2Cents about Cyber Security

CIA - Wikileaks and 'Vault 7'

 | #general

These days peoples are talking about the CIA leaks published by Wikileaks (wikileaks.org/ciav7p1/index.html). Just some consideration from my side.

cia

What we can understand from the published information? Nothing new….. or unexpected..

The CIA is well organized. They have a great structure to organize people and resource for different kind of target.

Smart TV CIA have dedicated team (Embedded Devices Branch -EDB) to study and attack the new smart device like TV and other.

Mobile Device as for the smart device they have a specialized team for the smartphone attack… they well know that instead of cracking devices is better to install backdoor, RAT, etc… and obtain clear data directly from the owner… yes, they haven’t cracked actually iPhone, telegram, etc.

Where they find zero-days exploit They have a team dedicated to finding exploit but they also used to buy them from other “market”

“New” cyber war requires new type of weapons and those weapons are called zero-days exploit. The usage of zero-days exploit permit an “attacker” (“good” or the “bad” guys) to obtain information, steal them or destroy a target, service and or people (think about IOT and/or self-driving car).

Having zero-days maintain a competitive advantage regards the adversary. So, to fight on equal terms CIA should use this kind of tool…

This fact, from one point of view is in the way to safe the world…. but maintain unknown zero-day exploit and choose to not publish them (responsible disclosure…) endangers us all!

So, at the end, this leak actually not disclose new information….. we just 

  • governments are actively using hacking skills (think at hacking-team)
  • government in addition to passive information gartering (wire tapping) are using offensive techniques (exploiting mobile device and other)
  • they spent effort to find and/or to buy zero-days exploit

Now my questions are here described:

  • is correct to use zero-day exploit? Knowing a zero-day vulnerability should be communicate immediately to the vendor for patching or for the national security some-one can use that. Also the “enemy” (cyber criminals, ru___an, co__a, ch__a, etc.), is strong and well organized too and could be able to find the same exploit…… and think when the zero days came from the black marker and or the deep web….
  • who are monitoring (listening, watching, spying,….) us? From the news we understand that that those capability not always were used to spy criminals….
  • who have access to our data? I’m a security engineer and I know that the information stored are not always maintained safe…. are the correct access control policy in place? Are the system to selective in order to intercept or attack just only the target of an investigation?
  • is there always an investigation…..?

About Luigi Vezzoso

Photo of Luigi Vezzoso

Security professional with more than 15 year of experience in multiple aspects of cyber security - In my the spare time I like to train dogs.