Wikileaks Permadrip: “Other Vault 7 Documents”

WikiLeaks has released the second in what they promise to be many further releases of CIA hacking tools it calls Vault 7. This release, which it dubs Dark Matter, consists of just 12 documents, which means (if WikiLkeak’s past claims about how big this leak is are true) the releases could go on forever.

As Motherboard lays out, the tools that got released are old — they date from 2008 to 2013.

While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who’s been studying Apple computers for years.

Judging from the documents, Vilaca told Motherboard in an online chat, it “looks like CIA were very early adopters of attacks on EFI.”

“It looks like CIA is very interested in Mac/iOS targets, which makes sense since high value targets like to use [those],” Vilaca told me. “Also interesting the lag between their tools and public research. Of course there’s always unpublished research but cool to see them ahead.”

But — because I’m as interested in how Wikileaks is releasing these tools as I am in what it is releasing — it appears that WL may be sitting on more recent documents related to compromising Apple products. WL’s press release describes other Vault 7 documents, plural, that refer to more recent versions of a tool designed to attack MacBook Airs. But it includes just one of those more recent documents in this dump.

While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

That seems to suggest that there are other, more current Apple tools in WikiLeaks’ possession besides the one developmental document linked. If so it raises the same questions I raised here: is it doing so as a pose of responsible release, withholding the active exploits until Apple can fix them? Or is it withholding the best tools for its own purposes, potentially its own or others’ use? Or, given this account, perhaps Wikileaks is playing a game of chicken with the CIA, seeing whether CIA will self-disclose the newer, still unreleased exploits before Wikileaks posts them. Thus far, neither side is being forthcoming with affected tech companies, if public reports are to be believed.

In either case, I’m just as interested in what Wikileaks is doing with the files it is sitting on as I am the dated ones that have been released.

Update: In his presser the other day, Julian Assange did provide a list of tech companies he had reached out to.

In his March 23 press conference, Assange offered the following timeline relating to WikiLeaks’ communications with technology firms:

  • March 12: WikiLeaks reached out to Apple, Google, Microsoft and Mozilla.

  • March 12: Mozilla replied to WikiLeaks, agreeing to its terms. The aforementioned Cisco engineer also reached out.

  • March 13: Google “acknowledged receipt of our initial approach but didn’t address the terms,” Assange said.

  • March 15: MikroTek contacted WikiLeaks; it makes a controller that’s widely used in VoIP equipment.

  • March 17: Mozilla replied, asked for more files.

  • March 18: WikiLeaks told Mozilla it’s looking for the information.

  • March 20: First contact from Microsoft “not agreeing to the standard terms, but pointing to their standard procedures,” Assange said, including providing a PGP email key. Google also replied the same day, pointing to their standard procedures, and including a PGP email key.

image_print
20 replies
  1. blueba says:

    What is it with emptywheel and The Intercept and the clique of journalists who seem to see themselves as the only voices of accuracy, I’ll use that word not to get into whether or not there is objective TRUTH.

    This story is condescending and smarmy and not in the least informative.

    This is the kind of article I would expect to see in the NYT or Washington Post.  Anti Assange and anti WikiLeaks.

    By the way, why is it that WiliLeaks gets the leaks and not emptywheel or The Intercept (which has received almost nothing sense it published a fraction of the Snowden documents)?  Trust might have something to do with it.

    You guys don’t get to be the final arbiters of what journalism even good journalism is.  Spending more time doing journalism instead of the constant derision of Assange and carping about the corporate press might be a good start.

    • PeasantParty says:

      I see no bashing, only the questioning of the small amount of files this time.  Which I think are on purpose, so they can be digested by media better.  His other HUGE file dumps have not been fully covered in the mainstream media.  This journalism is one of the top in our access these days.  Please read again, and reconsider your first impressions.

    • tvor_22 says:

      I think you may be projecting a little too much onto this article.

