Urban75 Home About Offline BrixtonBuzz Contact

Vault 7 - Massive Wikileaks release on CIA eavesdropping

Farage dines with Trump
Less than two weeks later, Farage visits the Embassy of Ecuador in London
In between, a big "Trump Friendly" leak.

Funny that.

And this guy, well . . .

 
[journalist: ...can you tell us he wasn't there on behalf of the White House]
Sure,
I, I don't,
He is not
I am not
This is silly
I really don't think that asking where random foreign leaders are, and whether or not, ah, they're there
their fa
I'm sure he was there doing whatever on behalf of the Brit..
[journalist: He's not a leader]
he's a member of, I, I 'k, I understand that but
I'm not, I don't keep his schedule, I'm not sure to...
 
lefteri said:
The anti-virus guys pretty much conclusively traced it back to the CIA iirc
Click to expand...

It more supposition that Israel & CIA did it. The recent film had a CIA whistleblower who said it was them. Although she blamed the Israelis for making it worse and therefore easier to spread and detect.
 
Spymaster said:
Ok, but to genuinely hijack a vehicle remotely you need to be able to do more than start/stop, flash the lights and turn the wipers on and off.

I can see how it may be possible to affect throttle and braking via cruise control, and perhaps steering if the car is a self-parker or maybe has lane assistance, but in vehicles where there is no link to the mechanics of those systems, how would they be able to affect them?
Click to expand...
not-bono-ever said:
I can see how you could use this to render a car immobile remotely, but to take control is a bit far fetched and at present, a bit of a dead end
Click to expand...

gosub said:
Given the date stamp of 2013 I'd agree.
Click to expand...
It was doable in 2013, albeit to a lesser extent, and it's doable now. Most new cars have the mechanical prerequisites. Before long they'll probably be mandatory, or as good as.

As a workable means of getting at someone, it's a niche on a par with polonium in your tea or for that matter Stuxnet, when for the most part you could just, say, hit your victim with a lorry.
 
J Ed said:
Trump is the president of your country and you are happy for him to have the intelligence agencies use these powers on you and yours. Incredible.
Click to expand...
Is the CIA using these powers on Americans? It's possible but the Wikileaks leaks don't show that.
 
TomUS is on record as saying the CIA are a great bunch of guys and gals doing a good job and did not indicate at any point that he found meddling in other countries' elections or the frequent murder of children objectionable.
 
mauvais said:
It was doable in 2013, albeit to a lesser extent, and it's doable now. Most new cars have the mechanical prerequisites. Before long they'll probably be mandatory, or as good as.

As a workable means of getting at someone, it's a niche on a par with polonium in your tea or for that matter Stuxnet, when for the most part you could just, say, hit your victim with a lorry.
Click to expand...
yeah but ones a great idea for a modern Columbo and the other is an open aand shut case with no mystery
 
Spymaster said:
It's balls.
Click to expand...

Why is it balls? Because they took a large team and a long time to figure it out, or needed physical access? So?

"But would it have been as frightening if she had mentioned that this kind of hack requires a car with cellular Internet service,"

I see the new fucking Corsa advert on telly showcasing that it has wi-fi, lol
 
mwgdrwg said:
Why is it balls? Because they took a large team and a long time to figure it out, or needed physical access? So?
Click to expand...
Did you read the SA article? It's virtually impossible to hack a car in any kind of meaningful way. The Jeep in the piece that you linked to was owned by the hackers themselves and fucked about with for a year to enable them to do it.

If you can get hold of a certain type of car for long enough and install all kinds of software, you can cut it's transmission if it's connected to the internet. But you can't anymore because the manufacturer has fixed the bug.
FCA stressed that the hackers had required “unique and extensive” technical knowledge to undertake the Wired stunt, as well as prolonged physical access to a vehicle and extended periods to write code.
Click to expand...
Not much of a story really is it?
 
Last edited:
Getting hold of something and installing "all kinds of software". Thus hacking it.

11874-doge-wow-doge.png
 
maomao said:
TomUS is on record as saying the CIA are a great bunch of guys and gals doing a good job and did not indicate at any point that he found meddling in other countries' elections or the frequent murder of children objectionable.
Click to expand...
What nonsense. This thread is about CIA spying capabilities being leaked. But continue with your self righteous crusade to save the children.
 
  • Like
Reactions: CRI
TomUS said:
What nonsense. This thread is about CIA spying capabilities being leaked. But continue with your self righteous crusade to save the children.
Click to expand...
It's about the implications of the leak and I'm clarifying your position on the CIA for the benefit of posters who might not have read the other thread.

And self righteous crusade? Really? Objecting to the murders of civilians and children in particular is self righteous? Are you sure you don't want to call me a SJW? Scratch a liberal...
 
maomao said:
It's about the implications of the leak and I'm clarifying your position on the CIA for the benefit of posters who might not have read the other thread.

