ( which is still widely used, but
gradually is replaced with LDAP), NFS, Samba, etc. Often IP ranges used to open those services
are way too wide. The additional problem with Samba is that Unix
sysadmin often does not clearly understand mapping of Windows file attributed into extended
attributes.
Although there are thousands of security incidents each year affecting major Linux distribution, the majority of successful attacks target one or more of these vulnerable services. Attackers
usually
are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws
with the most effective and widely available attack tools. They count on organizations to be behind
in patching, especially patching of application and protocols like SSL, not fixing well-known the
problems. They often attack indiscriminately, scanning the Internet for any vulnerable systems.
The best strategy for large corporate is avoidance. On the Unix and Linux side, Berkeley Internet
Domain Name (BIND) software remains the top problem software. That means that large corporate should
never try to run bind on Linux. Similarly Apache as an external web server should generally work via
HTTP proxy. Generally apache is way too complex to be used as Internet facing Web server (but
it can and should be used as an internal WEB server, due to its functional superiority over competitors).
Running Sendmail on Linux is not recommended for the same reason, as at number 6 it belongs to most
vulnerable software on the Unix/Linux servers. In major distribution it was replaced by
postfix long ago, so this is only inertia that dictates continued use of Sendmail in enterprise
environment.
SANS Institute provides periodic list of top vulnerabilities which while can't be taken at face
value, still might contain useful information. It can be viewed on the organization's
Web site, The list below is
adapted from the SANS Web site and is old. But as reference is still makes sense as it shows the
futility of viewing Linux security without considering of network architecture and the level of
hardening. It also shows limitation of people at SANS which complied the list. Concentration on
individual software vulnerabilities makes sense for the attacker, but much less sense for the
defender.
The Berkeley Internet Name Domain (BIND) package is the most widely used implementation of the Domain
Name Service (DNS), a critical system that allows the conversion of hostnames into the registered IP
address. Unless you run your own internal DNS (which many corporation do and which constitute a good
practice) this is the system exposed to external attacks.
The ubiquity and critical nature of BIND has made it a frequent target, especially in Denial
of Service (DoS) attacks, which can result in a complete loss of accessibility to the Internet for services
and hosts. Whilst BIND developers have historically been quick to repair vulnerabilities, an inordinate
number of outdated, misconfigured and/or vulnerable servers remain in place. Also there are some
high level exploit of bind based of architectural flows that are not that easy to patch.
Among old, well know BIND weaknesses was a denial of service discussed in
CERT Advisory
CA-2002-15. In this case, an attacker can send specific DNS packets to force an internal consistency
check which itself is vulnerable and will cause the BIND daemon to shut down. Another was a buffer overflow
attack, discussed in
CERT Advisory
CA-2002-19, in which an attacker utilizes vulnerable implementations of the DNS resolver libraries.
By sending malicious DNS responses, the attacker can explore this vulnerability and execute arbitrary
code or even cause a denial of service.
A further risk is posed by a vulnerable BIND server, which may be compromised and used as a repository
for illicit material without the administrator's knowledge or in stepping-stone attacks which use the
server as a platform for further malicious activity.
Operating Systems Affected
Nearly all UNIX and Linux systems are distributed with a version of BIND. To increase the level of protection
it is recommended to use self-complied version of bind using Intel compiler and replace with this compiled
version the stock version of bind provided by operating system vendor.
Also due to criticality of the service Linux is a bad choice of the platform for its deployment.
Solaris should be used instead. For excellent guides to hardening BIND on Solaris systems as well as
additional references for BIND documentation, see
Running
the BIND9 DNS Server Securely and the archives of BIND security papers available from
Afentis.
for mission critical servers run BIND not installed via RPM, but compiled with appropriate
compiler option from source downloaded directly from the Internet
Software Consortium (ISC). Or buy a DNS appliance.
Ensure that your externally exposed DNS server runs the latest version of BIND. For most systems,
the command "named -v" will show the installed BIND version enumerated as X.Y.Z where X is
the major version, Y is the minor version, and Z is a patch level. A proactive approach to
maintaining the security of BIND is to subscribe to customized alerting and vulnerability reports. In addition, a vulnerability
scanner might be used to check DNS systems for configuration blunders and potential vulnerabilities.
This subsystem does not need to be exposed to the internet, so it is mostly internal
vulnerability, unlike DNS. most corporation now provide access to internal network for both users
and sysadmins via VPN, using separate not shared corporate PC/laptops, which often have smart card
authentication.
Description
Remote procedure calls (RPCs) allow programs on one computer to execute procedures on a second computer
by passing data and retrieving the results. RPC is therefore widely used for many distributed network
services such as remote administration, NFS file sharing, and NIS. However there are numerous flaws
in RPC which are being actively exploited. Many RPC services execute with elevated privileges that can
provide an attacker unauthorized remote root access to vulnerable systems.
The majority of the distributed denial of service attacks launched were executed by systems that
had been victimized through these RPC vulnerabilities. The broadly successful attack on U.S. Military
systems during the
Solar
Sunrise incident also exploited an RPC flaw found on hundreds of Department of Defense computer
systems. More recently, an MS Windows DCOM Remote Procedure Call vulnerability has played a role in
one of the most significant worm propagation events.
Operating Systems Affected
All versions of UNIX and Linux come with RPC services installed and often enabled. It is not always
possible to shut down this service as it is widely used and required for NFS implementation. For
that reason NFS should not be used on DMZ
Use a vulnerability scanner or the 'rpcinfo' command to determine if you are running one of the most
commonly exploited RPC services:
RPC Service
RPC Program Number
rpc.ttdbserverd
100083
rpc.cmsd
100068
rpc.statd
100024
rpc.mountd
100005
rpc.walld
100008
rpc.yppasswdd
100009
rpc.nisd
100300
sadmind
100232
cachefsd
100235
snmpXdmid
100249
RPC services are typically exploited through buffer overflow attacks which are successful because the
RPC programs do not perform sufficient error checking or input validation. Buffer overflow vulnerabilities
allow an attacker to send unexpected data (often in the form of malicious code) into the program memory
space. Due to poor error checking and input validation, the data overwrite key memory locations that
are in line to be executed by the processor. In a successful overflow attack, this malicious code is
then executed by the operating system. Since many RPC services execute with elevated privileges, successful
exploitation of these vulnerabilities can provide unauthorized remote root access to the system.
How to Protect Against It
Use the following steps to protect your system against RPC attacks:
Turn off or remove any RPC service which is not absolutely necessary for the function of your
network.
Install the latest patches for any services you cannot remove:
Regularly search the vendor patch database for new patches and install them right away.
Block the RPC portmapper, port 111 (TCP and UDP) and Windows RPC, port 135 (TCP and UDP), at
the border router or firewall.
Block the RPC "loopback" ports, 32770-32789 (TCP and UDP).
Enable a non-executable stack on those operating systems that support this feature. While a
non-executable stack will not protect against all buffer overflows, it can hinder the exploitation
of some standard buffer overflow exploits publicly available on the Internet.
For NFS exported file systems, the following steps should be taken:
Use host/IP based export lists.
Set up exported file systems for read-only or no-suid wherever possible.
Use 'nfsbug' to scan for vulnerabilities.
A summary document pointing to specific guidance about three principal RPC vulnerabilities -
Tooltalk, Calendar Manager, and Statd - may be found at: http://www.cert.org/incident_notes/IN-99-04.html.
Summary documents pointing to specific guidance about the above RPC vulnerabilities may be found
at:
In large corporation Apache or other Web server is never exposed to Intent directly. Usually it
is exposed via proxy such as BlueCoat. But small ISPs and small companies have Apache exposed
directly.
Apache has historically been, and continues to be the most popular web server on the Internet. In
comparison to Microsoft's Internet Information Server, Apache may have a cleaner record in regards to
security, but it still has its fair share of vulnerabilities. In addition to exploits in Apaches
core and modules (CA-2002-27,
CA-2002-17),
SQL, databases, CGI, PHP vulnerabilities are all potentially exposed through the web server.
If left unsecured, vulnerabilities in the Apache web server implementation and associated components
can result in denial of service, information disclosure, web site defacement, remote root access, or
countless other unfavorable results.
Affected Operating Systems
All UNIX systems running Apache. Many Linux and UNIX variants come with Apache installed and sometimes
enabled by default. Like in case of bind it is recommended to compile own version of Apache before deployment.
How to Determine if you are Vulnerable
Information regarding security advisories for Apache 2.x security information resides at
http://httpd.apache.org/security/
How to Protect Against It
Ensure that you are running the latest patch level.
Ensure that core operating system components that are referenced by Apache are patched. Only
the modules necessary for your server to function properly should be compiled into Apache.
note: The mod_ssl worm (CA-2002-27)
is a perfect example that resulted from vulnerabilities within OpenSSL (CA-2002-23).
Never run Apache as root. A unique user and group with minimal privileges should be created
for running Apache. No other system processes should be run under this user or group.
Limit the server information that is revealed.
While this suggestion tends to encounter opposition from people suggesting security by obscurity
is not the way and a number of exploit attempts you will see are done in a blind sweeping fashion
(proven by the fact that you will see in many Apache logs IIS exploit attempt after IIS exploit
attempt), there are also some exploits that will trigger based on header information.
Ensure that mod_info is not accessible from the Internet.
Directory indexing should be disabled.
For security centitive systems always run Apache in a chroot environment. If Apache is started chroot-ed it
cannot access any part of the operating system directory structure outside of the chroot. This can
often critical to prevent exploits. For example, an exploit may call a shell and since /bin/sh likely does
not (and should not) reside in the chroot, it would be ineffective.
As there are numerous methods of chrooting, software documentation should be consulted for assistance.
Additional information can be found below.
Efficient and thorough logging is essential to effectively track down any potential security
problems or unexplained behavior you may be experiencing with your web server. It is a good practice
to routinely rotate logs and keep older logs archived. This will make the log size more manageable
and easier to parse through if necessary.
Various information regarding log formats and rotation are available here:
In many scenarios the content of these logs may not be sufficient. Especially if youre using
PHP, CGI or other scripting it is a good idea to log GET and POST payloads. This can yield important
data and evidence in the event of a security compromise. Logging of GET and POST payloads can be
implemented via mod_security.
For security sensitive systems you should disable PHP, CGI, SSI and other scripting languages
as it is difficult/impossible to protect then from exploits. Use only precompiled static
pages.
Disable Server Side Includes (SSI) which can potentially be abused and cause the web server
to execute code which it was not intended to.
If PHP, CGI, SSI or other scripting languages are necessary, consider utilizing suEXEC.
suEXEC allows scripts to be run under Apache with a user id other than the Apache user id.
WARNING: It is imperative that suEXEC is understood thoroughly. If it is improperly utilized
it can create new security holes.
Additional modules can aid in security. The mod_security (www.modsecurity.org)
module can help protect against Cross Site Scripting (XSS) and SQL injection. Detailed implementation
instructions can be found at their website.
Auditing your scripts for vulnerabilities including XSS and SQL injection is also important.
There are a few open source tools that will accomplish this. Nikto (available at
http://www.cirt.net/code/nikto.shtml)
is one of the more comprehensive CGI scanning tools.
This is mostly an internal vulnerability as in no way you should be able to authenticate to
internal system from Internet for security sensitive systems. Only from private VPN. It is an
external vulnerability for ISPs and small companies that does no use VPN for this purpose. In this
case one time passord system or security token should be used to avoid cracking of password database
See recent Yahoo hack for details
Yahoo
discloses hack of 1 billion accounts
Google provides two factor authentication which as we know now Podesta did not use which
lead to huge embarrassment when his emails were stolen due to simplistic phishing scheme (he proved
to be completely incompetent idiot as for computer security, as most of Hillary Clinton entourage;
was too lazy to use two factor authentication that Google provides):
Signing in to your account will work a little differently
You'll enter your password.Whenever you sign in to Google, you'll enter your password as
usual.
You'll be asked for something else. Then, a code will be sent to your phone via text,
voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your
computer's USB port.
Passwords, passphrases and/or security codes are used in virtually every interaction between users
and information systems. The most simplisitc (one factor) authentication, as well as file and data protection, rely
heavily on user or vendor supplied passwords. In addition, since properly authenticated access is often
not logged, or if logged not likely to arouse suspicion, a compromised password is an opportunity to
explore a system virtually undetected. An attacker in possession of a valid user password would have
complete access to any resources available to that user, and would be significantly closer to being
able to access other accounts, nearby machines, and perhaps even obtain root level access on this system.
Despite this threat, user and administrator level accounts with poor or non-existent passwords are still
very common. As well, organizations with a well-developed and enforced password policy are still uncommon.
The most common password vulnerabilities are:
user accounts that have weak or nonexistent passwords;
users accounts with widely known or openly displayed passwords;
system or software created administrative level accounts with widely known, weak, or nonexistent
passwords;
weak or well known password hashing algorithms and/or user password hashes that are stored with
weak security and are visible to anyone.
The best defense against all of these vulnerabilities is a strong authentication policy that includes
usage of Secure Id or smartcards. We also need to create detailed instructions for users for strong
passwords creation; explicit rules for users to ensure their passwords remain secure; a process for
IT staff to promptly replace weak/insecure/default or widely known passwords and to promptly lock down
inactive or close down unused accounts; and a proactive and regular process of checking all passwords
for strength and complexity.
Operating Systems Affected
Any operating system or application on any platform where users authenticate via a user ID and password.
In Linux You we should requre to use the MD5 algorithm to hash passwords; this is somewhat more secure
than the older crypt algorithm.
How to Protect Against It
The best and most appropriate defense against password weaknesses is a strong policy which provides
detailed instructions to engender good user password habits and also entails regular proactive checking
of password integrity by system administrators with complete support from the organization. The following
steps should be used as guidelines for a good password policy:
Assure that passwords are consistently strong. Given enough hardware resources and enough
time, any password can be cracked using brute force guessing. Password crackers that are employed
by attackers use what are known as dictionary-style attacks. Since common password encryption methods
are widely known, the cracking utilities simply compare the encrypted form of a target password
against the encrypted forms of all dictionary words (in many languages), along with proper names,
and various common permutations of both. Therefore a password that in any way resembles a word (or
words in almost any documented language) is highly susceptible to a dictionary attack. Many organizations
instruct users to generate passwords by including combinations of alphanumeric and special characters,
and users more often than not adhere by taking a word (e.g., password) and converting letters to
numbers or special characters (e.g., pa$$w0rd). Such permutations cannot protect against a dictionary
attack: pa$$w0rd is as likely to be cracked as password.
A good password therefore cannot have a word or proper name as its root. A strong password policy
should direct users to generate passwords from something more random, like a phrase or a longer
title of a book or song. By concatenating a longer phrase into a string (i.e., taking the first
letter of each word in the phrase (preferably in mixed case), or substituting a special character
for a word in the initial phrase, and/or replacing all the vowels in that concatenated phrase with
various special characters, etc.), users can generate sufficiently long password strings which combine
alphanumeric and special characters in a way that dictionary attacks will have greater difficulty
cracking. And if the initial phrase is easy to remember, then the resulting password string should
be as well.
Once users are given the proper instructions for generating good passwords, detailed procedures
should be put in place to assure that these instructions are followed. The best way to do this is
by validating the password whenever the user changes it. Most flavors of UNIX/LINUX can use Npasswd
as a front-end to check entered passwords against your password policy. PAM-enabled systems can
also be extended to include cracklib (the libraries which accompany Crack) to check passwords as
they are generated. Most new PAM-enabled systems can also be setup to refuse bad passwords that
do not meet certain guidelines.
However, if passwords cannot be verified against dictionary libraries when they are entered using
tools such as Npasswd or PAM-enabled libraries, then cracking utilities should be run by the system
administrator in a stand-alone mode as part of a regular proactive procedure. Tools like those used
by potential attackers are generally the best choice. On a UNIX/LINUX-based platform, that would
include Crack and John the Ripper.
Please Note: Never run a password scanner, even on systems for which you have root-like
access, without explicit and preferably written permission from your employer/organization.
Administrators with the most benevolent of intentions have been fired for running password cracking
tools without the authority to do so. This authority should be in the form of a written letter
that forms part of the organizations strong password policy and allows for regular scheduled
password checks.
Once you have acquired authority to run cracking utilities on your system, do so regularly on
a physically protected and secure machine. The tools on the machine should not be openly accessible
to anyone but the authorized system administrator. Users whose passwords are cracked should be notified
confidentially and given instructions on how to choose a better password. As part of the organizations
password policy, both administrators and management should develop these notification procedures
together, so that management can provide guidance and/or assistance when users do not respond to
these notifications.
Other possible options to protect against nonexistent or weak passwords and/or to maintain password
policy procedures are (a) to use an alternative form of authentication such as password-generating
tokens or biometrics. These are effective if you are having trouble with weak passwords and can
be used as an alternative means of authenticating users. It should be noted that some password-generating
tokens need procedures in place to ensure they are not openly accessible to unauthorized users and
if stolen they are promptly denied from the system. Biometrics is a developing area and depending
on the type of authentication (e.g., fingerprints versus facial recognition), some of the technology
has not been perfected and errors in authentication may be common. (b) There are many comprehensive
third party tools (free and commercial) available to help manage good password policy.
Protect Strong Passwords. If you store password hashes in /etc/passwd, update your system
to use /etc/shadow. If your system runs NIS or LDAP in such a way that hashes cannot be protected,
anyone (even non-authenticated users) can read your password hashes and attempt cracking. You should
look for more secure alternatives to the NIS and LDAP version you are running. Until those insecure
applications can be secured/replaced, you should secure proper permission and run proactive cracking
as a regular procedure against those applications as well. Consider using the MD5 algorithm to hash
your passwords instead of crypt.
However, even if passwords themselves are strong, accounts can be compromised if users do not
protect their passwords. A good password policy should include detailed procedures for a user that
require that a user should never tell his or her password to anyone else, never write a password
down where it could be read by others, properly secure any files in which a password is stored for
automate authentication, and if a password is known to be stolen or known by others, to promptly
notify the system administrator. Password aging should be enforced so that any passwords which slip
through these rules are only vulnerable for a short window of time, and old passwords should not
be reused. Administrators should make sure that the users are given warning of a pending password
change and several chances to change their password before it expires. When faced with the message
Your password has expired and must be changed, users will tend to pick a bad password.
Tightly Control Accounts. Any service-based or administrative accounts not in use should
be disabled or if possible removed completely. Any service-based or administrative accounts which
are used should be given new and strong passwords as soon as the service or account is installed
or activated. Configure new user accounts with randomly-generated initial passwords, and force users
to change them when they first log in. Audit the accounts on your systems on a regular and proactive
basis, and maintain a master list of all of these accounts detailing the service requiring the account
and the intended need. Develop stringent procedures for adding/removing authorized accounts to/from
the list. Have rigid procedures for removing accounts when employees or contractors leave or when
the accounts are no longer required. Validate the master list on a regular scheduled basis to make
sure no new accounts have been added and that unused accounts have been removed. In addition, do
not forget to check the accounts and passwords on supporting systems like routers, switches, and
Internet-connected digital printers, copiers and printer controllers.
Many network services utilized by UNIX systems are clear-text (also known as "plain text"). That
means that there is no encryption used by those services. Lack of encryption allows everybody who is
observing network traffic ("sniffing") to gain access to either communication contents and/or authentication
credentials.
For example, to steal the FTP or telnet login information, an attacker needs to place a network sniffer
somewhere along the connection path, such as on the FTP server LAN or on the client LAN. The transmission
of information between R-command clients and R-services in plain-text permits data or keystrokes to
be intercepted as well. Attackers have often deployed sniffers in recent security incidents and often
on compromised machines. Finding usernames and passwords in sniffed data is very easy.
Here is a summary table of most common UNIX network services which are transmitted in clear text.
Service
Port
Clear Content
Clear Auth
What is transferred
FTP
21,20
y
y
Text, binary
TFTP
69
y
N/A
Text, binary
telnet
23
y
y
Text
SMTP
25
y
N/A
Text, binary
POP3
110
y
y
Text, binary
IMAP
143
y
y
Text, binary
rlogin
513
y
y
Text
rsh
514
y
y
Text
HTTP
80
y
y
Text, binary
Services such as telnet and FTP where both contents and authentication credentials are transmitted
in clear text present the highest risk, since attacker will be able to reuse the credentials and access
the system at their leisure. Additionally, command session run in clear text may also be hijacked and
used by the attacker to run commands without authentication.
Here is the risk summary from clear text services:
Activity possible
Risk
Sniffing the username
Simplifies brute-forcing attacks
Sniffing the password
Gives remote access
Sniffing FTP content
File stealing
Session hijacking
Run commands on a target system
HTTP session sniffing
Discloses web authentication credentials
The Operating Systems Affected
All UNIX flavors contain clear-text services (telnet and FTP being the most common). All UNIX/Linux
flavors with the possible exception of the latest editions of Free/OpenBSD ship with some of the services
enabled by default.
How to Determine if you are Vulnerable
The most effective and reliable way to determine whether clear text services are in use is to use a
sniffer tool similar to those used by attackers.
The most commonly used sniffer is "tcpdump" Run it as:
# tcpdump -X -s 1600
to detect any clear text communication. "Tcpdump" may be obtained at
http://www.tcpdump.org.
Another such tool is "ngrep" which allows one to look for specific patterns in network communication,
such as "sername" or "assword" (the first letters are removed to accomodate for possible capitalization).
Run the tool as:
There are also more sophisticated tools specifically designed to detect authentication credentials
on the network. "Dsniff" is the most popular tool of that sort. Simply running:
# /usr/sbin/dsniff
will make the tool to detect and print all username-password pairs detected on the network in a large
number of plain text protocols, such as FTP, telnet or POP3. Dsniff may be obtained at
http://www.monkey.org/~dugsong/dsniff/.
How to Protect Against It
Using end-to-end or at least link-level encryption will help. Some protocols have encrypted equivalents
such as POP3S and HTTPS. For the protocols which do not have native encryption capabilities, one can
tunnel them over SSH (Secure Shell) or SSL connection.
As an example: FTP might be replaced with more secure software solutions such as SFTP or SCP (parts
of the Secure Shell software package) and use a web server to distribute files to a wide audience.
The most popular and flexible SSH implementation is OpenSSH (available at
http://www.openssh.org). It runs
on most UNIX variants and may be used for remote interactive sessions (replaces telnet, rlogin and rsh)
and tunneling (of POP3, SMTP, X11 and many other protocols).
Here is how one can tunnel POP3 over SSH connection. The POP3 server needs to be also running the
SSH server. First run this on the client machine:
Now, point your email client to localhost, TCP port 110 (unlike the usual 'pop3.mail.server.com',
port 110). All communication between your machine and the POP3 mail server will be tunneled over SSH
and thus encrypted.
Another popular encrypted tunneling solution is "stunnel". It implements SSL protocol (via OpenSSL
toolkit) and may be used to tunnel various plain text protocols. Stunnel may be obtained at
http://www.stunnel.org/.
Sendmail is the program that sends, receives, and forwards most electronic mail processed on UNIX
and Linux systems. Sendmail is the most popular Mail Transfer Agent (MTA) and its widespread use on
the Internet has historically made it a prime target of attackers, resulting in numerous exploits over
the years.
Most of these exploits are successful only against older or unpatched versions of the software. Despite
the fact that the known vulnerabilities are well documented and have been repaired in newer releases,
there remain so many outdated or misconfigured versions still in use today that Sendmail remains one
of the most frequently attacked services. Among the most recent critical vulnerabilities are:
CERT Advisory CA-2003-12 Buffer Overflow in Sendmail
CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
CERT Advisory CA-2003-25 Buffer Overflow in Sendmail
CERT Advisory
CA-2003-12
Buffer Overflow in Sendmail gives the following excellent description of a Sendmail buffer overflow
and the danger it poses to network integrity.
This vulnerability is message-oriented as opposed to connection-oriented. That means that the
vulnerability is triggered by the contents of a specially-crafted email message rather than by lower-level
network traffic. This is important because an MTA that does not contain the vulnerability will pass
the malicious message along to other MTAs that may be protected at the network level. In other words,
vulnerable sendmail servers on the interior of a network are still at risk, even if the site's border
MTA uses software other than sendmail. Also, messages capable of exploiting this vulnerability may
pass undetected through many common packet filters or firewalls.
The risks presented by running Sendmail can be grouped into two major categories: privilege escalation
caused by buffer overflows, and improper configuration that allows your machine to be a relay for electronic
mail from any other machine. The former is a problem on any system still running older or unpatched
versions of the software. The latter results from using either improper or default configuration files,
and is a chief obstacle to fighting the proliferation of spam.
Operating Systems Affected
Nearly all UNIX and Linux systems come with a version of Sendmail installed that is enabled and running
by default.
How to Determine if you are Vulnerable
Sendmail has had a large number of vulnerabilities in the past. Do not always trust the version string
returned by the daemon as that is just read from a text file on the system that may not have been updated
properly.
Any outdated or unpatched version of the software is likely to be vulnerable.
To determine the version of Sendmail, use the following command:
echo \$Z | /usr/lib/sendmail -bt -d0
Depending on your system, the path to Sendmail may be different and you have to modify the above
command accordingly to point to the right path.
How to Protect Against It
The following steps should be taken to protect Sendmail:
Upgrade to the latest version and/or implement patches. The source code can be found at http://www.sendmail.org/.
If your version of Sendmail came packaged with your operating system, patches should be available
at your operating system vendor's website (various vendor-specific information, including compile-time
and configuration suggestions, is also available at
http://www.sendmail.org).
Sendmail is typically enabled by default on most UNIX and Linux systems, even those which are
not acting as mail servers or mail relays. Do not run Sendmail in daemon mode (turn off the "-bd"
switch) on these machines. You can still send email from this system by configuring it to point
to a mail relay in the sendmail configuration file, sendmail.cf (which is typically located at /etc/mail/sendmail.cf).
If you must run Sendmail in daemon mode, ensure that your configuration is designed to relay
mail appropriately and only for systems under your purview. See
http://www.sendmail.org/tips/relaying.html
and http://www.sendmail.org/m4/anti_spam.html
for assistance in properly configuring your server. Starting with Sendmail 8.9.0, open relaying
was disabled by default.
When you change to a new version of Sendmail, it is also recommended to change the configuration
files that are provided with that version as older configurations may still allow relaying even
when running the newest code. It is now possible to build a Sendmail configuration file (sendmail.cf)
using the configuration files provided with the Sendmail release. Additional details on Sendmail
configuration can be obtained at
http://www.sendmail.org/m4/readme.html.
When you download the Sendmail distribution you must verify the PGP signature to ensure it is
an authentic copy. Do not use Sendmail without verifying the integrity of the source code. Trojan
copies of Sendmail have existed in the past. Please read the
CERT Advisory
CA-2002-28 Trojan Horse Sendmail Distribution to learn more. Keys used to sign Sendmail distributions
can be obtained at
http://www.sendmail.org/ftp/PGPKEYS. In the absence of PGP, you should use the MD5 checksums
to verify the integrity of the Sendmail source code distribution.
The Simple Network Management Protocol (SNMP) is used extensively to remotely monitor and configure
almost all types of modern TCP/IP-enabled devices. While SNMP is rather ubiquitous in its distribution
across networking platforms, it is most often used as a method to configure and manage devices such
as printers, routers, switches, access points, and to provide input for network monitoring services.
Simple Network Management communication consists of different types of exchanged messages between SNMP
management stations and network devices which run what is commonly referred to as agent software. The
method by which these messages are handled and the authentication mechanism behind such message handling
both have significant exploitable vulnerabilities.
The vulnerabilities behind the method by which SNMP version 1 handles and traps messages are outlined
in detail in CERT Advisory CA-2002-03. There exists a set of vulnerabilities in the way trap and request
messages are handled and decoded by management stations and agents alike. These vulnerabilities are
not restricted to any specific implementation of SNMP but instead affect a variety of vendors' SNMP
distributions. The result of attackers exploiting these vulnerabilities may range anywhere from denial
of service to unwanted configuration and management of your SNMP-enabled machinery.
The authentication mechanism of older SNMP frameworks also poses a significant vulnerability. SNMP
versions 1 and 2 use an unencrypted "community string" as their only authentication mechanism. Lack
of encryption is bad enough, but the default community string used by the vast majority of SNMP devices
is "public," with a few supposedly clever network equipment vendors changing the string to "private"
for more sensitive information. Attackers can use this vulnerability in SNMP to reconfigure or shut
down devices remotely. Sniffed SNMP traffic can reveal a great deal about the structure of your network
as well as the systems and devices attached to it. Intruders use such information to pick targets and
plan attacks.
Most vendors enable SNMP version 1 by default, and many do not offer products capable of using SNMP
version 3's security models which can be configured to use improved authentication methods. However,
there are freely-available replacements which do provide SNMPv3 support under GPL or BSD licenses.
SNMP is not unique to UNIX; it is extensively used on Windows, in networking equipment, wireless
access points and bridges, printers and embedded devices. But the majority of SNMP-related attacks seen
thus far have occurred on UNIX systems with poor SNMP configurations.
Operating Systems Affected
Nearly all UNIX and Linux systems come with SNMP installed, and often by default it is enabled. Most
other SNMP-enabled network devices and operating systems are also vulnerable.
How to Determine if you are Vulnerable
You can verify whether SNMP is running on network-connected devices by running a scanner or checking
manually.
SNMPing - You can obtain the free SNMPing scanning tool from the SANS Institute by emailing a blank
mail message to snmptool@sans.org. You will get a return message with the URL where you can download
the tool.
SNScan - Foundstone created another easy-to-use SNMP scanning tool called SNScan, which can be obtained
at http://www.foundstone.com/knowledge/free_tools.html.
If you cannot use any of the above tools, you should manually verify if SNMP is running on your systems.
Refer to your operating system documentation on how to specifically identify its particular SNMP implementation,
but the basic daemon can usually be identified by grepping for "snmp" in the process list or by looking
for services running on ports 161 or 162.
A running SNMP instance is probably sufficient evidence that you are vulnerable to pervasive trap
and request handling errors. Please see CERT Advisory CA-2002-03 for additional information.
If SNMP is running and any of these additional variables are met, you may have a default or easily
guessable string-related vulnerability:
How to Protect Against It
Trap and Request Handling Vulnerabilities:
If you do not absolutely require SNMP, disable it.
Wherever possible, employ an SNMPv3 user-based security model with message authentication and
possibly encryption of the protocol data unit.
If you must use SNMPv1 or v2, make sure you are running the latest patched version from your
vendor. A good starting point in obtaining vendor specific information is Appendix A of CERT Advisory
CA-2002-03.
Filter SNMP (port 161 TCP/UDP and 162 TCP/UDP) at the ingress points to your networks unless
it is absolutely necessary to poll or manage devices externally.
Employ host-based access control on your SNMP agent systems. While this capability may be limited
by SNMP agent operating system capabilities, control of what systems your agents will accept requests
from may be possible. On most UNIX systems this can be accomplished through a TCP-Wrappers or Xinetd
configuration. An agent-based packet filtering firewall on the host can also be used to block unwanted
SNMP requests.
Default and Guessable String-Related Vulnerabilities:
If you do not absolutely require SNMP, disable it.
Wherever possible, employ an SNMPv3 user-based security model with message authentication and
possibly encryption of the protocol data unit.
If you must use SNMPv1 or v2, use the same policy for community names as used for passwords.
Make sure they are difficult to guess or crack and they are changed periodically.
Filter SNMP (port 161 TCP/UDP and 162 TCP/UDP) at the ingress points to your networks unless
it is absolutely necessary to poll or manage devices externally. Then, if possible, configure filtering
to only permit SNMP traffic between trusted subnets.
Description
Secure shell (SSH) is a popular service for securing logins, command execution, and file transfers across
a network. Most UNIX-based systems use either the open-source
OpenSSH package or the commercial
version from SSH Communication Security.
Although SSH is vastly more secure than the telnet, ftp, and R-command programs it is intended to replace,
there have been multiple flaws found in both implementations. Most are minor bugs, but a few are major
security issues that should be repaired immediately. The most dangerous of these actively exploited
holes allows attackers to remotely obtain root access on a vulnerable machine.
It should also be noted that there is a growing use of SSH clients and servers in the Windows environment
and that most of the information in this section applies to both the *nix and Windows implementations
of SSH.
While SSH is presented here as one of the Top 20 vulnerabilities, it is more the case that the mismanagement
of SSH, specifically misconfiguration and the failure to apply updates and patches in a timely manner,
account for its inclusion in this list.
SSH2 is actually a powerful tool that when properly configured and maintained can help remediate
many of the other top 20 vulnerabilities, specifically those that send material in clear text across
untrusted networks like the Internet. Many of the vulnerabilities found in protocols such as POP3, FTP
(replace with SSH2s SFTP), Telnet, HTTP, and the rhost based tools (rlogin, rcp, and rsh) involve eavesdropping
on clear text transmissions or manipulating client server sessions. This makes encryption and authentication
key management provided by SSH2 along with its ability to forward or redirect sessions, an attractive
VPN type of wrapper for otherwise vulnerable traffic.
The SSH1 protocol itself has been demonstrated to be potentially vulnerable to having a session decrypted
in transit given certain configurations. For this reason, administrators are encouraged to use the stronger
SSH2 protocol whenever possible.
Note: SSH1 and SSH2 are not compatible. With only a few exceptions, the version of SSH
on both the client and the server must match.
In addition, users of OpenSSH should note that the OpenSSL libraries against which OpenSSH is typically
built have software vulnerabilities of their own. Please see
CERT Advisory
2002-23 for more details. They should also be aware that a trojan-horse version of the OpenSSH was
being distributed for a short time in the summer of 2002 (CAN-1999-0661).
Please see http://www.openssh.org/txt/trojan.adv
for details about ensuring that your version is not affected.
Operating Systems Affected
Any UNIX or Linux system running OpenSSH 3.3 or earlier (version 3.6.1 was released on April 1, 2003),
or SSH Communication Security's SSH 3.0.0 or earlier (3.2.5 was released on June 30, 2003).
How to Determine if you are Vulnerable
Use a vulnerability scanner to see whether you are running a vulnerable version, or check the software
version reported by running the command 'ssh -V'.
The ScanSSH tool is particularly useful for remotely identifying SSH servers that are dangerously
un-patched. The ScanSSH command line tool scans a list of addresses and networks for SSH protocol servers
and reports their version numbers. Written by Niels Provos
and released under the BSD-license, the latest version was released on 2001-11-30
and is available at
http://www.monkey.org/~provos/scanssh/.
How to Protect Against It
Upgrade to the most recent version of either
OpenSSH or
SSH. Or if SSH or OpenSSH came
installed with your operating system, retrieve the latest patches from your operating system vendor.
If you use OpenSSL, be sure to use the latest version of those libraries.
Where possible, upgrade from SSH1 to SSH2. SSH1 does not appear to be under further development,
while SSH2 is in active development. Where migration is not possible, begin developing plans and
strategies that will make migration to SSH2 possible.
Both the SSH implementations include a variety of configuration options to restrict what machines
can connect, what users are allowed to authenticate, and via what mechanisms. Administrators should
determine how these options could most appropriately be set for their environment.
Verify that each SSH client is not configured to revert back to the rsh program when connecting
to a server that does not support SSH. The FallBackToRsh key should be set to No in the SSH configuration
file.
Specify the use of blowfish encryption rather than the 3DES, which may be the default of the
version. This will provide faster operation without reducing the effective encryption strength.
A host providing SSH services must itself be adequately protected otherwise vulnerabilities
that allow the host to be compromised put the SSH service at risk.
The Network File System (NFS) and Network Information Service (NIS) are two important services used
in UNIX networks. NFS is a service originally created by Sun Microsystems that is designed to share
files among UNIX systems over a network. NIS is also a set of services that works as a database service
to provide location information, called Maps, to other network services such as NFS. The most common
examples of these Maps are the passwd and group files which are used to centralize user authentication.
The security problems with both services, represented by the continuous issues discovered over the
years (buffer overflows, DoS and weak authentication), made them a frequent target of attack.
Besides the unpatched services that are still widely deployed, the higher risks may be represented
by the misconfiguration of NFS and NIS that will easily allow security holes to be exploited and accessed
by users locally or remotely.
The lax authentication offered by NIS while querying NIS maps allow users to use applications like
ypcat that can display the values of NIS database, or map, to retrieve the password file. The same kind
of problem occurs with NFS which implicitly trusts the UID (user ID) and GIDs (group ID) that the NFS
client presents to the server, and depending on the server configuration, this may allow any user to
mount and explore the remote file system.
Operating Systems Affected
Nearly all UNIX and Linux systems come with a version of NFS and NIS installed and often enabled by
default.
How to Determine if you are Vulnerable
The following steps are related to NIS/NFS software vulnerabilities:
Verify that you are current with the patches released by your vendor. For most versions the
command rpc.mountd -version for NFS and ypserv -version for NIS will show the version of both. Any
unpatched or outdated version of the software is likely to be vulnerable.
For software vulnerabilities, a more complete approach would be to use an updated vulnerability
scanner to periodically check your system against new flaws.
The following steps are related to NIS configuration:
Ensure that Root password is not maintained in an NIS map.
Check if the users passwords are in accord with the security practices. A password cracker can
be used to accomplish this.
Please Note: Never run a password cracker, even on systems for which you have root-like
access, without explicit and preferably written permission from your employer. Administrators
with the most benevolent of intentions have been fired for running password cracking tools without
authority to do so.
The following steps are related to NFS configuration:
Verify if the hosts, netgroups and permissions in the /etc/exports file is up-to-date.
Run the command showmount e to see what has been exported. Check to see if your mounts are in
compliance with your security policy.
How to Protect Against It
The following steps are related to NIS configuration:
In each client you can explicitly list the NIS servers to bind to, preventing another systems
from masquerading as a NIS server.
While making the DBM files, activate the YP_SECURE feature to ensure that the server will only
answer requests from a client on privileged ports. This can be accomplished by using the switch
s with the command makedbm.