      The assumed volume of these leaks, and the rate at which they are being released can’t be ignored. Coupled with Wikileaks’ promise to it’s sources to have maximum possible impact, it is an observation that needs to be made. If you understand the material being put forward to ‘set the stage’ you will be better equipped to integrate future leaks, and to get a sense of the direction and context of impacts.

      You can’t deny, there are a lot weird wrinkles in the way WL is doing this.

      • blueba says:

        In reply to the two of you I can only say that the uncalled for and inappropriate comments such as ” (if WikiLkeak’s past claims about how big this leak is are true) the releases could go on forever.” are part of a pattern both here and at The Intercept of denigrating the journalism of WikiLeaks and Assange.  This has been going on for a long time.  I don’t remember such condemnation when such a tiny fraction of the Snowden archive were published but perhaps I just don’t remember that it was criticized by emptywheel.

        The gripe I have is that there appears to be a clique of journalists centering around The Intercept but including emptywheel who believe they and only they can define what good journalism is and they and only they do it properly.  Journalism is an institution like the CIA is an institution and  these status quo institutions are deeply corrupt (I don’t mean The Intercept or emptywheel, I’m talking about the overall institution of the “free press”) Clinging to old definitions about how to do good journalism and then attacking anyone who does not do it in the “proper” way as defined by the one doing the attacking is unhelpful.

        It’s just more attacking the messenger and distracting from the extremely valuable journalistic service WikiLeaks is providing instead of the contents of the documents released.

        I am constantly seeing this cat fight going on among journalists each claiming they do journalism properly and others do not – frankly I can make up my own mind about those issues, I don’t need hysterical bloviations against WaPo “reporters” who write pitifully bad articles or the “weird” aspects of WikiLeaks.  I want analysis of the valuable – and accurate – information and documents put in the public domain.  It’s no different than the Corporate press damning the messenger over and over while ignoring the substance.

        If I didn’t care about emptywheel and its valuable insights I wouldn’t bother with this.  I don’t bother to complain at The Intercept because it really isn’t worth the time in spite of having a wealth of journalistic talent.

         

        • PeasantParty says:

          I for one support Wikileaks.  I don’t care if others feel there is a sinister side to it.  So far, they have been 100% correct in everything.  I feel they are indeed a service to the world.  We all need to know what our Governments are doing.  Secret Laws, secret meetings, secret deals are bad for a Republic and a Democracy.

          I simply stated that I do not agree with your comments about this site.  You have the right to your own opinion.  I just asked you to re-read the post.  No further comment is needed.

          If you are that unhappy with the work done here, then you have the freedom to read elsewhere.

           

  2. John Casper says:

    blueba,

    1. Where did the post mention Assange?
    2. WRT the “constant derision of Assange,” please link to the last five examples.
    3. Quote what you thought was “condescending.”
    4. Quote what you thought was “smarmy.”
    5. Quote anything that you didn’t find “informative.”
    5.1 Then quote and link to what source already gave you that information.
    6. You wrote, “This is the kind of article I would expect to see in the NYT or Washington Post.”
    6.1 Do you donate the same amount to this site, as you pay to subscribe to the NYT’s and WaPo?

  3. nathan says:

    “Or is it withholding the best tools for its own purposes, potentially its own or others’ use?”

    —Sounds like you are accusing Wikileaks of using these hacking tools themselves but phrased as a question for deniability…

    “Thus far, neither side is being forthcoming with affected tech companies, if public reports are to be believed.”

    –Wikileaks has reported that no tech companies have contacted them since they asked them to agree to put out patches fixing the exploits within 90 days of receipt of the Wikileaks info. I dont see how that is not being “forthcoming” but considering you linked to hit pieces against Wikileaks perhaps your view is biased?

  4. SpaceLifeForm says:

    This now over a week old, but Intel is *allegedly* trying to help. The problem is that this does not preclude any ‘intel inside’ backdoors that are in silicon. So, this could certainly be misdirection. EFI rootkits being firmware, not silicon (hardware). And to reiterate, these types of persisent rootkits would also work on Windows or Linux, it is not just OSX. (Reinstall of OS still leaves the rootkit in the firmware)

    http://www.theinquirer.net/inquirer/news/3006482/vault7-intel-security-releases-efi-rootkit-detector-for-macos-after-wikileaks-cia-dump

    • greengiant says:

      Note where firmware is developed,  where firmware is programmed,  where firmware chips are manufactured.   Note where other silicon chips are designed and manufactured.   Personally,  I could only guess.    People like Schneier are all over it.

