[Marxism] The Truth About the WikiLeaks C.I.A. Cache

Jeff meisner at xs4all.nl
Sun Mar 12 19:08:31 MDT 2017


>> Wouldn't we trust Snowden more on this?

Yes I would. I wasn't eager to reply concerning the article by Zeynep 
Tufekci which Louis posted, because I felt a political agreement with 
him about Wikileaks, from what I could gather. More on that below.

But on technical matters, I believe he's wrong. Or more specifically 
he's wrong about what is being claimed. He displays that 
misunderstanding where he says:
    "this turned out to be misleading. Neither Signal nor WhatsApp, for 
example, appears by name in any of the alleged C.I.A. files"

But he later shows that he does understand the underlying technical 
issue:
     "techniques for hacking into individual phones. That way, they could 
see the encrypted communications just as individual users of the apps 
would...... That is about the vulnerability of your device. It has 
nothing to do with the security of the apps."

This is exactly right: the alleged (probably true) malware did exactly 
that: it wormed its way into the device deeply enough that it could 
observe any data within it. That would include whatever was input into 
the keyboard, microphone, or videocamera, and whatever was received (and 
decoded by the secure application!) destined for the screen, keyboard, 
or saved on the harddrive. FOR THAT REASON, there was no reason to 
mention any specific application that had been compromised, because it 
didn't involve any application and didn't break any encryption. It 
snoops from inside the device. That makes it the optimum way for an 
attacker to spy WHEN POSSIBLE.

Zeynep Tufekci points out that snooping of this sort is not at all new. 
It is one reason that people (in addition to normal security measures) 
would want to cover their portable device's camera and microphone (the 
latter being difficult) when not using them. But although such malware 
has existed (last time, I heard that the Chinese government was using 
such malware against enemies in the west), the hard part is placing the 
malware on the device, and that ability is what was being alleged about 
the CIA. To install malware you have to employ one of 3 vulnerabilities:

- A physical vulnerability; breaking into your house (etc.) and 
tampering with your computer without leaving a noticeable trace.

- A vulnerability in another trusted program, especially part of the 
operating system. But these are the sorts of things that are discovered 
and then quickly repaired by the annoying "updates" your computer 
frequently undergoes.

- A human vulnerability: in recent years this has proven to be the 
weakest link, and is why people are constantly warned (but not 
sufficiently in all cases!) not to install applications from untrusted 
sources, to make sure the URL of the trusted website they are connected 
to shows it is really the one it claims to be, and not to respond to 
"phishing" emails where people are tricked into giving up their 
passwords.

Again, Zeynep Tufekci seems to understand that but is wrong where he 
starts about "If the C.I.A. goes after your specific phone and hacks 
it...." but that's where he might be mistaken. He seems to be suggesting 
a PERSON at the CIA had to "go after" someone's computer. But no, it 
could as well be a "bot", a computer program, told to try to install 
this on every device it can find connected to the internet. And the CIA 
could have a hundred such computers working at the same time. Even worse 
is a true "virus": it knows how to replicate so that when it takes over 
a computer it spreads itself to others, through one or another means 
(including human vulnerability, sending a dangerous email to the 
person's contact list). In either case, the CIA could spread the malware 
without making demands on their poor overworked staff.

Now on the political side, though, it appears that the Wikileaks 
disclosure may have about the same motives that Assange has shown 
himself to be generally pursuing. Taking attention off of Trump, and 
directing it on the CIA which Trump has a (somewhat) antagonistic 
relationship to. Trump isn't at all implicated in anything the CIA has 
been doing before he took power (which is when this capability was 
developed), so he isn't affected. Glen Greenwald was interviewed on BBC, 
lauding Wikileaks for the revelation. The interviewer, somewhat 
antagonistically asked him though something like: "But Wikileaks has now 
released the CIA's computer code they hacked, and now ANY ENEMY of ours 
[US, UK, etc.] can just use it to spy on US TOO!!" Greenwald's response? 
I almost puked. Greenwald assured the reporter that Wikileaks is 
RESPONSIBLE and wouldn't just give this to "our enemies." Greenwald 
pointed out that Wikileaks had very responsibly NOT released the actual 
code, so that, don't worry, no "enemies" will get a chance to use it.

In other words, Wikileaks acted in the interest of Trump regarding his 
internal disputes, but carefully avoided endangering the country Trump 
presides over. :-(

- Jeff




More information about the Marxism mailing list