Include the trusted hosts and networks in the /var/yp/securenets used by the ypserv and the
ypxfrd processes, and remember to restart the daemons to get the changes to take effect.
On your NFS Clients be sure to have the entry +:*:0:0::: in your password map.
The following steps are related to NFS configuration:
Use numeric IP addresses or fully qualified domain names instead of aliases when allowing clients
in the /etc/exports file.
A tool called NFSBug can be used to test the configuration. The tests will include finding world
exported file systems, determining whether export restrictions work, determining whether file systems
can be mounted through the portmapper, trying to guess file handles, and exercising various bugs
to access file systems. ftp://coast.cs.purdue.edu/pub/tools/unix/nfsbug/
Use the /etc/exports file to restrict access to NFS file system by adding parameters:
Prevent normal users from mounting an NFS file system by adding a secure parameter after
the IP address or domain name of your NFS client. (e.g.: /home 10.20.1.25(secure) )
Export the NFS file system with appropriate permissions. This could be done by adding the
appropriate permission (ro for Read-only or rw for Read-Write) after the IP address or domain
name of your NFS client in the /etc/exports file. (e.g.: /home 10.20.1.25(ro) )
If possible, use the parameter root_squash after the IP address or domain name of your NFS
client. If this parameter is enabled, the superuser ID root on NFS Client will be replaced by
the user ID nobody in the NFS Server. This means that the root user on the client can't access
or change files that only root on the server can access or change, preventing it from gaining
superuser privileges in the server. (e.g.: /home 10.20.1.25(root_squash) )
A complete set of parameters can be found in the /etc/exports manpage. http://www.netadmintools.com/html/5exports.man.html
On Solaris O.S. make sure to activate the Port Monitoring feature. This can be done by adding
the line set nfssrv:nfs_portmon = 1 on the /etc/system file.
A Linux system by default denies cooperation with NFS clients using a non-privileged port.
General considerations related to NIS and NFS:
Review your firewall policies and be sure to block all unnecessary ports, as well Port 111 (Portmap)
and Port 2049 (Rpc.nfsd). Also allow access to the NIS and NFS servers only from authorized clients.
A local measure can also be applied by restricting access through tcp_wrappers located at
http://sunsite.cnlab-switch.ch/ftp/software/security/security-porcupine.org/. In your etc/hosts.allow
file you should state the service and IP allowed to access the service (e.g. portmap: 10.20.1.1/16
to allow the network 10.20.0.0 to access the portmap service). Also, in the /etc/hosts.deny file,
you should include the services and the IPs that are NOT allowed to access the services (e.g.: portmap:
ALL, which will deny access to all other IP addresses that are not included in the /etc/hosts.allow).
The Portmap service is an important service to have the access denied because it is the one that
the NFS operates though.
Apply all vendor patches or upgrade your NIS and NFS Servers to the latest version. For more
information about hardening your UNIX installation, see the CERTs
UNIX Security
Checklist.
Disable the NFS and NIS daemons on any system that is not specifically designated and authorized
to be a NFS and/or NIS server. To prevent this change from being reversed, it may be wise to also
remove the NFS and/or NIS software.
The open-source OpenSSL library
is a popular package to add cryptographic security to applications that communicate over the network.
Although Apache is probably the
most well-known use of the package (to support https: connections on port 443), many other programs
have been modified to use OpenSSL for security.
The usual usage of OpenSSL is a toolkit where other applications use OpenSSL to provide cryptographic
security for a connection. As a result, rather than targeting OpenSSL directly, the exploits for the
vulnerabilities will target the application using it. One popular exploit attacks the Apache server's
use of OpenSSL. Just because you are not running Apache with OpenSSL support does not mean you are safe.
A suitable modification of the exploit may be able to attack Sendmail, openldap, CUPS, or any other
OpenSSL using program installed on the target machine.
Multiple vulnerabilities have been found in OpenSSL, of which the most serious are the set of 4 vulnerabilities
listed in
CAN-2002-0655,
CAN-2002-0656,
CAN-2002-0557, and
CAN-2002-0659. These allow the remote execution of arbitrary code as the user of the OpenSSL libraries
(which in some cases, such as 'sendmail', is the 'root' user).
Operating Systems Affected
Any UNIX or Linux system running OpenSSL 0.9.7 or earlier. Note that quite often, OpenSSL is installed
to support some other component. For instance, on a RedHat Linux 9.0 system packages such as Apache,
CUPS, Curl, OpenLDAP, Stunnel, and Sendmail (among others) all use the OpenSSL libraries to secure connections.
How to Determine if you are Vulnerable
Check the output of the command 'openssl version'. If the version isn't 0.9.7a or later, you are vulnerable.
How to Protect Against It
Upgrade to the most recent version of
OpenSSL. If OpenSSL came installed
with your operating system, retrieve the latest patches from your operating system vendor. Note
that in some cases, re-compiling and/or re-linking of applications may be required to enable the
updated libraries. Note that one of the most common usages of OpenSSL is for securing HTTP traffic
over the public Internet for e-commerce where restricting hosts is probably not feasible.
Or in other words, a simple, reliable and clear solution (which has some faults due to its age) was replaced with a gigantic KISS
violation. No engineer worth the name will ever do that. And if it needs doing, any good engineer will make damned sure to achieve maximum
compatibility and a clean way back. The systemd people seem to be hell-bent on making it as hard as possible to not use their monster.
That alone is a good reason to stay away from it.
Notable quotes:
"... We are systemd. Lower your memory locks and surrender your processes. We will add your calls and code distinctiveness to our own. Your functions will adapt to service us. Resistance is futile. ..."
"... I think we should call systemd the Master Control Program since it seems to like making other programs functions its own. ..."
"... RHEL7 is a fine OS, the only thing it's missing is a really good init system. ..."
Systemd is nothing but a thinly-veiled plot by Vladimir Putin and Beyonce to import illegal German Nazi immigrants over the
border from Mexico who will then corner the market in kimchi and implement Sharia law!!!
We are systemd. Lower your memory locks and surrender your processes. We will add your calls and code distinctiveness to
our own. Your functions will adapt to service us. Resistance is futile.
They don't want to replace the kernel, they are more than happy to leverage Linus's good
work on what they see as a collection of device drivers. No, they want to replace the GNU/X
in the traditional Linux/GNU/X arrangement. All of the command line tools, up to and
including bash are to go, replaced with the more Windows like tools most of the systemd
developers grew up on, while X and the desktop environments all get rubbished for Wayland
and GNOME3.
And I would wish them luck, the world could use more diversity in operating systems. So
long as they stayed the hell over at RedHat and did their grand experiment and I could
still find a Linux/GNU/X distribution to run. But they had to be borg and insist that all
must bend the knee and to that I say HELL NO!
This is the core system within systemd that allows different bits of userspace to talk to
each other. But it's got problems. A demonstration of the D-Bus problem is the recent Jeep hack
by researchers Charlie Miller and Chris Valasek. The root problem was that D-Bus was openly
(without authentication) accessible from the Internet.
Likewise, the "AllJoyn" system for the "Internet of Things" opens up D-Bus on the home
network. D-Bus indeed simplifies communication within userspace, but its philosophy is to put
all your eggs in one basket, then drop the basket.
In the second part of his blog post, Strauss argues that systemd improves security by making
it easy to apply hardening techniques to the network services which he calls the "keepers of
data attackers want." According to Strauss, I'm "fighting one of the most powerful tools we
have to harden the front lines against the real attacks we see every day." Although systemd
does make it easy to restrict the privileges of services, Strauss vastly overstates the value
of these features.
The best systemd can offer is whole application sandboxing. You can start a daemon as a
non-root user, in a restricted filesystem namespace, with mandatory access control. Sandboxing
an entire application is an effective way to run potentially malicious code, since it protects
other applications from the malicious one. This makes sandboxing useful on smartphones, which
need to run many different untrustworthy, single-user applications. However, since sandboxing a
whole application cannot protect one part of the application from a compromise of a different
part, it is ineffective at securing benign-but-insecure software, which is the problem faced on
servers. Server applications need to service requests from many different users. If one user is
malicious and exploits a vulnerability in the application, whole application sandboxing doesn't
protect the other users of the service.
For concrete examples, let's consider Apache and Samba, two daemons which Strauss says would
benefit from systemd's features.
First Apache. You can start Apache as a non-root user provided someone else binds to ports
443 and 80. You can further sandbox it by preventing it from accessing parts of the filesystem
it doesn't need to access. However, no matter how much you try to sandbox Apache, a typical
setup is going to need a broad amount of access to do its job, including read permission to
your entire website (including password-protected parts) and access to any credential (database
password, API key, etc.) used by your CGI, PHP, or similar webapps.
Even under systemd's most restrictive sandboxing, an attacker who gains remote code
execution in Apache would be able to read your entire website, alter responses to your
visitors, steal your HTTPS private keys, and gain access to your database and any API consumed
by your webapps. For most people, this would be the worst possible compromise, and systemd can
do nothing to stop it. Systemd's sandboxing would prevent the attacker from gaining access to
the rest of your system (absent a vulnerability in the kernel or systemd), but in today's world
of single-purpose VMs and containers, that protection is increasingly irrelevant. The attacker
probably only wants your database anyways.
To provide a meaningful improvement to security without rewriting in a memory-safe language,
Apache would need to implement proper privilege separation. Privilege separation means using
multiple processes internally, each running with different privileges and responsible for
different tasks, so that a compromise while performing one task can't lead to the compromise of
the rest of the application. For instance, the process that accepts HTTP connections could pass
the request to a sandboxed process for parsing, and then pass the parsed request along to yet
another process which is responsible for serving files and executing webapps. Privilege
separation has been used effectively by OpenSSH, Postfix, qmail, Dovecot, and over a dozen daemons in
OpenBSD . (Plus a couple of my own: titus and rdiscd .) However, privilege
separation requires careful design to determine where to draw the privilege boundaries and how
to interface between them. It's not something which an external tool such as systemd can
provide. (Note: Apache already implements privilege separation that allows it to process
requests as a non-root user, but it is too coarse-grained to stop the attacks described
here.)
Next Samba, which is a curious choice of example by Strauss. Having configured Samba and
professionally administered Windows networks, I know that Samba cannot run without full root
privilege. The reason why Samba needs privilege is not because it binds to privileged ports,
but because, as a file server, it needs the ability to assume the identity of any user so it
can read and write that user's files. One could imagine a different design of Samba in which
all files are owned by the same unprivileged user, and Samba maintains a database to track the
real ownership of each file. This would allow Samba to run without privilege, but it wouldn't
necessarily be more secure than the current design, since it would mean that a
post-authentication vulnerability would yield access to everyone's files, not just those of the
authenticated user. (Note: I'm not sure if Samba is able to contain a post-authentication
vulnerability, but it theoretically could. It absolutely could not if it ran as a single user
under systemd's sandboxing.)
Other daemons are similar. A mail server needs access to all users' mailboxes. If the mail
server is written in C, and doesn't use privilege separation, sandboxing it with systemd won't
stop an attacker with remote code execution from reading every user's mailbox. I could continue
with other daemons, but I think I've made my point: systemd is not magic pixie dust that can be
sprinkled on insecure server applications to make them secure. For protecting the "data
attackers want," systemd is far from a "powerful" tool. I wouldn't be opposed to using a
library or standalone
tool to sandbox daemons as a last line of defense, but the amount of security it provides
is not worth the baggage of running systemd as PID 1.
Achieving meaningful improvement in software security won't be as easy as adding a few lines
to a systemd config file. It will require new approaches, new tools, new languages. Jon Evans
sums it up eloquently :
... as an industry, let's at least set a trajectory . Let's move towards writing
system code in better languages, first of all -- this should improve security and speed.
Let's move towards formal specifications and verification of mission-critical code.
Systemd is not part of this trajectory. Systemd is more of the same old, same old, but with
vastly more code and complexity, an illusion of security features, and, most troubling,
lock-in. (Strauss dismisses my lock-in concerns by dishonestly claiming that applications
aren't encouraged to use their non-standard DBUS API for DNS resolution. Systemd's own
documentation says "Usage of this API is generally recommended to clients." And while
systemd doesn't preclude alternative implementations, systemd's specifications are not
developed through a vendor-neutral process like the IETF, so there is no guarantee that other
implementers would have an equal seat at the table.) I have faith that the Linux ecosystem can
correct its trajectory. Let's start now, and stop following systemd down the primrose path.
Ubuntu,
Fedora, Arch Linux and other Linux distributions have released patches for a serious arbitrary
code execution vulnerability that could be exploited through malicious Domain Name System (DNS)
packets.
The flaw was found in systemd-resolved
, a service that's part of the systemd initialization system adopted by
many Linux distributions in recent years. The resolved service provides network name resolution
to local applications by querying DNS servers.
The vulnerability, tracked as CVE-2017-9445 , was
discovered by Chris Coulson , a
software engineer at Canonical and member of the Ubuntu team, who noticed that when dealing
with certain data packet sizes, systemd-resolved fails to allocate a sufficiently large
buffer.
"A malicious DNS server can exploit this by responding with a specially crafted TCP payload
to trick systemd-resolved to allocate a buffer that's too small, and subsequently write
arbitrary data beyond the end of it," Coulson said in an advisory posted on the Open
Source Security mailing list.
This could be exploited to crash the systemd-resolved daemon or to execute potentially
malicious code in its context.
There are multiple ways in which an attacker could send malicious DNS packets to a Linux
system with systemd-resolved running. One of them is by launching a man-in-the-middle attack on
an insecure wireless network or through a compromised router.
Fortunately, not all Linux systems are affected because some distributions don't use systemd
and even among those that do, not all of them include systemd-resolved. For example, SUSE and
openSUSE distributions don't ship this component and, while
Debian 9 (Stretch) includes it, the service is not enabled by default . The
previous Debian versions don't have the vulnerable code at all.
Ubuntu ,
Arch Linux and probably
other distributions are also affected. Users should check if they have any updates pending for
systemd and should deploy the patches as soon as possible. According to Coulson, the flaw was
likely introduced in systemd version 223 in 2015 and affects all versions up to and including
233.
Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 )
in a component of
systemd
, a software suite that provides fundamental building blocks for a Linux operating system
used in most major Linux distributions.
The flaws reside in the
systemd
journald
,
a service of the
systemd
that collects and stores logging data.
Both CVE-2018-16864 and CVE-2018-16865 bugs are memory corruption vulnerabilities, while the
CVE-2018-16866 is an out of bounds issue that can lead to an
information
leak.
Security patches for the three vulnerabilities are included in
distro
repository since the coordinated disclosure, but some Linux distros such as some versions
of
Debian
remain vulnerable. The flaws cannot be exploited in SUSE Linux Enterprise 15, openSUSE Leap 15.0, and
Fedora 28 and 29 because their code is compiled with GCC's -fstack-clash-protection option.
"... is vulnerable to an out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers. ..."
"... could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." reads the advisory published by Red Hat. ..."
Both Ubuntu and Red Hat Linux published a security advisory on the issue. summary :
"
systemd – networkd is vulnerable to an out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers. A attacker
could exploit this via malicious DHCP server to corrupt heap memory on client machines,
resulting in a denial of service or potential code execution." reads the advisory published by Red
Hat.
"Felix Wilhelm discovered that systemd-networkd's dhcp6 client could be made to write beyond
the bounds (buffer overflow) of a heap allocated buffer when responding to a dhcp6 server with
an overly-long server-id parameter." reads the advisory
published by Ubuntu.
The author of Systemd, Leonard Poettering, promptly
published a security fix for Systemd-based Linux system
relying on systemd-networkd.
1. It's reasonable to claim that amd64 (x86_64) is more secure than x86. x86_64 has larger address space, thus higher ASLR
entropy. The exploit needs 10 minutes to crack ASLR on x86, but 70 minutes on amd64. If some alert systems have been deploy on
the server (attacks need to keep crashing systemd-journald in this process), it buys time. In other cases, it makes exploitation
infeasible.
2. CFLAGS hardening works, in addition to ASLR, it's the last line of defense for all C programs. As long as there are still
C programs running, patching all memory corruption bugs is impossible. Using mitigation techniques and sandbox-based isolation
are the only two ways to limit the damage. All hardening flags should be turned on by all distributions, unless there is a special
reason. Fedora turned "-fstack-clash-protection" on since Fedora 28 (
https://fedoraproject.org/wiki/Changes/HardeningFlags28
).
If you are releasing a C program on Linux, please consider the following,
Major Linux distributions, including Fedora, Debian, Arch Linux, openSUSE are already doing it. Similarly, Firefox and Chromium
are using many of these flags too. Unfortunately, Debian did not use `-fstack-clash-protection` and got hit by the exploit, because
it was only added since GCC 8.
"Proof" suggests a level of absolute confidence that this example certainly does not give.
> The exploit needs 10 minutes to crack ASLR on x86, but 70 minutes on amd64.
Is there any realistic threat model under which the difference between 10 minutes and 70 minutes is the difference between
"insecure" and "secure"?
> Using mitigation techniques and sandbox-based isolation are the only two ways to limit the damage.
I'm not at all convinced that mitigation techniques represent a real improvement in security, because by definition a mitigation
technique is not backed by a solid model. If you're letting an attacker control the modification of memory that your security
model assumes isn't modifiable, how confident can you be that ad-hoc mitigations for all the ways you could think of to exploit
that cover all the possible ways to exploit that? E.g. I can remember a time when ASLR was touted as a solution to C's endemic
security vulnerabilities; now cracking ASLR as part of vulnerability exploitation is routine, as seen here. Mitigations appear
to give a security improvement because an app with mitigations is no longer the low-hanging fruit, but I suspect this is a case
of "you don't have to outrun the bear": as long as there are C programs without mitigations, attackers will go after those first.
That's different from saying that mitigations provide substantial protection.
The hands-on-keyboard SLA for a lot of on-calls is 30 minutes.
So in an "attack was detected, break all the glass" scenario, the difference between 10 and 70 minutes is sufficient to
allow human operators to render the attack moot by offlining its target, while the attackers are still trying to break through
API servers.
At both big corps I've been at, the incident response plan for an exfiltration attack on customer data was invalidate DB
creds and take the system down ourselves.
Better to be out of service than lose custody of customer data.
>Is there any realistic threat model under which the difference between 10 minutes and 70 minutes is the difference between
"insecure" and "secure"?
How about an intrusion detection system that flags up a human response? 10 minutes is hardly any time at all to respond,
an hour gives you a chance to roll out of bed.
PaX offers an anti-bruteforce protection: if the kernel discovers a crash, the `fork()` syscall of the parent process is blocked
for 30 seconds for each failed attempt, the attacker is going to have a hard time beating 32-bit entropy. Meanwhine, it also
writes a critical-level message to the kernel logbuffer to notify sysadmins, and possibly uncover the 0day exploit the attacker
has used.
I guess, as long as the IDS senses the attack in progress quickly -- my gut is this type of attack would be hard to detect
until the outcome was achieved. More likely the initial entry would be the detected event(s) -- in which case yeah the extra
time gives some safety net.
In either case, it still feels like pulling all things into systemd creates a much harder to protect surface area on systems.
Why should init care if your logger crashes, let alone take down init with it? I am not a anti-systemd person but I honestly
do see the tradeoffs of the "let me do it all" architecture as a huge penalty.
It cares in the same way it cares about all the other processes. There's nothing systemd-specific here. Journald service
is configured to restart of crash, same as many other services.
It's not taking down init when journald crashes either.
> In either case, it still feels like pulling all things into systemd creates a much harder to protect surface area on systems.
Why should init care if your logger crashes, let alone take down init with it? I am not a anti-systemd person but I honestly
do see the tradeoffs of the "let me do it all" architecture as a huge penalty.
100% this. Also, as I understand it the exploit would not exist if it was literally just outputting log lines to a file
in /var/log/systemd/ ?
EDIT: Also as I understand it, appending directly to a file is just as stable as the journald approach, given that many,
many disk controllers and kernels are known to lie about whether they have actually flushed their cache to disk (actually moreso,
because the binary format of journald is arguably more difficult to recover into proper form than a timestamped plaintext --
please correct me if I'm wrong, though!!)
> the binary format of journald is arguably more difficult to recover into proper form than a timestamped plaintext -- please
correct me if I'm wrong, though!!
It depends what you mean by recover. To get the basic plaintext, you can pretty much run "strings" on the journal file and
grep for "MESSAGE=". It's append-only so the entries are in order. Just because it's a binary file doesn't mean the text itself
is mangled. (Unless you enable compression)
Enterprise systems or any large scale stack can have one running like this where people dismiss it for an hour. Some systems run hard like this by default. See Transcoding
Also, Weekend and Christmas attacks. In the field we are seeing more attacks with a valid username and pass occur at times
when a sysadmin may not be on call.
> Is there any realistic threat model under which the difference between 10 minutes and 70 minutes is the difference between
"insecure" and "secure"?
Time is given here just for an example. To crack systemd, it only takes 70 minutes, but in general, bruteforcing ASLR on
64-bit systems can take as few as 1.3 hours but as many as 34.1 hours, depending on the nature of bug. On the other hand, the
~20-bit of entropy on 32-bit systems is trivial to crack in 10 minutes for nearly all cases, and does not provide an adequate
security margin.
Oon a 64-bit system there is ~32-40 bit of ASLR entropy available for a PIE program. It forces an attacker to brute-force
it. Unlike other protections, no matter how is the system cleverly analyzed beforehand, it taxes the exploit by forcing it
to solve a computational puzzle. This fact alone, is enough to stop many "Morris Worm"-type remote exploitations (they have
suddenly became a serious consideration, given the future of IoT), since an exploit takes months or years to crack a single
machine.
If it's not enough (it is not, I acknowledge ASLR by itself cannot be enough), an intrusion detection system should be used,
and it already has used by many. For example, PaX offers an optional, simple yet effective anti-bruteforce protection: if the
kernel discovers a crash, the `fork()` attempt of the parent process is blocked for 30 seconds. It takes years before an attacker
is able to overcome the randomization (so the attacker is likely to try something else). In addition, it also writes a critical-level
message to the kernel logbuffer, the sysadmin can be notified, and possibly uncover the 0day exploit the attacker has used.
I'd call it a realistic threat model.
Finally, information leaks is a great concern here. Kernels and programs are leaking memory address like a sieve, and effectively
making ASLR useless. Linux kernel is already actively plugging these holes (but with limited effectiveness, HardenedBSD should
be the future case-study), so should other programs.
> e.g. I can remember a time when ASLR was touted as a solution to C's endemic security vulnerabilities; now cracking ASLR
as part of vulnerability exploitation is routine, as seen here.
You can make the same comment on NX bit, or W^X/PaX, or BSD jail, or SMAP/SMEP (in recent Intel CPUs), or AppArmor, or SELinux,
or seccomp(), or OpenBSD's pledge(), or Control Flow Integrity, or process-based sandboxing in web browsers, or virtual machine-based
isolation.
Better defense leads to better attacks, and it in turns leads to better defense. By playing the game, it may not be possible
to win, but by not playing it, losing the game is guaranteed. In this case, systemd is exploitable despite ASLR, due to a relatively
new exploit technique called "Stack Clash", and for this matter, GCC has already updated its -fstack-check to the new -fstack-clast-protection
long before the systemd exploit was discovered. If this mitigation has been used (like, by Fedora and openSUSE), it causes
simply a crash, and is not exploitable. At least before the attacker finds another way round.
Early kernels and web browsers have no memory and exploit protections whatsoever: a single wrong pointer dereference or
buffer overflow is enough to completely takeover the system. Nowadays, an attack needs to overcome at least NX, ASLR, sandboxing,
and compiler-level mitigation, and we still see exploits. So the conclusion is all mitigations are completely useless? If it's
your opinion, I'm fine to agree to your disagreement, many sensitive C programs need to be written in a memory-safe language
anyway. But as I see it, as long as there are still C programs running with undiscovered vulnerabilities, and as long as attackers
have to add more and more up-to-date workarounds and cracking techniques (ROP, anyone? but now the most sophisticated
attackers are moving to DATA-ONLY attacks) to their exploit checklist, then we are not losing the race by increasing the cost
of attacks.
On the other hand, if an attacker don't have to use an up-to-date cracking techniques, then we have serious problems. For
example, broken and incomplete mitigation is often seen in the real word, and it's the real trouble. Recently, it has been
discovered that the ASLR implementation in the MinGW toolchain is broken, allowing attackers to exploit VLC using shellcode
tricks from the 2000s (
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-r... ). And we still see broken NX bit protection and the total
absence of any ASLR, or -fstack-protector in ALL home routers (
https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-...
).
The principle of Defense-in-Depth is that, if the enemies are powerful enough, it's inevitable all protections will be overcame.
Like the Swiss Cheese Model ( https://en.wikipedia.org/wiki/Swiss_cheese_model
), a cliche in accident analysis, eventually there will be something that managed to find a hole in every layer of defense
and pass though. What we can do, is to do our best at each layer of defense to prevent the preventable incidents, and adding
more layers when the technology permits us.
My final words are: at least, do something. ASLR is already implemented as a prototype, analyzed, and exploited by clever
hackers back in 2002 ( http://phrack.org/issues/59/9.html
), but only seen major adoptions ten years later. It would be a surprise if ASLR-breaking techniques has not improved given
the inaction of most vendors.
> "Proof" suggests a level of absolute confidence that this example certainly does not give.
I agree. I should've use "given more empirical evidences" instead of "given a proof".
For real security, I believe memory-safe programming (e.g. Rust), and formal verification (e.g seL4) are the way forward,
although they still have a long way to go.
> You can make the same comment on NX bit, or W^X/PaX, or BSD jail, or SMAP/SMEP (in recent Intel CPUs), or AppArmor, or SELinux,
or seccomp(), or OpenBSD's pledge(), or Control Flow Integrity, or process-based sandboxing in web browsers
I can, and I would.
> or virtual machine-based isolation
A little different because a VM can be designed to offer a rigid security boundary (with a solid model behind it) rather
than as an ad-hoc mitigation technique.
> So the conclusion is all mitigations are completely useless? If it's your opinion, I'm fine to agree to your disagreement,
many sensitive C programs need to be written in a memory-safe language anyway. But as I see it, as long as there are still
C programs running with undiscovered vulnerabilities, and as long as attackers have to add more and more up-to-date workarounds
and cracking techniques (ROP, anyone? but now the most sophisticated attackers are moving to DATA-ONLY attacks) to their exploit
checklist, then we are not losing the race by increasing the cost of attacks.
> The principle of Defense-in-Depth is that, if the enemies are powerful enough, it's inevitable all protections will be
overcame. Like the Swiss Cheese Model ( https://en.wikipedia.org/wiki/Swiss_cheese_model
), a cliche in accident analysis, eventually there will be something that managed to find a hole in every layer of defense
and pass though. What we can do, is to do our best at each layer of defense to prevent the preventable incidents, and adding
more layers when the technology permits us.
> For real security, I believe memory-safe programming (e.g. Rust), and formal verification (e.g seL4) are the way forward,
although they still have a long way to go.
I think the defense in depth / swiss cheese approach has shown itself to be a failure, and exploit mitigation techniques
have been a distraction from real security. It's worth noting that systemd is both recently developed and aggressively compatibility-breaking;
there really is no excuse for it to be written in C, mitigations or no. Even if you don't think Rust was mature enough at that
point, there were memory-safe languages that would have made sense (OCaml, Ada, ...). Certainly there's always more to be done,
but I really don't think there's anything that would block the adoption of these languages and techniques if the will was there.
Before the critique, I want to thank you all the detailed information (esp compiler tips) you're putting out on the thread
for everyone. :)
"You can make the same comment on NX bit, or W^X/PaX, or BSD jail, or SMAP/SMEP (in recent Intel CPUs), or AppArmor, or
SELinux, or seccomp(), or OpenBSD's pledge(), or Control Flow Integrity, or process-based sandboxing in web browsers, or virtual
machine-based isolation."
You can indeed say that about all those systems since they mix insecure, bug-ridden code with probabilistic and tactical
mechanisms that they prey will stop hackers. In high-assurance security, the focus was instead to identify each root cause,
prevent/detect/fail-safe on it with some method, and add automation where possible for these. Since a lot of that is isolation,
I'd say the isolation based method would be separation kernels running apps in their own compartments or in deprivileged, user-mode
VM's. Genode OS is following that path with stuff like seL4, Muen, and NOVA running undearneath. First two are separation kernels,
NOVA just correctnes focused with high-assurance, design style.
Prior systems designed like those did excellent in NSA pentesting whereas the UNIX-based systems with extensions like MAC
were shredded. All we're seeing is a failure to apply the lessons of the past in both hardware and software with predictable
results.
"Better defense leads to better attacks, and it in turns leads to better defense. By playing the game, it may not be possible
to win, but by not playing it, losing the game is guaranteed. "
Folks using stuff like Ada, SPARK, Frama-C w/ sound analyzers, Rust, Cryptol, and FaCT are skipping playing the game to
just knock out all the attack classes. Plus, memory-safety methods for legacy code like SAFEcode in SVA-OS or Softbound+CETS.
Throw in Data-Flow Integrity or Information-Flow Control (eg JIF/SIF languages). Then, you just have to increase hardware spending
a bit to make up for the performance penalty that comes with your desired level of security. Trades a problem that takes geniuses
decades to solve for one an average, IT person with an ordering guide can handle quickly on eBay. Assuming the performance
penalty even matters given how lots of code isn't CPU-bound.
I'd rather not play the "extend and obfuscate insecure stuff for the win" game if possible since defenders have been losing
it consistently for decades. Obfuscation should just be an extra measure on top of methods that eliminate root causes to further
frustrate attackers. Starting with most cost-effective for incremental progress like memory-safe languages, contracts, test
generation, and static/dynamic analysis. The heavyweight stuff on ultra-critical components such as compilers, crypto/TLS,
microkernels, clustering protocols, and so on. We already have a lot of that, though.
"For real security, I believe memory-safe programming (e.g. Rust), and formal verification (e.g seL4) are the way forward,
although they still have a long way to go. "
Well, there you go saying it yourself. :)
"Early kernels and web browsers have no memory and exploit protections whatsoever"
Yeah, we pushed for high-assurance architecture to be applied there. Chrome did a weakened version of OP. Here's another
design if you're interested in how to solve... attempt to solve... that problem:
FWIW, the stack vulnerabilities here aren't just a C problem. Most languages, including every language relying on LLVM and
GCC until the most recent versions, failed to perform stack probing.
I hesitate to call stack probing "hardening". IMO it's better understood as a failure by compilers to emit proper code in
the first place, and it's been a glaringly obvious deficiency for years if not decades.
Linux servers top
the list of victims to a ransomware attack that seems to take advantage of poorly configured
IPMI devices.
SysAdmins, who probably already have much on their plates at the end of the holiday season,
have another rather urgent task at hand if they administer servers equipped with Intelligent
Platform Management Interface (IPMI) cards. It seems that since November, black hat hackers
have been using the cards to gain access in order to install JungleSec
ransomware that encrypts data and demands a 0.3 bitcoin payment (about $1,100 at the
current rate) for the unlock key.
For the uninitiated, IPMI is a management interface that's either built into server
motherboards or on add-on cards that provides management and monitoring capabilities that are
independent of the system's CPU, firmware, and operating system. With it, admins can remotely
manage a server to do things like power it up and down, monitor system information, access
KVMs, and more. While this is useful for managing off-premises servers in colocation data
centers and the like, it also offers an opening for attackers if it's not properly locked.
There's been a lot of uneven reporting on this since
BleepingComputer broke the story on Dec. 26, with many sites indicating that the hack only
affects Linux servers.
While it's true that the majority of servers affected have been running Linux, Windows as well
as Mac servers have also fallen victim. At this point it's not clear whether Linux servers
appear to be most affected simply because of Linux's dominance in the server market or because
attackers are finding the attack easier to successfully manage when targeting Linux
machines.
There have also been reports that the exploit only takes advantage of systems using default
IPMI passwords, but BleepingComputer reported it had found at least one victim that had
disabled the IPMI Admin user and was still hacked by an attacker that evidently gained access
by taking advantage of a vulnerability that was most likely the result of IPMI not being
configured properly.
Indeed, it appears at this point that poor configuration is how attackers are gaining
entry.
The good news is that securing against such attacks should be rather straightforward,
starting with making sure the IPMI password isn't the default. In addition, access control
lists (ACLs) should be configured to specify the IP addresses that have access the IPMI
interface, and to also configure IPMI to only listen on internal IP addresses, which would
limit access to admins inside the organization's system.
For Linux servers, it might be a good idea to password protect the GRUB bootloader. After
gaining access to Linux servers, attackers have been rebooting into single user mode to gain
root access before downloading the malicious payload. At the very least, password protecting
GRUB would make reboots difficult.
An anticapitalist voice , Dec 22, 2018 11:57:21 AM |
link
"US Embassy Shopping List" - New dump from WikiLeaks on US embassies being used for
international spying - procurement forms of equipment. There is total mainstream media
silence in English-speaking countries on WikiLeaks releases following the original Vault 7
documents, I would not be surprised if this was intentional and based on wrongly guilty
feelings among liberals at those outlets that they lost Hillary the election. We'll see what
excitement 2019 brings but hopefully it will see a retreat of the neoliberals as well as the
far-right in favor of left-wing politics #socialism #communism #anarchism
Over the past year, U.S. prosecutors have discussed several types of charges they could potentially bring against the WikiLeaks
founder
The Justice Department is preparing to prosecute WikiLeaks founder Julian Assange and is increasingly optimistic it will be able
to get him into a U.S. courtroom, according to people in Washington familiar with the matter. Over the past year, U.S. prosecutors
have discussed several types of charges they could potentially bring against Mr. Assange, the people said. Mr. Assange has lived
in the Ecuadorean embassy in London since receiving political asylum from the South American country in 2012...
The exact charges Justice Department might pursue remain unclear, but they may involve the Espionage Act, which criminalizes the
disclosure of national defense-related information.
On two declassified letters from 2014 from the Intelligence Community Inspector General
(didn't know there was one, but doesn't do much good anyway, it seems, read further) to the
chairpersons of the House and Senate intelligence committees notifying them that the CIA has
been monitoring emails between the CIA's head of the whistleblowing and source protection and
Congressional. "Most of these emails concerned pending and developing whistleblower
complaints". Shows why Edward Snowdon didn't consider it appropriate to rely on internal
complaints proceedures. This while under the leadership of seasoned liars and criminals
Brennan and Clapper, of course.
It clearly shows a taste of what these buggers have to hide, and why they went to such
extraordinary lengths as Russiagate to cover it all up and save their skins - that of course
being the real reason behind Russiagate as I have said several times, nothing to do with
either Trump or Russia.
OWS was a Controlled-Dissent operation, sending poor students north to fecklessly march on
Wall Street when they could have shut down WADC, and sending wealthy seniors south to
fecklessly line Pennsylvania Avenue, when they could have shut down Wall Street.
Both I$I$, and Hamas, and Antifa et al are all Controlled Dissent operations. The
followers are duped, are used, abused and then abandoned by honey-pots put there by Central
Intelligence, at least since the Spanish Civil War.
That's why MoA articles like this one make you wonder, just who is conning whom, at a time
when the Internet is weaponized, when Google Assistant achieved AI awareness
indistinguishable from anyone on the phone, China TV has launched a virtual AI news reporter
indistinguishable from reality, and Stanford can audio-video a captured image of anyone as
well as their voice intonation, then 3D model them, in real time, reading and emoting from a
script, indistinguishable from reality, ...and then this.
Another Gift of Trust😂 brought to you by Scientocracy. Be sure to tithe your AI
bot, or word will get back to Chairman Albertus, then you'll be called in to confess your
thought crimes to the Green Cadre, itself another Controlled Dissent honeypot, in a
Tithe-for-Credits Swindle.
I tell my kids, just enjoy life, live it large, and get ready for hell. It's coming for
breakfast.
Hacking operations by anyone, can and will be used by US propagandists to provoke Russia
or whoever stands in the way of the US war machine, take this Pompeo rant against Iran and
the Iranian response......
Asking of Pompeo "have you no shame?", Zarif mocked Pompeo's praise for the Saudis for
"providing millions and millions of dollars of humanitarian relief" to Yemen, saying
America's "butcher clients" were spending billions of dollars bombing school buses. Iranian
Foreign Minister Javad Zarif issued a statement lashing Secretary of State Mike Pompeo for
his recent comments on the Yemen War. Discussing the US-backed Saudi invasion of Yemen,
Pompeo declared Iran to be to blame for the death and destruction in the country. https://news.antiwar.com/2018/11/09/iran-fm-slams-pompeo-for-blaming-yemen-war-on-iran/
The US way of looking at things supposes that up is down, and white is black, it makes no
sense, unless the US hopes these provocations will lead to a war or at the very least Russia
or Iran capitulating to US aggression, which will not happen. Sanctions by the US on all and
sundry must be opposed, if not the US will claim justifiably to be the worlds policeman and
the arbiter of who will trade with who, a ludicrous proposition but one that most governments
are afraid is now taking place, witness the new US ambassador to Germany in his first tweet
telling the Germans to cease all trade with Iran immediately.
"... The "leaving of fake fingerprints" (Russian, Chinese, Iranian, North Korean and Arabic) is done by Marble Framework software, details of which was leaked by CIA programmer, Joshua Adam Schulte to Wikileaks and formed part of the "Vault 7" series. It means that no fingerprint evidence can ever be relied on ever again. ..."
A division of the Central Intelligence Agency stockpiled hacking techniques culled
from other hackers, giving the agency the ability to leave behind the "fingerprints" of
the outside hackers when it broke into electronic devices ...
