Fox: WikiLeaks releases huge archive of secret CIA documents and hacking tools

[I Won - Get Over It]

Those tools were probably used in first place to spy on and "hack elections" in foreign countries. Lead by example, huh?  

en.wikipedia.org/wiki/Central_Intelligence_Agency#History

[I Won - Get Over It]

The problem I see with releasing actual hacking tools and exploits is that at that point, you're just giving your adversaries and criminal organizations access to very sophisticated malware. Granted, from a profiteering perspective, a lot of these tools are not useful but the "tricks" and exploits used in them are. Many zero days - particularly ones sought by intelligence agencies, go for upwards of a hundred thousand dollars or more, and can be extremely effective in spreading malware with little to no user interaction on a webpage.

There is no good reason to release these kinds of tools. I'm sorry. Maybe the exploits, because the companies can immediately patch them, but the other tools? There is nothing to be gained from this. Releasing documents that detail the malware, and maybe releasing some compiled samples is fine and informs the public, but any tools to build copies of the malware or even source code is superfluous in the mission people like Wikileaks claim to have.

As for documents that describe intelligence capabilities that are troublesome from a privacy perspective - that is one thing, but actually giving the tools & capabilities to everyone is a whole different ballgame.

They didn't release the actual code, but only binaries as I understand. The binaries could probably be used for reverse engineering; I am not sure.
https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html?ref=politics

You must be logged in to read this quote.

[I Won - Get Over It]

The CIA didn't break Signal or WhatsApp - they were simply hacking the actual devices their target was using, which would make any program you're using to secure your communications useless. Of course many agents of the technologically inept media and punditariat didn't grasp that at first in their mad dash to get their hot takes out into circulation.

Not that you could expect an outfit like Wikileaks to make that clear. Assange is no dummy. He has an extensive history in IT, and he knows damn well apps like Signal weren't "broken."

Haters gonna hate

https://wikileaks.org/ciav7p1/

You must be logged in to read this quote.

How could anyone possibly misunderstand this? Isn't it clear enough?

Next time read the original source before you criticize it...

[I Won - Get Over It]

I'm aware of what they said in this regard. I'm talking about this focus on apps like Signal in these leaks when absolutely nothing new and special about the programs themselves was revealed by the leaks. Hacking the device that runs these kinds of programs has always been known to be a weak point, and suddenly it's a hot topic now? It created a narrative that Signal was weak and possibly no longer secure.

Like I said, Assange is no dummy, and not only does he have extensive knowledge of all of this, but he also knows the media is by and large technologically inept. When you break stories like this, one should take pains to make them aware of these things. Likewise, the media owes it to their viewers/readers to discuss these matters clearly because the general populace often can't see the differences here. Instead, the discussions had all seemed to foster an image that there was some new security weakness. This is particularly annoying to me. I've already to explain to 2 people up North that nothing was broken, and it's still a secure way of communicating.

I don't quite understand your harsh critique towards Assange/WL. The WL-article was pretty clear that CIA can't break the encryption, but only bypassed it by infecting the phone (with malware).

You must be logged in to read this quote.

Can you be more specific? What would like to change in the article? Are there any ambiguities?


And there is new information.
1) CIA could actually hack "any" smartphone (even though it is likely much costly than before Snowden and likely is not "scalable"). Even worse, even Russia/China probably could use similar techniques as well, because CIA din't notify Apple/Google about those bugs...
2) Encryption may give a false sense of security.