WikiLeaks Publishes New ‘Vault 7’ Exploits Tested on Older Macs Running Snow Leopard and Lion

Earlier in March, WikiLeaks began "Vault 7," a project focused on sharing exploits created and used by the United States Central Intelligence Agency, beginning with leaking 8,761 documents discovered within an isolated network in Langley, Virginia that included iOS-focused exploits. Following the release of the iPhone-related documents, as well as some Mac exploits, Vault 7's publications didn't specifically include Apple products for much of the year.

Now, the leakers have shared two new exploits that are said to have been created under the codenamed "Imperial" project by the CIA. The first is called "Achilles," and WikiLeaks said it allows an operator to trojan a disk image installer on a Mac computer, giving the operator "one or more desired...executables" for a one-time execution. This means that a .dmg file could be downloaded by a user, containing malicious content, and dragged into their application directory without knowing.


In the Achilles user guide, it's explained that the trojaned .dmg file would behave similarly to the original file, and that all of the operator's intended executables would run the first time the app is launched. Afterwards, all traces of Achilles would be "removed securely" from the .app file and that file would "exactly resemble" the original, un-trojaned application. Achilles was only tested on OS X 10.6, which is Apple's Snow Leopard operating system that launched in 2009.
Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.
The second exploit is called "SeaPea," and is described as a Rootkit for OS X that provides an operator with "stealth and tool launching capabilities." SeaPea hides files and directories, socket connections, and processes from the user, allowing the operator to access a Mac computer without their presence being known.

SeaPea was tested on Macs running both OS X 10.6 and OS X 10.7 (Lion), and requires root access to be installed on the Mac in question. The vulnerability would remain on the computer until the hard drive was reformatted or the user upgraded to the next major OS version.
SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.
Among the Imperial documents is an automated implant for Windows devices called Aeris, which rounds out all of the leaked CIA files published by WikiLeaks today. Another Vault 7 release earlier this summer focused on the use of modified versions of router firmware to turn networking devices into surveillance tools, called "Cherry Blossom."

Due to the older Mac software used for testing Achilles and SeaPea, it's likely that such exploits have already been adressed by Apple in the numerous updates that have been released since Snow Leopard in 2009 and Lion in 2011. The previous vulnerabilities leaked by WikiLeaks in March were quickly adressed by Apple, which said that it had fixed the "alleged" vulnerabilities in iPhone 3G devices (called "NightSkies") back in 2009, and the Sonic Screwdriver Mac exploit in all Macs released after 2013.

Tag: WikiLeaks

Discuss this article in our forums

Apple Devices Escape Mention in WikiLeaks’ Latest ‘Vault 7’ CIA Hacking Documents

Wikileaks yesterday published its latest round of allegedly leaked CIA documents, detailing aspects of the U.S. agency's "Cherry Blossom" firmware modification program, which uses modified versions of router firmware to turn networking devices into surveillance tools.

The document is the latest in WikiLeaks' "Vault 7" series of publications on CIA hacking methods. Previous leaks have detailed the agency's targeting of iOS devices and Macs, while this manual relates specifically to network routers: Once installed, the Cherry Blossom program can be used to monitor internet traffic, crawl for passwords, and redirect the target user to a particular website.


The manual also describes how CIA agents might install the modified firmware. "In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation." While documents have not been made public that detail the "Claymore" tool, the latter tactic refers to the practice of intercepting the target device somewhere between the factory and the end user.

The document lists several network products as susceptible to its hacking protocol, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics. Apple's AirPort networking equipment does not appear on the list, however.

The CIA has struggled to penetrate Apple's network router hardware in the past due to a combination of the company's robust encryption and its use of proprietary hardware. Previous Harpy Eagle documents published by Wikileaks show apparently unsuccessful efforts to "gain root access on an Apple Airport Extreme and Time Capsule via local and/or remote means to install a persistent rootkit into the flash storage of the devices".

The Cherry Blossom document dates to 2012, so it's likely CIA methods have moved on in an effort to keep up to date with changing networking hardware. In a response the same day that the iOS device hacking efforts came out, Apple said that many of the vulnerabilities in that leak were already patched. Apple ceased development of its AirPort networking devices last year.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Apple Says WikiLeaks CIA Documents Are Old and Exploits Have Been Fixed

In response to a series of CIA documents leaked this morning that outline exploits the government used to gain access to Macs and iOS devices, Apple gave a statement to TechCrunch claiming that the documents are old and that the vulnerabilities outlined in the leak have long since been patched.

Apple says the iPhone vulnerability only affected the iPhone 3G and was fixed in 2009, while all Mac vulnerabilities were fixed in Macs launched after 2013.

We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
The new documents, part of an ongoing "Vault 7" leak focusing on the United States Central Intelligence Agency, were released by WikiLeaks this morning. Codenamed "Dark Matter," the documents primarily covered techniques for exploiting and accessing Macs through a peripheral device like a USB stick.

An iPhone exploit, called "Night Skies 1.2," was also featured, adding to the range of "Year Zero" iPhone exploits that were shared by WikiLeaks last week.

All of the Dark Matter and Year Zero documents can be found on WikiLeaks. Additional Apple-related hacks and exploits may surface as the Vault 7 series continues, and it will take time for security analysts and experts to determine the impact of the leaks.