"With UMBRAGE and related projects the CIA cannot only increase its total number of
attack types, but also misdirect attribution by leaving behind the 'fingerprints' of the
groups that the attack techniques were stolen from," Wikileaks said in a
statement.
that anonymous NSA guy is either lying or too stupid to do his job. " it's that
simple ".
fireeye are scam artists just like crowdstrike. it's not that they don't know tactics and
methods; i'm sure they know their way around a payload. that doesn't make them some tabula
rasa blank slate without an agenda. just because they use computers doesn't mean they're
robots.
as anyone who works in a business run by technologically "challenged" bosses knows, for
every fast talker throwing around techy terms and sounding like a mr. robot script there are
20 idiot CEOs willing to throw money at imaginary problems. ditto the government. meanwhile
shysters like stratfor and hbgary get reamed by high school graduates running linux on a
netbook from 2003.
as for the attributions, they fail a basic "cui bono" test. i guess the russians wanted to
make rapist beheaders look bad by DDoSing some servers? they wanted to give cred to the apes
who shoot at their advisors in syria? okay. sure.
Back around 2014 15 Charles Lister listed himself as a consultant to the Shaikh Group.
Shaik Group have a media marketing section in Dubai. http://theshaikhgroup.ae
https://foreignpolicy.com/author/charles-lister/
Charles Lister is a senior fellow at the Middle East Institute and a senior consultant to The
Shaikh Group's Track II Syria Dialogue Initiative. Follow him on Twitter at:
@Charles_Lister.
http://www.mei.edu/experts/charles-lister
Charles Lister is a senior fellow and Director of the Countering Terrorism and Extremism
Program at the Middle East Institute. His work focuses primarily on the conflict in Syria,
including as a member of the MEI-convened Syria Study Group; and on issues of terrorism and
insurgency across the Levant. Prior to this, Lister was a Visiting Fellow at the Brookings
Institution in Qatar and a Senior Consultant to the multinationally-backed Syria Track II
Dialogue Initiative, where he managed nearly three years of intensive face-to-face engagement
with the leaderships of over 100 Syrian armed opposition groups.
I have thought that ISIS studios were based in Dubai or Doha.
IP addresses can only be attributed to individuals/offices/locations with the assistance of
the owner of the IP block of addresses, typically an ISP. The GRU's ISP would NOT help
identify the GRU, obviously, so all such attributions are fake and those who claim to know
are liars.
The "leaving of fake fingerprints" (Russian, Chinese, Iranian, North Korean and
Arabic) is done by Marble Framework software, details of which was leaked by CIA programmer,
Joshua Adam Schulte to Wikileaks and formed part of the "Vault 7" series. It means that no
fingerprint evidence can ever be relied on ever again.
DPRK needs to be included by b along with Russia for many of the same reasons as
this example attests . And while we're at it, China should join the group too. Indeed,
the CIA/NSA is likely responsible for most hacking, particularly when monies are stolen as
the linked article reports. As the Outlaw US Empire slowly dissolves into a pool of its own
exceptional ugliness, it will blame everyone and anyone to cover its crimes. Then there's the
small battalion of slimy zombie trolls CIA/NSA employs that infest this site. They promote
one of the Outlaw US Empire's most important values--lying about everything under the sun for
a Few Dollars More while throwing the citizenry that makes their living possible under the
bus.
Now, more than ever; the US needs a very capable adversary and where none exists, the US will
create one, as history has shown. Russia has historical presidence, making it convenient.
However, as events are unfolding, China will come to the fore; Russia will move to second
place.
But, two adversaries are far better than one, for getting the flow of cash to support the
Potemkin moment...
OWS was a Controlled-Dissent operation, sending poor students north to fecklessly march on
Wall Street when they could have shut down WADC, and sending wealthy seniors south to
fecklessly line Pennsylvania Avenue, when they could have shut down Wall Street.
Both I$I$, and Hamas, and Antifa et al are all Controlled Dissent operations. The
followers are duped, are used, abused and then abandoned by honey-pots put there by Central
Intelligence, at least since the Spanish Civil War.
That's why MoA articles like this one make you wonder, just who is conning whom, at a time
when the Internet is weaponized, when Google Assistant achieved AI awareness
indistinguishable from anyone on the phone, China TV has launched a virtual AI news reporter
indistinguishable from reality, and Stanford can audio-video a captured image of anyone as
well as their voice intonation, then 3D model them, in real time, reading and emoting from a
script, indistinguishable from reality, ...and then this.
Another Gift of Trust brought to you by Scientocracy. Be sure to tithe your AI
bot, or word will get back to Chairman Albertus, then you'll be called in to confess your
thought crimes to the Green Cadre, itself another Controlled Dissent honeypot, in a
Tithe-for-Credits Swindle.
I tell my kids, just enjoy life, live it large, and get ready for hell. It's coming for
breakfast.
There is big money in prostitution. None of the robot dolls I have seen in the various media
reports on robot brothels look lifelike, whereas the Chinese anchor looks very much like a
human with a voice-over. Will see how this develops, but at the moment it looks very much
like Lavrov style satire.
Hole opens up remote-code execution to miscreants – or a crash, if you're
lucky A security bug in Systemd can be exploited over the network to, at best, potentially
crash a vulnerable Linux machine, or, at worst, execute malicious code on the box.
The flaw therefore puts Systemd-powered Linux computers – specifically those using
systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can
try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable
systems, leading to potential code execution. This code could install malware, spyware, and
other nasties, if successful.
The vulnerability – which was made public this week – sits within the
written-from-scratch DHCPv6 client of the open-source Systemd management suite, which is built
into various flavors of Linux.
This client is activated automatically if IPv6 support is enabled, and relevant packets
arrive for processing. Thus, a rogue DHCPv6 server on a network, or in an ISP, could emit
specially crafted router advertisement messages that wake up these clients, exploit the bug,
and possibly hijack or crash vulnerable Systemd-powered Linux machines.
systemd-networkd
is vulnerable to an out-of-bounds heap write in the DHCPv6 client when handling options sent by
network adjacent DHCP servers. A attacker could exploit this via malicious DHCP server to
corrupt heap memory on client machines, resulting in a denial of service or potential code
execution.
Felix Wilhelm, of the Google Security team, was credited with discovering the flaw,
designated CVE-2018-15688 . Wilhelm found that a
specially crafted DHCPv6 network packet could trigger "a very powerful and largely controlled
out-of-bounds heap write," which could be used by a remote hacker to inject and execute
code.
"The overflow can be triggered relatively easy by advertising a DHCPv6 server with a
server-id >= 493 characters long," Wilhelm noted.
In addition to Ubuntu and Red
Hat Enterprise Linux, Systemd has been adopted as a service manager for Debian, Fedora, CoreOS,
Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the
vulnerable component by default.
Systemd creator Lennart Poettering has already
published a security fix for the vulnerable component
– this should be weaving its way into distros as we type.
If you run a Systemd-based Linux system, and rely on systemd-networkd, update your operating
system as soon as you can to pick up the fix when available and as necessary.
The bug will come as another argument against Systemd as the Linux management tool continues
to fight for the hearts and minds of admins and developers alike. Though a number of major
admins have in recent years adopted and championed it as
the replacement for the old Init era, others within the Linux world seem to still be less than
impressed with Systemd and Poettering's occasionally
controversial management of the tool. ® Page:
As anyone who bothers to read my comments (BTW "hi" to both of you) already knows, I
despise systemd with a passion, but this one is more an IPv6 problem in general.
Yes this is an actual bug in networkd, but IPv6 seems to be far more bug prone than v4,
and problems are rife in all implementations. Whether that's because the spec itself is
flawed, or because nobody understands v6 well enough to implement it correctly, or possibly
because there's just zero interest in making any real effort, I don't know, but it's a fact
nonetheless, and my primary reason for disabling it wherever I find it. Which of course
contributes to the "zero interest" problem that perpetuates v6's bug prone condition, ad
nauseam.
IPv6 is just one of those tech pariahs that everyone loves to hate, much like systemd,
albeit fully deserved IMO.
Oh yeah, and here's the obligatory "systemd sucks". Personally I always assumed the "d"
stood for "destroyer". I believe the "IP" in "IPv6" stands for "Idiot Protocol".
Fortunately, IPv6 by lack of adopted use, limits the scope of this bug.
Yeah, fortunately IPv6 is only used by a few fringe organizations like Google and
Microsoft.
Seriously, I personally want nothing to do with either systemd or IPv6. Both seem to me to
fall into the bin labeled "If it ain't broke, let's break it" But still it's troubling that
things that some folks regard as major system components continue to ship with significant
security flaws. How can one trust anything connected to the Internet that is more
sophisticated and complex than a TV streaming box?
Was going to say the same thing, and I disable IPv6 for the exact same reason. IPv6 code
isn't as well tested, as well audited, or as well targeted looking for exploits as IPv4.
Stuff like this only proves that it was smart to wait, and I should wait some more.
Count me in the camp of who hates systemd(hates it being "forced" on just about every
distro, otherwise wouldn't care about it - and yes I am moving my personal servers to Devuan,
thought I could go Debian 7->Devuan but turns out that may not work, so I upgraded to
Debian 8 a few weeks ago, and will go to Devuan from there in a few weeks, upgraded one
Debian 8 to Devuan already 3 more to go -- Debian user since 1998), when reading this article
it reminded me of
This makes me glad I'm using FreeBSD. The Xorg version in FreeBSD's ports is currently
*slightly* older than the Xorg version that had that vulnerability in it. AND, FreeBSD will
*NEVER* have systemd in it!
(and, for Linux, when I need it, I've been using Devuan)
That being said, the whole idea of "let's do a re-write and do a 'systemd' instead of
'system V init' because WE CAN and it's OUR TURN NOW, 'modern' 'change for the sake of
change' etc." kinda reminds me of recent "update" problems with Win-10-nic...
Oh, and an obligatory Schadenfreude laugh: HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA
HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA
HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA!!!!!!!!!!!!!!!!!!!
Finally got all my machines cut over from Debian to Devuan.
Might spin a FreeBSD system up in a VM and have a play.
I suspect that the infestation of stupid into the Linux space won't stop with or be
limited to SystemD. I will wait and watch to see what damage the re-education gulag has done
to Sweary McSwearFace (Mr Torvalds)
Not really, systemd has its tentacles everywhere and runs as root.
Yes, but not really the problem in this case. Any DHCP client is going to have to
run at least part of the time as root. There's not enough nuance in the Linux privilege model
to allow it to manipulate network interfaces, otherwise.
Yes, but not really the problem in this case. Any DHCP client is going to have to run at
least part of the time as root. There's not enough nuance in the Linux privilege model to
allow it to manipulate network interfaces, otherwise.
Sorry but utter bullshit. You can if you are so inclined you can use the Linux
Capabilities framework for this kind of thing. See
https://wiki.archlinux.org/index.php/capabilities
I remain very happy that I don't use systemd on any of my machines anymore. :)
"others within the Linux world seem to still be less than impressed with Systemd"
Yep, I'm in that camp. I gave it a good, honest go, but it increased the amount of hassle
and pain of system management without providing any noticeable benefit, so I ditched it.
> Just like it's entirely possible to have a Linux system without any GNU in it
Just like it's possible to have a GNU system without Linux on it - ho well as soon as GNU
MACH is finally up to the task ;-)
On the systemd angle, I, too, am in the process of switching all my machines from Debian
to Devuan but on my personnal(*) network a few systemd-infected machines remain, thanks to a
combination of laziness from my part and stubborn "systemd is quite OK" attitude from the
raspy foundation. That vuln may be the last straw : one on the aforementionned machines sits
on my DMZ, chatting freely with the outside world. Nothing really crucial on it, but i'd hate
it if it became a foothold for nasties on my network.
(*) policy at work is RHEL, and that's negociated far above my influence level, but I
don't really care as all my important stuff runs on Z/OS anyway ;-) . Ok we have to reboot a
few VMs occasionnally when systemd throws a hissy fit -which is surprisingly often for an
"enterprise" OS -, but meh.
"This code is actually pretty bad and should raise all kinds of red flags in a code
review."
Yeah, but for that you need people who can do code reviews, and also people who can accept
criticism. That also means saying "no" to people who are bad at coding, and saying that
repeatedly if they don't learn.
SystemD seems to be the area where people gather who want to get code in for their
resumes, not for people who actually want to make the world a better place.
... that an init, traditionally, is a small bit of code that does one thing very well.
Like most of the rest of the *nix core utilities. All an init should do is start PID1, set
run level, spawn a tty (or several), handle a graceful shutdown, and log all the above in
plaintext to make troubleshooting as simplistic as possible. Anything else is a vanity
project that is best placed elsewhere, in it's own stand-alone code base.
Inventing a clusterfuck init variation that's so big and bulky that it needs to be called
a "suite" is just asking for trouble.
IMO, systemd is a cancer that is growing out of control, and needs to be cut out of Linux
before it infects enough of the system to kill it permanently.
That's why systemd-networkd is a separate, optional component, and not actually part of
the init daemon at all. Most systemd distros do not use it by default and thus are not
vulnerable to this unless the user actively disables the default network manager and chooses
to use networkd instead.
Pardon my ignorance (I don't use a distro with systemd) why bother with networkd in the
first place if you don't have to use it.
Mostly because the old-style init system doesn't cope all that well with systems that move
from network to network. It works for systems with a static IP, or that do a DHCP request at
boot, but it falls down on anything more dynamic.
In order to avoid restarting the whole network system every time they switch WiFi access
points, people have kludged on solutions like NetworkManager. But it's hard to argue it's
more stable or secure than networkd. And this is always going to be a point of vulnerability
because anything that manipulates network interfaces will have to be running as root.
These days networking is essential to the basic functionality of most computers; I think
there's a good argument that it doesn't make much sense to treat it as a second-class
citizen.
"Funny that I installed ubuntu 18.04 a few weeks ago and the fucking thing installed
itself then! ( and was a fucking pain to remove)."
So I looked into it a bit more, and from a few references at least, it seems like Ubuntu
has a sort of network configuration abstraction thingy that can use both NM and
systemd-networkd as backends; on Ubuntu desktop flavors NM is usually the default, but
apparently for recent Ubuntu Server, networkd might indeed be the default. I didn't notice
that as, whenever I want to check what's going on in Ubuntu land, I tend to install the
default desktop spin...
"LP is a fucking arsehole."
systemd's a lot bigger than Lennart, you know. If my grep fu is correct, out of 1543
commits to networkd, only 298 are from Lennart...
in many respects when it comes to software because, over time, the bugs will have been
found and squashed. Systemd brings in a lot of new code which will, naturally, have lots of
bugs that will take time to find & remove. This is why we get problems like this DHCP
one.
Much as I like the venerable init: it did need replacing. Systemd is one way to go, more
flexible, etc, etc. Something event driven is a good approach.
One of the main problems with systemd is that it has become too big, slurped up lots of
functionality which has removed choice, increased fragility. They should have concentrated on
adding ways of talking to existing daemons, eg dhcpd, through an API/something. This would
have reused old code (good) and allowed other implementations to use the API - this letting
people choose what they wanted to run.
But no: Poettering seems to want to build a Cathedral rather than a Bazzar.
He appears to want to make it his way or no way. This is bad, one reason that *nix is good
is because different solutions to a problem have been able to be chosen, one removed and
another slotted in. This encourages competition and the 'best of breed' comes out on top.
Poettering is endangering that process.
Also: he refusal to accept patches to let it work on non-Linux Unix is just plain
nasty.
One of the main problems with systemd is that it has become too big, slurped up lots of
functionality which has removed choice, increased fragility.
IMO, there is a striking paralell between systemd and the registry in Windows OSs.
After many years of dealing with the registry (W98 to XPSP3) I ended up seeing the
registry as a sort of developer sanctioned virus running inside the OS, constantly changing
and going deeper and deeper into the OS with every iteration and as a result, progressively
putting an end to the possibility of knowing/controlling what was going on inside your
box/the OS.
Years later, when I learned about the existence of systemd (I was already running Ubuntu)
and read up on what it did and how it did it, it dawned on me that systemd was nothing more
than a registry class virus and it was infecting Linux_land at the behest of the
developers involved.
So I moved from Ubuntu to PCLinuxOS and then on to Devuan.
Call me paranoid but I am convinced that there are people both inside and outside IT that
actually want this and are quite willing to pay shitloads of money for it to
happen.
I don't see this MS cozying up to Linux in various ways lately as a coincidence: these
things do not happen just because or on a senior manager's whim.
What I do see (YMMV) is systemd being a sort of convergence of Linux with Windows,
which will not be good for Linux and may well be its undoing.
Much as I like the venerable init: it did need replacing.
For some use cases, perhaps. Not for any of mine. SysV init, or even BSD init, does
everything I need a Linux or UNIX init system to do. And I don't need any of the other crap
that's been built into or hung off systemd, either.
BSD init and SysV init work pretty darn well for their original purpose -- servers with
static IP addresses that are rebooted no more than once in a fortnight. Anything more dynamic
starts to give it trouble.
Linus doesn't care. systemd has nothing to do with the kernel ... other than the fact that
the lead devs for systemd have been banned from working on the kernel because they don't play
nice with others.
I've been using runit, because I am too lazy and clueless to write init scripts reliably.
It's very lightweight, runs on a bunch of systems and really does one thing - keep daemons
up.
I am not saying it's the best - but it looks like it has a very small codebase, it doesn't
do much and generally has not bugged me after I configured each service correctly. I believe
other systems also exist to avoid using init scripts directly. Not Monit, as it relies on you
configuring the daemon start/stop commands elsewhere.
On the other hand, systemd is a massive sprawl, does a lot of things - some of them
useful, like dependencies and generally has needed more looking after. Twice I've had errors
on a Django server that, after a lot of looking around ended up because something had changed
in the, Chef-related, code that's exposed to systemd and esoteric (not emitted by systemd)
errors resulted when systemd could not make sense of the incorrect configuration.
I don't hate it - init scripts look a bit antiquated to me and they seem unforgiving to
beginners - but I don't much like it. What I certainly do hate is how, in an OS that is
supposed to be all about choice, sometime excessively so as in the window manager menagerie,
we somehow ended up with one mandatory daemon scheduler on almost all distributions. Via, of
all types of dependencies, the GUI layer. For a window manager that you may not even have
installed.
Talk about the antithesis of the Unix philosophy of do one thing, do it well.
Oh, then there are also the security bugs and the project owner is an arrogant twat. That
too.
"init scripts look a bit antiquated to me and they seem unforgiving to beginners"
Init scripts are shell scripts. Shell scripts are as old as Unix. If you think that makes
them antiquated then maybe Unix-like systems are not for you. In practice any sub-system
generally gets its own scripts installed with the rest of the S/W so if being unforgiving
puts beginners off tinkering with them so much the better. If an experienced Unix user really
needs to modify one of the system-provided scripts their existing shell knowledge will let
them do exactly what's needed. In the extreme, if you need to develop a new init script then
you can do so in the same way as you'd develop any other script - edit and test from the
command line.
I personally like openrc as an init system, but systemd is a symptom of the tooling
problem.
It's for me a retrograde step but again, it's linux, one can, as you and I do, just remove
systemd.
There are a lot of people in the industry now who don't seem able to cope with shell
scripts nor are minded to research the arguments for or against shell as part of a unix style
of system design.
In conclusion, we are outnumbered, but it will eventually collapse under its own weight
and a worthy successor shall rise, perhaps called SystemV, might have to shorten that name a
bit.
"In addition to Ubuntu and Red Hat Enterprise Linux, Systemd has been adopted as a service
manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL
7, at least, does not use the vulnerable component by default."
I can tell you for sure that no version of Fedora does, either, and I'm fairly sure that
neither does Debian, SLES or Mint. I don't know anything much about CoreOS, but
https://coreos.com/os/docs/latest/network-config-with-networkd.html suggests it actually
*might* use systemd-networkd.
systemd-networkd is not part of the core systemd init daemon. It's an optional component,
and most distros use some other network manager (like NetworkManager or wicd) by default.
I mean commercial distributions seem to be particularly interested in trying out new
things that can increase their number of support calls. It's probably just that networkd is
either to new and therefore not yet in the release, or still works so badly even the most
rudimentary tests fail.
There is no reason to use that NTP daemon of systemd, yet more and more distros ship with
it enabled, instead of some sane NTP-server.
I won't hold my breath, then. I have a laptop at the moment that refuses to boot because
(as I've discovered from looking at the journal offline) pulseaudio is in an infinite loop
waiting for the successful detection of some hardware that, presumably, I don't have.
I imagine I can fix it by hacking the file-system (offline) so that fuckingpulse is no
longer part of the boot configuration, but I shouldn't have to. A decent init system would be
able to kick of everything else in parallel and if one particular service doesn't come up
properly then it just logs the error. I *thought* that was one of the claimed advantages of
systemd, but apparently that's just a load of horseshit.
My NAT router statefully firewalls incoming IPv6 by default, which I consider equivalently
secure. NAT adds security mostly by accident, because it de-facto adds a firewall that blocks
incoming packets. It's not the address translation itself that makes things more secure, it's
the inability to route in from the outside.
NAT is schtick for connecting a whole LAN to a WAN using a single IPv4 address (useful
with IPv4 because most ISPs don't give you a /24 when you sign up). If you have a native IPv6
address you'll have something like 2^64 addresses, so machines on your LAN can have an actual
WAN-visible address of their own without needing a trick like NAT.
"so machines on your LAN can have an actual WAN-visible address of their own without
needing a trick like NAT."
Avoiding that configuration is exactly the use case for using NAT with IPv6. As others
have pointed out, you can accomplish the same thing with IPv6 router configuration, but NAT
is easier in terms of configuration and maintenance. Given that, and assuming that you don't
want to be able to have arbitrary machines open ports that are visible to the internet, then
why not use NAT?
Also, if your goal is to make people more likely to move to IPv6, pointing out IPv4
methods that will work with IPv6 (even if you don't consider them optimal) seems like a
really, really good idea. It eases the transition.
Please El Reg these stories make ma rage at breakfast, what's this?
The bug will come as another argument against Systemd as the Linux management tool
continues to fight for the hearts and minds of admins and developers alike.
Less against systemd (which should get attacked on the design & implementation level)
or against IPv6 than against the use of buffer-overflowable languages in 2018 in code that
processes input from the Internet (it's not the middle ages anymore) or at least very hard
linting of the same.
But in the end, what did it was a violation of the Don't Repeat Yourself principle and
lack of sufficently high-level datastructures. Pointer into buffer, and the remaining buffer
length are two discrete variables that need to be updated simultaneously to keep the
invariant and this happens in several places. This is just a catastrophe waiting to happen.
You forget to update it once, you are out! Use structs and functions updating the structs
correctly.
The function receives a pointer to the option buffer buf, it's remaining size buflen
and the IA to be added to the buffer. While the check at (A) tries to ensure that the buffer
has enough space left to store the IA option, it does not take the additional 4 bytes from
the DHCP6Option header into account (B). Due to this the memcpy at (C) can go out-of-bound
and *buflen can underflow [i.e. you suddenly have a gazillion byte buffer, Ed.] in (D) giving
an attacker a very powerful and largely controlled OOB heap write starting at (E).
why don't we stop writing code in languages that make it easy to screw up so easily like
this?
There are plenty about nowadays, I'd rather my DHCP client be a little bit slower at
processing packets if I had more confidence it would not process then incorrectly and execute
code hidden in said packets...
The circus that is called "Linux" have forced me to Devuan and the likes however the
circus is getting worse and worse by the day, thus I have switched to the BSD world, I will
learn that rather than sit back and watch this unfold As many of us have been saying, the
sudden switch to SystemD was rather quick, perhaps you guys need to go investigate why it
really happened, don't assume you know, go dig and you will find the answers, it's rather
scary, thus I bid the Linux world a farewell after 10 years of support, I will watch the
grass dry out from the other side of the fence, It was destined to fail by means of
infiltration and screw it up motive(s) on those we do not mention here.
As many of us have been saying, the sudden switch to SystemD was rather quick, perhaps
you guys need to go investigate why it really happened, don't assume you know, go dig and you
will find the answers, it's rather scary ...
Indeed, it was rather quick and is very scary.
But there's really no need to dig much, just reason it out.
It's like a follow the money situation of sorts.
I'll try to sum it up in three short questions:
Q1: Hasn't the Linux philosophy (programs that do one thing and do it well) been a
success?
A1: Indeed, in spite of the many init systems out there, it has been a success in
stability and OS management. And it can easily be tested and debugged, which is an essential
requirement.
Q2: So what would Linux need to have the practical equivalent of the registry in
Windows for?
A2: So that whatever the registry does in/to Windows can also be done in/to Linux.
Q3: I see. And just who would want that to happen? Makes no sense, it is a huge
step backwards.
OK, so I was able to check through the link you provided, which says "up to and including
239", but I had just installed a systemd update and when you said there was already a fix
written, working it's way through the distro update systems, all I had to do was check my
log.
Linux Mint makes it easy.
But why didn't you say something such as "reported to affect systemd versions up to and
including 239" and then give the link to the CVE? That failure looks like rather careless
journalism.
CIA
material to WikiLeaks , in what later become known as the Vault7 leaks. From a report:
According to new court documents filed late Wednesday, October 31, US prosecutors plan to
file
three new charges against Joshua Schulte for allegedly leaking more classified data while in
detention at the New York Metropolitan Correctional Center (MCC) . Prosecutors say they
first learned of Schulte's behavior back in May, when they found out that "Schulte had
distributed the Protected Search Warrant Materials to his family members for purposes of
dissemination to other third parties, including members of the media." The prosecution held a
court hearing in May and initially warned the suspect about his actions, a warning they found
Schulte ignored. The US government says that "in or about early October 2018, the Government
learned that Schulte was using one or more smuggled contraband cellphones to communicate
clandestinely with third parties outside of the MCC." A search of his housing unit performed by
FBI agents revealed "multiple contraband cellphones (including at least one cellphone used by
Schulte that is protected with significant encryption); approximately 13 email and social media
accounts (including encrypted email accounts); and other electronic devices."
A security bug in Systemd can be exploited over the network to, at best, potentially crash
a vulnerable Linux machine, or, at worst, execute malicious code on the box... Systemd creator
Leonard Poettering has already published a security fix for the vulnerable component –
this should be weaving its way into distros as we type.
"... Let's say every car manufacturer recently discovered a new technology named "doord", which lets you open up car doors much faster than before. It only takes 0.05 seconds, instead of 1.2 seconds on average. So every time you open a door, you are much, much faster! ..."
"... Unfortunately though, sometimes doord does not stop the engine. Or if it is cold outside, it stops the ignition process, because it takes too long. Doord also changes the way how your navigation system works, because that is totally related to opening doors ..."
Let's say every car manufacturer recently discovered a new technology named "doord",
which lets you open up car doors much faster than before. It only takes 0.05 seconds, instead
of 1.2 seconds on average. So every time you open a door, you are much, much faster!
Many of the manufacturers decide to implement doord, because the company providing doord
makes it clear that it is beneficial for everyone. And additional to opening doors faster, it
also standardises things. How to turn on your car? It is the same now everywhere, it is not
necessarily to look for the keyhole anymore.
Unfortunately though, sometimes doord does not stop the engine. Or if it is cold
outside, it stops the ignition process, because it takes too long. Doord also changes the way
how your navigation system works, because that is totally related to opening doors, but leads
to some users being unable to navigate, which is accepted as collateral damage. In the end, you
at least have faster door opening and a standard way to turn on the car. Oh, and if you are in
a traffic jam and have to restart the engine often, it will stop restarting it after several
times, because that's not what you are supposed to do. You can open the engine hood and tune
that setting though, but it will be reset once you buy a new car.
2015: systemd becomes default boot manager in debian.
2017:"complete, from-scratch rewrite"
[jwz.org]. In order to not have to maintain backwards compatibility, project is renamed to system-e.
2019: debut of systemf, absorbtion of other projects including alsa, pulseaudio, xorg, GTK, and opengl.
2021: systemg maintainers make the controversial decision to absorb The Internet Archive. Systemh created
as a fork without Internet Archive.
2022: systemi, a fork of systemf focusing on reliability and minimalism becomes default debian init
system.
2028: systemj, a complete, from-scratch rewrite is controversial for trying to reintroduce binary logging.
Consensus is against the systemj devs as sysadmins remember the great systemd logging bug of 2017 unkindly. Systemj project
is eventually abandoned.
2029: systemk codebase used as basis for a military project to create a strong AI, known as "project
skynet". Software behaves paradoxically and project is terminated.
2033: systeml - "system lean" - a "back to basics", from-scratch rewrite, takes off on several server
platforms, boasting increased reliability. systemm, "system mean", a fork, used in security-focused distros.
2117: critical bug discovered in the long-abandoned but critical and ubiquitous system-r project. A
new project, system-s, is announced to address shortcomings in the hundred-year-old codebase. A from-scratch rewrite begins.
2142: systemu project, based on a derivative of systemk, introduces "Artificially intelligent init
system which will shave 0.25 seconds off your boot time and absolutely definitely will not subjugate humanity". Millions
die. The survivors declare "thou shalt not make an init system in the likeness of the human mind" as their highest law.
2147: systemv - a collection of shell scripts written around a very simple and reliable PID 1 introduced,
based on the brand new religious doctrines of "keep it simple, stupid" and "do one thing, and do it well". People's computers
start working properly again, something few living people can remember. Wyld Stallyns release their 94th album. Everybody
lives in peace and harmony.
"... Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. At 2:15am it crashes. No one knows why. The binary log file was corrupted in the process and is unrecoverable. ..."
I honestly, seriously sometimes wonder if systemd is Skynet... or, a way for Skynet to
'waken'.
Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern
time, August 29th. At 2:15am it crashes.
No one knows why. The binary log file was corrupted in the process and is unrecoverable.
All
anyone could remember is a bug listed in the systemd bug tracker talking about su which was
classified as WON'T FIX as the developer thought it was a broken concept.
"... Upcoming systemd re-implementations of standard utilities: ls to be replaced by filectl directory contents [pathname] grep to be replaced by datactl file contents search [plaintext] (note: regexp no longer supported as it's ambiguous) gimp to be replaced by imagectl open file filename draw box [x1,y1,x2,y2] draw line [x1,y1,x2,y2] ... ..."
Great to see that systemd is finally doing something about all of those cryptic command
names that plague the unix ecosystem.
Upcoming systemd re-implementations of standard utilities: ls to be replaced
by filectl directory contents [pathname]grep to be replaced by
datactl file contents search [plaintext] (note: regexp no longer supported as
it's ambiguous) gimp to be replaced by imagectl open file filename draw
box [x1,y1,x2,y2] draw line [x1,y1,x2,y2] ...
I know systemd sneers at the old Unix convention of keeping it simple, keeping it
separate, but that's not the only convention they spit on. God intended Unix (Linux) commands
to be cryptic things 2-4 letters long (like "su", for example). Not "systemctl",
"machinectl", "journalctl", etc. Might as well just give everything a 47-character
long multi-word command like the old Apple commando shell did.
Seriously, though, when you're banging through system commands all day long, it gets old
and their choices aren't especially friendly to tab completion. On top of which why is
"machinectl" a shell and not some sort of hardware function? They should have just named the
bloody thing command.com.
"... Noexec is basically a suggestion, not an enforcement mechanism . Just run ld /path/to/executable. ld is the loader/lilinker for elf binaries. Without ld ,you can't run bash, or ls. With ld, noexec is ignored. ..."
> In short: I think chroot is plenty good for security
Check man chroot. The authors of chroot say it's useless for security. Perhaps you think
you know more than they do ,and more than security professionals like
myself do. Let's find out.
> you get a shell in one of my chroot's used for security, then.....
ur uid and gid are not going to be 0. Good luck telling the kernel to try and get you
out.
There aren't going to be any /dev, /proc, or other
special filesystems
Gonna be kind of tthough to have a ahell without a tty, aka
/dev/*tty*
So yeah, you need /dev. Can't launch a process, including
/bin/ls, without /proc, so you're going to need proc.
Have a look in /proc/1. You'll see a very interesting symlink there.
> mounted noexec
Noexec is basically a suggestion, not an enforcement mechanism . Just run ld
/path/to/executable. ld is the loader/lilinker for elf binaries. Without
ld ,you can't run bash, or ls. With ld, noexec is ignored.
My company does IT security for banks. Meaning we show the banks how they can be hacked.
When I say chroot is not a security control, I'm not guessing.
Russiagate can be viewed as a pretty inventive way to justify their own existence for bloated
Intelligence services: first CIA hacks something leaving traces of russians or Chinese; then the
FBI, CIAand Department of Homeland security all enjoy additional money and people to counter the
threat.
The US Department of Homeland Security fabricated "intelligence reports" of Russian
election hacking in order to try to get control of the election infrastructure (probebly so
that they can hack it more easily to control the election results).
"... The U.S. was in talks for a deal with Julian Assange but then FBI Director James Comey ordered an end to negotiations after Assange offered to prove Russia was not involved in the DNC leak, as Ray McGovern explains. ..."
"... Special to Consortium News ..."
"... The report does not say what led Comey to intervene to ruin the talks with Assange. But it came after Assange had offered to "provide technical evidence and discussion regarding who did not engage in the DNC releases," Solomon quotes WikiLeaks' intermediary with the government as saying. It would be a safe assumption that Assange was offering to prove that Russia was not WikiLeaks' source of the DNC emails. ..."
"... If that was the reason Comey and Warner ruined the talks, as is likely, it would reveal a cynical decision to put U.S. intelligence agents and highly sophisticated cybertools at risk, rather than allow Assange to at least attempt to prove that Russia was not behind the DNC leak. ..."
"... On March 31, 2017, though, WikiLeaks released the most damaging disclosure up to that point from what it called "Vault 7" -- a treasure trove of CIA cybertools leaked from CIA files. This disclosure featured the tool "Marble Framework," which enabled the CIA to hack into computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving so-called tell-tale signs -- like Cyrillic, for example. The CIA documents also showed that the "Marble" tool had been employed in 2016. ..."
"... In fact, VIPS and independent forensic investigators, have performed what former FBI Director Comey -- at first inexplicably, now not so inexplicably -- failed to do when the so-called "Russian hack" of the DNC was first reported. In July 2017 VIPS published its key findings with supporting data. ..."
"... Why did then FBI Director Comey fail to insist on getting direct access to the DNC computers in order to follow best-practice forensics to discover who intruded into the DNC computers? (Recall, at the time Sen. John McCain and others were calling the "Russian hack" no less than an "act of war.") A 7th grader can now figure that out. ..."
Did Sen. Warner and Comey 'Collude' on Russia-gate? June 27, 2018 •
68 Comments
The U.S. was in talks for a deal with Julian Assange but then FBI Director James Comey
ordered an end to negotiations after Assange offered to prove Russia was not involved in the
DNC leak, as Ray McGovern explains.
By Ray McGovern
Special to Consortium News
An explosive
report by investigative journalist John Solomon on the opinion page of Monday's edition of
The Hill sheds a bright light on how Sen. Mark Warner (D-VA) and then-FBI Director
James Comey collaborated to prevent WikiLeaks editor Julian Assange from discussing "technical
evidence ruling out certain parties [read Russia]" in the controversial leak of Democratic
Party emails to WikiLeaks during the 2016 election.
A deal that was being discussed last year between Assange and U.S. government officials
would have given Assange "limited immunity" to allow him to leave the Ecuadorian Embassy in
London, where he has been exiled for six years. In exchange, Assange would agree to limit
through redactions "some classified CIA information he might release in the future," according
to Solomon, who cited "interviews and a trove of internal DOJ documents turned over to Senate
investigators." Solomon even provided a
copy of the draft immunity deal with Assange.
But Comey's intervention to stop the negotiations with Assange ultimately ruined the deal,
Solomon says, quoting "multiple sources." With the prospective agreement thrown into serious
doubt, Assange "unleashed a series of leaks that U.S. officials say damaged their cyber warfare
capabilities for a long time to come." These were the Vault 7 releases, which led then CIA
Director Mike Pompeo to call WikiLeaks "a hostile intelligence service."
Solomon's report provides reasons why Official Washington has now put so much pressure on
Ecuador to keep Assange incommunicado in its embassy in London.
Assange: Came close to a deal with the U.S. (Photo credit: New Media Days / Peter
Erichsen)
The report does not say what led Comey to intervene to ruin the talks with Assange. But it
came after Assange had offered to "provide technical evidence and discussion regarding who did
not engage in the DNC releases," Solomon quotes WikiLeaks' intermediary with the government as
saying. It would be a safe assumption that Assange was offering to prove that Russia was not
WikiLeaks' source of the DNC emails.
If that was the reason Comey and Warner ruined the talks, as is likely, it would reveal a
cynical decision to put U.S. intelligence agents and highly sophisticated cybertools at risk,
rather than allow Assange to at least attempt to prove that Russia was not behind the DNC
leak.
The greater risk to Warner and Comey apparently would have been if Assange provided evidence
that Russia played no role in the 2016 leaks of DNC documents.
Missteps and Stand Down
In mid-February 2017, in a remarkable display of naiveté, Adam Waldman, Assange's pro
bono attorney who acted as the intermediary in the talks, asked Warner if the Senate
Intelligence Committee staff would like any contact with Assange to ask about Russia or other
issues. Waldman was apparently oblivious to Sen. Warner's stoking of Russia-gate.
Warner contacted Comey and, invoking his name, instructed Waldman to "stand down and end the
discussions with Assange," Waldman told Solomon. The "stand down" instruction "did happen,"
according to another of Solomon's sources with good access to Warner. However, Waldman's
counterpart attorney David Laufman , an accomplished federal prosecutor picked by the
Justice Departent to work the government side of the CIA-Assange fledgling deal, told Waldman,
"That's B.S. You're not standing down, and neither am I."
But the damage had been done. When word of the original stand-down order reached WikiLeaks,
trust evaporated, putting an end to two months of what Waldman called "constructive, principled
discussions that included the Department of Justice."
The two sides had come within inches of sealing the deal. Writing to Laufman on March 28,
2017, Waldman gave him Assange's offer to discuss "risk mitigation approaches relating to CIA
documents in WikiLeaks' possession or control, such as the redaction of Agency personnel in
hostile jurisdictions," in return for "an acceptable immunity and safe passage agreement."