  5. SpaceLifeForm says:

    Also, just over a week old.

    Good luck JZ.  Time will tell if you will be allowed to actually make a difference.   Your track record Is sound.  I hope you do make a difference and wish you well.

    https://www.zdziarski.com/blog/?p=7016

    Privacy is sacred; our digital lives can reveal so much about us – our interests, our deepest thoughts, and even who we love. I am thrilled to be working with such an exceptional group of people who share a passion to protect that.

     

     

     

     

     

     

  6. dolos says:

    CIA nondisclosure would be in line with their policy of neither comment on nor qualification of any breach. Anything said to any effect affords some inference. Any dealing with tech companies would be via quiet backchannels.

  7. SpaceLifeForm says:

    Symantec in trouble. Part of problem.

    How many NSLs did they get?

    Again, you can not trust the net.

    https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

     

    Thursday’s announcement came after Google’s investigation revealed that over a span of years, Symantec CAs have improperly issued more than 30,000 certificates. Such mis-issued certificates represent a potentially critical threat to virtually the entire Internet population because they make it possible for the holders to cryptographically impersonate the affected sites and monitor communications sent to and from the legitimate servers. They are a major violation of the so-called baseline requirements that major browser makers impose of CAs as a condition of being trusted by major browsers.

     

  8. harpie says:

    I vote for “Wikileaks is playing a game of chicken with the CIA”.

    [Also, there’s a typo in that small section of their supposed “journalistic” output. Is it “der stake” or “der starke”?]

    “In either case, I’m just as interested in what Wikileaks is doing with the files it is sitting on as I am the dated ones that have been released.”

    All we really know so far is that Wikileaks SAYS it is sitting on more more-recent files.

    • PeasantParty says:

      I happen to agree with you on the Chicken gaming.  I also remember that back a few years ago Wikileaks had a file they were sitting on regarding banks.  One of their team members took it.  So, whatever files they have, for use of security to them or otherwise, I’m sure they will allude to it in due time.

      Especially if another file of more importance comes to them.

      • harpie says:

        And I agree with you, [to Blueba, above]:

        I simply stated that I do not agree with your comments about this site. […] If you are that unhappy with the work done here, then you have the freedom to read elsewhere.

         

        [Hey, the links, bold, etc., work, now! :-) ]

  9. harpie says:

    Here is Zeynep Tufekcki about how Wikileaks spun Kellyanne Conway’s comment about the possible misuses of microwave ovens:
    https://twitter.com/zeynep/status/845101403303559168

    “They rely on ignorance either of media or public to push out this crap. (Microwaves are not microwave ovens”

    That might be called mis-or-disinformation or propaganda, but not journalism.

    [Sorry, I can’t get the links, bold, etc, to work.]

    • PeasantParty says:

      I detest that woman, but she is right in both meanings.  Yeah, I know.  You say, there goes that crazy Peasant again.  Everyone that I had gone bonkers 6 years ago when I told you your tv was spying on you.

      You may wish to look into the ties of James Clapper and the Geospatial programs.  I won’t add all the links here, but it is absolutely mind blowing.  They have just about created every concievable way to spy/track/monitor you.

       

      • harpie says:

        Which woman, Zeynep or Kellyanne?  Zeynep is just saying that: 

        [Wikileaks will] get retweeted; viral misinformation will happen.

        I think that it is one example of a huge problem.

         They have just about created every concievable way to spy/track/monitor you.

        I happen to believe that, as well.

    • SpaceLifeForm says:

      I wonder if the Trumps Press Secretary #2 even has a clue how a microwave oven even works other than observing that the plate inside does rotate.

Comments are closed.