Vault 7
2017-03-07 22:26:28.152403+01 by Dan Lyke 0 comments
Ed Snowden tweeted that he thinks the dump is legit, and pointed out that the CIA keeping quiet about these breaches meant that anyone could exploit them. iOS and Android are known targets, as was a hack to keep the microphones on on Samsung "smart" TVs even when they appeared to be turned off to the users.
This release has also led to further questions on whether or not it really was "the Russians" behind the hack of the DNC during the election, an allegation that many of us have pointed out isn't really supported by the evidence that's been made public. As Wikipedia's press release points out:
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
It's worth noting in all of this that tools like Open Whisper Systems' Signal don't appear to have been compromised, but the platform you're running it on may be. Which you probably already suspected, because that's the obvious attack vector, but still...
Richard Stallman pointed out the problem:
With software there are only two possibiliities: either the users control the program or the program controls the users. If the program controls the users, and the developer controls the program, then the program is an instrument of unjust power.