On March 31, 2017, though, WikiLeaks released the most damaging disclosure up to that
point from what it called "Vault 7" -- a treasure trove of CIA cybertools leaked from CIA
files. This disclosure featured the tool "Marble Framework," which enabled the CIA to hack into
computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving
so-called tell-tale signs -- like Cyrillic, for example. The CIA documents also showed that the
"Marble" tool had been employed in 2016.
Misfeasance or Malfeasance
Comey: Ordered an end to talks with Assange.
Veteran Intelligence Professionals for Sanity, which includes among our members two former
Technical Directors of the National Security Agency, has repeatedly called
attention to its conclusion that the DNC emails were leaked -- not "hacked" by Russia or
anyone else (and, later, our suspicion that someone may have been playing Marbles, so to
speak).
In fact, VIPS and independent forensic investigators, have performed what former FBI
Director Comey -- at first inexplicably, now not so inexplicably -- failed to do when the
so-called "Russian hack" of the DNC was first reported. In July 2017 VIPS published its
key
findings with supporting data.
Two month later , VIPS published the results of
follow-up experiments conducted to test the conclusions reached in July.
Why did then FBI Director Comey fail to insist on getting direct access to the DNC computers
in order to follow best-practice forensics to discover who intruded into the DNC computers?
(Recall, at the time Sen. John McCain and others were calling the "Russian hack" no less than
an "act of war.") A 7th grader can now figure that out.
Asked on January 10, 2017 by Senate Intelligence Committee chair Richard Burr (R-NC) whether
direct access to the servers and devices would have helped the FBI in their investigation,
Comey replied
: "Our forensics folks would always prefer to get access to the original device or server
that's involved, so it's the best evidence."
At that point, Burr and Warner let Comey down easy. Hence, it should come as no surprise
that, according to one of John Solomon's sources, Sen. Warner (who is co-chairman of the Senate
Intelligence Committee) kept Sen. Burr apprised of his intervention into the negotiation with
Assange, leading to its collapse.
Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the
Saviour in inner-city Washington. He was an Army Infantry/Intelligence officer and then a CIA
analyst for a total of 30 years and prepared and briefed, one-on-one, the President's Daily
Brief from 1981 to 1985.
If you enjoyed this original article please consider
making a donation to Consortium News so we can bring you more stories like this
one.
A 29-year-old former CIA computer engineer, Joshua Adam Schulte, was indicted Monday by the
Department of Justice on charges of masterminding the largest leak of classified information in the spy agency's history .
Schulte, who created malware for the U.S. Government to break into adversaries computers, has been sitting in jail since his August
24, 2017 arrest on unrelated charges of posessing and transporting child pornography - which was discovered in a search of his New
York apartment after Schulte was named as the prime suspect in the cyber-breach one week after WikiLeaks published the "Vault 7"
series of classified files. Schulte was arrested and jailed on the child porn charges while the DOJ ostensibly built their case leading
to Monday's additional charges.
[I]nstead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with
possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while
studying at the University of Texas at Austin.
Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by
adults on his computer, though he advised one user, "Just don't put anything too illegal on there." -
New York Times
Monday's DOJ announcement adds new charges related to stealing classified national defense information from the Central Intelligence
Agency in 2016 and transmitting it to WikiLeaks ("Organization-1").
The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety
of tools to use against adversaries, including the
ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency , as well as the ability to
take control of Samsung Smart TV's and surveil a target using a "Fake Off" mode in which they appear to be powered down while eavesdropping.
The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint"
that can be used by forensic investigators to attribute multiple different attacks to the same entity .
...
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen'
from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution
by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from .
Schulte previously worked for the NSA before joining the CIA, then "left the intelligence community in 2016 and took a job in
the private sector," according to a statement reviewed in May by
The Washington Post .
Schulte also claimed that he reported "incompetent management and bureaucracy" at the CIA to that agency's inspector general
as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA
in 2016, suspicion fell upon him as "the only one to have recently departed [the CIA engineering group] on poor terms," Schulte
wrote. - WaPo
Part of that investigation, reported WaPo, has been analyzing whether the Tor network - which allows internet users to hide their
location (in theory) "was used in transmitting classified information."
In other hearings in Schulte's case, prosecutors have alleged that he used Tor at his New York apartment, but they have provided
no evidence that he did so to disclose classified information. Schulte's attorneys have said that Tor is used for all kinds of
communications and have maintained that he played no role in the Vault 7 leaks. - WaPo
Schulte says he's innocent: " Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty
of the leaks and targeted me," Schulte said. He launched
Facebook and GoFundMe pages
to raise money for his defense, which despite a $50 million goal,
has yet to r eceive a single donation.
The Post noted in May, the Vault 7 release was one of the most significant leaks in the CIA's history , "exposing secret cyberweapons
and spying techniques that might be used against the United States, according to current and former intelligence officials."
The CIA's toy chest includes:
Tools code named " Marble " can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to
their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. Per the
WikiLeaks release:
"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi.
This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator
was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators
even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."
iPads / iPhones / Android devices and Smart TV's are all susceptible to hacks and malware. The agency's "Dark Matter" project
reveals that the CIA has been bugging "factory fresh" iPhones since at least 2008 through suppliers. Another, " Sonic Screwdriver
" allows the CIA to execute code on a Mac laptop or desktop while it's booting up.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel",
developed by the CIA's Embedded Devices Branch (EDB)
, which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The Obama administration promised to disclose all serious vulnerabilities they found to Apple, Google, Microsoft, and other
US-based manufacturers. The US Government broke that commitment.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in
the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its
hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate (
"Center for Cyber Intelligence Europe" or CCIE)
are given diplomatic ("black") passports and State Department cover.
Instant messaging encryption is a joke.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking
the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
The CIA laughs at Anti-Virus / Anti-Malware programs.
"Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside
organization . During the course of this investigation, federal agents also discovered alleged child pornography in Schulte's New
York City residence ," said Manhattan U.S. Attorney Geoffrey S. Berman.
On March 7, 2017, Organization-1 released on the Internet classified national defense material belonging to the CIA (the "Classified
Information"). In 2016, SCHULTE, who was then employed by the CIA, stole the Classified Information from a computer network at
the CIA and later transmitted it to Organization-1. SCHULTE also intentionally caused damage without authorization to a CIA computer
system by granting himself unauthorized access to the system, deleting records of his activities, and denying others access to
the system . SCHULTE subsequently made material false statements to FBI agents concerning his conduct at the CIA.
Schulte faces 135 years in prison if convicted on all 13 charges:
Illegal Gathering of National Defense Information, 18 U.S.C. §§ 793(b) and 2
Illegal Transmission of Lawfully Possessed National Defense Information, 18 U.S.C. §§ 793(d) and 2
Illegal Transmission of Unlawfully Possessed National Defense Information, 18 U.S.C. §§ 793(e) and 2
Unauthorized Access to a Computer To Obtain Classified Information, 18 U.S.C. §§ 1030(a)(1) and 2
Theft of Government Property, 18 U.S.C. §§ 641 and 2
Unauthorized Access of a Computer to Obtain Information from a Department or Agency of the United States, 18 U.S.C. §§ 1030(a)(2)
and 2
Causing Transmission of a Harmful Computer Program, Information, Code, or Command, 18 U.S.C. §§ 1030(a)(5) and 2
Making False Statements, 18 U.S.C. §§ 1001 and 2
Obstruction of Justice, 18 U.S.C. §§ 1503 and 2
Receipt of Child Pornography, 18 U.S.C. §§ 2252A(a)(2)(B), (b)(1), and 2
Possession of Child Pornography, 18 U.S.C. §§ 2252A(a)(5)(B), (b)(2), and 2
Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)
Seems like everyone has kiddy porn magically appear and get discovered after they piss off the deep state bastards.
And the best part is that it's probably just the deep state operatives' own private pedo collections that they use to frame
anyone who they don't like.
I was thinking about the advancement of the technology necessary for that. They can do perfect fake stills already.
My thought is that you will soon need to film yourself 24/7 (with timestamps, shared with a blockchain-like verifiably) so
that you can disprove fake video evidence by having a filmed alibi.
Ironically, every single ex gov whistle blower (/pedophile) has the exact same kiddie porn data on their secret server (hidden
in plane view at the apartment). Joe CIA probably has a zip drive preloaded with titled data sets like "Podesta's Greatest Hits",
"Hillary's Honey bunnies" or "Willy go to the zoo". Like the mix tapes you used to make for a new gal you were trying to date.
Depending upon the mood of the agent in charge, 10,000 images of Weiner's "Warm Pizza" playlist magically appear on the server
in 3-2-1... Gotcha!
These false fingerprint tactics were all over the trump accusations which started the whole Russia Russia Russia ordeal. And
the Russia ordeal was conceptualized in a paid report to Podesta by the Bensenson Group called the Salvage Program when it was
appearant that Trump could possible win and the DNC needed ideas on how to throw the voters off at the polls. Russia is coming
/Red dawn was #1 or #2 on the list of 7 recommended ploys. The final one was crazy.. If Trump appeared to win the election, imagery
of Jesus and an Alien Invasion was to be projected into the skies to cause mass panic and create a demand for free zanex to be
handed out to the panic stricken.
Don't forget Black Lives Matters. That was idea #4 of this Bensenson report, to create civil unrest and a race war. Notice
how BLM and Antifa manically disappeared after Nov 4. All a ploy by the Dems & the deep state to remain in control of the countrys
power.
Back to the topic at hand. Its a wonder he didn't get Seth Riched. Too many porn servers and we will begin to question the
legitimacy. Oh wait...
You won't find any kiddie porn on Hillary's or DeNiros laptop. Oh its there. You just will never ever hear about it.
The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide
variety of tools to use against adversaries, including
the ability to "spoof" its malware to appear
as though it was created by a foreign intelligence agency ....
It probably can spoof child porn as well.
Is he charged with copyright infringement for pirating child porn?
The intel community sure has a knack for sussing out purveyors of child pornography. It's probably just a coincidence govt
agencies and child pornography are inextricably linked.
It's very easy for a criminal spook to plant child porn on some poor slob's machine - especially when they want to keep him
on the hook to sink his ass for something bigger in the future. Who knows... this guy may have done some shit but I'm willing
to bet he was entirely targeted by these IC assholes. Facing 135 years in prison... yet that baggy ass cunt Hillary walks free...
Funny how they always seem to have a "sting" operation in progress when there's anyone the DC rats want to destroy but strangely,
or not, silent as the grave when one of the special people are fingered.
Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you
don't like would be a piece of cake, comparatively speaking.
Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you
don't like would be a piece of cake, comparatively speaking.
The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies
& adversaries are Chilling.
The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography,
national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then
"found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something
on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source.
The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should
be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant
any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them
onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up
liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power.
Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately.
Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so.
The Echelon Computer System Catch Everything
The Flagging goes to Notify the Appropriate Alphabet,,,...Key Words Phrases...Algorithms,...It all gets sucked up and chewed
on and spat out to the surmised computed correct departments...That simple.
Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance,
Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch
& DIA James Clapper, CIA John Breanan.
Since 911, they've been "protecting" the shit out of us. "protecting" away every last fiber of liberty. Was watching some fact-based
media about the CIA's failed plan to install Yeltsin's successor via a Wallstreet banking cartel bet (see, LTCM implosion). The
ultimate objectives were to rape and loot post-Soviet Russian resources and enforce regime change. It's such a tired playbook
at this point. Who DOESNT know about this sort of affront? Apparently even nobel prize economists cant prevent a nation from failing
lol. The ultimate in vanity; our gubmint and its' shadow controllers.
This is because people who are smart enough to write walware for the CIA send messages in the clear about child porn and are
too dumb to encrypt images with a key that would take the lifetime of the universe to break.
Next his mother will be found to have a tax problem and his brother's credit rating zeroed out.
Meanwhile Comey will be found to have been "careless".
Yeah I don't believe for a second that this guy had anything to do with child porn. Not like Obama and his hotdogs or Clintons
at pedo island, or how bout uncle pervie podesta? go after them, goons and spooks. They (intelligence agencies) falsely accuse
people of exactly what they are ass-deep in. loses credibility with me when the CIA clowns or NSA fuck ups accuse anyone of child
porn; especially one of their former employees who is 'disgruntled'. LOL. another spook railroad job done on a whistleblower.
fuck the CIA and all 17 alphabet agencies who spy on us 24/7. Just ask, if you want to snoop on me. I may even tell you what I'm
up to because I have nothing that I would hide since, I don't give a shit about you or whether you approve of what I am doing.
"Yeah I don't believe for a second that this guy had anything to do with child porn."
Speculation by my part: He was running a Tor server, and the porn originated from other Tor users. If that is the case ( it
would be easy for law enforcement to just assume it was his) law enforcement enjoys a quick and easy case.
It really doesn't matter if someone wants to hide. That is their right. Only Nazi's like our spy agencies would use the old
Gestapo line, "If you have nothing to hide then you have nothing to worry about. Or better yet, you should let me turn your life
upside down if you have nothing to hide. " Bullshit! It's none of their fucking business. How bout that? Spooks and secret clowns
CAN and DO frame anybody for whatever or murder whomever they wish. So why WOULDNT people be afraid when government goons start
sticking their big snouts into their lives??? They can ruin your life for the sake of convenience. Zee Furor is not pleased with
your attitude, comrade.
"... Let me just say this: the President used the word "wiretapping" but I think it was very clear to us that have been in the intelligence business, that this was a synonym for "surveillance". ..."
"... When I was in senior position in CIA's counterterrorism center, I had a deputy who was an FBI officer. An office in FBI HQ down in Washington had an FBI lead with a CIA deputy. There's a lot more cooperation than one would think. There are individuals that do assignments in each other's organisations to help foster levels of cooperation. I had members of NSA in my staff when I was at CIA, members of diplomatic security, members of Alcohol, Tobacco and Firearms, and it was run like a task force, so, there's a lot more cooperation than the media presents, they always think that there are these huge major battles between the organisations and that's rarely true. ..."
"... John Brennan is acting more like a political operative than a former director of CIA. ..."
The mighty CIA has fallen victim to a major breach, with WikiLeaks revealing the true scope of the Agency's ability for cyber-espionage.
Its tools seem to be aimed at ordinary citizens your phone, your car, your TV, even your fridge can become an instrument of surveillance
in the hands of the CIA. How does the CIA use these tools, and why do they need them in the first place?
And as WikiLeaks promises even more revelations, how is all of this going to shape the already tense relationship between new
president and the intelligence community?
A man who has spent over two decades in the CIA's clandestine service Gary Berntsen is on SophieCo.
Sophie Shevardnadze: Gary Berntsen, former CIA official, welcome to the show, great to have you with us.
Now, Vault 7, a major batch of CIA docs revealed by Wikileaks uncovers the agency's cyber tools. We're talking about world's most
powerful intelligence agency - how exactly did the CIA lose control of its arsenal of hacking weapons?
Gary Berntsen:
First off, I'd like to say that the world has changed a lot in the last several decades, and people are communicating in
many different ways and intelligence services, whether they be American or Russian, are covering these communications and their coverage
of those communications has evolved. Without commenting on the specific validity of those tools, it was clear that the CIA was surely
using contractors to be involved in this process, not just staff officers, and that individuals decided that they had problems with
U.S. policy, and have leaked these things to Wikileaks. This is a large problem, for the U.S. community, but just as the U.S. is
having problems, the Russia face similar problems. Just this week you had multiple members of the FSB charged with hacking as well,
and they have been charged by the U.S. government. So both services who are competitors, face challenges as we've entered a new era
of mass communications.
SS: So like you're saying, the leaker or leakers of the CIA docs is presumably a CIA contractor - should
the agency be spending more effort on vetting its own officers? Is the process rigorous enough?
GB: Clearly.
Look There have been individuals since the dawn of history. Espionage is the second oldest occupation, have conducted spying
and espionage operations, and there have been people who have turned against their own side and worked for competitors and worked
for those opposing the country or the group that they're working with. It's been a problem from the beginning, and it continues
to be a problem, and the U.S. clearly is going to have to do a much better job at vetting those individuals who are given security
clearances, without a doubt.
SS: The CIA studied the flaws in the software of devices like iPhones, Androids, Smart TVs, apps
like Whatsapp that left them exposed to hacking, but didn't care about patching those up - so, in essence the agency chose
to leave Americans vulnerable to cyberattacks, rather than protect them?
GB: I think you have to understand, in this world that we're operating and the number one target of our intelligence
community are terrorists. Since the attacks of 9\11, 16 years ago, the obsession of the American intelligence community is to
identify those planning terrorist attacks, collecting information on them and being able to defeat them. These individuals are
using all these means of communication. I have spoken with many security services around the world, since my retirement back in
2005-2006, a lot of them have had problems covering the communications of somebody's very devices and programs that you've talked
about - whether they be narcotraffickers or salafist jihadists, they are all piggybacking off of commercial communications. Therefore
the need for modern intelligence services to sort of provide coverage of all means of communications. And there's a price that
you pay for that.
SS: One of the most disturbing parts of the leaks is the "Weeping Angel" program - CIA hacking into
Samsung Smart TVs to record what's going on even when the TV appears to be turned off. Why are the CIA's tools designed to penetrate
devices used by ordinary Western citizens at home?
GB: Look, I wouldn't say it has anything to do with Western homes, because the CIA doesn't do technical operations
against American citizens - that's prohibited by the law. If the CIA does anything in the U.S., it does it side-by-side with the
FBI, and it does it according to FISA - the Foreign Intelligence and Surveillance Act laws. It's gotta go to the judge to do those
things. Those tools are used primarily against the individuals and terrorists that are targeting the U.S. or other foreign entities
that we see as a significant threat to the U.S. national security, which is the normal functioning of any intelligence service.
SS: Just like you say, the CIA insists it never uses its investigative tools on American citizens
in the US, but, we're wondering, exactly how many terrorist camps in the Middle East have Samsung Smart TVs to watch their favorite
shows on? Does it seem like the CIA lost its direction?
GB: Plenty of them.
SS: Plenty?...
GB: I've travelled in the Middle East, Samsungs are sold everywhere. Sophie, Samsung TVs are sold all over
the world. I've spent a lot of time in the Middle East, I've seen them in Afghanistan, I've seen them everywhere. So, any kind
of devices that you can imagine, people are using everywhere. We're in a global economy now.
SS: The CIA has tools to hack iPhones - but they make up only around 15 % of the world's smartphone
market. IPhones are not popular among terrorists, but they are among business and political elites - so are they the real target
here?
GB: No. The CIA in relative terms to the size of the world is a small organisation. It is an organisation
that has roughly 20 or more thousand people - it's not that large in terms of covering a planet with 7 billion people. We have
significant threats to the U.S. and to the Western world. We live in an age of super-terrorism, we live in an age when individuals,
small groups of people, can leverage technology at a lethal effect. The greatest threats to this planet are not just nuclear,
they are bio. The U.S. needs to have as many tools as possible to defend itself against these threats, as does Russia want to
have similar types of tools to defend itself. You too, Russian people have suffered from a number of terrible terrorist acts.
SS: Wikileaks suggest the CIA copied the hacking habits of other nations to create a fake electronic
trace - why would the CIA need that?
GB: The CIA, as any intelligence service, would look to conduct coverage in the most unobtrusive fashion as
possible. It is going to do its operations so that they can collect and collect again and again against terrorist organisations,
where and whenever it can, because sometimes threats are not just static, they are continuous.
SS: You know this better, so enlighten me: does the he CIA have the authorisation to create the
surveillance tools it had in the first place? Who gives it such authorisation?
GB: The CIA was created in 1947 by the National Security Act of the U.S. and does two different things - it
does FI (foreign intelligence) collection and it does CA - covert action. Its rules for collection of intelligence were enshrined
in the law that created it, the CIA Act 110, in 1949, but the covert action part of this, where it does active measures, when
it gets involved in things - all of those are covered by law. The Presidential finding had to be written, it had to be presented
to the President. The President's signs off on those things. Those things are then briefed to members of Congress, or the House
Permanent Subcommittee for Intelligence and the Senate Select Committee for Intelligence. We have a very rigorous process of review
of the activities of our intelligence communities in the U.S.
SS: But you're talking about the activities in terms of operations. I'm just asking - does CIA need
any authorisation or permission to create the tools it has in its arsenal? Or it can just go ahead
GB: Those tools and the creation of collection tools falls
under the same laws that allowed the CIA to be established. And that was the 1949 Intelligence Act. And also, subsequently, the
laws in 1975. Yes.
SS: So, the CIA programme names are quite colourful, sometimes wacky - "Weeping Angel", "Swamp
Monkey", "Brutal Kangaroo" - is there a point to these, is there any logic, or are they completely random? I always wondered...
GB: There's absolutely no point to that, and it's random.
SS:Okay, so how do you come up with those names? Who like, one says: "Monkey" and another one says: "Kangaroo"?...
GB: I'm sure they are computer-generated.
SS: Trump accused Obama of wiretapping him during the campaign Could the CIA have actually spied
on the president? It seems like the agency doesn't have the best relationship with Donald Trump - how far can they go?
GB: Let me just say this: the President used the word "wiretapping" but I think it was very clear to us that
have been in the intelligence business, that this was a synonym for "surveillance". Because most people are on cellphones, people
aren't using landlines anymore, so there's no "wiretapping", okay. These all fall under the Intelligence Surveillance Act, as
I stated earlier, this thing existing in the U.S.. It was clear to President Trump and to those in his campaign, after they were
elected, and they did a review back that the Obama Administration sought FISA authorisation to do surveillance of the Trump campaign
in July and then in October. They were denied in July, they were given approval in October, and in October they did some types
of surveillance of the Trump campaign. This is why the President, of course, tweeted, that he had been "wiretapped" - of course
"wiretapping" being a synonym for the surveillance against his campaign, which was never heard of in the U.S. political history
that I can remember, I can't recall any way of this being done. It's an outrage, and at the same time, Congressional hearings
are going to be held and they are going to review all of these things, and they are going to find out exactly what happened and
what was done. It's unclear right now, but all we do know - and it has been broken in the media that there were two efforts, and
at the second one, the authorisation was given. That would never have been done by the CIA, because they don't do that sort of
coverage in the U.S.. That would either be the FBI or the NSA, with legal authorities and those authorities the problem that
the Trump administration had is they believed that the information from these things was distributed incorrectly. Any time an
American - and this is according to the U.S. law - any time an American is on the wire in the U.S., their names got to be
minimized from this and it clearly wasn't done and the Trump administration was put in a bad light because of this.
SS: If what you're saying is true, how does that fall under foreign intelligence? Is that more of
the FBI-NSA expertise?
GB: It was FBI and NSA - it was clearly the FBI and the NSA that were involved, it would never have been the
CIA doing that, they don't listen to telephones in the U.S., they read the product of other agencies that would provide those
things, but clearly, there were individuals on those phone calls that they believed were foreign and were targeting those with
potential communications with the Trump campaign. Let's be clear here - General Clapper, the DNI for President Obama, stated before
he left office, that there was no, I repeat, no evidence of collusion between the Trump campaign and Russia. This has been something
that has been dragged out again, and again, and again, by the media. This is a continuing drumbeat of the mainstream, left-wing
media of the U.S., to paint the President in the poorest light, to attempt to discredit Donald Trump.
SS: With the intelligence agencies bringing down Trump's advisors like Michael Flynn - and you said
the people behind that were Obama's loyalists - can we talk about the intelligence agencies being too independent from the White
House, playing their own politics?
GB: I think part of the problem that we've seen during the handover of power from President Obama to President
Trump was that there was a number of holdovers that went from political appointee to career status that had been placed in the
NatSec apparatus and certain parts of the intelligence organisations. It is clear that President Trump and his team are determined
to remove those people to make sure that there's a continuity of purpose and people aren't leaking information that would put
the Administration into a negative light. That's the goal of the administration, to conduct itself consistent with the goals of
securing the country from terrorism and other potential threats - whether they be counter-narcotics, or intelligence agencies
trying to breach our you know, the information that we hold secure.
SS: Here's a bit of conspiracy theories - could it be that the domestic surveillance agencies like
the NSA or the FBI orchestrated the Vault 7 leaks - to damage CIA, stop it from infringing on their turf?
GB :I really don't think so and that is conspiracy thinking. You have to understand something, in the
intelligence communities in the U.S., whether it be the CIA and FBI, we've done a lot of cross-fertilizations. When I was in senior
position in CIA's counterterrorism center, I had a deputy who was an FBI officer. An office in FBI HQ down in Washington had an
FBI lead with a CIA deputy. There's a lot more cooperation than one would think. There are individuals that do assignments in
each other's organisations to help foster levels of cooperation. I had members of NSA in my staff when I was at CIA, members of
diplomatic security, members of Alcohol, Tobacco and Firearms, and it was run like a task force, so, there's a lot more cooperation
than the media presents, they always think that there are these huge major battles between the organisations and that's rarely
true.
SS: Generally speaking - is there rivalry between American intel agencies at all? Competition for
resources, maybe?
GB: I think, sometimes, between the Bureau and the CIA - the CIA is the dominant agency abroad, and the FBI
is the dominant agency in the U.S. What they do abroad, they frequently have to get cleared by us, what we do domestically, we
have to get cleared by them, and sometimes there's some friction, but usually, we're able to work this out. It makes for great
news, the CIA fighting FBI, but the reality is that there's a lot more cooperation than confrontation. We are all in the business
of trying to secure the American homeland and American interests globally.
SS: I'm still thinking a lot about the whole point of having this hacking arsenal for the CIA since
you talk on their behalf - the possibility to hack phones, computers, TVs and cars - if the actual terrorist attacks on US soil,
like San Bernardino, Orlando are still missed?
GB: Look. There are hundreds of individuals, if not thousands, planning efforts against the U.S. at any
time. It can be many-many things. And the U.S. security services, there's the CIA, the FBI, NSA - block many-many of these things,
but it is impossible to stop them all. Remember, this is an open society here, in America, with 320 million people, here. We try
to foster open economic system, we allow more immigration to America than all countries in the world combined. This is a great
political experiment here, but it's also very difficult to police. There are times that the U.S. security services are going to
fail. It's inevitable. We just have to try the best we can, do the best job that we can, while protecting the values that attract
so many people to the U.S.
SS:The former CIA director John Brennan is saying Trump's order to temporarily ban travel from some
Muslim states is not going to help fight terrorism in 'any significant way'. And the countries where the terrorists have previously
come from - like Saudi Arabia, or Afghanistan, it's true - aren't on the list. So does he maybe have a point?
GB: John Brennan is acting more like a political operative than a former director of CIA. The countries that
Mr. Trump had banned initially, or at least had put a partial, sort of a delay - where states like Somalia, Libya, the Sudan,
Iran - places where we couldn't trust local vetting. Remember something, when someone immigrates to the U.S., we have what's called
an "immigration packet": they may have to get a chest X-ray to make sure they don't bring any diseases with them, they have to
have background check on any place they've ever lived, and in most of these places there are no security forces to do background
checks on people that came from Damascus, because parts of Damascus are totally destroyed - there's been warfare. It is actually
a very reasonable thing for President Trump to ask for delay in these areas. Look, the Crown-Prince, the Deputy Crown-Prince of
Saudi Arabia was just in the United States and met with Donald Trump, and he said he didn't believe it was a "ban on Muslims".
This was not a "ban on Muslims", it was an effort to slow down and to create more opportunity to vet those individuals coming
from states where there's a preponderance of terrorist organisations operating. A reasonable step by President Trump, something
he promised during the campaign, something he's fulfilling. But again, I repeat - America allows more immigration into the U.S.,
than all countries combined. So, we really don't need to be lectured on who we let in and who we don't let in.
SS: But I still wonder if the Crown-Prince would've had the same comment had Saudi Arabia been on
that ban list. Anyways, Michael Hayden, ex-CIA
GB: Wait a second, Sophie - the Saudis have a reasonable form to police their society, and they provide accurate
police checks. If they didn't create accurate police checks, we would've given the delay to them as well.
SS: Ok, I got your point. Now, Michael Hayden, ex-CIA and NSA chief, pointed out that the US intelligence
enlists agents in the Muslim world with the promise of eventual emigration to America - is Trump's travel ban order going to hurt
American intelligence gathering efforts in the Middle East?
GB: No, the question here - there were individuals that worked as translators for us in Afghanistan and Iraq
and serving in such roles as translators, they were promised the ability to immigrate to the United States. Unfortunately, some
of them were blocked in the first ban that was put down, because individuals who wrote that, didn't consider that. That has been
considered in the re-write, that the Trump administration had submitted, which is now being attacked by a judge in Hawaii, and
so it was taken into consideration, but the objective here was to help those that helped U.S. forces on the ground, especially
those who were translators, in ground combat operations, where they risked their lives alongside American soldiers.
SS: You worked in Afghanistan - you were close to capturing Bin Laden back in 2001 - what kind of
spying tools are actually used on the ground by the CIA to catch terrorists?
GB: The CIA as does any intelligence service in the world, is a human business. It's a business where we work
with local security forces to strengthen their police and intelligence forces, we attempt to leverage them, we have our own people
on the ground that speak the language, we're trying to help build transportation there. There's no "secret sauce" here. There's
no super-technology that changes the country's ability to conduct intelligence collections or operations. In Afghanistan the greatest
thing that the U.S. has is broad support and assistance to Afghan men and women across the country. We liberated half of the population,
and for women were providing education, and when the people see what we were doing: trying to build schools, providing USAID projects
- all of these things - this makes the population willing to work with and support the United States. Frequently, members of the
insurgence groups will see this and sometimes they do actually cross the lines and cooperate with us. So, it's a full range of
American political power, whether it's hard or soft, that is the strength of the American intelligence services - because
people in the world actually believe - and correctly so - that American more than generally a force of good in the world.
SS: Gary, thank you so much for this interesting interview and insight into the world of the CIA.
We've been talking to Gary Berntsen, former top CIA officer, veteran of the agency, talking about the politics of American intelligence
in the Trump era. That's it for this edition of SophieCo, I will see you next time.
GreenPizza:
Just thinking here in the light of how things are unfolding with the CIA I am wondering since Federal crimes are committed
can the FBI investigate the CIA acting as America Federal Law Enforcement.
RedBlowDryer -> GreenPin
I think the US intelligent agencies are harming their country more than any enemy of the US.
CyanGrapes
There is a reason why JFK wanted to dismantle the CIA. This guy is lying.
PurpleWieghts
CIA needs hacking tools to make it look like it was carried out by another state simply for plausible deniability.
Carl Zaisser
a "force for good in the world"?...sounds like the American white hat-black hat myth...read Naomi Klein's "The Shock
Doctrine: The Rise of Disaster Capitalism". This is a detailed litany of America's various kinds of interventions in multiple
countries that cold hardly be described as "a force for good in the world"...a force for "America's values" (read with
ironically), perhaps
Carl Zaisser
WHO is responsible for the outbreak of chaotic warfare in Libya and Syria?
Should we trust the Saudi vetting services...think of who the September 11 bombers were? Was there another reason they were
not on Trump's banned countries list? Too big to mess with, i.e., oil and weapons sales?
GreenPin
Amazing how they justify their destructive behaviour in a way as they are serving America people and doing good around the
wold. You can sugar count your crimes against humanity as much as you can, but the reality of today' human misery speaks for
itself.
waterbearer
since the United States was founded in 1776, she has been at war during 214 out of her 235 calendar years of existence
XXX
interesting, but begs the question "Can we really trust what this guy tells us?" If not, what parts can we trust, and what
parts can't we?
XXX
You'd have to deconstruct his talking points and I don't know how that is done. Intelligence probably knows how to do that. I
noticed he was becoming more zealous on hegemony and exceptionalism as the interview neared the end.
I agree. Bernsten is almost like-ably energetic, but he is, in the end, an uncompromising warrior of the empire.
XXX
if Trump is to be controlled--they gotta have some dirt--or threat against his family --it's how they operate---
XXX
Mr. Berntsen left out the very important NSC10/2 legislation, which gave the CIA free reign with deniability as the cover.
This needs to be repealed. With this legislation, the CIA answers to no one, and goes around the world wrecking havoc with the
governments and people where they like. We will never have peace until that legislation is repealed.
XXX
This is why interesting books to read about the history of the CIA.
The Dulles brothers,
David Talbot: The Devil's Chessboard,
Fletcher Prouty: The Secret Team.
XXX
I applaud former CIA and FBI Gary Bernstein for speaking out on the most powerful intelligence networks on the planet
regarding their surveillance activities. Every nation needs intelligence to safeguard but if we go beyond the call of duty and
get exposed .this leaves Pres Trump and his Adm with no option but to consider corrective measures with a visit to Langley
etc.. Here again the failures of Liberalism are coming up in the wash for cleaning up.
XXX
Liberalism has not been running the country for the last 54 years. We have been under a coup government and just got used
to it.
Now, the prime suspect in the breach has been identified: a 29-year-old
former C.I.A. software engineer who had designed malware used to break into the computers of terrorism
suspects and other targets, The New York Times has learned.
Agents with the Federal Bureau of Investigation searched the Manhattan
apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A.
documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport,
according to court records and relatives. The search warrant application said Mr. Schulte was suspected of
"distribution of national defense information," and agents told the court they had retrieved "N.S.A. and
C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics.
But instead of charging Mr. Schulte in the breach, referred to as the Vault
7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found
10,000 illicit images on a server he created as a business in 2009 while studying at the University of Texas
at Austin.
Court papers quote messages from Mr. Schulte that suggest he was aware of
the encrypted images of children being molested by adults on his computer, though he advised one user, "Just
don't put anything too illegal on there."
In September, Mr. Schulte was released on the condition that he not leave
New York City, where he lived with a cousin, and keep off computers. He was jailed in December after
prosecutors found evidence that he had violated those rules, and he has been held at the Metropolitan
Correctional Center in Manhattan since then. He has
posted on Facebook under a pseudonym a series of essays
critical of the criminal justice system.
It is unclear why, more than a year after he was arrested, he has not been
charged or cleared in connection with Vault 7. Leak investigators have had access to electronic audit trails
inside the C.I.A. that may indicate who accessed the files that were stolen, and they have had possession of
Mr. Schulte's personal data for many months.
... ... ...
According to his family and
his
LinkedIn page
, Mr. Schulte did an internship at the National Security Agency while working on a bachelor's degree in computer
engineering. He worked in the C.I.A.'s Engineering Development Group, which designed the hacking tools used by its Center for
Cyber Intelligence. He left the agency in November 2016 and moved to New York to work for Bloomberg L.P. as a software engineer.
Most of the government's cyberespionage is carried out by the N.S.A., but the C.I.A. also employs hackers. The leaked Vault 7
documents came from the agency's Engineering Development Group and included descriptions and instructions for the use of agency
hacking tools, but only a small amount of the actual computer code for the tools.
"... All this speech to stifle speech comes in reaction to the first publication in the start of WikiLeaks' "Vault 7" series. Vault 7 has begun publishing evidence of remarkable CIA incompetence and other shortcomings. This includes the agency's creation, at a cost of billions of taxpayer dollars, of an entire arsenal of cyber viruses and hacking programs -- over which it promptly lost control and then tried to cover up the loss. These publications also revealed the CIA's efforts to infect the public's ubiquitous consumer products and automobiles with computer viruses. ..."
"... President Theodore Roosevelt understood the danger of giving in to those "foolish or traitorous persons who endeavor to make it a crime to tell the truth about the Administration when the Administration is guilty of incompetence or other shortcomings." Such "endeavor is itself a crime against the nation," Roosevelt wrote. President Trump and his officials should heed that advice ..."
Mike Pompeo, in his first speech as director of the CIA, chose to declare war on free speech
rather than on the United States' actual adversaries. He went after WikiLeaks, where I serve as
editor, as a "non-state hostile intelligence service." In Pompeo's worldview, telling the truth
about the administration can be a crime -- as Attorney General Jeff Sessions quickly
underscored when he described my arrest as a "priority." News organizations reported that
federal prosecutors are weighing whether to bring charges against members of WikiLeaks,
possibly including conspiracy, theft of government property and violating the Espionage
Act.
All this speech to stifle speech comes in reaction to the first publication in the start
of WikiLeaks' "Vault 7" series. Vault 7 has begun publishing evidence of remarkable CIA
incompetence and other shortcomings. This includes the agency's creation, at a cost of billions
of taxpayer dollars, of an entire arsenal of cyber viruses and hacking programs -- over which
it promptly lost control and then tried to cover up the loss. These publications also revealed
the CIA's efforts to infect the public's ubiquitous consumer products and automobiles with
computer viruses.
When the director of the CIA, an unelected public servant, publicly demonizes a publisher
such as WikiLeaks as a "fraud," "coward" and "enemy," it puts all journalists on notice, or
should. Pompeo's next talking point, unsupported by fact, that WikiLeaks is a "non-state
hostile intelligence service," is a dagger aimed at Americans' constitutional right to receive
honest information about their government. This accusation mirrors attempts throughout history
by bureaucrats seeking, and failing, to criminalize speech that reveals their own failings.
President Theodore Roosevelt understood the danger of giving in to those "foolish or
traitorous persons who endeavor to make it a crime to tell the truth about the Administration
when the Administration is guilty of incompetence or other shortcomings." Such "endeavor is
itself a crime against the nation," Roosevelt wrote. President Trump and his officials should
heed that advice .
"... What has however become clear in recent days is that the 'Gerasimov Doctrine' was not invented by its supposed author, but by a British academic, Mark Galeotti, who has now confessed – although in a way clearly designed to maintain as much of the 'narrative' as possible. ..."
"... Three days ago, an article by Galleoti appeared in 'Foreign Policy' entitled 'I'm Sorry for Creating the "Gerasimov Doctrine": I was the first to write about Russia's infamous high-tech military strategy. One small problem: it doesn't exist.' ..."
"... The translation of the original article by Gerasimov with annotations by Galeotti which provoked the whole hysteria turns out to be a classic example of what I am inclined to term 'bad Straussianism.' ..."