While Apple says all of the exploits have been patched, its results are preliminary. Should any remaining exploits be unaddressed, Apple will undoubtedly fix them quickly.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: WikiLeaks

Discuss this article in our forums

WikiLeaks Continues ‘Vault 7’ With New Documents Detailing Mac-Related CIA Exploits

WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infest iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices. In a response the same day that Year Zero came out, Apple said that many of the vulnerabilities in the leak were already patched.

Now, WikiLeaks is shedding light on Mac-related vulnerabilities and infestation programs, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up.


According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infesting, or somehow crippling a Mac device.
"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.
Dark Matter isn't exclusively Mac focused, however, and includes a few new iPhone exploits in the round-up as well. One is called "NightSkies 1.2" and is described as a "beacon/loader/implant tool" for the iPhone that is designed to be physically installed on an iPhone directly within its manufacturing facility. This conspiracy-leaning exploit is said to date back to 2008 -- one year after the first iPhone debuted -- and suggests, according to WikiLeaks, that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008."
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
The full list of the new Dark Matter documents can be found on WikiLeaks, and we're likely to see more Apple-related WikiLeaks as the Vault 7 series continues. As it was with Year Zero, it'll still take some time for security analysts and experts to determine the full impact of today's leaks.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: WikiLeaks

Discuss this article in our forums

Apple Says Many of the Vulnerabilities Detailed in ‘Vault 7’ Leaks Already Patched

Earlier today a new series of Wikileaks leaks that revealed the United States Central Intelligence Agency's efforts to hack iPhones. The leaks detail a number of iOS exploits that can be used to bypass security on devices. Tonight, Apple said in a statement provided to TechCrunch that most of the vulnerabilities detailed in the leaks have been patched.


“Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."
Apple says its initial analyses indicates that many of the exploits detailed were patched in the latest version of iOS, and that it will continue to patch identified vulnerabilities. The Cupertino company closes by saying that it always urges users to download and install the latest version of iOS to ensure that they have the most recent security updates.

The Vault 7 revelations aren't the first time the CIA has targeted Apple's mobile devices. In 2015 it was reported that the CIA worked on ways to compromise both iPhones and iPads.

The full list of so-called "Year Zero" documents can be found on found on Wikileaks' website.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

New Wikileaks Series Details CIA’s ‘Specialized Unit’ Dedicated to Creating iOS Exploits

In a new series of leaks focusing on the United States Central Intelligence Agency, code named "Vault 7," Wikileaks has revealed 8,761 documents discovered within an isolated network in Langley, Virginia that "amounts to more than several hundred million lines of code." The code contains what Wikileaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA."

This "Year Zero" release is the first in the full Vault 7 series by Wikileaks, and is said to act as an introduction to the capacity and means of the CIA's covert hacking program. The agency's abilities can take aim at a number of popular consumer products from companies like Apple, Google, Samsung, and Microsoft, turning everything from an iPhone to a smart TV into a "covert microphone."


In its analysis of the released documents, Wikileaks looked at how iPhones and iPads have been targeted by the CIA in the past, and how they can continue to be exploited in the future. Although Android remains a dominant force in the global smartphone market, Wikileaks argued that a "disproportionate focus" has been placed on iOS devices by the CIA, most likely due to the Apple-branded phone's popularity.

Because of this, the agency has a specialized unit in place within the Mobile Development Branch that creates and executes malware to infiltrate, take control of, and exfiltrate sensitive information from iOS products. The MDB's methods are said to include a collection of zero day exploits, which are vulnerabilities in a piece of software unknown by the software's creator and subsequently exploitable by hackers.

Including the iOS malware, Wikileaks claimed that the CIA has recently "lost control" of the majority of its hacking arsenal.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
Wikileaks noted that in the wake of Edward Snowden's NSA leaks, a group of technology companies convinced the Obama administration to disclose any zero day exploits and bugs to each company, rather than hoard the information. The Vulnerabilities Equities Process underlined this agreement in 2010, and the U.S. government said it would reveal any vulnerabilities discovered to the company in question.

Documents in Year Zero paint a further negative image for the CIA, which is said to not have abided by the agreement between the technology companies and the U.S. government. An example was given by Wikileaks centering on one malware that can control both the Android phone and iPhone software "that runs or has run presidential Twitter accounts." The government is said to not have brought the information forward to Apple or Google in the time it has had the hacking data.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
The scope of the new Wikileaks documents includes detailed information on the iOS exploits, hacks that could potentially infest vehicle control systems, and even attacks against Samsung smart TV sets. This last point, dubbed "Weeping Angel," was said to have been developed by the CIA in conjunction with the United Kingdom's MI5 as a way to convert turned-off television sets into secret microphones.

The full list of the Year Zero documents can be found on Wikileaks, and complete analysis of the documents by independent security experts will take some time in order for the impact of the release to be determined.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Wikileaks

Discuss this article in our forums

Lawyer for Julian Assange’s accuser says he’s ‘violating’ her in the media

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f311657%2fe06120e8180a4d0aa8ff7ec74e358160

Feed-twFeed-fb

Julian Assange on Wednesday released his account of the events that led to him being accused of rape in Sweden in 2010, earning the ire of the lawyer for his accuser, who said he was “violating” her client in the media.

From the Ecuadorian embassy in London where he remains confined, the WikiLeaks founder leaked the testimony he gave in November to Swedish prosecutors. 

In it, he declares he did not have sex with the woman as she slept — the centre of the accusations against him.

Swedish prosecutors are yet to charge Assange with a crime, and his testimony forms part of a preliminary investigation.  Read more…

More about Wikileaks, Sweden, Julian Assange, Australia, and World