And self righteous crusade? Really? Objecting to the murders of civilians and children in particular is self righteous? Are you sure you don't want to call me a SJW? Scratch a liberal...
Click to expand...
Your clarification of my position is false. And I'm not a liberal. I'm a PROUD liberal.
 
TomUS said:
Your clarification of my position is false. And I'm not a liberal. I'm a PROUD liberal.
Click to expand...
They were your exact words. If you deny it again I'll quote the posts. And I think your comments about 'self-righteous crusades' clear up where you stand on US foreign policy.
 
maomao said:
They were your exact words. If you deny it again I'll quote the posts. And I think your comments about 'self-righteous crusades' clear up where you stand on US foreign policy.
Click to expand...
Quote away if you like. You jump to conclusions.
 
Spymaster said:
Did you read the SA article? It's virtually impossible to hack a car in any kind of meaningful way. The Jeep in the piece that you linked to was owned by the hackers themselves and fucked about with for a year to enable them to do it.

If you can get hold of a certain type of car for long enough and install all kinds of software, you can cut it's transmission if it's connected to the internet. But you can't anymore because the manufacturer has fixed the bug.

Not much of a story really is it?
Click to expand...

Might be worth going to the source.



Or if you find videos of nerds enthusing to other nerds about stuff that they've hacked too annoying to tolerate, here are their papers.

https://sm.asisonline.org/ASIS SM Documents/remote attack surfaces.pdf

https://securityzap.com/files/Remote Car Hacking.pdf

Basically the reason they need physical access to a sample of the car in question is to reverse-engineer the internal protocols by which the multitude of computers inside them communicate.

This is so they can gain access via one of these control units which is doing something relatively innocuous and pivot from there to a different control unit from which they can e.g. switch off the brakes.

They don't need to be able to install anything on the target vehicle to do the attacks in question, they just need to spend time playing around with a sample until they figure out how to fuck with it.

The particular conjunction of vulnerabilities and configuration issues and difficulty of exploiting them might change from model to model, but the security engineering economics of consumer products mean that in general, any determined group with appropriate skills is going to find a way to do this if they see a benefits case.

http://www.cl.cam.ac.uk/~rja14/Papers/moore-anderson-infoeconsurvey2011.pdf

As manufacturers add more and more features of this kind, the attack surface gets bigger. Indeed a couple of the more lethal exploits actually originate with features that are marketed as increasing safety by e.g. making braking more 'intelligent'.

Their discussion of what happened when they tried to communicate with the manufacturers does little to support breezy confidence in there being a timely response (unless there is an immediate threat that the exploit will be on TV.)

I think it's pretty clear from the detail in their papers that they were resource-limited, e.g. they had to find workarounds rather than spend a few thousand on specialised test gear for proprietary components.

Buying cars to reverse-engineer is likely not an issue for anyone who has a black budget to play with. Indeed, the spooks already have form for getting backdoors installed by the manufacturers into things they're interested in and there are a few chips from e.g. Texas Instruments that come up over and over again in this space.
 
Last edited:
lefteri said:
Yes I saw it, just can't remember the details clearly like pretty much everything I watch and read these days
Click to expand...
ISTR that the ani-virus folks didn’t figure everything out (though a couple had speculated on the target based on the observed disproportionate number of infections seen in Iran and the source being Israeli). They knew it was targeting industrial PLCs. Eventually CIA/NSA insiders (perhaps members of the Equation Group) spilled some of the beans because (it was claimed) they were annoyed with Unit 8200 unilaterally rushing out what they saw as a broken, inferior, high risk variant.
 
Bernie Gunther said:
Their discussion of what happened when they tried to communicate with the manufacturers does little to support breezy confidence in there being a timely response (unless there is an immediate threat that the exploit will be on TV.)
Click to expand...
Very good post. On this, though, even if there was a rapid response, the logistics are enormous: it would take months to recall millions of cars and the recall uptake would still be a lot less than 100%. Also remember that these are the car companies that famously once worked out the cost of a death and decided it was economical.
 
Thanks mauvais, I know you know your stuff in this area, so that's appreciated.

I think the security engineering economics are the key to understanding the risk here, hence the Ross Anderson link.
 
You must log in or register to reply here.

Similar threads

_Russ_
Assange release
2 3
Replies
65
Views
2K
hitmouse
hitmouse
cupid_stunt
Massive worldwide IT outage, hitting banks, airlines, supermarkets, broadcasters, etc. [19th July 2024]
15 16 17 18 19
Replies
568
Views
19K
tommers
tommers
DaveCinzano
National Audit Office report on bent al-Yamanah arms deal released
Replies
0
Views
191
DaveCinzano
DaveCinzano
Yuwipi Woman
Massive Rises in Rent Costs
Replies
12
Views
763
SpookyFrank
SpookyFrank
weltweit
US Tornados, massive damage and deaths ..
Replies
28
Views
1K
petee
petee
Back
Top Bottom