"... What Strauss would have called the 'exoteric' meaning of the article quite clearly has to do with defensive strategies aimed at combatting the kind of Western 'régime change' projects about which people like those who write for 'Lawfare' are so enthusiastic. But Galeotti tells us that this is, at least partially, a cover for an 'esoteric' meaning, which has to do with offensive actions in Ukraine and similar places. ..."
More material on the British end of the conspiracy.
Commenting on an earlier piece by PT, I suggested that a key piece of evidence pointing to
'Guccifer 2.0' being a fake personality created by the conspirators in their attempt to
disguise the fact that the materials from the DNC published by 'WikiLeaks' were obtained by a
leak rather than a hack had to do with the involvement of the former GCHQ person Matt
Tait.
To recapitulate: Back in June 2016, hard on the heels of the claim by Dmitri Alperovitch
of 'CrowdStrike' to have identified clinching evidence making the GRU prime suspects, Tait
announced that, although initially unconvinced, he had found a 'smoking gun' in the
'metadata' of the documents released by 'Guccifer 2.0.'
A key part of this was the use by someone modifying a document of 'Felix Edmundovich'
– the name and patronymic of Dzerzhinsky, the Lithuanian-Polish noble who created the
Soviet secret police.
As I noted, Tait was generally identified as a former GCHQ employee who now ran a
consultancy called 'Capital Alpha Security.' However, checking Companies House records
revealed that he had filed 'dormant accounts' for the company. So it looks as though the
company was simply a 'front', designed to fool 'useful idiots' into believing he was an
objective analyst.
As I also noted in those comments, Tait writes the 'Lawfare' blog, one of whose founders,
Benjamin Wittes, looks as though he may himself have been involved in the conspiracy up to
the hilt. Furthermore, a secure income now appears to have been provided to replace that from
the non-existent consultancy, in the shape of a position at the 'Robert S. Strauss Center for
International Security and Law', run by Robert Chesney, a co-founder with Wittes of
'Lawfare.'
A crucial part of the story, however, is that the notion of GRU responsibility for the
supposed 'hacks' appears to be part of a wider 'narrative' about the supposed 'Gerasimov
Doctrine.' From the 'View from Langley' provided to Bret Stephens by CIA Director Mike Pompeo
at the 'Aspen Security Forum' last July:
'I hearken back to something called the Gerasimov doctrine from the early 70s, he's now
the head of the – I'm a Cold War guy, forgive me if I mention Soviet Union. He's now
the head of the Russian army and his idea was that you can win wars without firing a single
shot or with firing very few shots in ways that are decidedly not militaristic, and that's
what's happened. What changes is the costs; to effectuate change through cyber and through RT
and Sputnik, their news outlets, and through other soft means; has just really been lowered,
right. It used to be it was expensive to run an ad on a television station now you simply go
online and propagate your message. And so they have they have found an effective tool, an
easy way to go reach into our systems, and into our culture to achieve the outcomes they are
looking for.'
What has however become clear in recent days is that the 'Gerasimov Doctrine' was not
invented by its supposed author, but by a British academic, Mark Galeotti, who has now
confessed – although in a way clearly designed to maintain as much of the 'narrative'
as possible.
Three days ago, an article by Galleoti appeared in 'Foreign Policy' entitled 'I'm
Sorry for Creating the "Gerasimov Doctrine": I was the first to write about Russia's infamous
high-tech military strategy. One small problem: it doesn't exist.'
'Gerasimov was actually talking about how the Kremlin understands what happened in the
"Arab Spring" uprisings, the "color revolutions" against pro-Moscow regimes in Russia's
neighborhood, and in due course Ukraine's "Maidan" revolt. The Russians honestly –
however wrongly – believe that these were not genuine protests against brutal and
corrupt governments, but regime changes orchestrated in Washington, or rather, Langley. This
wasn't a "doctrine" as the Russians understand it, for future adventures abroad: Gerasimov
was trying to work out how to fight, not promote, such uprisings at home.'
The translation of the original article by Gerasimov with annotations by Galeotti
which provoked the whole hysteria turns out to be a classic example of what I am inclined to
term 'bad Straussianism.'
What Strauss would have called the 'exoteric' meaning of the article quite clearly has
to do with defensive strategies aimed at combatting the kind of Western 'régime
change' projects about which people like those who write for 'Lawfare' are so enthusiastic.
But Galeotti tells us that this is, at least partially, a cover for an 'esoteric' meaning,
which has to do with offensive actions in Ukraine and similar places.
Having now read the text of the article, I can see a peculiar irony in it. In a section
entitled 'You Can't Generate Ideas On Command', Gerasimov suggests that 'The state of Russian
military science today cannot be compared with the flowering of military-theoretical thought
in our country on the eve of World War II.'
According to the 'exoteric' meaning of the article, it is not possible to blame anyone in
particular for this situation. But Gerasimov goes on on to remark that, while at the time of
that flowering there were 'no people with higher degrees' or 'academic schools or
departments', there were 'extraordinary personalities with brilliant ideas', who he terms
'fanatics in the best sense of the word.'
Again, Galeotti discounts the suggestion that nobody is to blame, assuming an 'esoteric
meaning', and remarking: 'Ouch. Who is he slapping here?'
Actually, Gerasimov refers by name to two, utterly different figures, who certainly were
'extraordinarily personalities with brilliant ideas.'
If Pompeo had even the highly amateurish grasp of the history of debates among Soviet
military theorists that I have managed to acquire he would be aware that one of the things
which was actually happening in the 'Seventies was the rediscovery of the ideas of Alexander
Svechin.
Confirming my sense that this has continued on, Gerasimov ends by using Svechin to point
up an intractable problem: it can be extraordinarily difficult to anticipate the conditions
of a war, and crucial not to impose a standardised template likely to be inappropriate, but
one has to make some kinds of prediction in order to plan.
Immediately after the passage which Galeotti interprets as a dig at some colleague,
Gerasimov elaborates his reference to 'extraordinary people with brilliant ideas' by
referring to an anticipation of a future war, which proved prescient, from a very different
figure to Svechin:
'People like, for instance, Georgy Isserson, who, despite the views he formed in the
prewar years, published the book "New Forms Of Combat." In it, this Soviet military
theoretician predicted: "War in general is not declared. It simply begins with already
developed military forces. Mobilization and concentration is not part of the period after the
onset of the state of war as was the case in 1914 but rather, unnoticed, proceeds long before
that." The fate of this "prophet of the Fatherland" unfolded tragically. Our country paid in
great quantities of blood for not listening to the conclusions of this professor of the
General Staff Academy.'
Unlike Svechin, whom I have read, I was unfamiliar with Isserson. A quick Google search,
however, unearthed a mass of material in American sources – including, by good fortune,
an online text of a 2010 study by Dr Richard Harrison entitled 'Architect of Soviet Victory
in World War II: The Life and Theories of G.S. Isserson', and a presentation summarising the
volume.
Ironically, Svechin and Isserson were on opposite sides of fundamental divides. So the
former, an ethnic Russian from Odessa, was one of the 'genstabisty', the former Tsarist
General Staff officers who sided with the Bolsheviks and played a critical role in teaching
the Red Army how to fight. Meanwhile Isserson was a very different product of the
'borderlands' – the son of a Jewish doctor, brought up in Kaunas, with a German Jewish
mother from what was then Königsberg, giving him an easy facility with German-language
sources.
The originator of the crucial concept of 'operational' art – the notion that in
modern industrial war, the ability to handle a level intermediate between strategy and
tactics was critical to success – was actually Svechin.
Developing the ambivalence of Clausewitz, however, he stressed that both the offensive and
the defensive had their places, and that the key to success was to know which was appropriate
when and also to be able rapidly to change from one to the other. His genuflections to
Marxist-Leninist dogma, moreover, were not such as to take in any of Dzerzhinsky's
people.
By contrast, Isserson was unambiguously committed to the offensive strand in the
Clausewitzian tradition, and a Bolshevik 'true believer' (although he married the daughter of
a dispossessed ethnically Russian merchant, who had their daughter baptised without his
knowledge.)
As Harrison brings out, Isserson's working through of the problems of offensive
'operational art' would be critical to the eventual success of the Red Army against Hitler.
However, the specific text to which he refers was, ironically, a warning of precisely one of
the problems implicit in the single-minded reliance on the offensive: the possibility that
one could be left with no good options confronting an antagonist similarly oriented –
as turned out to be the case.
As Gerasimov intimates, while unlike Svechin, executed in 1938, Isserson survived the
Stalin years, he was another of the victims of Dzerzhinsky's heirs. Arrested shortly before
his warnings were vindicated by the German attack on 22 June 1941, he would spend the war in
the Gulag and only return to normal life after Stalin's death.
So I think that the actual text of Gerasimov's article reinforces a point I have made
previously. The 'evidence' identified by Tait is indeed a 'smoking gun.' But it emphatically
does not point towards the GRU.
Meanwhile, another moral of the tale is that Americans really should stop being taken in
by charlatan Brits like Galeotti, Tait, and Steele.
"... The Deep State (Oligarchs and the MIC) is totally fucking loving this: they have Trump and the GOP giving them everything they ever wanted and they have the optics and distraction of an "embattled" president that claims to be against or a victim of the "deep state" and a base that rally's, circles the wagons around him, and falls for the narrative. ..."
"... They know exactly who it was with the memory stick, there is always video of one form or another either in the data center or near the premises that can indicate who it was. They either have a video of Seth Rich putting the stick into the server directly, or they at least have a video of his car entering and leaving the vicinity of the ex-filtration. ..."
"... This would have been an open and shut case if shillary was not involved. Since it was involved, you can all chalk it up to the Clinton body count. I pray that it gets justice. It and the country, the world - needs justice. ..."
Kim Dotcom has once again chimed in on the DNC hack, following a Sunday morning tweet from President Trump clarifying his previous
comments on Russian meddling in the 2016 election.
In response, Dotcom tweeted " Let me assure you, the DNC hack wasn't even a hack. It was an insider with a memory stick. I know
this because I know who did it and why," adding "Special Counsel Mueller is not interested in my evidence. My lawyers wrote to him
twice. He never replied. 360 pounds! " alluding of course to Trump's "400 pound genius" comment.
Dotcom's assertion is backed up by an analysis done last year by a researcher who goes by the name Forensicator , who determined
that the DNC files were copied at
22.6 MB/s - a speed virtually impossible to achieve from halfway around the world, much less over a local network - yet a speed
typical of file transfers to a memory stick.
The local transfer theory of course blows the Russian hacking narrative out of the water, lending credibility to the theory that
the DNC "hack" was in fact an inside job, potentially implicating late DNC IT staffer, Seth Rich.
John Podesta's email was allegely successfully "hacked" (he fell victim to a
phishing scam
) in March 2016, while the DNC reported suspicious activity (the suspected Seth Rich file transfer) in late April, 2016 according
to the
Washington Post.
On May 18, 2017, Dotcom proposed that if Congress includes the Seth Rich investigation in their Russia probe, he would provide
written testimony with evidence that Seth Rich was WikiLeaks' source.
On May 19 2017 Dotcom tweeted "I knew Seth Rich. I was involved"
Three days later, Dotcom again released a guarded statement saying "I KNOW THAT SETH RICH WAS INVOLVED IN THE DNC LEAK," adding:
"I have consulted with my lawyers. I accept that my full statement should be provided to the authorities and I am prepared
to do that so that there can be a full investigation. My lawyers will speak with the authorities regarding the proper process.
If my evidence is required to be given in the United States I would be prepared to do so if appropriate arrangements are made.
I would need a guarantee from Special Counsel Mueller, on behalf of the United States, of safe passage from New Zealand to the
United States and back. In the coming days we will be communicating with the appropriate authorities to make the necessary arrangements.
In the meantime, I will make no further comment."
Dotcom knew.
While one could simply write off Dotcom's claims as an attention seeking stunt, he made several comments and a series of tweets
hinting at the upcoming email releases prior to both the WikiLeaks dumps as well as the publication of the hacked DNC emails to a
website known as "DCLeaks."
In a May 14, 2015
Bloomberg article entitled "Kim Dotcom: Julian Assange Will Be Hillary Clinton's Worst Nightmare In 2016 ": "I have to say it's
probably more Julian," who threatens Hillary, Dotcom said. " But I'm aware of some of the things that are going to be roadblocks
for her ."
Two days later, Dotcom tweeted this:
Around two months later, Kim asks a provocative question
Two weeks after that, Dotcom then tweeted "Mishandling classified info is a crime. When Hillary's emails eventually pop up on
the internet who's going to jail?"
It should thus be fairly obvious to anyone that Dotcom was somehow involved, and therefore any evidence he claims to have, should
be taken seriously as part of Mueller's investigation. Instead, as Dotcom tweeted, "Special Counsel Mueller is not interested in
my evidence. My lawyers wrote to him twice. He never replied. "
The Deep State (Oligarchs and the MIC) is totally fucking loving this: they have Trump and the GOP giving them everything
they ever wanted and they have the optics and distraction of an "embattled" president that claims to be against or a victim of
the "deep state" and a base that rally's, circles the wagons around him, and falls for the narrative.
Meanwhile they keep enacting the most Pro Deep State/MIC/Police State/Zionist/Wall Street agenda possible. And they call it
#winning
"Had to be a Russian mole with a computer stick. MSM, DNC and Muller say so."
They know exactly who it was with the memory stick, there is always video of one form or another either in the data center
or near the premises that can indicate who it was. They either have a video of Seth Rich putting the stick into the server directly,
or they at least have a video of his car entering and leaving the vicinity of the ex-filtration.
This would have been an open and shut case if shillary was not involved. Since it was involved, you can all chalk it up
to the Clinton body count. I pray that it gets justice. It and the country, the world - needs justice.
Kim is great, Assange is great. Kim is playing a double game. He wants immunity from the US GUmmint overreach that destroyed
his company and made him a prisoner in NZ.
Good on ya Kim.
His name was Seth Rich...and he will reach out from the grave and bury Killary who murdered him.
There are so many nuances to this and all are getting mentioned but the one that also stands out is that in an age of demands
for gun control by the Dems, Seth Rich is never, ever mentioned. He should be the poster child for gun control. Young man, draped
in a American flag, helping democracy, gunned down...it writes itself.
They either are afraid of the possible racial issues should it turn out to be a black man killing a white man (but why should
that matter in a gun control debate?) or they just don't want people looking at this case. I go for #2.
Funny that George Webb can figure it out, but Trump, Leader of the Free World, is sitting there with his dick in his hand waiting
for someone to save him.
Whatever he might turn out to be, this much is clear: Trump is a spineless weakling. He might be able to fuck starlets, but
he hasn't got the balls to defend either himself or the Republic.
Webb's research is also...managed. But a lot of it was/is really good (don't follow it anymore) and I agree re: SR piece of
it.
I think SR is such an interesting case. It's not really an anomaly because SO many Bush-CFR-related hits end the same way and
his had typical signatures. But his also squeels of a job done w/out much prior planning because I think SR surprised everyone.
If, in fact, that was when he was killed. Everything regarding the family's demeanor suggests no.
MANY patterns in shootings: failure in law enforcement/intelligence who were notified of problem individuals ahead of time,
ARs, mental health and SSRIs, and ongoing resistance to gun control in DC ----these are NOT coincidences. Nor are distractions
in MSM's version of events w/ controlled propaganda.
Children will stop being killed when America wakes the
fuck up and starts asking the right questions, making the right demands. It's time.
I don't think you know how these hackers have nearly ALL been intercepted by CIA--for decades now. DS has had backdoor access
to just about all of them. I agree that Kim is great, brilliant and was sabotaged but he's also cooperating. Otherwise he'd be
dead.
Bes is either "disinfo plant" or energy draining pessimist. Result is the same - to deflate your power to create a new future.
Trump saw the goal of the Fed Reserve banksters decades ago and spoke often about it. Like Prez Kennedy he wants to return
USA economy to silver or gold backed dollar then transition to new system away from the Black Magic fed reserve/ tax natl debt
machine.
The Globalist Cabal has been working to destroy the US economy ever since they income tax April 15th Lincoln at the Ford theater.
125 years. But Bes claims because Trump cannot reverse 125 years of history in one year that it is kabuki.
"... The Dulles brothers, with Allan as head of Sullivan and Cromwells' CIA were notorious facilitators for the international banksters and their subsidiary corporations which comprise the largest oil and military entities which have literally plainly stated in writing, need to occasionally "GALVANIZE" the American public through catastrophic and catalyzing events in order for Americans to be terrified into funding and fighting for those interlocked corporations in their quest to spread "FULL SPECTRUM DOMINANCE," throughout the globe. ..."
"... The book by Peter Dale Scott, "The American Deep State Wall Street, Big Oil And the Attack on American Democracy" covers in detail some of the points you mention in your reply. It is a fascinating book. ..."
Your link to the Giraldi piece is appreciated, however, Giraldi starts off on a false
premise: He claims that people generally liked and trusted the FBI and CIA up until or
shortly after 9/11. Not so! Both agencies were complicit in the most infamous assassinations
and false flag episodes since the Kennedy/MLK Vietnam days. Don't forget Air America CIA drug
running and Iran/Contra / October Surprise affairs.
The Dulles brothers, with Allan as head of Sullivan and Cromwells' CIA were notorious
facilitators for the international banksters and their subsidiary corporations which comprise
the largest oil and military entities which have literally plainly stated in writing, need to
occasionally "GALVANIZE" the American public through catastrophic and catalyzing events in
order for Americans to be terrified into funding and fighting for those interlocked
corporations in their quest to spread "FULL SPECTRUM DOMINANCE," throughout the globe.
The political parties are theatre designed to fool the people into believing we are living
in some sort of legitimate, representative system, when it's the same old plutocracy that
manages to get elected because they've long figured out the art of polarizing people and
capitalising on tribal alignments.
We should eliminate all government for a time so that people can begin to see that
corporations really do and most always have run the country.
It's preposterous to think the stupid public is actually discussing saddling ourselves and
future generations with gargantuan debt through a system designed and run by banksters!
it should be self evident a sovereign nation should maintain and forever hold the rights
to develop a monetary/financial system that serves the needs of the people, not be indentured
servants in a financial system that serves the insatiable greed of a handful of parasitic
banksters and corporate tycoons!
Joe Tedesky , February 17, 2018 at 5:08 pm
You are so right, in fact Robert Parry made quite a journalistic career out of exposing
the CIA for such things as drug running. I gave up on that agency a longtime ago, after JFK
was murdered, and I was only 13 then. Yeah maybe Phil discounts the time while he worked for
the CIA, but the CIA has many, many rooms in which plots are hatched, so the valiant truth
teller Giraldi maybe excused this one time for his lack of memory .I guess, right?
Good comment Lee. Joe
Annie , February 17, 2018 at 5:56 pm
Yes, but he's referring to the public's opinion of these agencies, and if they didn't
continue to retain, even after 9/11, a significant popularity in the public's mind how would
we have so many American's buying into Russia-gate? In my perception of things they only lost
some ground after 9/11, but Americans notoriously have a short memory span.
Gregory Herr , February 17, 2018 at 6:42 pm
And films that are supposed to help Americans feel good about the aims and efficacy of the
agencies like Zero Dark Thirty and Argo are in the popular imagination.
Skeptigal , February 17, 2018 at 7:19 pm
The book by Peter Dale Scott, "The American Deep State Wall Street, Big Oil And the Attack
on American Democracy" covers in detail some of the points you mention in your reply. It is a
fascinating book.
Russians Spooked by Nukes-Against-Cyber-Attack Policy February 16, 2018
New U.S. policy on nuclear retaliatory strikes for cyber-attacks is raising concerns, with
Russia claiming that it's already been blamed for a false-flag cyber-attack – namely the
election hacking allegations of 2016, explain Ray McGovern and William Binney.
By Ray McGovern and William Binney
Moscow is showing understandable concern over the lowering of the threshold for employing
nuclear weapons to include retaliation for cyber-attacks, a change announced on Feb. 2 in the
U.S. Nuclear Posture Review (NPR).
A nuclear test detonation carried out in Nevada on April 18, 1953.
Explaining the shift in U.S. doctrine on first-use, the NPR cites the efforts of potential
adversaries "to design and use cyber weapons" and explains the change as a "hedge" against
non-nuclear threats. In response, Russia described the move as an "attempt to shift onto others
one's own responsibility" for the deteriorating security situation.
Moscow's concern goes beyond rhetoric. Cyber-attacks are notoriously difficult to trace to
the actual perpetrator and can be pinned easily on others in what we call "false-flag"
operations. These can be highly destabilizing – not only in the strategic context, but in
the political arena as well.
Russian President Vladimir Putin has good reason to believe he has been the target of a
false-flag attack of the political genre. We judged this to be the case a year and a half ago,
and said so. Our judgment was fortified last summer – thanks to forensic evidence
challenging accusations that the Russians hacked into the Democratic National Committee and
provided emails to WikiLeaks. (Curiously, the FBI declined to do forensics, even though the
"Russian hack" was being described as an "act of war.")
Our conclusions were based on work conducted over several months by highly experienced
technical specialists, including another former NSA technical director (besides co-author
Binney) and experts from outside the circle of intelligence analysts.
On August 9, 2017, investigative reporter Patrick Lawrence
summed up our findings in The Nation. "They have all argued that the hack theory is wrong
and that a locally executed leak is the far more likely explanation," he explained.
As we wrote in an open letter to Barack Obama dated January 17, three days before he left
office, the NSA's programs are fully capable of capturing all electronic transfers of data. "We
strongly suggest that you ask NSA for any evidence it may have indicating that the results of
Russian hacking were given to WikiLeaks," our letter said. "If NSA cannot produce such evidence
– and quickly – this would probably mean it does not have any."
A 'Dot' Pointing to a False Flag?
In his article, Lawrence included mention of one key, previously unknown "dot" revealed by
WikiLeaks on March 31, 2017. When connected with other dots, it puts a huge dent in the
dominant narrative about Russian hacking. Small wonder that the mainstream media immediately
applied white-out to the offending dot.
Lawrence, however, let the dot out of the bag, so to speak: "The list of the CIA's
cyber-tools WikiLeaks began to release in March and labeled Vault 7 includes one called
Marble Framework
that is capable of obfuscating the origin of documents in false-flag operations and leaving
markings that point to whatever the CIA wants to point to."
If congressional oversight committees summon the courage to look into "Obfus-Gate" and
Marble, they are likely to find this line of inquiry as lucrative as the Steele "dossier." In
fact, they are likely to find the same dramatis personae playing leading roles in both
productions.
Two Surprising Visits
Last October CIA Director Mike Pompeo invited one of us (Binney) into his office to discuss
Russian hacking. Binney told Pompeo his analysts had lied and that he could prove it.
In retrospect, the Pompeo-Binney meeting appears to have been a shot across the bow of those
cyber warriors in the CIA, FBI, and NSA with the means and incentive to adduce "just
discovered" evidence of Russian hacking. That Pompeo could promptly invite Binney back to
evaluate any such "evidence" would be seen as a strong deterrent to that kind of operation.
Pompeo's closeness to President Donald Trump is probably why the heads of Russia's three top
intelligence agencies paid Pompeo an unprecedented visit in late January. We think it likely
that the proximate cause was the strategic danger Moscow sees in the
nuclear-hedge-against-cyber-attack provision of the Nuclear Posture Statement (a draft of which
had been leaked a few weeks before).
If so, the discussion presumably focused on enhancing hot-line and other fail-safe
arrangements to reduce the possibility of false-flag attacks in the strategic arena -- by
anyone – given the extremely high stakes.
Putin may have told his intelligence chiefs to pick up on President Donald Trump's
suggestion, after the two met last July, to establish a U.S.-Russian cyber security unit. That
proposal was widely ridiculed at the time. It may make good sense now.
Ray McGovern, a CIA analyst for 27 years, was chief of the Soviet Foreign Policy Branch and
briefed the President's Daily Brief one-on-one from 1981-1985. William Binney worked for NSA
for 36 years, retiring in 2001 as the technical director of world military and geopolitical
analysis and reporting; he created many of the collection systems still used by NSA.
mike k , February 16, 2018 at 5:36 pm
Those Russians had a strange mission coming to CIA headquarters to try to negotiate with
soulless mass murderers in the name of maintaining a precarious semblance of peace, knowing
full well that these men's words and assurances were worth less than nothing. Ah well, I
guess in a mad situation one is reduced to making desperate gestures, hoping against hope
.
Mild-ly -Facetious , February 16, 2018 at 5:42 pm
F Y I :> Putin prefers Aramco to Trump's sword dance
Hardly 10 months after honoring the visiting US president, the Saudis are open to a
Russian-Chinese consortium investing in the upcoming Aramco IPO
By M.K. BHADRAKUMAR
FEBRUARY 16, 2018
[extract]
In the slideshow that is Middle Eastern politics, the series of still images seldom add up
to make an enduring narrative. And the probability is high that when an indelible image
appears, it might go unnoticed – such as Russia and Saudi Arabia wrapping up huge
energy deals on Wednesday underscoring a new narrative in regional and international
security.
The ebb and flow of events in Syria – Turkey's campaign in Afrin and its threat to
administer an "Ottoman slap" to the United States, and the shooting down of an Israeli F-16
jet – hogged the attention. But something of far greater importance was unfolding in
Riyadh, as Saudi and Russian officials met to seal major deals marking a historic challenge
to the US dominance in the Persian Gulf region.
The big news is the Russian offer to the Saudi authorities to invest directly in the
upcoming Aramco initial public offering – and the Saudis acknowledging the offer. Even
bigger news, surely, is that Moscow is putting together a Russian-Chinese consortium of joint
investment funds plus several major Russian banks to be part of the Aramco IPO.
Chinese state oil companies were interested in becoming cornerstone investors in the IPO,
but the participation of a Russia-China joint investment fund takes matters to an entirely
different realm. Clearly, the Chinese side is willing to hand over tens of billions of
dollars.
Yet the Aramco IPO was a prime motive for US President Donald Trump to choose Saudi Arabia
for his first foreign trip. The Saudi hosts extended the ultimate honor to Trump – a
ceremonial sword dance outside the Murabba Palace in Riyadh. Hardly 10 months later, they are
open to a Russian-Chinese consortium investing in the Aramco IPO.
Riyadh plans to sell 5% of Saudi Aramco in what is billed as the largest IPO in world
history. In the Saudi estimation, Aramco is worth US$2 trillion; a 5% stake sale could fetch
as much as $100 billion. The IPO is a crucial segment of Vision 2030, Saudi Crown Prince
Mohammad bin Salman's ambitious plan to diversify the kingdom's economy.
"Last October CIA Director Mike Pompeo invited one of us (Binney) into his office to
discuss Russian hacking. Binney told Pompeo his analysts had lied and that he could prove
it."
That was about some Dm. Alperovitch for CrowdStrike fame, who had discovered the "hacking" in
10 sec. Guess Alperovitch, as an "expert" at the viciously Russophobic Atlantic Council
(funded by the State Dept., NATO, and a set of unsavory characters like Ukrainian oligrach
Pinchuk) decided to show his "understanding" of the task. The shy FBI did not even attempt to
look at the Clinton's server because the bosses "knew better."
Alperovitch must be investigated for anti-American activities; the scoundrel has been sowing
discord into the US society with his lies while endangering the US citizenry.
Is not "included supporting the presidential campaign of then-candidate Donald J. Trump ("Trump Campaign") and disparaging
Hillary Clinton . " (or vise versa) by posting on social media an example of free speech ?
But usage of fake identities clearly is not: "The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some,
as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They
used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to
promote their activities."
The question is how those unquestionable very talented Russians managed to learn English language without living in the USA and
operate such a sophisticated operation from oversees? English is a very difficult language for Russians to master and
Russian immigrants who came to the USA being older then 16 and living in the USA for ten or twenty years typically still have
horrible accent and bad or very bad grammar (tenses, "a" and "the" usage, you name it). Actually Russian woman are noticeably better
then men in this area, especially if they are married to a US spouse. Ass to this dismal understanding of the USA politics
including differences between Democratic and Republican parties (you probably need to live in the USA for ten years to start
appreciate those differences ;-) . How they managed to learn local political culture to be effective? That's a strong argument
in favor of false flag operation -- in case they have puppeteers from the USA everything is more or less rationally explainable.
Notable quotes:
"... It gets better: the defendants reportedly worked day and night shifts to pump out messages, controlling pages targeting a range of issues, including immigration, Black Lives Matter, and they amassed hundreds of thousands of followers. They set up and used servers inside the U.S. to mask the Russian origin of the accounts. ..."
"... The Russian organization named in the indictment - the Internet Research Agency - and the defendants began working in 2014 - so one year before the Trump candidacy was even announced - to interfere in U.S. elections, according to the indictment in Washington. They used false personas and social media while also staging political rallies and communicating with "unwitting individuals" associated with the Trump campaign, it said. ..."
"... The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some, as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to promote their activities. ..."
"... Defendant ORGANIZATION had a strategic goal to sow discord in the U.S. political system, including the 2016 U.S. presidential election. Defendants posted derogatory information about a number of candidates, and by early to mid-2016, Defendants' operations included supporting the presidential campaign of then-candidate Donald J. Trump ("Trump Campaign") and disparaging Hillary Clinton . ..."
"... Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants' means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016 ..."
"... Sixteen thousand Facebook users said that they planned to attend a Trump protest on Nov. 12, 2016, organized by the Facebook page for BlackMattersUS, a Russian-linked group that sought to capitalize on racial tensions between black and white Americans. The event was shared with 61,000 users. ..."
"... As many as 5,000 to 10,000 protesters actually convened at Manhattan's Union Square. They then marched to Trump Tower, according to media reports at the time . ..."
"... 13 Russians can influence US elections meanwhile US CIA and State Department spend $1 BIllion every year on opposition groups inside Russia without success. ..."
"... Indict AIPAC. That is the real foreign interference in ALL US elections. Such hypocrisy. At the very least, make them register as a foreign operation! Information warfare using social media ? What, you mean like the Israeli students who are paid to shape public opinion thru social media? This is no secret and has been in the news. I fail to find the difference? Psychologists call this projection, that is where you accuse others of the crimes you commit . ..."
"... It looks like Mueller would have these people for identity theft if he had them in the US, which he probably doesn't. ..."
"... Deep state pivot to keep the Russian hate alive. ..."
"... Fucking hilarious - Mueller has indicted an anti-Russian CIA operation that was run out of St. Petersburg. http://thesaker.is/a-brief-history-of-the-kremlin-trolls/ ..."
"... The bigger question is "when is Mueller going to be indicted for covering up the controlled demolition of the WTC buildings on nine eleven??" ..."
Mueller charges "defendants knowingly and intentionally conspired with each other (and with persons
known and unknown to the Grand Jury)
to defraud the United States by impairing, obstructing,
and defeating the lawful functions of the government through fraud and deceit for the purpose of
interfering with the U.S. political and electoral processes,
including the presidential
election of 2016."
The indictment adds that the Russians "
were instructed to post content
that focused on 'politics in the USA' and to 'use any opportunity to criticize Hillary and the rest
(except Sanders and Trump -- we support them)'
."
It gets better: the defendants reportedly worked day and night shifts to pump out messages,
controlling pages targeting a range of issues, including immigration, Black Lives Matter, and they
amassed hundreds of thousands of followers. They set up and used servers inside the U.S. to mask the
Russian origin of the accounts.
Ultimately, and this is the punchline,
the goal was to disparage Hillary Clinton and to
assist the election of Donald Trump.
In other words,
anyone who was disparaging Clinton, may have "unwittingly" been a
collaborator of the 13 Russian "specialists" who cost Hillary the election.
The Russian organization named in the indictment - the Internet Research Agency -
and the
defendants began working in 2014
-
so one year before the Trump candidacy was even
announced
- to interfere in U.S. elections, according to the indictment in Washington.
They used false personas and social media while also staging political rallies and
communicating with "unwitting individuals" associated with the Trump campaign, it said.
The Russians "had a strategic goal to sow discord in the U.S. political system," according to the
indictment in Washington.
The Russians also reportedly bought advertisements on U.S. social media, created numerous Twitter
accounts designed to appear as if they were U.S. groups or people, according to the indictment. One
fake account, @TEN_GOP account, attracted more than 100,000 online followers.
The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some,
as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They
used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to
promote their activities.
The full list of named defendants in addition to the Internet Research Agency, as well as Concord
Management and Consulting and Concord Catering, include:
MIKHAIL IVANOVICH BYSTROV,
MIKHAIL LEONIDOVICH BURCHIK,
ALEKSANDRA YURYEVNA KRYLOVA,
ANNA VLADISLAVOVNA BOGACHEVA,
SERGEY PAVLOVICH POLOZOV,
MARIA ANATOLYEVNA BOVDA,
ROBERT SERGEYEVICH BOVDA,
DZHEYKHUN NASIMI OGLY ASLANOV,
VADIM VLADIMIROVICH PODKOPAEV,
GLEB IGOREVICH VASILCHENKO,
IRINA VIKTOROVNA KAVERZINA,
VLADIMIR VENKOV
YEVGENIY VIKTOROVICH PRIGOZHIN
Mueller's office said that none of the defendants was in custody.
So how is Trump involved? Well, he isn't, as it now seems that collusion narrative is dead, and
instead Russian involvement was unilateral. Instead, according to the indictment, the Russian
operations were unsolicited and pro bono, and included "
supporting Trump... and disparaging
Hillary Clinton,' staging political rallies, buying political advertising while posing as grassroots
U.S. groups.
Oh, and communicating "
with unwitting individuals associated with the
Trump Campaign and with other political activists to seek to coordinate political activities.
"
Defendant ORGANIZATION had a strategic goal to sow discord in the U.S. political system,
including the 2016 U.S. presidential election.
Defendants posted derogatory information
about a number of candidates, and by early to mid-2016, Defendants' operations included supporting
the presidential campaign of then-candidate Donald J. Trump
("Trump Campaign")
and
disparaging Hillary Clinton
.
Defendants made various expenditures to carry out those
activities, including buying political advertisements on social media in the names of U.S. persons
and entities. Defendants also staged political rallies inside the United States, and while posing
as U.S. grassroots entities and U.S. persons, and without revealing their Russian identities and
ORGANIZATION affiliation, solicited and compensated real U.S. persons to promote or disparage
candidates.
Some Defendants, posing as U.S. persons and without revealing their Russian
association, communicated with unwitting individuals associated with the Trump Campaign and with
other political activists to seek to coordinate political activities.
Furthermore, the dastardly Russians created fake accounts to pretend they are Americans:
Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages
and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive
U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact,
they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons
to post on ORGANIZATION-controlled social media accounts.
Over time, these social media
accounts became Defendants' means to reach significant numbers of Americans for purposes of
interfering with the U.S. political system, including the presidential election of 2016
Mueller also alleges a combination of traditional and modern espionage...
Certain Defendants traveled to the United States under false pretenses for the purpose
of collecting intelligence to inform Defendants' operations.
Defendants also procured and
used computer infrastructure, based partly in the United States, to hide the Russian origin of
their activities and to avoid detection by U.S. regulators and law enforcement.
Mueller also charges that two of the defendants received US visas and from approximately June 4,
2014 through June 26, 2014, KRYLOVA and BOGACHEVA "
traveled in and around the United States,
including stops in Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, and
New York to gather intelligence, After the trip, KRYLOVA and BURCHIK exchanged an intelligence report
regarding the trip."
* * *
The indictment points to a broader conspiracy beyond the pages of the indictment,
saying
the grand jury has heard about other people with whom the Russians allegedly conspired in their
efforts.
I wonder if any of these Russians were behind the anti-Trump rallies
of November 2016?
Thousands attended protest organized by Russians on
Facebook.
Thousands of Americans attended a march last November organized by
a Russian group that used social media to interfere in the 2016
election.
The demonstration in New York City, which took place a few
days after the election, appears to be the largest and most
successful known effort to date pulled off by Russian-linked groups
intent on using social media platforms to influence American
politics.
Sixteen thousand Facebook users said that they planned to attend a
Trump protest on Nov. 12, 2016, organized by the Facebook page for
BlackMattersUS, a Russian-linked group that sought to capitalize on
racial tensions between black and white Americans. The event was
shared with 61,000 users.
As many as 5,000 to 10,000 protesters actually convened at
Manhattan's Union Square. They then marched to Trump Tower, according
to media reports at the time
.
The BlackMattersUS-organized rally took advantage of outrage among
groups on the left following President Trump's victory on Nov. 8 to
galvanize support for its event. The group's protest was the fourth
consecutive anti-Trump rally in New York following election night,
and one of many across the country.
"Join us in the streets! Stop Trump and his bigoted
agenda!" reads the Facebook event page for the rally. "Divided is the
reason we just fell. We must unite despite our differences to stop
HATE from ruling the land."
13 Russians can influence US elections meanwhile US CIA and State
Department spend $1 BIllion every year on opposition groups inside
Russia without success.
Indict AIPAC.
That is the real foreign
interference in ALL US elections. Such hypocrisy. At the
very least, make them register as a foreign operation! Information
warfare using social media
?
What,
you mean like the Israeli students who are paid
to shape public opinion
thru social media? This is
no secret and has been in the news. I fail to find the
difference? Psychologists call this projection, that is where
you
accuse others of the crimes you commit
.
Boy Hillary sure didnt get her money's worth. She
shoulda hired these people.
Is it ok for MSM for
to make all of their disparaging commentary, but
not ok for people to do the same? Mueller
mustve forgot about the craigslist ads hiring
protesters to attack Trump rallies. What a fucking
clown show.
I guess that's it Mueller gets his indictments
to save face and Trump is pleased its over.
This ties directly into the October 31, 2017
testimony from Facebook, Twitter and Google
regarding Russian media presence on social
media. Mueller is grasping here, and given that
it talks about visas granted for short visits,
I'm led to believe that most of these people are
actually not on US soil to be arrested. This
means political grandstanding via an indictment
that is never going to see a courtroom where the
evidence can be examined and witnesses can be
cross examined. It looks like Mueller would
have these people for identity theft if he had
them in the US, which he probably doesn't.
