Is There A Positive Aspect To CIA Spying?

Uploaded on 2017-03-21 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The latest release from WikiLeaks detailing how the CIA has allegedly stockpiled a plethora of tools to hack a variety of everyday devices, from phones, to televisions to cars, is a stark reminder about the fragile state of Internet security. 

The US government has amassed extraordinary hacking powers largely in secret, and this leak might just force us to grapple with whether we are comfortable with that.

The most widely reported aspect of the purported leak is the allegation that the CIA has myriad ways to hack popular smartphones like iPhone and Android devices, and that the agency could be allowing its hackers to take control of internet connected televisions and covertly listen in on conversations in people’s living rooms. 

This type of attack has been the worry of many privacy advocates for years, as more and more televisions and other household devices, collectively known as the Internet of Things, are increasingly connected to the Internet while always “listening”.

There was never a doubt that the US and other government around the world would quickly move to leverage the ability to exploit these features, as more and more consumer electronics companies have made them standard in all sorts of household items. 

The former Director of National Intelligence James Clapper even made clear in testimony to Congress last year. But just how often governments have exploited this type of technology is still largely unknown.

While many of the headlines accompanying these documents will send a shiver down the spine of readers, there is some good news in the WikiLeaks documents. 

Contrary to some early reports suggesting that the CIA can “defeat” popular end-to-end encrypted messaging apps like Signal and WhatsApp, the WikiLeaks release is further evidence that encryption does work to protect people’s privacy.

The documents do purport to show is that the CIA has a host of exploits to attack the operating systems of popular mobile devices like iPhones and Androids, a deeply worrying prospect, to be sure, but to “defeat” secure messaging apps, government hackers essentially have to gain access to your phone itself before they can read your messages. 

So if you’re using an app like Signal, the content of those communications are at least still likely protected from their vast surveillance nets that otherwise indiscriminately capture billions text messages and emails per day.

This is encouraging news. The Snowden revelations were so offensive to so many people because the government was secretly using mass surveillance to spy on hundreds of millions of people at once, the vast majority of them innocent. 

With countless users switching over to end-to-end communications in recent years, it means intelligence agencies like the CIA must target individuals one by one, which, in turn, means the cost for each surveillance target goes up, and forces them to prioritise a much smaller number of people.

Still, the amount of smartphone vulnerabilities and exploits detailed in these documents was shocking even to experts. “It certainly seems that in the CIA toolkit there were more zero-day exploits”, an exploitable vulnerability in software not known to the manufacturer, “than we’d estimated,” Jason Healey, a director at the Atlantic Council think tank, told Wired Magazine. He added: “If the CIA has this many, we would expect the NSA to have several times more.”

As Edward Snowden himself tweeted recently: “Why is this dangerous? Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world.” He called it “reckless beyond words.”

For years, civil society groups have been calling on US intelligence agencies to disclose these vulnerabilities to tech companies instead of hoarding them in secret. Intelligence agencies should help make the everyday devices we rely on safer, rather than less secure. 

The government has claimed that they run the vulnerabilities they know about through an interagency “equity process” to determine whether they should disclose and help fix them. But the surprising amounts of exploits in the WikiLeaks release suggests this process is either woefully inadequate or largely only exists on paper.

Undoubtedly, there will be a heated debate over WikiLeaks and the value of having these documents in the public record for the days and weeks to come, as any publication by WikiLeaks inevitably does. 

But whether Trump administration officials like it or not, the hacking powers of our government is a vital topic that needs much more public debate, and this latest release may end up fueling it.

But in the mean-time, perhaps you might download Signal.

Guardian:

 Assange Says CIA Lost Control Of Its Cyber Weapon Documents:

CIA leak 'absolutely' an 'inside job':           Signal: The Snowden-Approved Crypto App Comes to Android

 

 

« A Common Language For Sharing Intelligence On Cybersecurity Threats
New Malware Hides In Memory »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.