randombio.com | political commentary
Wednesday, March 08, 2017

CIA leaks a triple-patty nothingburger with pickles!

The CIA hacks computers? Say it ain't so.

W ikileaks has just released 8,761 documents claiming that the CIA has accumulated a vast collection of zero-day computer vulnerabilities, including some obtained from the Russians. A good description with lots of non-technical details is on zerohedge.

The only thing new about this is the revelation that so many people seem not to have known about it. Anyone familiar with Snowden's releases, even the nontechnical stuff in Glenn Greenwald's book, should know that the NSA does this routinely. Anything the NSA knows, the CIA can use.

It's long been recognized that the government is in possession of a vast database of zero-day vulnerabilities that they can exploit at will. And there's nothing surprising in the fact that they would use so-called false flag cyberattacks. This is SOP for any such operation—even amateur hackers do this routinely.

We learned, what, two decades ago how they hacked into Saddam Hussein's government computers through executable instructions stored in a printer. People more up-to-date on cyber security than I am have been warning us for years that there are ways of jumping across air gaps using the standard microphones and LEDs on PCs.

Tyler Durden quotes a guy named Kim Dotcom as tweeting “BREAKING:CIA turns Smart TVs, iPhones, gaming consoles and many other consumer gadgets into open microphones. #Vault7”

Sigh. No kidding. The CIA hacks computers? Say it ain't so. Read Greenwald's book. Better yet, read any of the ten zillion computer security books out there. Or sign up for Bugtraq.

It is no great secret that backdoors can be installed on Windows, OSX, and Linux. What would be shocking would be if the government doesn't have the complete source code for Windows 10 and an army of full-time people combing through Windows, Linux, Android, OSX, and router software looking for vulnerabilities, a dull job if there ever was one.

The leaker says he or she wants to start a debate. Fine, but let's not get distracted. The debate we need is whether the government should strengthen commercial security or install back doors in it. The insanity over computer hacking that's been going on for the past six months should be proof that more, not less, computer security is needed for individuals.

What the leaks add to that debate is the understanding that our adversaries will use the same backdoors and blame the CIA (and vice-versa). Any vulnerability that anyone plants will sooner or later end up being exploited by Moscow and Beijing. If the CIA is as good as they say they are, they got them from Moscow and Beijing.

The trick is getting companies to fix them. It would be nice if the US government would help us more with this. But it would be even nicer if the political activists out there, Dems and Republicans both, would learn more about computers.

There are simple tricks the CIA would probably have used that will identify the leaker in short order. It's a shame that he will have sacrificed his freedom not for security, but for politics.

Last edited mar 08, 2017, 10:25 am

Related Articles

Don't blame hackers for your own security failures
If Boris and Natasha steal your email, it's your own stupid fault.

CIA Russian Hacking Report: Another Nothingburger?
Friday's report raises more questions about the CIA than about Russia.

On the Internet, no one can tell whether you're a dolphin or a porpoise

book reviews