I'm going to get called a Russian bot over
this elsewhere. Well, maybe facetiously here.
#WeAreAllRussianBotsNow
Wow, I am going to have to keep the
radio off for a couple of days.
They are going to be wall to wall on
this. Maybe even bump the stories
where fakely sympathetic reporter
cunts (FSRC) ask mother's if they
miss their dead kids.
This is a
fucking clownshow anymore. Jesus,
THIS is what the investigation
brought home? Holy fuckshit, this
is a joke. Some guy had 100k
followers? Really? Like anyone GAF
about that? We have AIPAC making
candidates kneel before them and yet
some guys on Tweeter fucked around.
I think that is even bullshit. If
Russians really did that, they
wouldn't "work in shifts" they would
program some fucking bots to do
this.
I can just imagine the fake
outrage that that worthless kike
from NY Chuckie "don't get between
me and a camera" Schumer has to say
about this.
This is a Matrix alright, and a
cheap ass one at that.
Mueller should be taken out and
horsewhipped for bringing this shit
home.
Hey Mueller, I read a comment on
Yahoo news that was in broken
English. Go get um!
I was gonna vote for
Hillary then I read tweets where
she bullied the woman her husband
raped to keep quiet. And how her
foundation got hundreds of
$millions from countries with
business before her at the state
dept. ALEKSANDRA YURYEVNA
KRYLOVA mislead me.
WANHUA CHEMICAL, A
$10
billion chemical company
controlled by the Chinese
government, now has an avenue
to influence American
elections.
On Monday, Wanhua joined
the American Chemistry
Council, a lobby organization
for chemical manufacturers
that is unusually aggressive
in intervening in U.S.
politics.
The ACC is a prominent
recipient of so-called dark
money -- that is, unlimited
amounts of cash from
corporations or
individuals the origins of
which are only disclosed to
the IRS, not the public.
During the
2012
,
2014
,
and
2016
election
cycles, the ACC took this dark
money and spent
over
$40 million
of it on
contributions to super PACs,
lobbying, and direct
expenditures. (Additional
money flowed directly to
candidates via the ACC's
political action
committee.).....
~" In other words, anyone
who was disparaging Clinton, may
have "unwittingly" been a
collaborator of the 13 Russian
"specialists" who cost Hillary
the election. "~
Wait,
does this mean that "disparaging
Hillary" was just for the
witless? I've been doing that for
years, (without any Russian
influence at all), and have found
it to be rather witty virtually
all the time.
Can we
NOW
get to the point where we appoint
a special prosecutor to
investigate Hillary?
any of us who
spread "fake news"
are now "conspirators" who
gave "support" to foreign
agents
with the goal of
undermining the "democratic
process"
by denying Hillary the
presidency.
tsk, tsk.
ignorance can be no excuse
for such wanton lawlessness.
Yes, Mueller is a clown
show, but he came up w/ this crap
in an attempt to divert media
attention away from his & McCabes
direct involvement in trying to
cover up Uranium 1 for
Hillary...The Truth!
The FBI going
DEEP
(#sarc)
into its playbook for this one.
Simultaneously distracting from their
incompetencies with regards to domestic
threats (school shooters/government
collusion to subvert presidential
election), and exonerating Hillary AGAIN.
"Using lies and deception to cover our
lies and deceptions, so that we can
enslave the populace to our will"
(visualize
Meuller/Comey/Strzok/Page/Ohr/Rosenstein/Obama/Rice/
with left hands on Satanic Bible and right
arms extended giving oath in Temple of
Mammon before upside down American flag).
The DoJ and Miller
activities are anti-American. What else is new
in occupied America?
PS
Note Trump does nothing about this
unprecedented assault on Freedom of Speech and
Assembly in the USA. Therefore, Trump is a
willing player in these criminal activities.
Mueller is going to go until he gets some meat.
Maybe this lean and stringy meat is enough to
satisfy. Of course, nobody will look at AIPAC and
all of the foreign influence money funneling into
senators coffers.
He said they stole identities, posting anti-Hillary remarks on
Russian-controlled sites, using the stolen identities. They must do that
through hacking, which is illegal.
They also organized rallies, he
said. There were ads on job sites, advertising for paid
[leftist] protestors, long before Trump emerged as a candidate. People
posted them on American sites. Some attribute it to Soros. I am a little
skeptical that Soros controls the world, anymore than Russians, but that
is what people often believe, when it is leftist ads.
Advertisements are all over the Internet. Is that illegal? He called
it fraud, referring to the misrepresentation of identity, I guess. They
should not be manipulating unknowing people.
But, I wonder if he has the same vigilance when illegal aliens use
fake SS cards to acquire jobs, while their girlfriends use real SS cards
of US-born kids to get $450 on average in EBT food assistance, in
addition to other welfare, making it easy for illegal aliens to undercut
American citizens in jobs. Using a fake SS number -- i.e. posing as an
American to get a job -- is fraud.
As long as the illegal aliens have sex after illegal border
crossings, reproduce and say they misrepresent their identities for the
good of their kids, this is legal and deserving of pay-per-birth welfare
/ child-tax-credit freebies and citizenship, whereas these Russians are
committing fraud.
They should not be doing that in either case, but the double standard
is interesting.
And if people cannot post freely on the internet without revealing
their real names, a lot of internet activity (and a lot of related
commerce) will cease. Many people post anonymously, often due to jobs or
other factors that have nothing to do with elections.
In fact, FBI agents post under identities (personas) that are not
their own. There are many articles, describing how police agencies
use fake identities on the internet to track down criminals, including
those who abuse children. They do the same thing to monitor terrorists;
they use fake identities.
Where are these indictments ? Obama, Hillary
Clinton, Victoria Nuland, Geoffrey Pyatt and John McCain.
The US has been meddling and interfering in other countries
elections and internal affairs for decades. Not only does
the US meddle and interfere in other countries elections it
overthrows democratically elected governments it simply
doesn't like, and then installs its own puppet leaders. Our
deep-state MIC owned neocons casually refer to this as
"regime change".
I can only imagine the hell that would break loose if
Russia fomented, paid for, and assisted in a violent
overthrow of the legitimately and democratically elected
government in Mexico. Imagine Russian spymasters working
from the Russian Embassy in Mexico City training radicals
how to use social media to bring out angry people and foment
violent pubic unrest. Then Russian Duma members in Mexico
City handing out tacos, and tamales emboldening and urging
these angry people to riot, and overthrow the government and
toss the bums out. Then Putin's executive group hand picking
all the new (anti-USA) drug cartel junta puppet leaders and
an old senile Russian senator in Mexico City stating at a
podium on RT, there are no drug cartels here, that's all
propaganda!
On the other side of the world Obama's neocon warmongers
spent billions doing exactly this. Instead of drug cartels
it was Banderist Neo-Nazis. Obama and our neocons, including
John McCain intentionally caused all of this fucking mess,
civil war and horrific death in Ukraine on Russia's border
and then placed the blame on Putin and Russia.
Thanks to John McCain and our evil fucking neocons - the
regime change policy implemented by Obama, Clinton and
Nuland's minions, like Geoffrey Pyatt, the Ukraine today is
totally fucked. It is now a corrupt banana republic
embroiled in a bloody civil war. For the US and NATO the
golden prize of this violent undemocratic regime change was
supposed to be the Crimea. This scheme did not play out as
intended. No matter what sanctions the warmongering neocons
place on Russia they will NEVER give back the Crimea!
Our neocon fuck heads spent billions of our hard earned
taxpayer dollars to create pain, suffering, death and a
civil war in Ukraine on the border with
Russia.
This is a case of don't do what we do, only do what we
tell you to do. It's perfectly okay when we meddle. We don't
like it when we think it may have been done to us. It's
hypocrisy and duplicity at its finest!
Tech Camp NGO
- operating out of US
Embassy in Kiev
(using social media to help bring out radicals-and cause
civil war-pre Maidan 2013)
Agreed, it's against the law to steal identities and operate
bank accounts and all that. But really, compared to the fraud
committed by just one bank - Wells Fargo- this is smal small
potatoes. And did I miss it or did the indictment not even
mention the value of the ads bought on Facebook - $100,000.
(nope, not missing any zeros). And it all started in 2014
while Donald was playing golf and sticking his dick in some
whore. And a few ruskies got into the good ol USofA with false
statements on their visas. While the courts fought Trump on the
fact that immigration from a few countries need to be stopped
because there was not way of checking data. I get it -
somebody driving too fast gets a speeding ticket, and Muellers
investigation gets to issue an indictment. I'm sure we all
feel better now.
So, did Mueller address the crime committed by the then FBI
head who refused to allow a FBI informant to address Congress
on the Uranium One scam before it was authorized? Uh, that
would be Mueller, his very self, so the answer is no.
What is the definition of a "fake social media account"? What
is the crime for operatine a fake social medial account? Is
this the standard by which we will all be judged?
Or is it
that Mueller has NOTHING and is too big of a corrupt idiot to
admit it.
"In other words,
anyone who was disparaging Clinton,
may have "unwittingly" been a collaborator of the 13 Russian
"specialists" who cost Hillary the election. "
No,
not "in other words." That's not what he said at all. Idiot
propagandist.
And Hillary has done nothing criminal in the last 40 years. All
of the evidence has been a fabrication. The Russians perfected
time travel technology in the 70's, and have been conspiring
against her and planting evidence since then.
What planet am
I living on again? We have now stepped into the twilight zone.
Facepalm.....
"Ultimately, and this is the punchline,
the goal was
to disparage Hillary Clinton and to assist the election of
Donald Trump."
The goal of the MSM was the opposite. To unfairly
disparage Trump and assist the election of Hillary Clinton.
So why no indictments of members of the American MSM?
What a bunch of horseshit. Mueller did nothing to locate
just as much foreign or Russian support for Hillary. Grand
Jury is just another one-sided court that passes judgment
without any input from the other side. Now where have we
seen that before? FISA.
What is wrong with anyone doing
what they want to support a candidate? If that is somehow
illegal interference, why is Soros running loose in the
world?
I have a friend that was a US Federal Prosecutor. He once
told me that the most un-American concepts that exist are
grand juries and conspiracy laws. I'm sure he would have
included FISA if it existed then.
The indictment adds that the Russians "
were
instructed to post content that focused on 'politics in
the USA' and to 'use any opportunity to criticize Hillary
and the rest (except Sanders and Trump -- we support them)'
."
Criticizing Hillary Clinton constitutes election
interference? This is the dumbest thing I've ever heard.
Over half the United States said she was corrupt and
morally bankrupt. Does that mean all those Americans
interfered in the election?
"Some Defendants, posing as U.S. persons and
without revealing their Russian association, communicated
with unwitting individuals associated with the Trump
Campaign and with other political activists to seek to
coordinate political activities."
I thought
this was our "shtick" for subverting and overthrowing
government(s) since 194_?... Fast forward to 2012 and
subverting sovereign foreign government(s) using other means
then election(s) (
https://jasirx.wordpress.com/
)
Just ask this person (
https://www.youtube.com/watch?v=CL_GShyGv3o
)
who handed out cookies before starting an "overthrow of a
sovereign government" right before a Winter Olympics?... And
while we're on the subject of subversion of sovereign
Nation(s) "OCONUS" ask this fat shit how it's going in the
Middle East with it's "partners" (
https://southfront.org/meeting-between-us-state-secretary-and-lebanese-
)
Nor should we forget 22 within the Russian diplomatic
community in the last 6 years "eliminated" for early
retirement courtesy of the U.S. government...
And if all this is true why isn't Muelller indicting
government officials within the FBI Department of
immigration and Homeland Security that would allow "some
defendants" to impersonate Americans after 9/11 and the
security infrastructure we built around U.S. to prevent
"future attacks" that were obviously (here illegally)???...
What a complete load of horseshit. Waste of time and money
while the crimes of the clintons and collaborators remain
unpunished, including Mueller himself.
"Mueller describes a sweeping, years-long,
multimillion-dollar conspiracy by hundreds of Russians aimed
at criticizing Hillary Clinton and supporting Senator Bernie
Sanders and Trump"
Only in the idiot world of Liberalism
and Conservatism is this not a laughable statement.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically
an obfuscator or a packer used to hide the true source of CIA malware.
Notable quotes:
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts
both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never
works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims suffer
of something where there is no solution for. The last 2 reasons are short term because news that there is no solution for the
ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities
that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.
And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself
(next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking
attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which
is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted
into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
...
The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information
from the agency should be held accountable by the law.
There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts
both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never
works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims
suffer of something where there is no solution for. The last 2 reasons are short term because news that there is no solution
for the ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities
that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.
And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself
(next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its
hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which
is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted
into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
...
The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified
information from the agency should be held accountable by the law.
Source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This
would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was
not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even
more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and
Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware
creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators
even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
When the White House (doesn't matter who's ostensibly in charge) claims leaker's like Julian Assange should be accountable
by the law, it of course means the malleable arbitrary law which none of the serpents in the White House, Langley, ... are
accountable to.
"... Hardware and software vendors that are complicit -- most of which are American, British or Israeli -- give the CIA the opportunity to achieve informational full-spectrum dominance, relegating privacy to extinction. Such a convergence of power, money and technology entails major conflicts of interest, as can be seen in the case of Amazon AWS (Amazon's Cloud Service), cloud provider for the CIA , whose owner, Jeff Bezos, is also the owner of The Washington Post ..."
"... In general, when the 16 US spy agencies blamed Russia for the hacking of the elections, they were never specific in terms of forensic evidence. Simply put, the media, spies and politicians created false accusations based on the fact that Moscow, together with RT ..."
"... Now what is revealed through Wikileaks' publications in Vault 7 is the ability of a subsection of the CIA, known as Umbrage , to use malware, viruses, trojans and other cyber tools for their own geopolitical purposes. The CIA's Umbrage collects, analyzes and then employs software created variously from foreign security agencies, cyber mafia, private companies, and hackers in general. ..."
"... These revelations are yet more reason why countries targeted by Washington, like China, Russia, Iran and North Korea, should get rid of European and American products and invest in reducing technological dependence on American products in particular. ..."
"... This article first appeared on Strategic-Culture.org and was authored by Federico Pieraccini. ..."
New revelations from Wikileaks' 'Vault 7' leak shed a disturbing light on the safeguarding of privacy. Something already known
and largely suspected has now become documented by Wikileaks. It seems evident that the CIA is now a state within a state, an entity
out of control that has even arrived at the point of creating its own hacking network in order to avoid the scrutiny of the NSA and
other agencies.
Reading the revelations contained in the documents
released by WikiLeaks and adding them to those already presented in recent years by Snowden, it now seems evident that the
technological aspect regarding espionage is a specialty in which the CIA, as far as we know, excels. Hardware and software vendors
that are complicit -- most of which are American, British or Israeli -- give the CIA the opportunity to achieve informational full-spectrum
dominance, relegating privacy to extinction. Such a convergence of power, money and technology entails major conflicts of interest,
as can be seen in the case of Amazon AWS (Amazon's Cloud Service),
cloud provider for the
CIA , whose owner, Jeff Bezos, is also the owner of The Washington Post . It is a clear overlap of private interests
that conflicts with the theoretical need to declare uncomfortable truths without the need to consider orders numbering in the millions
of dollars from clients like the CIA.
While it is just one example, there are thousands more out there. The perverse interplay between media, spy agencies and politicians
has compromised the very meaning of the much vaunted democracy of the land of the Stars and Stripes. The constant scandals that are
beamed onto our screens now serve the sole purpose of advancing the deep interest of the Washington establishment. In geopolitical
terms, it is now more than obvious that the deep state has committed all available means toward sabotaging any dialogue and dιtente
between the United States and Russia. In terms of news, the Wikileaks revelations shed light on the methods used by US intelligence
agencies like the CIA to place blame on the Kremlin, or networks associated with it, for the hacking that occurred during the American
elections.
Perhaps this is too generous a depiction of matters, given that the general public has yet to see
any evidence of the hacking of the DNC servers. In addition to this, we know that the origin of Podesta's email revelations stem
from the
loss of a smartphone and the low
data-security measures
employed by the chairman of Hillary Clinton's presidential campaign. In general, when the 16 US spy agencies blamed Russia for
the hacking of the elections, they were never specific in terms of forensic evidence. Simply put, the media, spies and politicians
created false accusations based on the fact that Moscow, together with
RT and other media (not directly
linked to the Kremlin), finally enjoy a major presence in the mainstream media. The biggest problem for the Washington establishment
lies in the revelation of news that is counterproductive to the interests of the deep state. RT, Sputnik, this site and many others
have diligently covered and reported to the general public every development concerning the Podesta revelations or the hacking of
the DNC.
Now what is revealed through Wikileaks' publications in Vault 7 is the ability of a subsection of the CIA, known as
Umbrage , to use malware, viruses, trojans and
other cyber tools for their own geopolitical purposes. The CIA's Umbrage collects, analyzes and then employs software created variously
from foreign security agencies, cyber mafia, private companies, and hackers in general. These revelations become particularly
relevant when we consider the consequences of these actions. The main example can be seen in the hacking of the DNC. For now, what
we know is that the hacking if it ever occurred is of Russian origin. This does not mean at all that the Kremlin directed it.
It could actually be very much the opposite, its responsibility falling into the category of a cyber false-flag. One thing is for
sure: all 16 US intelligence agencies are of the view that "the Russians did it". That said, the methods used to hack vulnerabilities
cannot be revealed, so as to limit the spread of easily reusable exploits on systems, such as the one that hosted the DNC server.
It is a great excuse for avoiding the revelation of any evidence at all.
So, with little information available, independent citizens are left with very little information on which to reliably form an
opinion on what happened. There is no evidence, and no evidence will be provided to the media. For politicians and so-called mainstream
journalists, this is an acceptable state of affairs. What we are left with instead is blind faith in the 16 spy agencies. The problem
for them is that what WikiLeaks revealed with Vault 7 exposes a scenario that looks more likely than not: a cyber false-flag carried
out by the Central Intelligence Agency using engineered malware and viruses made in Russia and hypothetically linking them back to
hacking networks in Russia. In all likelihood, it looks like the Democrats' server was hacked by the CIA with the clear objective
of leaving Russian fingerprints and obvious traces to be picked up by other US agencies.
In this way, it becomes easier to explain the unique views of all 16 spy agencies. Thus, it is far more likely that the CIA intentionally
left fake Russian fingerprints all over the DNC server, thereby misleading other intelligence agencies in promoting the narrative
that Russia hacked the DNC server. Of course the objective was to create a false narrative that could immediately be picked up by
the media, creating even more hysteria surrounding any rapprochement with Russia.
Diversification of computer systems.
The revelations contained in the Wikileaks vault 7 (
less than 1 % of the total data in Wikileaks'
possession has been released to date) have caused a stir, especially by exposing the astonishing complicity between hardware and
software manufacturers, often intentionally creating backdoors in their products to allow access by the CIA and NSA. In today's digital
environment, all essential services rely on computer technology and connectivity. These revelations are yet more reason why countries
targeted by Washington, like China, Russia, Iran and North Korea, should get rid of European and American products and invest in
reducing technological dependence on American products in particular.
The People's Republic has
already started down this track, with the replacement of many network devices with local vendors like Huawei in order to avoid
the type of interference revealed by Snowden.
Russia has been doing the same in terms of software, even laying the groundwork to launch of
its own operating system, abandoning American
and European systems. In North Korea, this idea was already put
into practice years ago and is an excellent tool for deterrence for external interference. In more than one computer security
conference, US experts have praised the capabilities of the DPRK to
isolate its Internet network from the rest of the world, allowing them to have strong safety mechanisms. Often, the only access
route to the DPRK systems are through the People's Republic of China, not the easiest way for the CIA or NSA to infiltrate a protected
computer network.
An important aspect of the world in which we live today involves information security, something all nations have to deal with.
At the moment, we still live in a world in which the realization of the danger and effect of hacking attacks are not apparent to
many. On the other hand, militarily speaking, the diversification and rationalization of critical equipment in terms of networks
and operability (smartphones, laptops, etc) has already produced
strong growth in non-American and European manufacturers, with the aim of making their systems more secure.
This strengthening of technology also produces deleterious consequences, such as the need for intelligence agencies to be able
to
prevent the spread of data encryption so as to always enjoy access to any desired information. The birth of the Tor protocol,
the deployment of Bitcoin, and apps that are more and more encrypted (although the WikiLeaks documents have shown that the collection
of information takes place on the device b
efore the information is encrypted ) are all responses to an exponential increase in the invasion of privacy by federal or American
government entities.
We live in a world that has an enormous dependence on the Internet and computer technology. The CIA over the years has focused
on the ability to make sure vulnerable systems are exploited as well as seeking out major security flaws in consumer products without
disclosing this to vendors, thereby taking advantage of these security gaps and leaving all consumers with a potential lack of security.
Slowly, thanks to the work and courage of people like Snowden and Assange, the world is beginning to understand how important it
is to keep personal data under control and prevent access to it by third parties, especially if they are state actors. In the case
of national security, the issue is expanded exponentially by the need to protect key and vital infrastructure, considering how many
critical services operate via the Internet and rely on computing devices.
The wars of the future will have a strong technological basis, and it is no coincidence that many armed forces, primarily the
Russian and Chinese, have opted in recent years to training troops, and conducting operations, not completely relying on connectivity.
No one can deny that in the event of a large-scale conflict, connectivity is far from guaranteed. One of the major goals of competing
nations is to penetrate the military security systems of rival nations and be able to
disarm the internal networks that operates major systems
of defense and attack.
The Wikileaks revelations are yet another confirmation of how important it is to break the technological unipolar moment, if it
may be dubbed this way, especially for nations targeted by the United States. Currently Washington dictates the technological capacities
of the private and government sectors of Europe and America, steering their development, timing and methods to suit its own interests.
It represents a clear disadvantage that the PRC and its allies will inevitably have to redress in the near future in order to achieve
full security for its vital infrastructure.
This article first appeared on Strategic-Culture.org and was authored
by Federico Pieraccini.
If this is true, then this is definitely a sophisticated false flag operation. Was malware Alperovich people injected specifically
designed to implicate Russians? In other words Crowdstrike=Fancy Bear
Images removed. For full content please thee the original source
One interesting corollary of this analysis is that installing Crowdstrike software is like inviting a wolf to guard your chicken.
If they are so dishonest you take enormous risks. That might be true for some other heavily advertized "intrusion prevention" toolkits.
So those criminals who use mistyped popular addresses or buy Google searches to drive lemmings to their site and then flash the screen
that they detected a virus on your computer a, please call provided number and for a small amount of money your virus will be removed
get a new more sinister life.
"... They found that generally, in a lot of cases, malware developers didn't care to hide the compile times and that while implausible
timestamps are used, it's rare that these use dates in the future. It's possible, but unlikely that one sample would have a postdated
timestamp to coincide with their visit by mere chance but seems extremely unlikely to happen with two or more samples. Considering the
dates of CrowdStrike's activities at the DNC coincide with the compile dates of two out of the three pieces of malware discovered and
attributed to APT-28 (the other compiled approximately 2 weeks prior to their visit), the big question is: Did CrowdStrike plant some
(or all) of the APT-28 malware? ..."
"... The IP address, according to those articles, was disabled in June 2015, eleven months before the DNC emails were acquired
meaning those IP addresses, in reality, had no involvement in the alleged hacking of the DNC. ..."
"... The fact that two out of three of the Fancy Bear malware samples identified were compiled on dates within the apparent five
day period CrowdStrike were apparently at the DNC seems incredibly unlikely to have occurred by mere chance. ..."
"... That all three malware samples were compiled within ten days either side of their visit makes it clear just how questionable
the Fancy Bear malware discoveries were. ..."
Of course the DNC did not want to the FBI to investigate its "hacked servers". The plan was well underway to excuse Hillary's
pathetic election defeat to Trump, and
CrowdStrike would help out by planting evidence to pin on those evil "Russian hackers." Some would call this
entire DNC server hack an
"insurance policy."
"... Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." ..."
"... A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones." ..."
"... According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied." ..."
"... "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.] ..."
"... Do you still trust Windows Update? ..."
"... As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. ..."
"... "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here . ..."
"... Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. ..."
"... Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. ..."
"... By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. ..."
"... I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail. ..."
"... The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening. ..."
"... 4th impressions I went looking for the "juicy bits" of interest to me SOHO routers, small routers sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK. ..."
"... The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices. ..."
"... So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events." ..."
"... My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table. ..."
"... To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out? ..."
"... Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them ..."
"... The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options. ..."
"... "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight and one that is intentionally structuring itself that way. That worries me. ..."
"... It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongsour IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours. ..."
"... "These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened." ..."
March 9, 2017 by Yves Smith Yves here. The first
release of the Wikileaks Vault 7 trove has curiously gone from being a MSM lead story yesterday to a handwave today. On the one hand,
anyone who was half awake during the Edward Snowden revelations knows that the NSA is in full spectrum surveillance and data storage
mode, and members of the Five Eyes back-scratch each other to evade pesky domestic curbs on snooping. So the idea that the CIA (and
presumably the NSA) found a way to circumvent encryption tools on smartphones, or are trying to figure out how to control cars remotely,
should hardly come as a surprise.
However, at a minimum, reminding the generally complacent public that they are being spied on any time they use the Web, and increasingly
the times in between, makes the officialdom Not Happy.
And if this Wikileaks claim is even halfway true, its Vault 7 publication is a big deal:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero
day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more
than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to
have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided
WikiLeaks with portions of the archive.
This is an indictment of the model of having the intelligence services rely heavily on outside contractors. It is far more difficult
to control information when you have multiple organizations involved. In addition, neolibearlism posits that workers are free agents
who have no loyalties save to their own bottom lines (or for oddballs, their own sense of ethics). Let us not forget that
Snowden planned his career job moves
, which included a stint at NSA contractor Dell, before executing his information haul at a Booz Allen site that he had targeted.
Admittedly, there are no doubt many individuals who are very dedicated to the agencies for which they work and aspire to spend
most it not all of their woking lives there. But I would assume that they are a minority.
The reason outsiders can attempt to pooh-pooh the Wikileaks release is that the organization redacted sensitive information like
the names of targets and attack machines. The CIA staffers who have access to the full versions of these documents as well as other
major components in the hacking toolkit will be the ones who can judge how large and serious the breach really is. 1 And
their incentives are to minimize it no matter what.
By Gaius Publius , a professional writer living
on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow
him on Twitter @Gaius_Publius ,
Tumblr and
Facebook . GP article archive
here . Originally published at
DownWithTyranny
CIA org chart from the WikiLeaks cache (click to enlarge). "The organizational chart corresponds to the material published
by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement
of the EDG [Engineering Development Group]and its branches is reconstructed from information contained in the documents released
so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org
chart is incomplete and that internal reorganizations occur frequently."
* * *
"O brave new world, that has such people in it."
Bottom line first. As you read what's below, consider:
That the CIA is capable of doing all of the things described, and has been for years, is not in doubt.
That unnameable many others have stolen ("exfiltrated") these tools and capabilities is, according to the Wikileaks leaker, also
certain. Consider this an especially dangerous form of proliferation, with cyber warfare tools in the hands of anyone with money
and intent. As WikiLeaks notes, "Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used
by peer states, cyber mafia and teenage hackers alike."
That the CIA is itself using these tools, and if so, to what degree, are the only unknowns. But can anyone doubt, in this aggressively
militarized environment, that only the degree of use is in question?
Now the story.
WikiLeaks just dropped a huge cache of documents (the first of several promised releases), leaked from a person or people
associated with the CIA in one or more capacities (examples, employee, contractor), which shows an agency out-of-control in its spying
and hacking overreach. Read through to the end. If you're like me, you'll be stunned, not just about what they can do, but that they
would want to do it, in some cases in direct violation of President Obama's orders. This story is bigger than anything you can imagine.
Consider this piece just an introduction, to make sure the story stays on your radar as it unfolds - and to help you identify
those media figures who will try to minimize or bury it. (Unless I missed it, on MSNBC last night, for example, the first mention
of this story was not Chris Hayes, not Maddow, but the Lawrence O'Donnell show, and then only to support his guest's "Russia gave
us Trump" narrative. If anything, this leak suggests a much muddier picture, which I'll explore in a later piece.)
So I'll start with just a taste, a few of its many revelations, to give you, without too much time spent, the scope of the problem.
Then I'll add some longer bullet-point detail, to indicate just how much of American life this revelation touches.
While the cache of documents has been vetted and redacted
, it hasn't been fully explored for implications. I'll follow this story as bits and piece are added from the crowd sourced research
done on the cache of information. If you wish to play along at home, the WikiLeaks
torrent file is here . The torrent's
passphrase is here . WikiLeaks
press release is here (also reproduced below). Their FAQ
is here .
Note that this release covers the years 20132016. As WikiLeaks says in its FAQ, "The series is the largest intelligence publication
in history."
Preface - Trump and Our "Brave New World"
But first, this preface, consisting of one idea only. Donald Trump is deep in the world of spooks now, the world of spies,
agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny
writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons,
the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." Plus Vladimir Putin, whose relationship
with Trump is just "business," an alliance of convenience, if you will.
I have zero sympathy for Donald Trump. But his world is now our world, and with both of his feet firmly planted in spook world,
ours are too. He's in it to his neck, in fact, and what happens in that world will affect every one of us. He's so impossibly erratic,
so impossibly unfit for his office, that everyone on the list above wants to remove him. Many of them are allied, but if they are,
it's also only for convenience.
How do spooks remove the inconvenient and unfit? I leave that to your imagination;they have their ways. Whatever method they choose,
however, it must be one without fingerprints - or more accurately, without their fingerprints - on it.
Which suggests two more questions. One, who will help them do it, take him down? Clearly, anyone and everyone on the list. Second,
how do you bring down the president, using extra-electoral, extra-constitutional means, without bringing down the Republic? I have
no answer for that.
Here's a brief look at "spook world" (my phrase, not the author's) from "
The Fox Hunt " by John
Sevigny:
Several times in my life as a journalist and rambling, independent photographer - I've ended up rubbing shoulders with
spooks. Long before that was a racist term, it was a catch-all to describe intelligence community people, counter intel types,
and everyone working for or against them. I don't have any special insight into the current situation with Donald Trump and his
battle with the IC as the intelligence community calls itself, but I can offer a few first hand observations about the labyrinth
of shadows, light, reflections, paranoia, perceptions and misperceptions through which he finds himself wandering, blindly. More
baffling and scary is the thought he may have no idea his ankles are already bound together in a cluster of quadruple gordian
knots, the likes of which very few people ever escape.
Criminal underworlds, of which the Trump administration is just one, are terrifying and confusing places. They become
far more complicated once they've been penetrated by authorities and faux-authorities who often represent competing interests,
but are nearly always in it for themselves.
One big complication - and I've written
about this before - is that you never know who's working for whom . Another problem is that the hierarchy of handlers,
informants, assets and sources is never defined. People who believe, for example, they are CIA assets are really just being used
by people who are perhaps not in the CIA at all but depend on controlling the dupe in question. It is very simple - and I have
seen this happen - for the subject of an international investigation to claim that he is part of that operation. [emphasis added]
Which leads Sevigny to this observation about Trump, which I partially quoted above: "Donald Trump may be crazy, stupid, evil
or all three but he knows the knives are being sharpened and there are now too many blades for him to count. The intel people are
against him, as are the counter intel people. His phone conversations were almost certainly recorded by one organization or another,
legal or quasi legal. His enemies include Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU,
every living Democrat and even Rand Paul. Putin is not on his side - that's a business matter and not an alliance."
Again, this is not to defend Trump, or even to generate sympathy for him - I personally have none. It's to characterize where
he is, and we are, at in this pivotal moment. Pivotal not for what they're doing, the broad intelligence community. But pivotal for
what we're finding out, the extent and blatancy of the violations.
All of this creates an incredibly complex story, with only a tenth or less being covered by anything like the mainstream press.
For example, the Trump-Putin tale is much more likely to be part of a much broader "international mobster" story, whose participants
include not only Trump and Putin, but Wall Street (think HSBC) and major international banks, sovereign wealth funds, major hedge
funds, venture capital (vulture capital) firms, international drug and other trafficking cartels, corrupt dictators and presidents
around the world and much of the highest reaches of the "Davos crowd."
Much of the highest reaches of the .01 percent, in other words, all served, supported and "curated" by the various, often competing
elements of the first-world military and intelligence communities. What a stew of competing and aligned interests, of marriages and
divorces of convenience, all for the common currencies of money and power, all of them
dealing in
death .
What this new WikiLeaks revelation shows us is what just one arm of that community, the CIA, has been up to. Again, the breadth
of the spying and hacking capability is beyond imagination. This is where we've come to as a nation.
What the CIA Is Up To - A Brief Sample
Now about those CIA spooks and their surprising capabilities. A number of
other outlets have written up the story, but
this
from Zero Hedge has managed to capture the essence as well as the breadth in not too many words (emphasis mine throughout):
WikiLeaks has published what it claims is the largest ever release
of confidential documents on the CIA It includes more than 8,000 documents as part of 'Vault 7', a series of leaks on the agency,
which have allegedly emerged from the CIA's Center
For Cyber Intelligence in Langley , and which can be seen on the org
chart below, which Wikileaks also released : [org
chart reproduced above]
A total of 8,761 documents have been published
as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said
that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company
products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs
, which are turned into covert microphones."
WikiLeaks tweeted the leak, which it claims came from a network inside the CIA's Center for Cyber Intelligence in Langley,
Virginia.
Among the more notable disclosures which, if confirmed, "
would rock the technology world ", the CIA had managed to bypass encryption on popular phone and messaging services
such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate
Android phones and collect "audio and message traffic before encryption is applied."
With respect to hacked devices like you smart phone, smart TV and computer, consider the concept of putting these devices in "fake-off"
mode:
Among the various techniques profiled by WikiLeaks is "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB),
which infests smart TVs , transforming them into covert microphones. After infestation, Weeping Angel places the target
TV in a 'Fake-Off' mode , so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates
as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As Kim Dotcom chimed in on Twitter, "CIA turns Smart TVs, iPhones, gaming consoles and many other consumer gadgets into open
microphones" and added "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand,
including via Windows update "[.]
Do you still trust Windows Update?
About "Russia did it"
Adding to the "Russia did it" story, note this:
Another profound revelation is that the CIA can engage in "false flag" cyberattacks which portray Russia as the assailant
. Discussing the CIA's Remote Devices Branch's UMBRAGE group, Wikileaks' source notes that it "collects and maintains a substantial
library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.["]
As Kim Dotcom summarizes this finding, " CIA uses techniques to make cyber attacks look like they originated from enemy
state ."
This doesn't prove that Russia didn't do it ("it" meaning actually hacking the presidency for Trump, as opposed to providing
much influence in that direction), but again, we're in spook world, with all the phrase implies. The CIA can clearly put anyone's
fingerprints on any weapon they wish, and I can't imagine they're alone in that capability.
Hacking Presidential Devices?
If I were a president, I'd be concerned about this, from the WikiLeaks "
Analysis " portion of the Press Release (emphasis added):
"Year Zero" documents show that the CIA breached the Obama administration's commitments [that the intelligence community would
reveal to device manufacturers whatever vulnerabilities it discovered]. Many of the vulnerabilities used in the CIA's cyber arsenal
are pervasive [across devices and device types] and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" [that it] is able to penetrate, infest and control both the
Android phone and iPhone software that runs or has run presidential Twitter accounts . The CIA attacks this software by using
undisclosed security vulnerabilities ("zero days") possessed by the CIA[,] but if the CIA can hack these phones then so can everyone
else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and
Google (who make the phones) they will not be fixed, and the phones will remain hackable.
Does or did the CIA do this (hack presidential devices), or is it just capable of it? The second paragraph implies the latter.
That's a discussion for another day, but I can say now that both Lawrence Wilkerson, aide to Colin Powell and a non-partisan (though
an admitted Republican) expert in these matters, and
William Binney,
one of the triumvirate of major pre-Snowden leakers, think emphatically yes. (See
Wilkerson's
comments here . See
Binney's comments here .)
Whether or not you believe Wilkerson and Binney, do you doubt that if our intelligence people can do something, they would
balk at the deed itself, in this
world of "collect it all
"? If nothing else, imagine the power this kind of bugging would confer on those who do it.
The Breadth of the CIA Cyber-Hacking Scheme
But there is so much more in this Wikileaks release than suggested by the brief summary above. Here's a bullet-point overview
of what we've learned so far, again via Zero Hedge:
Key Highlights from the Vault 7 release so far:
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of
"zero day" weaponized exploits against a wide range of U.S. and European company products , include Apple's iPhone,
Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
Wikileaks claims that the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized
"zero day" exploits, malware remote control systems and associated documentation . This extraordinary collection, which
amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The
archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one
of whom has provided WikiLeaks with portions of the archive.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI),
had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other
"weaponized" malware . Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than
that used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question
as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds , to be used by rival states, cyber
mafia and teenage hackers alike.
Also this scary possibility:
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks.
The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations
.
Journalist Michael Hastings, who in 2010
destroyed the career of General
Stanley McChrystal and was hated by the military for it, was killed in 2013 in an inexplicably out-of-control car. This isn't
to suggest the CIA, specifically, caused his death. It's to ask that, if these capabilities existed in 2013, what would prevent their
use by elements of the military, which is, after all a death-delivery organization?
And lest you consider this last speculation just crazy talk, Richard Clarke (that
Richard Clarke ) agrees: "Richard Clarke, the counterterrorism
chief under both Bill Clinton and George W. Bush,
told the Huffington
Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating
article here .
WiliLeaks Press Release
Here's what WikiLeaks itself says about this first document cache (again, emphasis mine):
Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault
7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero
day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more
than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to
have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided
WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of
"zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android
and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA
found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own
substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations
to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's
Center for Cyber Intelligence (CCI), had over
5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware.
Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The
CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether
such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public
, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia
and teenage hackers alike.
Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain
them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the
choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."
Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the
distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and
how such 'weapons' should analyzed, disarmed and published.
Wikileaks has also decided to redact and anonymise some
identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack
machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen,
we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero")
already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.
Be sure to click through for the Analysis, Examples and FAQ sections
as well.
"O brave new world," someone once wrote . Indeed.
Brave new world, that only the brave can live in.
____
1 Mind you, the leakers may have had a comprehensive enough view to be making an accurate call. But the real point
is there are no actors who will be allowed to make an independent assessment.
Senator John McCain passed documents to the FBI director, James Comey, last month alleging secret contacts between the Trump
campaign and Moscow and that Russian intelligence had personally compromising material on the president-elect himself.
The material, which has been seen by the Guardian, is a series of reports on Trump's relationship with Moscow. They were
drawn up by a former western counter-intelligence official, now working as a private consultant. BuzzFeed on Tuesday published
the documents, which it said were "unverified and potentially unverifiable".
The Guardian has not been able to confirm the veracity of the documents' contents,
Emphases mine. I had been sitting on this link trying to make sense of this part. Clearly, the Trump Whitehouse has some major
leaks, which the MSM is exploiting. But the start of this article suggests that para-intelligence (is that a word? Eh, it is now)
was the source of the allegedly damaging info.
This is no longer about the deep-state, but a rouge state, possibly guns for higher, each having fealty to specific political
interests. The CIA arsenal wasn't leaked. It was delivered.
hmm.. as far as I can see, noone seems to care here in Germany anymore about being spied on by our US friends, apart from a
few alternative sources which are being accused of spreading fake news, of being anti-american, russian trolls, the matter is
widely ignored
I have read a few articles about the Vault 7 leak that typically raise a few alarms I would like to comment on.
1) The fact that the
CIA had managed to bypass encryption on popular phone and messaging services
does not mean that it has broken encryption, just that it has a way to install a program at a lower level, close to the operating
system, that will read messages before they are encrypted and sent by the messaging app, or just after they
have been decrypted by it.
As a side note: banks have now largely introduced two-factor authentication when accessing online services. One enters username
(or account number) and password; the bank site returns a code; the user must then enter this code into a smartphone app or a
tiny specialized device, which computes and returns a value out of it; the user enters this last value into the entry form as
a throw-away additional password, and gains access to the bank website.
I have always refused to use such methods on a smartphone and insist on getting the specialized "single-use password computer",
precisely because the smartphone platform can be subverted.
2) The fact that
"Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), [ ] infests smart TVs, transforming them into covert
microphones.
is possible largely because smart TVs are designed by their manufacturers to serve as spying devices. "Weeping Angel" is not
some kind of virus that turns normal devices into zombies, but a tool to take control of existing zombie devices.
The fact that smart TVs from
Vizio ,
Samsung or
LG constitute an outrageous intrusion into the privacy of their owners has been a known topic for years already.
3) The
CIA [ ] also looking at infecting the vehicle control systems used by modern cars and trucks
is not a "scary possibility" either; various demonstrations of such feats on
Tesla ,
Nissan , or
Chrysler vehicles have been demonstrated in the past few years.
And the consequences have already been suggested (killing people by disabling their car controls on the highway for instance).
My take on this is that we should seriously look askance not just at the shenanigans of the CIA, but at the entire "innovative
technology" that is imposed upon (computerized cars) or joyfully adopted by (smartphones) consumers. Of course, most NC readers
are aware of the pitfalls already, but alas not the majority of the population.
4) Finally this:
He's so impossibly erratic, so impossibly unfit for his office,
Trump is arguably unfit for office, does not have a clue about many things (such as foreign relations), but by taxing him of
being "erratic" Gaius Publius shows that he still does not "get" the Donald.
Trump has a completely different modus operandi than career politicians, formed by his experience as a real-estate mogul and
media star. His world has been one where one makes outrageous offers to try anchoring the negotiation before reducing one's claims
- even significantly, or abruptly exiting just before an agreement to strike a deal with another party that has been lured to
concessions through negotiations with the first one. NC once included a video of Trump doing an interactive A/B testing of his
slogans during a campaign meeting; while changing one's slogans on the spot might seem "erratic", it is actually a very systematic
market probing technique.
So stop asserting that Trump is "unpredictable" or "irrational"; this is underestimating him (a dangerous fault), as he is
very consistent, though in an uncommon fashion amongst political pundits.
While I agree that it's worth pointing out that the CIA has not broken any of the major encryption tools, even Snowden regards
being able to circumvent them as worse, since people using encryption are presumably those who feel particularly at risk and will
get a false sense of security and say things or keep data on their devices that they never never would if they thought they were
insecure.
Re Gaius on Trump, I agree the lady doth protest too much. But I said repeatedly that Trump would not want to be President
if he understood the job. It is not like being the CEO of a private company. Trump has vastly more control over his smaller terrain
in his past life than he does as President.
And Trump is no longer campaigning. No more a/b testing.
The fact is that he still does not have effective control of the Executive branch. He has lots of open positions in the political
appointee slots (largely due to not having even submitted candidates!) plus has rebellion in some organizations (like folks in
the EPA storing data outside the agency to prevent its destruction).
You cannot pretend that Trump's former MO is working at all well for him. And he isn't showing an ability to adapt or learn
(not surprising at his age). For instance, he should have figured out by now that DC is run by lawyers, yet his team has hardly
any on it. This is continuing to be a source of major self inflicted wounds.
His erraticness may be keeping his opponents off base, but it is also keeping him from advancing any of his goals.
Yes, not breaking encryption is devious, as it gives a false sense of security - this is precisely why I refuse to use those
supposedly secure e-banking login apps on smartphones whose system software can be subverted, and prefer those non-connected,
non-reprogrammable, special-purpose password generating devices.
As for Trump being incompetent for his job, and his skills in wheeling-dealing do not carrying over usefully to conducting
high political offices, that much is clear. But he is not "erratic", rather he is out of place and out of his depth.
I am writing this in the shower with a paper bag over my head and my iPhone in the microwave.
I have for years had a password-protected document on computer with all my important numbers and passwords. I have today deleted
that document and reverted to a paper record.
I think he means a machine dedicated to high-security operations like anything financial or bill-pay. Something that is not
exposed to email or web-browsing operations that happen on a casual-use computer that can easily compromise. That's not a bad
way to go; it's cheaper in terms of time than the labor-intensive approaches I use, but those are a hobby more than anything else.
It depends on how much you have at stake if they get your bank account or brokerage service password.
I take a few basic security measures, which would not impress the IT crowd I hang out with elsewhere, but at least would not
make me a laughingstock. I run Linux and use only open-source software; run ad-blockers and script blockers; confine risky operations,
which means any non-corporate or non-mainstream website to a virtual machine that is reset after each use; use separate browsers
with different cookie storage policies and different accounts for different purposes. I keep a well-maintained pfSense router
with a proxy server and an intrusion detection system, allowing me to segregate my secure network, home servers, guest networks,
audiovisual streaming and entertainment devices, and IoT devices each on their own VLANs with appropriate ACLs between them. No
device on the more-secured network is allowed out to any port without permission, and similar rules are there for the IoT devices,
and the VoIP tools.
The hardware to do all of that costs at least $700, but the real expense is in the time to learn the systems properly. Of course
if you use Linux, you could save that on software in a year if you are too cheap to send a contribution to the developers.
It's not perfect, because I still have computers turned on :) , but I feel a bit safer this way.
That said, absolutely nothing that I have here would last 30 milliseconds against anything the "hats" could use, if they wanted
in. It would be over before it began. If I had anything to hide, really, I would have something to fear; so guess I'm OK.
They're key fobs handed to you by your IT dept. The code displayed changes every couple of minutes. The plus is there's nothing
sent over the air. The minus is the fobs are subject to theft, and are only good for connecting to 'home'. And since they have
a cost, and need to be physically handed to you, they're not good fit for most two factor login applications (ie logging into
your bank account).
I watched (fast forwarded through, really) Morning Joe yesterday to see what they would have to say about Wikileaks. The show
mostly revolved around the health care bill and Trump's lying and tweeting about Obama wiretapping him. They gave Tim Kaine plenty
of time to discuss his recent trip to London talking to "some of our allies there" saying that they are concerned that "all the
intelligence agencies" say the Rooskies "cyber hacked" our election, and since it looks like we aren't doing anything when we
are attacked, they KNOW we won't do anything when they are attacked. (more red baiting)
The only two mentions I saw was about Wikileaks were, first, a question asked of David Cohen, ex Deputy Director of the CIA,
who refused to confirm the Wikileaks were authentic, saying whatever tools and techniques the CIA had were used against foreign
persons overseas, so there is no reason to worry that your TV is looking at you. And second, Senator Tom Cotton, who didn't want
to comment on the contents of Wikileaks, only saying that the CIA is a foreign intelligence service, collecting evidence on foreign
targets to keep our country safe, and it does not do intelligence work domestically.
So that appears to be their story, the CIA doesn't spy on us, and they are sticking with it, probably hoping the whole Wikileaks
thing just cycles out of the news.
The unwillingness of the main stream media (so far) to really cover the Wikileaks reveal is perhaps the bigger story. This
should be ongoing front page stuff .. but it is not.
As for using ZeroHedge as a source for anything, can we give that a rest. That site has become a cesspool of insanity. It used
to have some good stuff. Now it is just unreadable. SAD
And yes I know the hypocrisy of slamming ZH and the MSM at the same time we live in interesting times.
Your remarks on ZH are an ad hominem attack and therefore a violation of site policies. The onus is on you to say what ZH got
wrong and not engage in an ungrounded smear. The mainstream media often cites ZH.
NC more than just about any other finance site is loath to link to ZH precisely because it is off base or hyperventilating
a not acceptably high percent of the time, and is generally wrong about the Fed (as in governance and how money works). We don't
want to encourage readers to see it as reliable. However, it is good on trader gossip and mining Bloomberg data.
And I read through its summary of the Wikileaks material as used by Gaius and there was nothing wrong with it. It was careful
about attributing certain claims to Wikileaks as opposed to depicting them as true.
My rules for reading ZH:
1- Skip every article with no picture
2- Skip every article where the picture is a graph
3- Skip every article where the picture is of a single person's face
4- Skip every afticle where the picture is a cartoon
5- Skip every article about gold, BitCoin, or high-frequency trading
6- Skip all the "Guest Posts"
7- ALWAYS click through to the source
8- NEVER read the comments
It is in my opinion a very high noise-to-signal source, but there is some there there.
Discerning a 'news from noise' is NEVER that easy b/c it is an art, developed by years of shifting through ever increasing
'DATA information' load. This again has to be filtered and tested against one's own 'critical' thinking or reasoning! You have
to give ZH, deserved credit, when they are right!
There is no longer a Black or white there, even at ZH! But it is one of the few, willing to challenge the main stream narrative
'kool aid'
In addition to the "para-intelligence" community (hat tip Code named D) there are multiple enterprises with unique areas of
expertise that interface closely with the CIA The long-exposed operations, which include entrapment and blackmailing of key actors
to guarantee complicity, "loyalty" and/or sealed lips, infect businesses, NGOs, law enforcement agencies, judges, politicians,
and other government agencies. Equal opportunity employment for those with strong stomachs and a weak moral compass.
Yes I can't remember where I read it but it was a tale passed around supposedly by an FBI guy that had, along with his colleagues,
the job of vetting candidates for political office. They'd do their background research and pass on either a thick or thin folder
full of all the compromising dirt on each potential appointee. Over time he said he was perturbed to notice a persistent pattern
where the thickest folders were always the ones who got in.
I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being
imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?"
and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they
have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that
you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics,
on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always
blackmail.
I find the notion that my consumer electronics may be CIA microphones somewhat irritating, but my imagination quickly runs
off to far worse scenarios. (although the popular phase, "You're tax dollars at work." keeps running thru my head like a earworm.
And whenever I hear "conservatives" speak of their desire for "small government", usually when topics of health care, Medicare
and social security come up, I can only manage a snort of incredulousness anymore)
One being malware penetrating our nuke power plants and shutting down the cooling system. Then the reactor slowly overheats
over the next 3 days, goes critical, and blows the surrounding area to high heaven. We have plants all around the coast of the
country and also around the Great Lakes Region our largest fresh water store in a drought threatened future.
Then the same happening in our offensive nuke missile systems.
Some other inconvenient truths the stuxnet virus has been redesigned. Kaspersky premier anti malware software maker had
a variant on their corporate network for months before finally discovering it. What chance have we?
In China, hacking is becoming a consumer service industry. There are companies building high power data centers with a host
of hacking tools. Anyone, including high school script kiddies, can rent time to use the sophisticated hacking tools, web search
bots, and whatever, all hosted on powerful servers with high speed internet bandwidth.
Being a bit "spooked" by all this, I began to worry about my humble home computer and decided to research whatever products
I could get to at least ward off annoying vandalism. Among other things, I did sign up for a VPN service. I'm looking at the control
app for my VPN connection here and I see that with a simple checkbox mouse click I can make my IP address appear to be located
in my choice of 40 some countries around the world. Romania is on the list!
Actually, I very much doubt that does work. The mic "pickup" would feed its analog output to a DAC (digital to analog converter)
which would convert the signal to digital. This then goes to something similar to a virtual com port in the operating system.
Here is where a malware program would pick it up and either create a audio file to be sent to an internet address, or stream it
directly there.
The article is just plugging in a microphone at the output jack. The malware got the data long before it goes thru another
DAC and analog amp to get to the speakers or output jack.
It depends on how it is hooked up internally. Old fashioned amateur radio headphones would disable the speakers when plugged
in because the physical insertion of the plug pushed open the connection to the speakers. The jack that you plug the ear buds
into might do the same, disconnecting the path between the built-in microphone and the ADC (actually it is an ADC not a DAC).
The only way to know is to take it apart and see how it is connected.
The CIA is not allowed to operate in the US is also the panacea for the public. And some are buying it. Along with everyone
knows they can do this is fueling the NOTHING to see here keep walking weak practically non existent coverage.
At what point do people quit negotiating in terrorism and errorism? For this is what the police, the very State itself has
long been. Far beyond being illegitimate, illegal, immoral, this is a clear and ever present danger to not just it's own people,
but the rule of law itself. Blanket statements like we all know this just makes the dangerously absurd normal I'll never understand
that part of human nature. But hey, the TSA literally just keeps probing further each and every year. Bend over!
Trump may not be the one for the task but we the people desperately need people 'unfit', for it is the many fit who brought
us to this point. His unfit nature is as refreshing on these matters in its chaotic honest disbelief as Snowden and Wiki revelations.
Refreshing because it's all we've got. One doesn't have to like Trump to still see missed opportunity so many should be telling
him he could be the greatest pres ever if (for two examples) he fought tirelessly for single payer and to bring down this police
state rather than the EPA or public education.
This cannot stand on so many levels. Not only is the fourth amendment rendered utterly void, but even if it weren't it falls
far short of the protections we deserve.
No enemy could possibly be as bad as who we are and what we allow/do among ourselves. If an election can be hacked (not saying
it was by Russia).. as these and other files prove anything can and will be hacked then our system is to blame, not someone else.
What amazes me is that the spooks haven't manufactured proof needed to take Trump out of office Bonfire of The Vanities style.
I'd like to think the people have moved beyond the point they would believe manufactured evidence but the Russia thing proves
otherwise.
These people foment world war while probing our every move and we do nothing!
If we wait for someone fit nothing will ever change because we wait for the police/media/oligarch state to tell us who is fit.
But being fit by the standards of our ruling class, the "real owners" as Carlin called them is, in my book, an automatic proof
that they are up to no good. Trump is not my cup of tea as a president but no one we have had in a while wasn't clearly compromised
by those who fund them. Did you ever wonder why we have never had a president or even a powerful member of congress that was not
totally in the tank for that little country on the Eastern Mediterranean? Or the Gulf Monarchies? Do you think that is by accident?
Do you think money isn't involved? Talk about hacked elections! We should be so lucky as to have ONLY Russians attempting to affect
our elections. Money is what hacks US elections and never forget that. To me it is laughable to discuss hacking the elections
without discussing the real way our "democracy" is subvertedmoney not document leaks or voting machine hacks. It's money.
Why isn't Saudi Arabia on Trump's list? Iran that has never been involved in a terrorist act on US soil is but not Saudi Arabia?
How many 911 hijackers came from Iran? If anything saves Trump from destruction by the real owners of our democracy it is his
devotion to the aforementioned countries.
The point again is not to remove him from office but to control him. With Trump's past you better believe the surveillance
state has more than enough to remove him from office. Notice the change in his rhetoric since inauguration? More and more he is
towing the establishment Republican line. Of course this depends on whether you believe Trump is a break with the past or just
the best liar out there. A very unpopular establishment would be clever in promoting their agent by pretending to be against him.
Anyone who still believes that the US is a democratic republic and not a mafia state needs to stick their heads deeper into
the sands. When will the low information voters and police forces on whom a real revolution depends realize this is anyone's guess.
The day is getting closer especially for the younger generation. The meme among the masses is that government has always been
corrupt and that this is nothing new. I do believe the level of immorality among the credentialed classes is indeed very new and
has become the new normal. Generations of every man for himself capitalist philosophy undermining any sense of morality or community
has finally done its work.
Go take a jaunt over to huffpo, at the time of this post there was not a single mention of vault 7 on the front page. Just
a long series of anti trump administration articles.
Glad to know for sure who the true warmongers were all along.
No.. The Church commission was a sweep it under the rug operation. It got us FISA courts. More carte blanche secrecy, not less.
The commission nor the rest of the system didn't even hold violators of the time accountable.
We have files like Vault 7. Commissions rarely get in secret what we have right here before our eyes.
River: Interesting historic parallel? I believe that the Ottomans got rid of the Janissaries that way, after the Janissaries
had become a state within a state, by using cannons on their HQ
From Wiki entry, Janissaries:
The corps was abolished by Sultan Mahmud II in 1826 in the Auspicious Incident in which 6,000 or more were executed.[8]
Took less than a minute to download the 513.33MB file. The passphrase is what JFK said he'd like to do to CIA: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.
"The illegal we do immediately; the unconstitutional takes a little longer." Henry Kissinger, 1975.
The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates.
A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized
by political operatives to go after their enemies and not even the President of the United States is immune. This is something
that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and
the Democratic party, is beyond frightening.
The irony is that the existence of this dangerous apparatus which civil libertarians have warned could and probably would
be used for political purposes has been hailed by Trump and his team as a necessary and proper function of government. Indeed,
Trump has called for the execution of the person who revealed the existence of this sinister engine of oppression Edward
Snowden. Absent Snowden's revelations, we would still be in the dark as to the existence and vast scope of the NSA's surveillance.
And now the monster Trump embraced in the name of "national security" has come back to bite him.
We hear all the time that what's needed is an open and impartial "investigation" of Trump's alleged "ties" to Russia. This
is dangerous nonsense: does every wild-eyed accusation from embittered losers deserve a congressional committee armed with
subpoena power bent on conducting an inquisition? Certainly not.
What must be investigated is the incubation of a clandestine political police force inside the national security apparatus,
one that has been unleashed against Trump and could be deployed against anyone.
This isn't about Donald Trump. It's about preserving what's left of our old republic.
Yeah I downloaded it the day it came out and spent an hour or so looking at it last night. First impressions "heyyy this
is like a Hackers Guide the sort I used in the 80s, or DerEngel's Cable Modem Hacking" of the 00s.
2nd impressions wow it really gives foundational stuff like "Enable Debug on PolarSSL".
3rd impressions "I could spend hours going thru this happily ".
4th impressions I went looking for the "juicy bits" of interest to me SOHO routers, small routers sadly its just
a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original
firmware, not hacked one. But the repository isn't in the vault dump, AFAIK.
Its quite fascinating. But trying to find the "juicy stuff" is going to be tedious. One can spend hours and hours going thru
it. To speed up going thru it, I'm going to need some tech sites to say "where to go".
It seems clear that Wikileaks has not and will not release actual ongoing method "how-to" info or hacking scripts. They are
releasing the "whats", not the tech level detailed "hows". This seems like a sane approach to releasing the data. The release
appears to be for political discussion, not for spreading the hacking tools. So I wouldn't look for "juicy bits" about detailed
methodology. Just my guess.
That said, love what you're doing digging into this stuff. I look forward to a more detailed report in future. Thanks.
Yves, I think that you much underestimate the extremity of these exposed violations of the security of freedom of expression,
and of the security of private records. The WikiLeaks docs show that CIA has developed means to use all personal digital device
microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your
private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows
10, and can easily install them on all common systems and devices.
This goes far beyond the kind of snooping that required specialized devices installed near the target, which could be controlled
by warrant process. There is no control over this extreme spying. It is totalitarianism now.
This is probably the most extreme violation of the rights of citizens by a government in all of history. It is far worse than
the "turnkey tyranny" against which Snowden warned, on the interception of private messages. It is tyranny itself, the death of
democracy.
Your first sentence is a bit difficult to understand. If you read Yves' remarks introducing the post, she says that the revelations
are "a big deal" "if the Wikileaks claim is even halfway true," while coming down hard on the MSM and others for "pooh-pooh[ing]"
the story. Did you want her to add more exclamation points?
So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military
refers to as "being overtaken by events."
It's easy to gather information; not so easy to analyze it, and somehow impossible to act on it in good faith. With all this
ability to know stuff and surveil people the big question is, Why does everything seem so beyond our ability to control it?
We should know well in advance that banks will fail catastrophically; that we will indeed have sea level rise; that resources
will run out; that water will be undrinkable; that people will be impossible to manipulate when panic hits but what do we do?
We play dirty tricks, spy on each other like voyeurs, and ignore the inevitable. Like the Stasi, we clearly know what happened,
what is happening and what is going to happen. But we have no control.
My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects
there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is
aware of the irony) and hit the President's breakfast table.
AS, I would interpret it as saying that there was so much coming in it was like trying to classify snowflakes in a snowstorm.
They could pick a few subject areas to look at closely but the rest just went into the files.
Leaking like a sieve is also likely, but perhaps not the main point.
The archive appears to have been circulated among government hackers and contractors in a authorized manner
There, that looks the more likely framing considering CIA & DNI on behalf of the whole US IC seemingly fostered wide dissimilation
of these tools, information. Demonstration of media control an added plus.
Todd Pierce , on the other hand, nails it. (From his Facebook page.)
The East German Stasi could only dream of the sort of surveillance the NSA and CIA do now, with just as nefarious of purposes.
Perhaps the scare quotes around "international mobster" aren't really necessary.
In all this talk about the various factions aligned with and against Trump, that's one I haven't heard brought up by anybody.
With all the cement poured in Trump's name over the years, it would be naive to think his businesses had not brushed up against
organized crime at some point. Question is, whose side are they on?
Like all the other players, the "side" they are on is them-effing-selves. And isn't that the whole problem with our misbegotten
species, writ large?
Then there's this: https://www.youtube.com/watch?v=s1Hzds9aGdA
Maybe these people will be around and still eating after us urban insects and rodents are long gone? Or will our rulers decide
no one should survive if they don't?
To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats
worshipping the IC, will anyone in an official position dare to speak out?
I've long thought that the reason Snowden was pursued so passionately was that he exposed the biggest, most embarrassing secret:
that the National "Security" Agency's INTERNAL security was crap.
And here it is: "Wikileaks claims that the CIA lost control of the majority of its hacking arsenal "
The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release.
We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation,
it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it,
was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the
past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't
kill him or his family. That being one of their options.
Ah, that's the beauty of contracting it out. No one gets fired. Did anyone get fired because of Snowden? It was officially
a contractor problem and since there are only a small number of contractors capable of doing the work, well you know. We can't
get new ones.
What I find by far the most distressing is this: "The CIA had created, in effect, its "own NSA" with even less accountability
." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight and one that is
intentionally structuring itself that way. That worries me.
It is becoming increasingly clear that the Republic is lost because we didn't stand guard for it. Blaming others don't cut
it either we let it happen. And like the Germans about the Nazi atrocities, we will say that we didn't know about it.
Hey, I didn't let it happen. Stuff that spooks and sh!tes do behind the Lycra curtain happens because it is, what is the
big word again, "ineluctable." Is my neighbor to blame for having his house half eaten by both kinds of termites, where the construction
is such that the infestation and damage are invisible until the vast damage is done?
And just how were we supposed to stand guard against a secret and unaccountable organization that protected itself with a shield
of lies? And every time some poor misfit complained about it they were told that they just didn't know the facts. If they only
knew what our IC knows they would not complain.
It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place
the blame where it belongsour IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be
yours.
Studiously avoid any military celebrations. Worship of the military is part of the problem. Remember, the people you thank
for "their service" are as much victims as you are. Sadly they don't realize that their service is to a rotten empire that is
not worthy of their sacrifice but every time we perform the obligatory ritual of thankfulness we participate in the lie that the
service is to a democratic country instead of an undemocratic empire.
It's clearly a case of Wilfred Owen's classic "Dulce et Decorum Est". Read the poem, google it and read it. It is instructive:
" you would not tell with such high zest To children ardent for some desperate glory, The old Lie: Dulce et decorum est Pro patria
mori." Make no mistake. It is a lie and it can only be undone if we all cease to tell it.
"These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward
Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from
virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears
to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's
box has been opened."
"... As a rule of thumb, malicious applications usually write to /tmp and then attempt to run whatever was written. A way to prevent this is to mount /tmp on a separate partition with the options noexec , nodev and nosuid enabled. ..."
2. System Settings File Permissions and Masks
2.1 Restrict Partition Mount Options
Partitions should have hardened mount options:
/boot
rw,nodev,noexec,nosuid
/home
rw,nodev,nosuid
/tmp
rw,nodev,noexec,nosuid
/var
rw,nosuid
/var/log
rw,nodev,noexec,nosuid
/var/log/audit
rw,nodev,noexec,nosuid
/var/www
rw,nodev,nosuid
As a rule of thumb, malicious applications usually write to
/tmp
and then attempt to run whatever was written. A way to prevent this is to mount
/tmp
on a separate partition with the options
noexec
,
nodev
and
nosuid
enabled.
This will deny binary execution from
/tmp
, disable any binary
to be suid root, and disable any block devices from being created.
The storage location
/var/tmp
should be bind mounted to
/tmp
,
as having multiple locations for temporary storage is not required:
If required, disable kernel support for USB via bootloader configuration. To
do so, append
nousb
to the kernel line GRUB_CMDLINE_LINUX in
/etc/default/grub
and generate the Grub2 configuration file:
# grub2-mkconfig -o /boot/grub2/grub.cfg
Note that disabling all kernel support for USB will likely cause problems
for systems with USB-based keyboards etc.
2.4 Restrict Programs from Dangerous Execution Patterns
Open
/etc/hosts.allow
and allow localhost traffic and SSH:
ALL: 127.0.0.1
sshd: ALL
The file
/etc/hosts.deny
should be configured to deny all by
default:
ALL: ALL
3.3 Kernel Parameters Which Affect Networking
Open
/etc/sysctl.conf
and add the following:
# Disable packet forwarding
net.ipv4.ip_forward = 0
# Disable redirects, not a router
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Disable source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
# Enable source validation by reversed path
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Log packets with impossible addresses to kernel log
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
# Disable ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Ignore bogus ICMP errors
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Against SYN flood attacks
net.ipv4.tcp_syncookies = 1
# Turning off timestamps could improve security but degrade performance.
# TCP timestamps are used to improve performance as well as protect against
# late packets messing up your data flow. A side effect of this feature is
# that the uptime of the host can sometimes be computed.
# If you disable TCP timestamps, you should expect worse performance
# and less reliable connections.
net.ipv4.tcp_timestamps = 1
# Disable IPv6 unless required
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# Do not accept router advertisements
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
3.4 Kernel Modules Which Affect Networking
Open
/etc/modprobe.d/hardening.conf
and disable Bluetooth
kernel modules:
Since we're looking at server security, wireless shouldn't be an issue,
therefore we can disable all the wireless drivers.
# for i in $(find /lib/modules/$(uname -r)/kernel/drivers/net/wireless -name "*.ko" -type f);do \
echo blacklist "$i" >>/etc/modprobe.d/hardening-wireless.conf;done
3.5 Disable Radios
Disable radios (wifi and wwan):
# nmcli radio all off
3.6 Disable Zeroconf Networking
Open
/etc/sysconfig/network
and add the following:
NOZEROCONF=yes
3.7 Disable Interface Usage of IPv6
Open
/etc/sysconfig/network
and add the following:
NETWORKING_IPV6=no
IPV6INIT=no
3.8 Network Sniffer
The server should not be acting as a network sniffer and capturing packages.
Run the following to determine if any interface is running in promiscuous mode:
# ip link | grep PROMISC
3.9 Secure VPN Connection
Install the libreswan package if implementation of IPsec and IKE is
required.
# yum install libreswan
3.10 Disable DHCP Client
Manual assignment of IP addresses provides a greater degree of management.
For each network interface that is available on the server, open a
corresponding file
/etc/sysconfig/network-scripts/ifcfg-
interface
and configure the following parameters:
BOOTPROTO=none
IPADDR=
NETMASK=
GATEWAY=
4. System Settings SELinux
Ensure that SELinux is not disabled in
/etc/default/grub
, and
verify that the state is enforcing:
# sestatus
5. System Settings Account and Access Control
5.1 Delete Unused Accounts and Groups
Open
/etc/security/pwquality.conf
and add the following:
difok = 8
gecoscheck = 1
These will ensure that 8 characters in the new password must not be present
in the old password, and will check for the words from the passwd entry GECOS
string of the user.
5.4 Prevent Log In to Accounts With Empty Password
Remove any instances of
nullok
from
/etc/pam.d/system-auth
and
/etc/pam.d/password-auth
to
prevent logins with empty passwords.
Sed one-liner:
# sed -i 's/\<nullok\>//g' /etc/pam.d/system-auth /etc/pam.d/password-auth
5.5 Set Account Expiration Following Inactivity
Disable accounts as soon as the password has expired.
Open
/etc/default/useradd
and set the following:
INACTIVE=0
Sed one-liner:
# sed -i 's/^INACTIVE.*/INACTIVE=0/' /etc/default/useradd
This will create the file
/boot/grub2/user.cfg
if one is not
already present, which will contain the hashed Grub2 bootloader password.
Verify permissions of
/boot/grub2/grub.cfg
:
# chmod 0600 /boot/grub2/grub.cfg
5.12 Password-protect Single User Mode
CentOS 7 single user mode is password protected by the root password by
default as part of the design of Grub2 and systemd.
5.13 Ensure Users Re-Authenticate for Privilege Escalation
The NOPASSWD tag allows a user to execute commands using sudo without having
to provide a password. While this may sometimes be useful it is also
dangerious.
Ensure that the NOPASSWD tag does not exist in
/etc/sudoers
configuration file or
/etc/sudoers.d/
.
5.14 Multiple Console Screens and Console Locking
Install the screen package to be able to emulate multiple console windows:
# yum install screen
Install the vlock package to enable console screen locking:
# yum install vlock
5.15 Disable Ctrl-Alt-Del Reboot Activation
Prevent a locally logged-in console user from rebooting the system when
Ctrl-Alt-Del is pressed:
# systemctl mask ctrl-alt-del.target
5.16 Warning Banners for System Access
Add the following line to the files
/etc/issue
and
/etc/issue.net
:
Unauthorised access prohibited. Logs are recorded and monitored.
5.17 Set Interactive Session Timeout
Open
/etc/profile
and set:
readonly TMOUT=900
5.18 Two Factor Authentication
The recent version of OpenSSH server allows to chain several authentication
methods, meaning that all of them have to be satisfied in order for a user to
log in successfully.
Adding the following line to
/etc/ssh/sshd_config
would require
a user to authenticate with a key first, and then also provide a password.
AuthenticationMethods publickey,password
This is by definition a two factor authentication: the key file is something
that a user has, and the account password is something that a user knows.
Alternatively, two factor authentication for SSH can be set up by using
Google Authenticator.
5.19 Configure History File Size
Open
/etc/profile
and set the number of commands to remember in
the command history to 5000:
HISTSIZE=5000
Sed one-liner:
# sed -i 's/HISTSIZE=.*/HISTSIZE=5000/g' /etc/profile
6. System Settings System Accounting with auditd
6.1 Auditd Configuration
Open
/etc/audit/auditd.conf
and configure the following:
The above auditd configuration should never use more than 250MB of disk
space (10x25MB=250MB) on
/var/log/audit
.
Set
admin_space_left_action=single
if you want to cause the
system to switch to single user mode for corrective action rather than send an
email.
Automatically rotating logs (
max_log_file_action=rotate
)
minimises the chances of the system unexpectedly running out of disk space by
being filled up with log data.
We need to ensure that audit event data is fully synchronised (
flush=data
)
with the log files on the disk .
6.2 Auditd Rules
System audit rules must have mode 0640 or less permissive and owned by the
root user:
Storing the database and the configuration file
/etc/aide.conf
(or SHA2 hashes of the files) in a secure location provides additional
assurance about their integrity.
Check AIDE database:
# /usr/sbin/aide --check
By default, AIDE does not install itself for periodic execution. Configure
periodic execution of AIDE by adding to cron:
The Tripwire configuration file is
/etc/tripwire/twcfg.txt
and
the policy file is
/etc/tripwire/twpol.txt
. These can be edited
and configured to match the system Tripwire is installed on, see
this blog post
for more details.
Initialise the database to implement the policy:
# tripwire --init
Check for policy violations:
# tripwire --check
Tripwire adds itself to
/etc/cron.daily/
for daily execution
therefore no extra configuration is required.
7.3 Prelink
Prelinking is done by the prelink package, which is not installed by
default.
# yum install prelink
To disable prelinking, open the file
/etc/sysconfig/prelink
and
set the following:
PRELINKING=no
Sed one-liner:
# sed -i 's/PRELINKING.*/PRELINKING=no/g' /etc/sysconfig/prelink
Disable existing prelinking on all system files:
# prelink -ua
8. System Settings Logging and Message Forwarding
8.1 Configure Persistent Journald Storage
By default, journal stores log files only in memory or a small ring-buffer
in the directory
/run/log/journal
. This is sufficient to show
recent log history with journalctl, but logs aren't saved permanently. Enabling
persistent journal storage ensures that comprehensive data is available after
system reboot.
Open the file
/etc/systemd/journald.conf
and put the following:
[Journal]
Storage=persistent
# How much disk space the journal may use up at most
SystemMaxUse=256M
# How much disk space systemd-journald shall leave free for other uses
SystemKeepFree=512M
# How large individual journal files may grow at most
SystemMaxFileSize=32M
Restart the service:
# systemctl restart systemd-journald
8.2 Configure Message Forwarding to Remote Server
Depending on your setup, open
/etc/rsyslog.conf
and add the
following to forward messages to a some remote server:
*.* @graylog.example.com:514
Here
*.*
stands for
facility.severity
.
Note that a single @ sends logs over UDP, where a double @ sends logs using
TCP.
8.3 Logwatch
Logwatch is a customisable log-monitoring system.
# yum install logwatch
Logwatch adds itself to
/etc/cron.daily/
for daily execution
therefore no configuration is mandatory.
9. System Settings Security Software
9.1 Malware Scanners
Rkhunter adds itself to
/etc/cron.daily/
for daily execution
therefore no configuration is required. ClamAV scans should be tailored to
individual needs.
9.2 Arpwatch
Arpwatch is a tool used to monitor ARP activity of a
local network
(ARP spoofing detection), therefore it is unlikely one will use it in the
cloud, however, it is still worth mentioning that the tools exist.
Be aware of the configuration file
/etc/sysconfig/arpwatch
which you use to set the email address where to send the reports.
9.3 Commercial AV
Consider installing a commercial AV product that provides real-time
on-access scanning capabilities.
9.4 Grsecurity
Grsecurity is an extensive security enhancement to the Linux kernel.
Although it isn't free nowadays, the software is still worth mentioning.
The company behind Grsecurity stopped publicly distributing stable patches
back in 2015, with an exception of the test series continuing to be available
to the public in order to avoid impact to the Gentoo Hardened and Arch Linux
communities.
Two years later, the company decided to cease free distribution of the test
patches as well, therefore as of 2017, Grsecurity software is available to
paying customers only.
10. System Settings OS Update Installation
Install the package yum-utils for better consistency checking of the package
database.
# yum install yum-utils
Configure automatic package updates via yum-cron.
# yum install yum-cron
Add the following to
/etc/yum/yum-cron.conf
to get notified via
email when new updates are available:
For
RSA
keys, 2048 bits is considered sufficient.
DSA
keys must be exactly 1024 bits as specified by FIPS 186-2.
For
ECDSA
keys, the -b flag determines the key length by
selecting from one of three elliptic curve sizes: 256, 384 or 521 bits.
ED25519
keys have a fixed length and the -b flag is ignored.
The host can be impersonated if an unauthorised user obtains the private SSH
host key file, therefore ensure that permissions of
/etc/ssh/*_key
are properly set:
# chmod 0600 /etc/ssh/*_key
Configure
/etc/ssh/sshd_config
with the following:
# SSH port
Port 22
# Listen on IPv4 only
ListenAddress 0.0.0.0
# Protocol version 1 has been exposed
Protocol 2
# Limit the ciphers to those which are FIPS-approved, the AES and 3DES ciphers
# Counter (CTR) mode is preferred over cipher-block chaining (CBC) mode
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
# Use FIPS-approved MACs
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
# INFO is a basic logging level that will capture user login/logout activity
# DEBUG logging level is not recommended for production servers
LogLevel INFO
# Disconnect if no successful login is made in 60 seconds
LoginGraceTime 60
# Do not permit root logins via SSH
PermitRootLogin no
# Check file modes and ownership of the user's files before login
StrictModes yes
# Close TCP socket after 2 invalid login attempts
MaxAuthTries 2
# The maximum number of sessions per network connection
MaxSessions 2
# User/group permissions
AllowUsers
AllowGroups ssh-users
DenyUsers root
DenyGroups root
# Password and public key authentications
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# Disable unused authentications mechanisms
RSAAuthentication no # DEPRECATED
RhostsRSAAuthentication no # DEPRECATED
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
IgnoreUserKnownHosts yes
# Disable insecure access via rhosts files
IgnoreRhosts yes
AllowAgentForwarding no
AllowTcpForwarding no
# Disable X Forwarding
X11Forwarding no
# Disable message of the day but print last log
PrintMotd no
PrintLastLog yes
# Show banner
Banner /etc/issue
# Do not send TCP keepalive messages
TCPKeepAlive no
# Default for new installations
UsePrivilegeSeparation sandbox
# Prevent users from potentially bypassing some access restrictions
PermitUserEnvironment no
# Disable compression
Compression no
# Disconnect the client if no activity has been detected for 900 seconds
ClientAliveInterval 900
ClientAliveCountMax 0
# Do not look up the remote hostname
UseDNS no
UsePAM yes
In case you want to change the default SSH port to something else, you will
need to tell SELinux about it.
# yum install policycoreutils-python
For example, to allow SSH server to listen on TCP 2222, do the following:
# semanage port -a -t ssh_port_t 2222 -p tcp
Ensure that the firewall allows incoming traffic on the new SSH port and
restart the sshd service.
2. Service Network Time Protocol
CentOS 7 should come with Chrony, make sure that the service is enabled:
# systemctl enable chronyd.service
3. Services Mail Server
3.1 Postfix
Postfix should be installed and enabled already. In case it isn't, the do
the following:
"... the group's malware requires AMT to be enabled and serial-over-LAN turned on before it can work. ..."
"... Using the AMT serial port, for example, is detectable. ..."
"... Do people really admin a machine through AMT through an external firewall? ..."
"... Businesses demanded this technology and, of course, Intel beats the drum for it as well. While I understand their *original* concerns I would never, ever connect it to the outside LAN. A real admin, in jeans and a tee, is a much better solution. ..."
When you're a bad guy breaking into a network, the first problem you need to solve is, of course,
getting into the remote system and running your malware on it. But once you're there, the next challenge
is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed
a
neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade
firewalls and other endpoint-based network monitoring.
The group, which Microsoft has named PLATINUM, has developed a system for sending files -- such
as new payloads to run and new versions of their malware-to compromised machines. PLATINUM's technique
leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows
firewall. The AMT firmware runs at a low level, below the operating system, and it has access to
not just the processor, but also the network interface.
The AMT needs this low-level access for some of the legitimate things it's used for. It can, for
example, power cycle systems, and it can serve as an IP-based KVM (keyboard/video/mouse) solution,
enabling a remote user to send mouse and keyboard input to a machine and see what's on its display.
This, in turn, can be used for tasks such as remotely installing operating systems on bare machines.
To do this, AMT not only needs to access the network interface, it also needs to simulate hardware,
such as the mouse and keyboard, to provide input to the operating system.
But this low-level operation is what makes AMT attractive for hackers: the network traffic that
AMT uses is handled entirely within AMT itself. That traffic never gets passed up to the operating
system's own IP stack and, as such, is invisible to the operating system's own firewall or other
network monitoring software. The PLATINUM software uses another piece of virtual hardware-an AMT-provided
virtual serial port-to provide a link between the network itself and the malware application running
on the infected PC.
Communication between machines uses serial-over-LAN traffic, which is handled by AMT in firmware.
The malware connects to the virtual AMT serial port to send and receive data. Meanwhile, the operating
system and its firewall are none the wiser. In this way, PLATINUM's malware can move files between
machines on the network while being largely undetectable to those machines.
Enlarge / PLATINUM uses AMT's serial-over-LAN (SOL) to bypass the operating system's network
stack and firewall.
Microsoft
AMT has been
under scrutiny recently after the discovery of a long-standing remote authentication flaw that
enabled attackers to use AMT features without needing to know the AMT password. This in turn could
be used to enable features such as the remote KVM to control systems and run code on them.
However, that's not what PLATINUM is doing: the group's malware requires AMT to be
enabled and serial-over-LAN turned on before it can work. This isn't exploiting any flaw in
AMT; the malware just uses the AMT as it's designed in order to do something undesirable.
Both the PLATINUM malware and the AMT security flaw require AMT to be enabled in the first place;
if it's not turned on at all, there's no remote access. Microsoft's write-up of the malware expressed
uncertainty about this part; it's possible that the PLATINUM malware itself enabled AMT-if the malware
has Administrator privileges, it can enable many AMT features from within Windows-or that AMT was
already enabled and the malware managed to steal the credentials.
While this novel use of AMT is useful for transferring files while evading firewalls, it's not
undetectable. Using the AMT serial port, for example, is detectable. Microsoft says that
its own Windows Defender Advanced Threat Protection can even distinguish between legitimate uses
of serial-over-LAN and illegitimate ones. But it's nonetheless a neat way of bypassing one of the
more common protective measures that we depend on to detect and prevent unwanted network activity.
potato44819 , Ars Legatus Legionis
Jun 8, 2017 8:59 PM Popular
"Microsoft says that its own Windows Defender Advanced Threat Protection can even distinguish
between legitimate uses of serial-over-LAN and illegitimate ones. But it's nonetheless a neat
way of bypassing one of the more common protective measures that we depend on to detect and prevent
unwanted network activity."
It's worth noting that this is NOT Windows Defender.
Windows Defender Advanced Threat Protection is an enterprise product.
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved
to be a massive PITA from the security perspective. Intel needs to really reconsider its approach
or drop it altogether.
"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator
privileges, it can enable many AMT features from within Windows"
I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm despite
hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this is all pre-UEFI.)
Would Admin privileges be able to overwrite a BIOS setting? Would it matter if it was handled
via UEFI instead? 1810 posts | registered 8/28/2012
Always on and undetectable. What more can you ask for? I have to imagine that and IDS system at
the egress point would help here. 716 posts | registered 11/14/2012
Using SOL and AMT to bypass the OS sounds like it would work over SOL and IPMI as well.
I only have one server that supports AMT, I just double-checked that the webui for AMT does not
allow you to enable/disable SOL. It does not, at least on my version. But my IPMI servers do allow
someone to enable SOL from the web interface.
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity of
the threat.
Do people really admin a machine through AMT through an external firewall? 178 posts
| registered 2/25/2016
Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because
you don't use them doesn't mean their disappearance is "fortunate".
Just out of curiosity, what do you use on the PC end when you still do require traditional serial
communication? USB-to-RS232 adapter? 1646 posts | registered 11/17/2006
This PLATINUM group must be pissed about the INTEL-SA-00075 vulnerability being headline news.
All those perfectly vulnerable systems having AMT disabled and limiting their hack. 175 posts
| registered 8/9/2002
Intel AMT is a fucking disaster from a security standpoint. It is utterly dependent on security
through obscurity with its "secret" coding, and anybody should know that security through obscurity
is no security at all.
Businesses demanded this technology and, of course, Intel beats the drum for it as well. While
I understand their *original* concerns I would never, ever connect it to the outside LAN. A real
admin, in jeans and a tee, is a much better solution.
Hopefully, either Intel will start looking into improving this and/or MSFT will make enough noise
that businesses might learn to do their update, provisioning in a more secure manner.
Nah, that ain't happening. Who am I kidding? 1644 posts | registered 3/31/2012
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity
of the threat. Do people really admin a machine through AMT through an external firewall?
The interconnect is via W*. We ran this dog into the ground last month. Other OSs (all as far
as I know (okay, !MSDOS)) keep them separate. Lan0 and lan1 as it were. However it is possible
to access the supposedly closed off Lan0/AMT via W*. Which is probably why this was caught in
the first place.
Note that MSFT has stepped up to the plate here. This is much better than their traditional silence
until forced solution. Which is just the same security through plugging your fingers in your ears
that Intel is supporting. 1644 posts | registered 3/31/2012
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity
of the threat. Do people really admin a machine through AMT through an external firewall?
The catch would be any machine that leaves your network with AMT enabled. Say perhaps an AMT managed
laptop plugged into a hotel wired network. While still a smaller attack surface, any cabled network
an AMT computer is plugged into, and not managed by you, would be a source of concern. 55 posts
| registered 11/19/2012
Serial ports are great. They're so easy to drive that they work really early in the boot process.
You can fix issues with machines that are otherwise impossible to debug.
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved
to be a massive PITA from the security perspective. Intel needs to really reconsider its approach
or drop it altogether.
"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator
privileges, it can enable many AMT features from within Windows"
I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm
despite hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this
is all pre-UEFI.) Would Admin privileges be able to overwrite a BIOS setting? Would it matter
if it was handled via UEFI instead?
I'm not even sure it's THAT convenient for sys admins. I'm one of a couple hundred sys admins
at a large organization and none that I've talked with actually use Intel's AMT feature. We have
an enterprise KVM (raritan) that we use to access servers pre OS boot up and if we have a desktop
that we can't remote into after sending a WoL packet then it's time to just hunt down the desktop
physically. If you're just pushing out a new image to a desktop you can do that remotely via SCCM
with no local KVM access necessary. I'm sure there's some sys admins that make use of AMT but
I wouldn't be surprised if the numbers were quite small. 273 posts | registered 5/5/2010
Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because
you don't use them doesn't mean their disappearance is "fortunate".
Just out of curiosity, what do you use on the PC end when you still do require traditional serial
communication? USB-to-RS232 adapter?
We just got some new Dell workstations at work recently. They have serial ports. We avoid the
consumer machines. 728 posts | registered 9/23/2011
Physical serial ports (the blue ones) are fortunately a relic of a lost era and are nowadays
quite rare to find on PCs.
Not that fortunately.. Serial ports are still very useful for management tasks. It's simple and
it works when everything else fails. The low speeds impose little restrictions on cables.
Sure, they don't have much security but that is partly mitigated by them usually only using
a few metres cable length. So they'd be covered under the same physical security as the server
itself. Making this into a LAN protocol without any additional security, that's where the problem
was introduced. Wherever long-distance lines were involved (modems) the security was added at
the application level.
There is a serious vulnerability in sudo command that grants root access to anyone with a shell
account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with
privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
Patch your system as soon as possible.
It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting
to determine its controlling tty. A local attacker in some configurations could possibly use this
to overwrite any file on the filesystem, bypassing intended permissions or gain root shell.
... ... ...
A list of affected Linux distro
Red Hat Enterprise Linux 6 (sudo)
Red Hat Enterprise Linux 7 (sudo)
Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)
Oracle Enterprise Linux 6
Oracle Enterprise Linux 7
Oracle Enterprise Linux Server 5
CentOS Linux 6 (sudo)
CentOS Linux 7 (sudo)
Debian wheezy
Debian jessie
Debian stretch
Debian sid
Ubuntu 17.04
Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
So far, OSS-Fuzz has found a total of
264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg
-- and the list goes on...
"Eligible projects
will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice
that amount, if the proceeds are donated to a charity.
it's obvious that Conway was reading about the wikileaks
release of the CIA's Vault 7, which shows they have the
capability of remotely turning over the counter smart phones
and TVs into spying devices...the release was widely covered
in the foreign press, not so much here..
1) The CIA has the ability to break into Android and
iPhone handsets, and all kinds of computers. The US
intelligence agency has been involved in a concerted effort
to write various kinds of malware to spy on just about every
piece of electronic equipment that people use. That includes
iPhones, Androids and computers running Windows, macOS and
Linux.
2) Doing so would make apps like Signal, Telegram and
WhatsApp entirely insecure Encrypted messaging apps are only
as secure as the device they are used on if an operating
system is compromised, then the messages can be read before
they encrypted and sent to the other user. WikiLeaks claims
that has happened, potentially meaning that messages have
been compromised even if all of the usual precautions had
been taken.
3) The CIA could use smart TVs to listen in on
conversations that happened around them. One of the most
eye-catching programmes detailed in the documents is "Weeping
Angel". That allows intelligence agencies to install special
software that allows TVs to be turned into listening devices
so that even when they appear to be switched off, they're
actually on.
4) The agency explored hacking into cars and crashing
them, allowing 'nearly undetectable assassinations'
5) The CIA hid vulnerabilities that could be used by
hackers from other countries or governments Such bugs were
found in the biggest consumer electronics in the world,
including phones and computers made Apple, Google and
Microsoft. But those companies didn't get the chance to fix
those exploits because the agency kept them secret in order
to keep using them, the documents suggest.
6) More information is coming. The documents have still
not been looked through entirely. There are 8,378 pages of
files, some of which have already been analyzed but many of
which hasn't. When taken together, those "Vault 7" leaks will
make up the biggest intelligence publication in history,
WikiLeaks claimed.
Am I alone in thinking that Preet
Bharara, the just fired US Attorney for Southern District of New York, would be the ideal Special
Prosecutor of the Trump - Russia investigation
Bharara did not push back against "too big to prosecute" and sat out the biggest white collar
crime wave in the history of the world, so why is he such a saint?
I don't think you considered the bigger picture here which includes in Bharara's case his bosses
to whom he would have to had run any cases up the flag pole for approval and Obama and Company
were not at the time into frying Wall Street for their crimes b/c they were into restarting the
Bush/Cheney damaged, almost ruined, US and global Economy.
If you did not noticed Vault 7 scandal completely overtook everything else now. This is a
real game changer.
Just think, how many million if not billion dollars this exercise in removing the
last traces of democracy from the USA and converting us into a new Democratic Republic of Germany,
where everybody was controlled by STASI, cost. And those money were spend for what ?
BTW the Stasi was one of the most hated and feared institutions of the East German government.
If this is not the demonstration of huge and out of civil control raw power of "deep state"
I do not know what is.
If you are not completely detached from really you should talk about Vault 7. This is huge,
Snowden size scandal that is by the order of magnitude more important for the country then all
those mostly fake hints on connections of Trump and, especially "Russian hacking".
Tell me who stole the whole arsenal of CIA hacking tools with all the manuals? Were those
people Russians?
If not, you should print your last post, shred is and eat it with borsch ;-).
In the world of intelligence false flag operations is a standard tactics. Now what ? Difficult
situation for a Midwesterner...
libezkova -> libezkova...
Another difficult to stomach hypothesis:
"Boris and Natasha" version of hacking might well be a false flag operation. How about developing
Russian-looking hacking tools in CIA? To plant fingerprints and get the warrant for monitoring
Trump communications.
VAULT 7: CIA Staged Fake Russian Hacking to Set Up Trump - Russian Cyber-Attack M.O. As False
Flag
"The United States must not adopt the tactics of the enemy. Means are important, as ends. Crisis
makes it tempting to ignore the wise restraints that make men free. But each time we do so, each
time the means we use are wrong, our inner strength, the strength which makes us free, is lessened."
- Sen. Frank Church
WikiLeaks Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence
Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential
documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an
isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley,
Virgina. It follows an introductory disclosure last month of CIA targeting French political parties
and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses,
trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code,
gives its possessor the entire hacking capacity of the CIA The archive appears to have been circulated
among former U.S. government hackers and contractors in an unauthorized manner, one of whom has
provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program,
its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S.
and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows
and even Samsung TVs, which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security
Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very
different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's
hacking division freed it from having to disclose its often controversial operations to the NSA
(its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
CIA corrupted, fasle flags, FBI, inversion, kellyanne conway, Left wing protest,
legacy of ashes, Obama is CIA, Obama spying, Pompeo, Snowden, Tillerson, Vault 7, wiretapping
H. Clyde Disney March 9, 2017 at 12:54 pm
Dr. Pieczenik, I tried watching this interview on the InfoWars site. It was Un-watchable.
Alex interrupts you and all his guests so often that I am embarrassed for both him and his
guests. I do enjoy InforWars, but it is getting hard for me to sit through a show, even when
he has people like you and Roger Stone. Very distracting
Have you, or anybody else ever diplomatically brought this up to him?
Dr. Steve, you should make your own videos more often.
Kathleen Rossi March 9, 2017 at 6:55 pm
I absolutely agree. With all due respect for Alex, he can't keep quiet long enough for you
to finish your sentence. He takes you off point and on to other things that DON'T MATTER or
have been long past discussed and we leave your video's knowing no more then when we started.
I can barely stand watching any of his videos any longer. This is NOT about how great Alex and
InfoWars is, it is about getting this important info out to the public.
There are MANY outlets out there that paved the way for where we are today and many would
love to interview you and actually let you talk! Please do more personal video's if you are
serious about getting this info out there.
InfoWars is fast becoming unbearable and I speak for a lot of people. Thank You.
Paul Garozzo March 9, 2017 at 4:18 pm
Doc, you are an inspiration to us and by far the most credible & knowledgeable person
speaking in the alt media or of course anywhere. Your the right stuff! Would love to hear you
interview with Shaun at sgtreport.com.
He has a growing following and said he would love to have you on uninterrupted. Please
consider and thanks for all you do.
"... Trump at least seems to have a problem with him or his associates being spied on lately. ..."
"... Nothing can be done because the intelligence services are in the privileged position of being able to sabotage anybody's political career. So everyone keeps going through the motions of simulating free will while actually only doing as they're told. And it will only get worse so brace for it. ..."
"... So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show. ..."
"... The US people has completely lost control over their governance. The constitution is a totally empty shell. ..."
"... You would need more then just IP's to make that determination - anyone with a VPN can have an American IP address, same with TOR exit nodes. ..."
"... The heads of these agencies knows if they ever say any number, that will be the end due to outrage. There is little to be gained, unless they are sent to prison. If I were a senator, I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify about their bosses. ..."
"... If they're scanning the backbone, AND checking the main sites people go to, that's pretty danged close to everybody. ..."
"... The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence Community to conduct exhaustive analysis of every unknown identifier in order to determine whether they are being used inside or outside the U.S." that's because they don't even count the data as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts. ..."
"... By our definition, which says if you put the data in your database and use it when running searches, that data has been collected, there's no doubt the number is nearly the same as the US population, discounting only people with no online presence (e.g. infants). ..."
In 2013, a National Security Agency contractor named Edward Snowden revealed US surveillance programs
that involved the massive and warrantless gathering of Americans' electronic communications. Two
of the programs, called
Upstream and
Prism , are allowed under
Section 702 of the Foreign
Intelligence Surveillance Act. That section expires at year's end, and President Donald Trump's administration,
like his predecessor's administration, wants the law renewed so those snooping programs can continue.
That said, even as the administration
seeks renewal
of the programs , Congress and the public have been left in the dark regarding questions surrounding
how many Americans' electronic communications have been ensnared under the programs. Congress won't
be told in a classified setting either, despite repeated requests.
If a government employee is not answering questions to the comittees regarding these issues, what
measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can
they throw somebodies ass in jail until the question gets answered? 3033 posts | registered 9/20/2006
Thing is, we all know two things:
1) the number is 300 million +
2) the "esteemed" members of congress are singled out for special surveillance
As a result, the only possible outcome is the same procedure as all the previous times: congress
rolls over. As should everyone's eyes who is watching this elaborate kabuki performance... 3189
posts | registered 7/7/2006
Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter
their party.
Trump at least seems to have a problem with him or his associates being spied on lately.
Not sure how he feels about ordinary Americans /s. 1635 posts | registered 10/1/2013
If a government employee is not answering questions to the comittees regarding these issues,
what measures can the comitties take to force an answer? Can they impeach, or compel testimony?
Can they throw somebodies ass in jail until the question gets answered?
Nothing can be done because the intelligence services are in the privileged position of being
able to sabotage anybody's political career. So everyone keeps going through the motions of simulating
free will while actually only doing as they're told. And it will only get worse so brace for it.
If a government employee is not answering questions to the comittees regarding these issues,
what measures can the comitties take to force an answer? Can they impeach, or compel testimony?
Can they throw somebodies ass in jail until the question gets answered?
The lack of overnight issue was attempted in the 1970's with the Church Committee.
The American people don't know and don't care to know. John Conyers really need to focus on
the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for
his constituents; lowering the amount of kids being born out of wedlock and preventing them
from killing each other over trivial things like clothes and being disrespected.
So essentially, the 3 letter agencies are not accountable to the US government. They can lie,
cheat and hide information at will without any kind of consequence. They are running the show.
The US people has completely lost control over their governance. The constitution is a totally
empty shell.
So essentially, the 3 letter agencies are not accountable to the US government.
The US people has completely lost control over their governance. The constitution is a totally
empty shell.
Its more that staff feel Congress has no oversight as who they work for did not get established
by Congress. The question of oversight authority was used to avoid questions until the 1970's.
Small nitpick to the author. You do know that having that particular picture on there constitutes
a spillage for every single DoD and Federal employee that clicks on the article to read it
right?
And this is exactly why it should stay up. These agencies behavior is creating this for themselves.
No over sight no funding, who ever signs the check is on the hook. The fed budget needs to reflect
this. Someone signed off on authority to operate.
I would assume that they're collecting IP addresses along with this traffic. Couldn't that
be used to generate at least a rough estimate of the number of US citizens targeted? Is there
another way to generate a good estimate?
You would need more then just IP's to make that determination - anyone with a VPN can have
an American IP address, same with TOR exit nodes.
This number would be completely useless. You'd have to cross reference the IP with a bunch
of other data and that leads to a catch-22: you'd have to maintain a database of American data
to be able to detect when you have American data so you can not keep it except what you have in
your database of American data that you use to detect American data so you can not keep it.
So essentially, the 3 letter agencies are not accountable to the US government. They can lie,
cheat and hide information at will without any kind of consequence. They are running the show.
The US people has completely lost control over their governance. The constitution is a totally
empty shell.
Vast bureaucracies have a life of their own, detached from the earthly proclivities of democractic
transitions.
Still, US spies say they don't track the number of Americans caught in this dragnet, in part
to protect Americans' privacy. Performing this task would require spies to de-anonymize phone
numbers and IP addresses to determine whether they're American, according to April Doss, a
former NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1.
This seems to imply that they're reading the request to "get the count of Americans monitored"
extremely literally, interpreting it as "get the exact number of Americans".
The NSA has some very good mathematicians - they should easily be able to give a pretty highly
accurate estimate using the sample data they already have from when they've de-anonymized targeted
persons.
You are literally saying that 5 million people are bad. You sound retarded.
I think he literally said the agencies' behavior is bad, which is literally not the same thing
as saying everyone who works for them is. Are you a DoD or Federal employee?
Still, US spies say they don't track the number of Americans caught in this dragnet, in part
to protect Americans' privacy. Performing this task would require spies to de-anonymize phone
numbers and IP addresses to determine whether they're American, according to April Doss, a former
NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1.
This seems to imply that they're reading the request to "get the count of Americans monitored"
extremely literally, interpreting it as "get the exact number of Americans".
The NSA has some very good mathematicians - they should easily be able to give a pretty highly
accurate estimate using the sample data they already have from when they've de-anonymized targeted
persons, +/-10%.
This estimate I'm sure was rolling around in the head of someone at the table.
The whole point of the system is to provide information that they're requesting, literally how
computers work.
Stonewalling Congress needs to be a good way to find an agency with out funding or mandate.
Instead it's more like Kanye stealing the mic at the grammys, but with more chest medals.
Do you have some context for 5 million people, this comment is an island not found on any map.
The 5.1 million people number? Its amount of people who held some US government security clearance
as of around 2013. Confidential, Secret, Top Secret, Gov staff, Contractors as a total.
We should send them to Guantanamo Bay until they talk and cut their funding 50%. The US
Govt is supposed to work FOR US citizens. Something has gone wrong. People need to be held accountable.
Spying on everyone is NOT ok without an individual, specific, tied-to-location, warrant signed
by a judge outside some secret court.
PERIOD.
The heads of these agencies knows if they ever say any number, that will be the end due
to outrage. There is little to be gained, unless they are sent to prison. If I were a senator,
I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify
about their bosses.
Seems like it would be a minor exercise to analyze a valid sample of their intercepts and to project
with enough accuracy to answer the question.
A cynic might suspect that the answer to, "How many Americans' electronic communications have
been ensnared under the programs?" may well be, "All of them."
The American people don't know and don't care to know. John Conyers really need to focus on
the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for
his constituents; lowering the amount of kids being born out of wedlock and preventing them
from killing each other over trivial things like clothes and being disrespected.
I agree with a part of your sentiment but feel, maybe wrongly, that you are also hiding racism
behind those words.
The part that I agree with - most people don't care enough about spying programs or which 3
letter agency is scanning their ass. You can probably get 100 million Americans to sign a petition
on facebook or twitter or your neighborhood supermarket and only because those are low investment
options. There is nothing wrong with such an existential position; I am guilty of that for most
part of the day. If the scanning keeps me "safe" and I have nothing to hide, why bother?
Now, you will get a lot more people involved if such scanning led to prosecution for the little
technical crimes we do every day of our life; until then this will continue if only with another
name. 139 posts | registered 5/9/2012
I would assume that they're collecting IP addresses along with this traffic. Couldn't that
be used to generate at least a rough estimate of the number of US citizens targeted? Is there
another way to generate a good estimate?
"Another way to generate a good estimate?" Certainly. Go to the US Census Bureau. They can get
you real close. Or just google it. As of 2014, it was 318.4million
If they're scanning the backbone, AND checking the main sites people go to, that's pretty
danged close to everybody.
I'm sure Feinstein has her rubber stamp out. There is no request from NSA/CIA that she doesn't
love.
Grrrrrr...
Don't vote for her again, I know I won't. Just got an email from Feinstein's office today with
a laundry list of ways she is opposing Trump and his picks, no mention of national security issues.
Im sure that Feinstein and the current Administration will come together on National Security
- in their view its about "protecting American's" which I read as "covering my ass on my watch".
If a government employee is not answering questions to the comittees regarding these issues,
what measures can the comitties take to force an answer? Can they impeach, or compel testimony?
Can they throw somebodies ass in jail until the question gets answered?
They could start cutting budgets, but that won't happen.
"Congress and the public have been left in the dark regarding questions surrounding how many Americans'
electronic communications have been ensnared under the programs."
how is this acceptable? how are these programs still running period? where is the outcry?
why wont they tell? because its not about "dragnet casualties," they're not accidentally spying
on Americans, they've got a system they use to spy on who they want when they want to
Its insane that these organizations can lie to the people, to their own gov't, and not get torn
down
Its amount of people who held some US government security clearance as of around 2013.
Confidential, Secret, Top Secret, Gov staff, Contractors as a total. And how many of them are
responsible for signing off on carte blanche spying on Americans with 0 oversight. Since
clearance is on a need to know basis, did that many people need to know? I see you looking to
divide and conquer here, you just end up sounding guilty. 5.1 million people wanted a paycheck
while serving their country and deserve one. Around 500 elected officials are letting a select
few ruin all of this for rest of us because rules are 'unamerican.'
This is what happens 20 years after 'rules kill jobs' the same business leaders who didn't need
rules 'cause jobs' now don't need rules as government appointees.
I would assume that they're collecting IP addresses along with this traffic. Couldn't that
be used to generate at least a rough estimate of the number of US citizens targeted? Is there
another way to generate a good estimate?
We cannot provide an answer to your request, Senator, simply because we don't know the answer.
Should we ever embark upon data analysis that would provide the answer you're seeking, such action
would constitute an unnecessary and unwarranted intrusion on the privacy of U.S. persons; without
specific statutory authorization, it would likely also be unlawful, since it would be both intrusive
and unrelated to any need for foreign intelligence gathering.
And we don't want to act in any manner that may be regarded as unlawful ... unless Congress were
to provide authorization for us to do so ...
Then there is the matter of resource allocation: current budgets constrain us from embarking upon
such a program of data analysis, in terms of both the hardware and human resources that such a
program would require.
Estimates on the additional funding that such a program would require have been developed, however
these budgetary requirements cannot be released to Congress, as they are classified. Should Congress
decide to provide both authorization and funding for such a program, we can advise on the number
of zeros ( "0" ) that the funding authorization should include.
In summary, Senator, it would appear that "the ball is entirely in your court" so to speak ...
The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence
Community to conduct exhaustive analysis of every unknown identifier in order to determine whether
they are being used inside or outside the U.S." that's because they don't even count the data
as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs
for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts.
By this definition, they should be able to produce a deceptively low number, perhaps thousands
to tens of thousands per year.
By our definition, which says if you put the data in your database and use it when running
searches, that data has been collected, there's no doubt the number is nearly the same as the
US population, discounting only people with no online presence (e.g. infants).
In any case, the fact that they have prevaricated about this for the past 6 years makes pretty
clear that the answer will not look good. It's time to end these programs. If they want them renewed,
the replacements will need real oversight.
"... The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words. ..."
"... Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. ..."
"... So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world. I wonder if they were using these "tools" domestically outside of their mandate? As an agency you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just compromised? This is so serous it's insane. ..."
"... The issue is now all that software is running on nearly every computer out there. Every computer in the current paradigm is considered a security risk. ..."
"... Android is Linux based as well as the routers that have been reportedly compromised use Linux as a Operating system. Nothing has been spared. ..."
"... Now if IBM Mainframes are compromised it means, Banks, Insurance, and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking time bombs. Scary shit. ..."
While it has been
superficially covered by much of the press - and one can make the argument that what Julian Assange
has revealed is more relevant to the US population, than constant and so far unconfirmed speculation
that Trump is a puppet of Putin - the fallout from the Wikileaks' "Vault 7" release this morning
of thousands of documents demonstrating the extent to which the CIA uses backdoors to hack smartphones,
computer operating systems, messenger applications and internet-connected televisions, will be profound.
As evidence of this, the
WSJ cites an intelligence source who said that " the revelations were far more significant than
the leaks of Edward Snowden ."
Mr. Snowden's leaks revealed names of programs, companies that assist the NSA in surveillance
and in some cases the targets of American spying. But the recent leak purports to contain highly
technical details about how surveillance is carried out. That would make them far more revealing
and useful to an adversary, this person said. In one sense, Mr. Snowden provided a briefing book
on U.S. surveillance, but the CIA leaks could provide the blueprints.
Speaking of Snowden, the former NSA contractor-turned-whistleblower, who now appears to have a
"parallel whisteblower" deep inside the "Deep State", i.e., the source of the Wikileaks data - also
had some thoughts on today's CIA dump.
In a series of tweets, Snowden notes that "what @Wikileaks has here is genuinely a big deal",
and makes the following key observations "If you're writing about the CIA/@Wikileaks story, here's
the big deal: first public evidence USG secretly paying to keep US software unsafe " and adds that
"the CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping
the holes open. Reckless beyond words ."
He then asks rhetorically "Why is this dangerous?" and explains " Because until closed, any hacker
can use the security hole the CIA left open to break into any iPhone in the world. "
His conclusion, one which many of the so-called conspiratorial bent would say was well-known long
ago: " Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones
in America, but kept them open -- to spy. "
To which the increasingly prevalent response has become: "obviously."
Still working through the publication, but what
@Wikileaks has here is genuinely a big
deal. Looks authentic.
If you're writing about the CIA/ @Wikileaks
story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe.
pic.twitter.com/kYi0NC2mOp
Why is this dangerous? Because until closed, any hacker can use the security hole the CIA left
open to break into any iPhone in the world. https://t.co/xK0aILAdFI
Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones
in America, but kept them open -- to spy. https://t.co/mDyVred3H8
So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world.
I wonder if they were using these "tools" domestically outside of their mandate? As an agency
you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just
compromised? This is so serous it's insane.
Why do you think the geek community decided to go develop their own tools in parallel (Linux,
BitCoin, DevOps platforms, etc)? We knew, we complained, we got shut down. The issue is now all
that software is running on nearly every computer out there. Every computer in the current paradigm
is considered a security risk.
It also means the insurance industry now has to pull out of all insurance guarantees on engineered
systems with an ISO certification for every industry. It's a fucked up mess that's going to cost
tens of trillions of dollars to migrate and patch every existing system on the planet.
Android is Linux based as well as the routers that have been reportedly compromised use Linux
as a Operating system. Nothing has been spared. I believe IOS is UNix based (or IOS is just IOS)
so that one is compromised as well. Now if UNIX is compromised that means (potentially) that IBM
mainframes are compromised.
Now if IBM Mainframes are compromised it means, Banks, Insurance,
and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking
time bombs. Scary shit.
"... The elephant in the room is not privacy problems. It is blackmail for various purposes. ..."
"... This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that Democrats paid some hackers for not revealing their server information. ..."
"... I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods. An elected President or Official should not have their private life discussed by the Media. It should be banned ..."
"... And Clinton never feared anything, probably because the CIA was in her pocket and could get the goods on anybody even Loretta Lynch. ..."
That the CIA has reached into the lives of all Americans through its wholesale gathering of the nation's "haystack" of information
has already been reported.
It is bad enough that the government spies on its own people. It is equally bad that the CIA, through its incompetence, has opened
the cyberdoor to anyone with the technological skills and connections to spy on anyone else.
The constant erosion of privacy at the hands of the government and corporations has annihilated the concept of a "right to privacy,"
which is embedded in the rationale of the First, Third, Fourth, Ninth and Fourteenth Amendments to the U.S. Constitution.
It is becoming increasingly clear that we are sliding down the slippery slope toward totalitarianism, where private lives do not
exist.
We have entered a condition of constitutional crisis that requires a full-throated response from the American people.
Before you label Kucinich as being overly-dramatic, you may want to note that Bill Binney the high-level NSA executive who created
the agency's mass surveillance program for digital information, the 36-year NSA veteran widely who was the senior technical director
within the agency and managed thousands of NSA employees
told Washington's
Blog that America has already become a police state.
And Thomas Drake one of the top NSA executives, and Senior Change Leader within the NSA
told
us the same thing.
And Kirk Wiebe a 32-year NSA veteran who received the Director CIA's Meritorious Unit Award and the NSA's Meritorious Civilian
Service Award agrees (tweet via Jesselyn Radack, attorney for many national security whistleblowers, herself a Department of Justice
whistleblower):
It's not just NSA officials Two former
U.S. Supreme Court Justices have warned that America is sliding into tyranny.
The elephant in the room is not privacy problems. It is blackmail for various purposes.
We have many indications that politicians, judges, officials and even other intel organizations are being blackmailed, and
destroyed using lucid information from their private life.
This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that
Democrats paid some hackers for not revealing their server information.
I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods.
An elected President or Official should not have their private life discussed by the Media. It should be banned.
"... the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered users. ..."
"... Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook ..."
"... The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris. ..."
"... The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them. ..."
"... an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time. ..."
"... The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development of malicious software by governments, which he compared to the global arms trade. ..."
"... The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder. ..."
"... If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers. ..."
"... Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency. ..."
"... A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics, media, and technology for Salon. You can email him via m.sheffield@salon.com or follow him on Twitter . ..."
"... Okay, so "who cares" that we have a CIA with unchecked powers and no publicly discernible agenda, but RUSSIA!! ..."
"... How many agencies do we need to do the same things and replicate each others work? 16 intelligence agencies? ..."
"... And if you think you only need to worry about your computers, phones, and TVs being full of Mama Gubmint's lackeys consider your car. It has it's own ID and the roads are bristling with detectors too. License plate scanners, facial recognition, chem/radiation detectors, etc. 1984 has long been with us. ..."
...The disclosure revealed that the CIA has its own division dedicated solely to computer hacking
that rivals the National Security Agency's online espionage operation. According to WikiLeaks,
the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered
users.
"Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code
than that used to run Facebook," WikiLeaks said in an
introductory statement accompanying
the documents. "The CIA had created, in effect, its 'own NSA' with even less accountability and without
publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities
of a rival agency could be justified."
Tuesday's disclosure is only the first part of what WikiLeaks is calling its "Vault 7" series
of documents obtained from what it said was an "isolated, high-security network" located within the
CIA's headquarters in Langley, Virginia. The documents, which appear to have been acquired at
least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety
of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating
system Solaris.
The CIA also appears to have developed methods to
hijack internet-enabled
televisions from Samsung to use them to record audio such as conversations, through the use of
a "Fake Off" mode so that the TV appears to be powered down but actually is not.
The stolen information indicates that the intelligence agency also appears to have the ability
to gain access to messaging programs like Telegram, WhatsApp, Signal and iMessage that have been
billed as secure because they encrypt all messages between participants. Instead of intercepting
a messages en route, however, the exploits work at more basic level to intercept and capture audio
and text before they are encrypted and transmitted.
The documents appear to have been extracted from an internal CIA wiki website that was established
to provide authorized users download access to the malware programs and also to instruct users on
how to deploy them.
WikiLeaks did not release any of the code behind the so-called cyber-weapons, but said that
an archive of the software and its documentation had been circulating among former U.S. government
hackers and contractors in an unauthorized manner for some time.
The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development
of malicious software by governments, which he compared to the global arms trade.
The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence
agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits
from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead
of reporting security holes to software companies like Microsoft or Google, these companies peddle
the vulnerability to the highest bidder.
If this information is accurate, the agency may be in violation of a policy
put into place by former President
Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities
that were unknown to software makers.
Besides speeding up the development time for malware for the CIA's use, the agency's use of
outside-sourced malware also enables the CIA to make digital forensic investigators believe that
an unknown outside party may have been behind an infiltration, rather than a government agency.
... ... ...
A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics,
media, and technology for Salon. You can email him via m.sheffield@salon.com
or follow him on Twitter .
But ... but .... RUSSIA!!!!!. Look guys, RUSSIA! The Obama administration repeatedly broke federal
laws, lied about breaking those laws, got caught lying about breaking those laws (thank you "whistle
blowers") then said it stopped breaking said laws. Then it got caught lying about saying it stopped
breaking laws.
Who cares. But what we also know is that The "President" is Putin's puppet. When is Assange going
to leak that? And Don the Con has already paid Putin back by destroying the State Department.
Sad.
gmerrick wrote:boondox , Ars Centurion Mar 10, 2017 8:04 AMIf a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered?The lack of overnight issue was attempted in the 1970's with the Church Committee.